UNPKG

@hclsoftware/secagent

Version:

IAST agent

44 lines (41 loc) 1.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
//IASTIGNORE /* * **************************************************** * Licensed Materials - Property of HCL. * (c) Copyright HCL Technologies Ltd. 2017, 2025. * Note to U.S. Government Users *Restricted Rights. * **************************************************** */ 'use strict' module.exports = { SQL_INJECTION: 'Injection.SQL', // CWE 89 XSS: 'CrossSiteScripting.Reflected', // CWE 79 WEAK_RANDOM: 'Cryptography.PoorEntropy', // CWE 331 SECURE_COOKIE: 'attRespCookieNotSecureSSL', // CWE 614 WEAK_HASH: 'Cryptography.InsecureAlgorithm', // CWE 327 WEAK_CRYPTO: 'Cryptography.NonStandard', // CWE 327 COMMAND_INJECTION: 'Injection.OS', // CWE 78 COMMAND_INJECTION_CMD: 'Injection.OS.CMD', // CWE 78 COMMAND_INJECTION_POWERSHELL: 'Injection.OS.PowerShell', // CWE 78 COMMAND_INJECTION_BASH: 'Injection.OS.Bash', // CWE 78 COMMAND_INJECTION_ENV: 'Injection.OS.Env', // CWE 78 PATH_TRAVERSAL: 'PathTraversal', // CWE 73 LDAP_INJECTION: 'Injection.LDAP', // CWE 73 XPATH_INJECTION: 'Injection.XPath', // CWE 91 //TRUST_BOUNDARY_VIOLATION: 'Validation.Required', // CWE 20 //BROKEN_ENCODE: 'broken-encode', SESSION_FIXATION: 'SessionFixation', // CWE 384 INSECURE_LOGIN: 'attLoginNotOverSSL', // CWE 523 HTTPONLY_COOKIE: 'attRespCookieNotHttpOnlySessionCookie', // CWE 653 XXE: 'attFileUploadXXE', // CWE 434 CSRF: 'attCrossSiteRequestForgery', // CWE 352 PASSWORD_LEAKAGE: 'passParamGET', // CWE 523 SERVER_HEADER: 'attUnnecessaryResponseHeaders', // CWE 523 XPOWEREDBY_HEADER: 'attUnnecessaryResponseHeaders', // CWE 523 MISSING_URL_VALIDATION: 'Validation.Required.URL', // CWE 425 PASSWORD_LEAKAGE_SENT_DATA:'PasswordLeakageSentData', // CWE 201 PASSWORD_LEAKAGE_DB:'PasswordLeakageDB', // CWE 256 OPEN_SOURCE_IAST: 'OpenSource.IAST', // CWE 517 TELEMETRY: 'Telemetry', // no CWE, internal for security analyzer DETECTED_APIS: 'DetectedAPIs', }