| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
|
| from __future__ import annotations |
|
|
| import logging |
| from typing import Any |
|
|
| logger = logging.getLogger("ThreatHunter.cwe_database") |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
|
| CWE_DATABASE: dict[str, dict[str, Any]] = { |
|
|
| |
|
|
| "CWE-89": { |
| "name": "SQL Injection", |
| "full_name": "Improper Neutralization of Special Elements used in an SQL Command", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.1, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/89.html", |
| "description": ( |
| "Without sufficient removal or quoting of SQL syntax in user-controllable inputs, " |
| "the generated SQL query can cause those inputs to be interpreted as SQL instead of " |
| "ordinary user data. This can be used to alter query logic to bypass authentication, " |
| "retrieve, modify, or delete data." |
| ), |
| "remediation_en": "Use parameterized queries (prepared statements). Never concatenate user input into SQL strings.", |
| "remediation_zh": "使用參數化查詢(Prepared Statements)。絕不將用戶輸入直接拼接進 SQL 字串。", |
| "representative_cves": [ |
| {"id": "CVE-2023-23752", "cvss": 7.5, "vendor": "Joomla", "year": 2023, |
| "note": "Improper access checks allow SQL injection via URL parameter"}, |
| {"id": "CVE-2022-21661", "cvss": 7.5, "vendor": "WordPress", "year": 2022, |
| "note": "SQL injection via WP_Query in core component"}, |
| {"id": "CVE-2023-40028", "cvss": 8.8, "vendor": "Ghost CMS", "year": 2023, |
| "note": "SQL injection leading to data exposure"}, |
| ], |
| }, |
|
|
| "CWE-78": { |
| "name": "OS Command Injection", |
| "full_name": "Improper Neutralization of Special Elements used in an OS Command", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/78.html", |
| "description": ( |
| "The product constructs all or part of an OS command using externally-influenced input " |
| "but does not neutralize elements that can modify the intended OS command, allowing " |
| "attackers to execute arbitrary commands with the privileges of the vulnerable process." |
| ), |
| "remediation_en": "Avoid shell execution functions. Use language APIs that accept argument arrays (not strings).", |
| "remediation_zh": "避免使用 shell 執行函式。改用語言 API 並以陣列方式傳遞參數(不使用字串拼接)。", |
| "representative_cves": [ |
| {"id": "CVE-2021-44228", "cvss": 10.0, "vendor": "Apache Log4j", "year": 2021, |
| "note": "JNDI injection leading to Remote Code Execution (Log4Shell)"}, |
| {"id": "CVE-2022-33891", "cvss": 8.8, "vendor": "Apache Spark", "year": 2022, |
| "note": "Shell injection via HTTP query parameter"}, |
| {"id": "CVE-2023-44487", "cvss": 7.5, "vendor": "Multiple HTTP servers", "year": 2023, |
| "note": "HTTP/2 Rapid Reset Attack enabling code execution"}, |
| ], |
| }, |
|
|
| "CWE-77": { |
| "name": "Command Injection", |
| "full_name": "Improper Neutralization of Special Elements used in a Command", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/77.html", |
| "description": "The product constructs a command using externally-influenced input without proper neutralization.", |
| "remediation_en": "Validate and whitelist all input. Use safe APIs instead of direct command execution.", |
| "remediation_zh": "驗證並白名單化所有輸入。使用安全 API 替代直接命令執行。", |
| "representative_cves": [ |
| {"id": "CVE-2021-44228", "cvss": 10.0, "vendor": "Apache Log4j", "year": 2021, |
| "note": "Command injection via JNDI lookup"}, |
| ], |
| }, |
|
|
| "CWE-79": { |
| "name": "Cross-Site Scripting (XSS)", |
| "full_name": "Improper Neutralization of Input During Web Page Generation", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "MEDIUM", |
