relaxnow/categories-to-csv.go

## categories-to-csv.go
package main

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"log"
	"os"
)

func main() {
	categories := readCategories()

	fmt.Println("CWE ID;CWE Name;Static Support;Dynamic Support;Veracode Severity")

	for i := 0; i < len(categories); i++ {
		category := categories[i]
		for k := 0; k < len(category.CWEs); k++ {
			categoryCWE := category.CWEs[k]
			staticSupport := ""
			if categoryCWE.Static {
				staticSupport = "X"
			}
			dynamicSupport := ""
			if categoryCWE.Dynamic {
				dynamicSupport = "X"
			}
			severity := "UNKNOWN"
			if categoryCWE.Severity == "0" {
				severity = "0 - Informational"
			}
			if categoryCWE.Severity == "1" {
				severity = "1 - Very Low"
			}
			if categoryCWE.Severity == "2" {
				severity = "2 - Low"
			}
			if categoryCWE.Severity == "3" {
				severity = "3 - Medium"
			}
			if categoryCWE.Severity == "4" {
				severity = "4 - High"
			}
			if categoryCWE.Severity == "5" {
				severity = "5 - Very High"
			}

			fmt.Printf("%s;%s;%s;%s;%s\r\n", categoryCWE.ID, categoryCWE.Name, staticSupport, dynamicSupport, severity)
		}
	}
}

func readCategories() []FlawCategory {
	categoriesJson, err := os.Open("categories.json")
	if err != nil {
		log.Panicln(err)
	}
	defer categoriesJson.Close()

	byteValue, _ := ioutil.ReadAll(categoriesJson)
	var categories []FlawCategory
	json.Unmarshal(byteValue, &categories)
	return categories
}

type FlawCategory struct {
	Name string        `json:"Flaw Category"`
	CWEs []CategoryCWE `json:"CWEs"`
}

type CWE struct {
	ID               string `json:"CWE ID"`
	Name             string `json:"CWE Name"`
	Static           bool   `json:"Static"`
	VeracodeSeverity string `json:"Veracode Severity"`
	CategoryName     string `json:"Category Name"`
}

type CategoryCWE struct {
	ID               string `json:"CWE ID"`
	Name             string `json:"CWE Name"`
	Static           bool   `json:"Static"`
	Dynamic          bool   `json:"Dynamic"`
	VeracodeSeverity string `json:"Veracode Severity"`
	Severity         string `json:"Flaw Severity"`
	CategoryName     string `json:"Category Name"`
}

