Kurt Boberg kurt-r2c

## owasp_2017_to_cwe.yaml
A01:2017 - Injection:
- 'CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection'
- 'CWE-77: Improper Neutralization of Special Elements used in a Command (''Command
  Injection'')'
- 'CWE-78: Improper Neutralization of Special Elements used in an OS Command (''OS
  Command Injection'')'
- 'CWE-88: Improper Neutralization of Argument Delimiters in a Command (''Argument
  Injection'')'
- 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command (''SQL
  Injection'')'

## owasp_2021_to_cwe.yaml
A01:2021 - Broken Access Control:
- 'CWE CATEGORY: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control'
- 'CWE-22: Improper Limitation of a Pathname to a Restricted Directory (''Path Traversal'')'
- 'CWE-23: Relative Path Traversal'
- 'CWE-35: Path Traversal: ''.../...//'''
- 'CWE-59: Improper Link Resolution Before File Access (''Link Following'')'
- 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'
- 'CWE-201: Insertion of Sensitive Information Into Sent Data'
- 'CWE-219: Storage of File with Sensitive Data Under Web Root'
- 'CWE CATEGORY: Permissions, Privileges, and Access Controls'

## js_import.yaml
patterns:
  - metavariable-regex:
      metavariable: $FUNC
      regex: (NOTSET)
  - pattern-either:
      - patterns:
          - pattern-either:
              - pattern: $IMPORT.$FUNC(...)
              - pattern: $IMPORT.$FUNC.call(...)
              - pattern: $F(...,$IMPORT.$FUNC,...)

## honk.svg

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                kurt-r2c
                / honk.svg
            
            
              Created
              May 22, 2023 18:59
            
          
        
      
        
  
    
    

          
    
        Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
	A01:2017 - Injection:
	- 'CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection'
	- 'CWE-77: Improper Neutralization of Special Elements used in a Command (''Command
	Injection'')'
	- 'CWE-78: Improper Neutralization of Special Elements used in an OS Command (''OS
	Command Injection'')'
	- 'CWE-88: Improper Neutralization of Argument Delimiters in a Command (''Argument
	Injection'')'
	- 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command (''SQL
	Injection'')'
	A01:2021 - Broken Access Control:
	- 'CWE CATEGORY: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control'
	- 'CWE-22: Improper Limitation of a Pathname to a Restricted Directory (''Path Traversal'')'
	- 'CWE-23: Relative Path Traversal'
	- 'CWE-35: Path Traversal: ''.../...//'''
	- 'CWE-59: Improper Link Resolution Before File Access (''Link Following'')'
	- 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'
	- 'CWE-201: Insertion of Sensitive Information Into Sent Data'
	- 'CWE-219: Storage of File with Sensitive Data Under Web Root'
	- 'CWE CATEGORY: Permissions, Privileges, and Access Controls'
	patterns:
	- metavariable-regex:
	metavariable: $FUNC
	regex: (NOTSET)
	- pattern-either:
	- patterns:
	- pattern-either:
	- pattern: $IMPORT.$FUNC(...)
	- pattern: $IMPORT.$FUNC.call(...)
	- pattern: $F(...,$IMPORT.$FUNC,...)