| "cvss_base": 6.1, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/79.html", |
| "description": ( |
| "The product does not neutralize or incorrectly neutralizes user-controllable input " |
| "before it is placed in output that is used as a web page that is served to other users." |
| ), |
| "remediation_en": "Encode all output. Use Content Security Policy (CSP). Use framework's built-in escaping.", |
| "remediation_zh": "對所有輸出進行 HTML 編碼。啟用 CSP。使用框架內建的 escape 機制。", |
| "representative_cves": [ |
| {"id": "CVE-2023-32235", "cvss": 6.1, "vendor": "WordPress Plugin", "year": 2023, |
| "note": "Reflected XSS via unescaped URL parameter"}, |
| {"id": "CVE-2022-40082", "cvss": 5.4, "vendor": "Multiple CMS", "year": 2022, |
| "note": "Stored XSS via input field"}, |
| ], |
| }, |
|
|
| "CWE-80": { |
| "name": "Basic XSS (Improper HTML Encoding)", |
| "full_name": "Improper Neutralization of Script-Related HTML Tags in a Web Page", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "MEDIUM", |
| "cvss_base": 5.4, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/80.html", |
| "description": "The product does not neutralize or incorrectly neutralizes script tags in user input.", |
| "remediation_en": "HTML-encode all user output using htmlspecialchars() or equivalent.", |
| "remediation_zh": "使用 htmlspecialchars() 或同等函式對所有用戶輸出進行 HTML 編碼。", |
| "representative_cves": [ |
| {"id": "CVE-2023-32235", "cvss": 6.1, "vendor": "WordPress Plugin", "year": 2023, |
| "note": "Script injection via unencoded output"}, |
| ], |
| }, |
|
|
| "CWE-94": { |
| "name": "Code Injection", |
| "full_name": "Improper Control of Generation of Code", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/94.html", |
| "description": "User input is interpreted as executable code by the application.", |
| "remediation_en": "Never use eval() or equivalent with user input. Use safe alternatives (JSON.parse, predefined mappings).", |
| "remediation_zh": "絕不對用戶輸入使用 eval()。使用安全替代(JSON.parse、預定義映射)。", |
| "representative_cves": [ |
| {"id": "CVE-2021-41773", "cvss": 7.5, "vendor": "Apache HTTP Server", "year": 2021, |
| "note": "Path traversal + code injection in CGI"}, |
| ], |
| }, |
|
|
| "CWE-95": { |
| "name": "Dynamic Code Evaluation (eval Injection)", |
| "full_name": "Improper Neutralization of Directives in Dynamically Evaluated Code", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/95.html", |
| "description": ( |
| "The software receives input from an upstream component, but it does not neutralize " |
| "codes in the input before using it as part of a dynamically-evaluated code." |
| ), |
| "remediation_en": "Remove all uses of eval() with dynamic input. Use JSON.parse() for data, or a switch/map for logic.", |
| "remediation_zh": "移除所有對動態輸入的 eval() 使用。資料改用 JSON.parse(),邏輯改用 switch/map。", |
| "representative_cves": [ |
| {"id": "CVE-2023-29017", "cvss": 10.0, "vendor": "vm2 (Node.js sandbox)", "year": 2023, |
| "note": "Sandbox escape via eval injection leading to RCE"}, |
| {"id": "CVE-2021-22911", "cvss": 9.8, "vendor": "Rocket.Chat", "year": 2021, |
| "note": "Server-side eval injection leading to RCE"}, |
| ], |
| }, |
|
|
| "CWE-98": { |
| "name": "PHP File Inclusion", |
| "full_name": "Improper Control of Filename for Include/Require Statement in PHP", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/98.html", |
| "description": ( |
| "The PHP application receives input from an upstream component, but does not restrict " |
| "or incorrectly restricts the input before its use in a require, include, or similar " |
| "statement, allowing the web server to include and execute unintended PHP files." |
| ), |
