forked from jaxley/python-fortify
-
Notifications
You must be signed in to change notification settings - Fork 1
/
rulemetadataexample.txt
86 lines (86 loc) · 2.04 KB
/
rulemetadataexample.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
abstract,,
accuracy,1.0,
analysis,Not an Issue,
analysis type,SCA,
analyzer,Control Flow,
attack payload,,
attack type,,
audience,broad,
audited,true,
body,,
bug,E6F3D946CAD4226CA48DE35055D353D2#MyService.java:169:169,
category,XML External Entity Injection,
category_source_type,MAPPED,
class,DukeService,
comments,,
confidence,5.0,
context_id,,
cookies,,
correlated,,
correlation group,,
cwe,CWE ID 611,
description,,
file,MyService.java,
fisma,SI,
fortify priority order,High,
functionname,unmarshal,
headers,,
history,,
http version,,
impact,4.0,
instance id,78919A4DDE4B42CE396923DCE010EEE8,
issue age,"Issue New: Aug 3, 2015",
issue state,Not an Issue,
issue_analysis_history,,
kingdom,Input Validation and Representation,
likelihood,0.6,
line,169.0,
manual,,
mapped category,,
method,,
min_virtual_call_confidence,1.0,
nist sp 800-53 rev.4,SI-10 Information Input Validation (P1),
owasp mobile 2014,M4 Unintended Data Leakage,
owasp top 10 2004,A6 Injection Flaws,
owasp top 10 2007,A2 Injection Flaws,
owasp top 10 2010,A1 Injection,
owasp top 10 2013,A1 Injection,
package,net.axley.impl,
parameters,,
pci 1.1,Requirement 6.5.6,
pci 1.2,"Requirement 6.3.1.1, Requirement 6.5.2",
pci 2.0,Requirement 6.5.1,
pci 3.0,Requirement 6.5.1,
primary context,net.axley.impl.MyService.unmarshal,
primaryrule,0DE6DCC8-25D6-4224-AE1B-B7F8C024AB95,
probability,3.0,
remediation effort,1.0,
replacement_store,null,
request id,,
response,,
rta protected,Not Protected,
sans top 25 2009,,
sans top 25 2010,,
sans top 25 2011,,
secondary requests,,
severity,4.0,
sink,transformerFactory.newTransformer() : XML document parsed allowing external entity resolution,
source,,
source context,,
sourcefile,,
sourceline,,
status,Reviewed,
stig 3.1,APP3510 CAT I,
stig 3.4,"APP3510 CAT I, APP3810 CAT I",
stig 3.5,"APP3510 CAT I, APP3810 CAT I",
stig 3.6,"APP3510 CAT I, APP3810 CAT I",
stig 3.7,"APP3510 CAT I, APP3810 CAT I",
stig 3.9,"APP3510 CAT I, APP3810 CAT I",
subtype,,
taint,,
trace,,
trigger,,
type,XML External Entity Injection,
url,,
wasc 2.00,XML External Entities (WASC-43),
wasc 24 + 2,,