| "remediation_en": "Use a strict whitelist of allowed filenames. Never use user input directly in include/require.", |
| "remediation_zh": "使用嚴格白名單限制允許的檔案名稱。絕不將用戶輸入直接傳入 include/require。", |
| "representative_cves": [ |
| {"id": "CVE-2023-23752", "cvss": 7.5, "vendor": "Joomla", "year": 2023, |
| "note": "Improper access check leading to Local File Inclusion"}, |
| {"id": "CVE-2021-39165", "cvss": 9.8, "vendor": "Cachet", "year": 2021, |
| "note": "Remote File Inclusion via template engine"}, |
| ], |
| }, |
|
|
| "CWE-90": { |
| "name": "LDAP Injection", |
| "full_name": "Improper Neutralization of Special Elements used in an LDAP Query", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 7.5, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/90.html", |
| "description": "User-supplied input is incorporated into LDAP queries without sufficient sanitization.", |
| "remediation_en": "Escape all special LDAP characters. Use parameterized LDAP queries.", |
| "remediation_zh": "對所有特殊 LDAP 字元進行轉義。使用參數化 LDAP 查詢。", |
| "representative_cves": [ |
| {"id": "CVE-2021-40539", "cvss": 9.8, "vendor": "ManageEngine", "year": 2021, |
| "note": "LDAP injection enabling authentication bypass"}, |
| ], |
| }, |
|
|
| "CWE-611": { |
| "name": "XML External Entity (XXE)", |
| "full_name": "Improper Restriction of XML External Entity Reference", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.6, |
| "owasp_2021": "A05:2021 – Security Misconfiguration", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/611.html", |
| "description": ( |
| "The software processes an XML document that can contain XML entities with URIs that " |
| "resolve to documents outside of the intended sphere of control, causing the product " |
| "to embed incorrect documents into its output." |
| ), |
| "remediation_en": "Disable external entity processing in XML parser. Use allowlist of allowed entities.", |
| "remediation_zh": "停用 XML 解析器的外部實體處理。使用允許的實體白名單。", |
| "representative_cves": [ |
| {"id": "CVE-2021-44228", "cvss": 10.0, "vendor": "Apache Log4j", "year": 2021, |
| "note": "XXE via JNDI lookup in log messages"}, |
| {"id": "CVE-2022-21363", "cvss": 7.0, "vendor": "MySQL Connector/J", "year": 2022, |
| "note": "XXE in XML data processing"}, |
| ], |
| }, |
|
|
| |
|
|
| "CWE-22": { |
| "name": "Path Traversal", |
| "full_name": "Improper Limitation of a Pathname to a Restricted Directory", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 7.5, |
| "owasp_2021": "A01:2021 – Broken Access Control", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/22.html", |
| "description": ( |
| "The software uses external input to construct a pathname that is intended to identify " |
| "a file or directory located underneath a restricted parent directory, but does not " |
| "properly neutralize special elements within the pathname that can cause it to resolve " |
| "to a location outside of that directory." |
| ), |
| "remediation_en": "Canonicalize paths before validation. Validate against a strict whitelist of allowed paths.", |
| "remediation_zh": "在驗證前正規化路徑。使用嚴格白名單驗證允許的路徑。", |
| "representative_cves": [ |
| {"id": "CVE-2021-41773", "cvss": 7.5, "vendor": "Apache HTTP Server", "year": 2021, |
| "note": "Path traversal allowing arbitrary file read"}, |
| {"id": "CVE-2022-22965", "cvss": 9.8, "vendor": "Spring Framework", "year": 2022, |
| "note": "Spring4Shell: path traversal leading to RCE"}, |
| ], |
| }, |
|
|
| "CWE-73": { |
| "name": "External Control of File Name or Path", |
| "full_name": "External Control of File Name or Path", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 7.5, |
| "owasp_2021": "A01:2021 – Broken Access Control", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/73.html", |
| "description": "The software allows user input to control or influence paths used in filesystem operations.", |
| "remediation_en": "Use a whitelist of allowed filenames. Sanitize directory separator characters.", |
| "remediation_zh": "使用允許的檔案名稱白名單。過濾目錄分隔字元。", |
| "representative_cves": [ |
| {"id": "CVE-2021-41773", "cvss": 7.5, "vendor": "Apache HTTP Server", "year": 2021, |
| "note": "File path control leading to arbitrary file access"}, |
| ], |
| }, |
|
|
| "CWE-134": { |
| "name": "Uncontrolled Format String", |
| "full_name": "Use of Externally-Controlled Format String", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.1, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/134.html", |
| "description": "User input is used as a format string in functions like printf, allowing memory read/write.", |
| "remediation_en": "Always use a literal format string. Never pass user input directly as the format argument.", |
| "remediation_zh": "永遠使用字面格式字串。絕不將用戶輸入直接作為格式參數傳入。", |
| "representative_cves": [ |
| {"id": "CVE-2021-3156", "cvss": 7.8, "vendor": "sudo", "year": 2021, |
| "note": "Heap-based buffer overflow via format string (Baron Samedit)"}, |
| ], |
| }, |
|
|
| |
|
|
| "CWE-502": { |
| "name": "Deserialization of Untrusted Data", |
| "full_name": "Deserialization of Untrusted Data", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A08:2021 – Software and Data Integrity Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/502.html", |
| "description": ( |
| "The application deserializes untrusted data without sufficiently verifying that the " |
| "resulting data will be valid, allowing attackers to control the state or flow of " |
| "execution, and potentially execute arbitrary code." |
| ), |
| "remediation_en": "Use safe data formats (JSON). Implement class allowlisting. Sign serialized data.", |
| "remediation_zh": "使用安全的資料格式(JSON)。實作類別白名單。對序列化資料進行簽名。", |
| "representative_cves": [ |
| {"id": "CVE-2018-2628", "cvss": 9.8, "vendor": "Oracle WebLogic", "year": 2018, |
| "note": "Java deserialization RCE via T3 protocol"}, |
| {"id": "CVE-2017-9248", "cvss": 9.8, "vendor": "Telerik UI", "year": 2017, |
| "note": ".NET deserialization leading to RCE"}, |
| {"id": "CVE-2022-22947", "cvss": 10.0, "vendor": "Spring Cloud Gateway", "year": 2022, |
| "note": "Code injection via SPEL in actuator endpoint"}, |
| ], |
| }, |
|
|
| "CWE-494": { |
| "name": "Download of Code Without Integrity Check", |
| "full_name": "Download of Code Without Integrity Check", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.1, |
| "owasp_2021": "A08:2021 – Software and Data Integrity Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/494.html", |
| "description": "The product downloads source code or an executable from a remote location without verifying its integrity.", |
| "remediation_en": "Verify checksums/signatures before execution. Use HTTPS. Pin dependency versions.", |
| "remediation_zh": "執行前驗證校驗和/簽名。使用 HTTPS。鎖定依賴版本。", |
| "representative_cves": [ |
| {"id": "CVE-2022-3602", "cvss": 7.5, "vendor": "OpenSSL", "year": 2022, |
| "note": "Certificate verification bypass enabling MitM"}, |
| ], |
| }, |
|
|
| |
|
|
| "CWE-312": { |
| "name": "Cleartext Storage of Sensitive Information", |
| "full_name": "Cleartext Storage of Sensitive Information", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "MEDIUM", |
| "cvss_base": 5.5, |
| "owasp_2021": "A02:2021 – Cryptographic Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/312.html", |
| "description": "Sensitive information (passwords, keys, PII) is stored in cleartext.", |
| "remediation_en": "Encrypt sensitive data at rest. Use hardware security modules for keys.", |
| "remediation_zh": "加密靜態敏感資料。使用硬體安全模組管理金鑰。", |
| "representative_cves": [ |
| {"id": "CVE-2023-27163", "cvss": 7.5, "vendor": "request-baskets", "year": 2023, |
| "note": "SSRF exposing internal credentials in cleartext"}, |
| ], |
| }, |
|
|
| "CWE-200": { |
| "name": "Exposure of Sensitive Information", |
| "full_name": "Exposure of Sensitive Information to an Unauthorized Actor", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "MEDIUM", |
| "cvss_base": 5.3, |
| "owasp_2021": "A02:2021 – Cryptographic Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/200.html", |
| "description": "The product exposes sensitive information to an actor that is not explicitly authorized to access it.", |
| "remediation_en": "Apply least-privilege principle. Audit error messages and logs for sensitive data leakage.", |
| "remediation_zh": "應用最小權限原則。審核錯誤訊息和日誌中的敏感資料洩漏。", |
| "representative_cves": [ |
| {"id": "CVE-2023-23752", "cvss": 7.5, "vendor": "Joomla", "year": 2023, |
| "note": "Unauthorized information disclosure via REST API"}, |
| ], |
| }, |
|
|
| "CWE-798": { |
| "name": "Use of Hard-coded Credentials", |
| "full_name": "Use of Hard-coded Credentials", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A07:2021 – Identification and Authentication Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/798.html", |
| "description": "The software contains hard-coded credentials such as passwords or cryptographic keys.", |
| "remediation_en": "Remove all hard-coded credentials. Use environment variables or secret management systems.", |
| "remediation_zh": "移除所有硬編碼憑證。改用環境變數或密鑰管理系統(Vault、AWS Secrets Manager 等)。", |
| "representative_cves": [ |
| {"id": "CVE-2022-29303", "cvss": 9.8, "vendor": "SolarView Compact", "year": 2022, |
| "note": "Hard-coded credentials enabling backdoor access"}, |
| {"id": "CVE-2021-20090", "cvss": 9.8, "vendor": "Buffalo Router", "year": 2021, |
| "note": "Hard-coded admin credentials"}, |
| ], |
| }, |
|
|
| |
|
|
| "CWE-326": { |
| "name": "Inadequate Encryption Strength", |
| "full_name": "Inadequate Encryption Strength", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "MEDIUM", |
| "cvss_base": 5.9, |
| "owasp_2021": "A02:2021 – Cryptographic Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/326.html", |
| "description": "The software stores or transmits sensitive data using an algorithm that is insufficiently strong given current conditions.", |
| "remediation_en": "Use AES-256 for symmetric encryption. Use RSA-2048+ or ECC P-256+ for asymmetric. Avoid MD5, SHA-1, DES.", |
| "remediation_zh": "對稱加密使用 AES-256。非對稱使用 RSA-2048+ 或 ECC P-256+。避免 MD5、SHA-1、DES。", |
| "representative_cves": [ |
| {"id": "CVE-2022-3602", "cvss": 7.5, "vendor": "OpenSSL", "year": 2022, |
| "note": "Inadequate certificate verification"}, |
| ], |
| }, |
|
|
| "CWE-295": { |
| "name": "Improper Certificate Validation", |
| "full_name": "Improper Certificate Validation", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 7.4, |
| "owasp_2021": "A02:2021 – Cryptographic Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/295.html", |
| "description": "The software does not validate, or incorrectly validates, a certificate.", |
| "remediation_en": "Enable full certificate chain validation. Pin certificates for high-value connections.", |
| "remediation_zh": "啟用完整的憑證鏈驗證。對高價值連線使用憑證鎖定(Certificate Pinning)。", |
| "representative_cves": [ |
| {"id": "CVE-2021-3449", "cvss": 5.9, "vendor": "OpenSSL", "year": 2021, |
| "note": "NULL pointer dereference during certificate validation"}, |
| ], |
| }, |
|
|
| |
|
|
| "CWE-862": { |
| "name": "Missing Authorization", |
| "full_name": "Missing Authorization", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.8, |
| "owasp_2021": "A01:2021 – Broken Access Control", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/862.html", |
| "description": "The software does not perform an authorization check when an actor attempts to access a resource or perform an action.", |
| "remediation_en": "Implement authorization checks on every endpoint. Use deny-by-default policy.", |
| "remediation_zh": "在每個端點實作授權檢查。使用預設拒絕策略。", |
| "representative_cves": [ |
| {"id": "CVE-2023-23752", "cvss": 7.5, "vendor": "Joomla", "year": 2023, |
| "note": "Missing authorization allowing data access"}, |
| {"id": "CVE-2022-27096", "cvss": 8.8, "vendor": "Multiple Web Apps", "year": 2022, |
| "note": "Broken access control leading to privilege escalation"}, |
| ], |
| }, |
|
|
| "CWE-287": { |
| "name": "Improper Authentication", |
| "full_name": "Improper Authentication", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A07:2021 – Identification and Authentication Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/287.html", |
| "description": "When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.", |
| "remediation_en": "Use strong multi-factor authentication. Validate session tokens properly.", |
| "remediation_zh": "使用強多因素認證。正確驗證 Session Token。", |
| "representative_cves": [ |
| {"id": "CVE-2022-35405", "cvss": 9.8, "vendor": "Zoho ManageEngine", "year": 2022, |
| "note": "Authentication bypass via improper validation"}, |
| ], |
| }, |
|
|
| "CWE-306": { |
| "name": "Missing Authentication for Critical Function", |
| "full_name": "Missing Authentication for Critical Function", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A07:2021 – Identification and Authentication Failures", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/306.html", |
| "description": "The software does not perform any authentication for functionality that requires a provable user identity.", |
| "remediation_en": "Require authentication for all sensitive operations. Implement zero-trust model.", |
| "remediation_zh": "所有敏感操作都要求認證。實作零信任模型。", |
| "representative_cves": [ |
| {"id": "CVE-2021-20090", "cvss": 9.8, "vendor": "Buffalo Network Device", "year": 2021, |
| "note": "Authentication bypass allowing unauthorized access"}, |
| ], |
| }, |
|
|
| |
|
|
| "CWE-601": { |
| "name": "Open Redirect", |
| "full_name": "URL Redirection to Untrusted Site", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "MEDIUM", |
| "cvss_base": 6.1, |
| "owasp_2021": "A01:2021 – Broken Access Control", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/601.html", |
| "description": "The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.", |
| "remediation_en": "Use a whitelist of allowed redirect URLs. Avoid using user input in redirect destinations.", |
| "remediation_zh": "使用允許的重定向 URL 白名單。避免在重定向目標中使用用戶輸入。", |
| "representative_cves": [ |
| {"id": "CVE-2023-33246", "cvss": 7.5, "vendor": "Apache RocketMQ", "year": 2023, |
| "note": "Open redirect enabling phishing attacks"}, |
| ], |
| }, |
|
|
| "CWE-918": { |
| "name": "Server-Side Request Forgery (SSRF)", |
| "full_name": "Server-Side Request Forgery (SSRF)", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.6, |
| "owasp_2021": "A10:2021 – Server-Side Request Forgery", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/918.html", |
| "description": "The server can be induced to make requests to unintended locations, including internal network services.", |
| "remediation_en": "Validate and whitelist URLs. Block access to internal IP ranges. Disable unnecessary URL schemes.", |
| "remediation_zh": "驗證並白名單化 URL。封鎖對內部 IP 範圍的存取。停用不必要的 URL 協定。", |
| "representative_cves": [ |
| {"id": "CVE-2023-27163", "cvss": 7.5, "vendor": "request-baskets", "year": 2023, |
| "note": "SSRF allowing internal network access"}, |
| {"id": "CVE-2019-8451", "cvss": 6.8, "vendor": "Jira", "year": 2019, |
| "note": "SSRF via IconUriServlet endpoint"}, |
| ], |
| }, |
|
|
| |
|
|
| "CWE-119": { |
| "name": "Buffer Overflow", |
| "full_name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/119.html", |
| "description": "The software performs operations on a memory buffer but can read from or write to a memory location outside of its intended bounds.", |
| "remediation_en": "Use memory-safe languages. Enable stack canaries, ASLR, and NX. Use bounds-checked functions.", |
| "remediation_zh": "使用記憶體安全語言。啟用棧金絲雀、ASLR 和 NX。使用有邊界檢查的函式。", |
| "representative_cves": [ |
| {"id": "CVE-2022-3602", "cvss": 7.5, "vendor": "OpenSSL", "year": 2022, |
| "note": "Buffer overflow in X.509 certificate verification"}, |
| ], |
| }, |
|
|
| "CWE-120": { |
| "name": "Classic Buffer Overflow", |
| "full_name": "Buffer Copy without Checking Size of Input", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "CRITICAL", |
| "cvss_base": 9.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/120.html", |
| "description": "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.", |
| "remediation_en": "Use strncpy/strncat with explicit size limits. Prefer C++ std::string or Rust.", |
| "remediation_zh": "使用帶大小限制的 strncpy/strncat。優先使用 C++ std::string 或 Rust。", |
| "representative_cves": [ |
| {"id": "CVE-2021-3156", "cvss": 7.8, "vendor": "sudo", "year": 2021, |
| "note": "Heap-based buffer overflow (Baron Samedit)"}, |
| ], |
| }, |
|
|
| "CWE-416": { |
| "name": "Use After Free", |
| "full_name": "Use After Free", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 7.8, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/416.html", |
| "description": "The software references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code.", |
| "remediation_en": "Set pointers to NULL after freeing. Use smart pointers in C++. Use memory-safe languages.", |
| "remediation_zh": "釋放後將指標設為 NULL。在 C++ 中使用智慧指標。優先考慮記憶體安全語言。", |
| "representative_cves": [ |
| {"id": "CVE-2022-0185", "cvss": 8.4, "vendor": "Linux Kernel", "year": 2022, |
| "note": "Use-after-free in filesystem context leading to privilege escalation"}, |
| ], |
| }, |
|
|
| "CWE-400": { |
| "name": "Uncontrolled Resource Consumption (ReDoS/DoS)", |
| "full_name": "Uncontrolled Resource Consumption", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 7.5, |
| "owasp_2021": "A04:2021 – Insecure Design", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/400.html", |
| "description": "The software does not properly control the allocation and maintenance of a limited resource, allowing attackers to cause denial of service via resource exhaustion.", |
| "remediation_en": "Implement rate limiting. Audit regex for exponential backtracking. Set resource limits.", |
| "remediation_zh": "實作速率限制。審核正則表達式是否有指數回溯。設置資源限制。", |
| "representative_cves": [ |
| {"id": "CVE-2023-28155", "cvss": 7.5, "vendor": "Node.js request", "year": 2023, |
| "note": "ReDoS via specially crafted URL"}, |
| ], |
| }, |
|
|
| "CWE-1333": { |
| "name": "Inefficient Regular Expression Complexity (ReDoS)", |
| "full_name": "Inefficient Regular Expression Complexity", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 7.5, |
| "owasp_2021": "A04:2021 – Insecure Design", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/1333.html", |
| "description": "The product uses a regular expression with an inefficient, exponential worst-case computational complexity that consumes excessive CPU cycles.", |
| "remediation_en": "Audit regex for catastrophic backtracking. Use linear-time regex engines. Enforce timeouts.", |
| "remediation_zh": "審核正則表達式的災難性回溯問題。使用線性時間正則引擎。強制設置超時。", |
| "representative_cves": [ |
| {"id": "CVE-2022-24999", "cvss": 7.5, "vendor": "qs (npm)", "year": 2022, |
| "note": "ReDoS in query string parsing"}, |
| ], |
| }, |
|
|
| "CWE-1321": { |
| "name": "Prototype Pollution", |
| "full_name": "Improperly Controlled Modification of Object Prototype Attributes", |
| "source": "MITRE CWE v4.14", |
| "nist_severity": "HIGH", |
| "cvss_base": 8.1, |
| "owasp_2021": "A03:2021 – Injection", |
| "cwe_url": "https://cwe.mitre.org/data/definitions/1321.html", |
| "description": "Modifying the Object prototype in JavaScript can affect all objects, allowing attackers to inject malicious properties.", |
| "remediation_en": "Use Object.create(null) for maps. Validate keys. Use hasOwnProperty checks.", |
| "remediation_zh": "使用 Object.create(null) 作為映射。驗證鍵名。使用 hasOwnProperty 檢查。", |
| "representative_cves": [ |
| {"id": "CVE-2022-37601", "cvss": 9.8, "vendor": "loader-utils (npm)", "year": 2022, |
| "note": "Prototype pollution via webpack loader configuration"}, |
| {"id": "CVE-2021-23337", "cvss": 7.2, "vendor": "lodash", "year": 2021, |
| "note": "Prototype pollution via merge/zipObjectDeep"}, |
| ], |
| }, |
|
|
| } |
|
|
| |
| |
| |
|
|
| def get_cwe_info(cwe_id: str) -> dict | None: |
| """ |
| 查詢 CWE 官方資訊。 |
| |
| Args: |
| cwe_id: CWE 識別碼,例如 "CWE-89" |
| |
| Returns: |
| CWE 資訊字典,若未找到則回傳 None |
| """ |
| normalized = cwe_id.strip().upper() |
| result = CWE_DATABASE.get(normalized) |
| if result is None: |
| logger.debug("[CWE_DB] CWE not found in database: %s", normalized) |
| return result |
|
|
|
|
| def format_cwe_for_advisor(cwe_id: str, include_cves: bool = True) -> str: |
| """ |
| 格式化 CWE 資訊,供 Advisor 輸出使用。 |
| |
| 格式設計原則: |
| - 明確標注來源(非 LLM 生成) |
| - 包含 MITRE 官方定義、NIST 嚴重性、OWASP 對應 |
| - 可選:代表性 CVE(附免責聲明) |
| |
| Args: |
| cwe_id: CWE 識別碼 |
| include_cves: 是否包含代表性 CVE |
| |
| Returns: |
| 格式化後的字串 |
| """ |
| info = get_cwe_info(cwe_id) |
| if not info: |
| return f"[{cwe_id}] No official data found in MITRE CWE v4.14 database" |
|
|
| lines = [ |
| f"[{cwe_id}] {info['name']}", |
| f"來源:{info.get('source', 'MITRE CWE')} | " |
| f"NIST 嚴重性:{info.get('nist_severity', 'N/A')} | " |
| f"CVSS Base:{info.get('cvss_base', 'N/A')}", |
| f"OWASP:{info.get('owasp_2021', 'N/A')}", |
| f"官方URL:{info.get('cwe_url', '')}", |
| f"定義:{info.get('description', '')}", |
| f"修復:{info.get('remediation_zh', info.get('remediation_en', 'N/A'))}", |
| ] |
|
|
| if include_cves: |
| rep_cves = info.get("representative_cves", []) |
| if rep_cves: |
| lines.append( |
| "代表性 CVE(同類弱點真實案例,非本程式碼的直接 CVE):" |
| ) |
| for cve in rep_cves[:3]: |
| lines.append( |
| f" → {cve['id']} | CVSS {cve['cvss']} | " |
| f"{cve.get('vendor', '')} ({cve.get('year', '')}) | " |
| f"{cve.get('note', '')}" |
| ) |
|
|
| return "\n".join(lines) |
|
|
|
|
| def get_cwe_severity(cwe_id: str) -> str: |
| """回傳 CWE 的 NIST 嚴重性等級(HIGH/CRITICAL/MEDIUM/LOW),未知則回傳 UNKNOWN""" |
| info = get_cwe_info(cwe_id) |
| return info.get("nist_severity", "UNKNOWN") if info else "UNKNOWN" |
|
|
|
|
| def get_representative_cves(cwe_id: str) -> list[dict]: |
| """回傳 CWE 的代表性 CVE 列表(最多 3 個),未知則回傳空列表""" |
| info = get_cwe_info(cwe_id) |
| return info.get("representative_cves", [])[:3] if info else [] |
|
|
|
|
| def list_covered_cwes() -> list[str]: |
| """回傳資料庫中所有覆蓋的 CWE ID""" |
| return sorted(CWE_DATABASE.keys()) |
|
|