## categories.csv
CWE ID;CWE Name;Static Support;Dynamic Support;Veracode Severity
234;Failure to Handle Missing Parameter;X;;3 - Medium
243;Creation of Chroot Jail Without Changing Working Directory;X;;4 - High
245;J2EE Bad Practices: Direct Management of Connections;X;;2 - Low
560;Use of Umask() with Chmod-Style Argument;X;;3 - Medium
628;Function Call with Incorrectly Specified Arguments;X;;2 - Low
675;Duplicate Operations on Resource;X;;2 - Low
287;Improper Authentication;X;X;4 - High
352;Cross-Site Request Forgery (CSRF);X;X;3 - Medium
693;Protection Mechanism Failure;X;X;3 - Medium
99;Improper Control of Resource Identifiers;X;;3 - Medium
272;Least Privilege Violation;X;;3 - Medium
273;Improper Check for Dropped Privileges;X;;3 - Medium
274;Improper Handling of Insufficient Privileges;X;;0 - Informational
282;Improper Ownership Management;X;;3 - Medium
285;Improper Authorization;X;X;3 - Medium
346;Origin Validation Error;X;;3 - Medium
350;Reliance on Reverse DNS Resolution for a Security-Critical Action;X;;3 - Medium
639;Authorization Bypass Through User-Controlled Key;X;;4 - High
566;Authorization Bypass Through User-Controlled SQL Primary Key;X;;3 - Medium
708;Incorrect Ownership Assignment;X;;4 - High
732;Incorrect Permission Assignment for Critical Resource;X;;3 - Medium
942;Permissive Cross-domain Policy with Untrusted Domains;X;X;3 - Medium
118;Improper Access of Indexable Resource (Range Error);X;;3 - Medium
125;Out-of-Bounds Read;X;;3 - Medium
129;Improper Validation of Array Index;X;;3 - Medium
135;Incorrect Calculation of Multi-Byte String Length;X;;5 - Very High
170;Improper Null Termination;X;;3 - Medium
193;Off-by-One Error;X;;3 - Medium
787;Out-of-Bounds Write;X;;3 - Medium
823;Use of Out-of-Range Pointer Offset;X;;3 - Medium
824;Access of Uninitialized Pointer;X;;3 - Medium
121;Stack-Based Buffer Overflow;X;;5 - Very High
74;Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection);;X;4 - High
91;XML Injection (Blind XPath Injection);X;X;3 - Medium
94;Improper Control of Generation of Code;X;;3 - Medium
95;Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection');X;X;5 - Very High
98;Improper Control of Filename for Include/Require Statement in PHP Program (PHP File Inclusion);X;X;4 - High
185;Incorrect Regular Expression;X;;2 - Low
830;Inclusion of Web Functionality from an Untrusted Source;;X;2 - Low
111;Direct Use of Unsafe JNI;X;;4 - High
159;Failure to Sanitize Special Element;X;;0 - Informational
401;Improper Release of Memory Before Removing Last Reference (Memory Leak);X;;2 - Low
404;Improper Resource Shutdown or Release;X;;0 - Informational
415;Double Free;X;;3 - Medium
416;Use After Free;X;;2 - Low
477;Use of Obsolete Functions;X;X;0 - Informational
479;Signal Handler Use of a Non-Reentrant Function;X;;3 - Medium
489;Leftover Debug Code;X;;3 - Medium
597;Use of Wrong Operator in String Comparison;X;;2 - Low
77;Improper Neutralization of Special Elements used in a Command (Command Injection);X;;5 - Very High
78;Improper Neutralization of Special Elements used in an OS Command (OS Command Injection);X;X;5 - Very High
88;Argument Injection or Modification;X;;3 - Medium
256;Plaintext Storage of a Password;X;;3 - Medium
259;Use of Hard-coded Password;X;;3 - Medium
522;Insufficiently Protected Credentials;X;X;3 - Medium
798;Use of Hard-code Credentials;X;;3 - Medium
93;Improper Neutralization of CRLF Sequences (CRLF Injection);X;;3 - Medium
113;Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting);X;X;3 - Medium
117;Improper Output Neutralization for Logs;X;;3 - Medium
79;Improper Neutralization of Input During Web Page Generation (Cross-site Scripting);X;X;3 - Medium
80;Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS);X;X;3 - Medium
83;Improper Neutralization of Script in Attributes in a Web Page;X;X;3 - Medium
86;Improper Neutralization of Invalid Characters in Identifiers in Web Pages;X;;3 - Medium
261;Weak Cryptography for Passwords;X;;3 - Medium
295;Improper Certificate Validation;X;;3 - Medium
296;Improper Following of Chain of Trust for Certificate Validation;;X;3 - Medium
297;Improper Validation of Host-specific Certificate Data;X;X;3 - Medium
298;Improper Validation of Certificate Expiration;;X;3 - Medium
299;Improper Check for Certificate Revocation;;X;3 - Medium
311;Missing Encryption of Sensitive Data;X;;3 - Medium
312;Cleartext Storage of Sensitive Information;X;;3 - Medium
313;Plaintext Storage in a File or on Disk;X;;3 - Medium
316;Plaintext Storage in Memory;X;;3 - Medium
319;Cleartext Transmission of Sensitive Information;X;;3 - Medium
321;Use of Hard-coded Cryptographic Key;X;X;3 - Medium
326;Inadequate Encryption Strength;X;X;3 - Medium
327;Use of a Broken or Risky Cryptographic Algorithm;X;X;3 - Medium
328;Reversible One-Way Hash;X;;3 - Medium
329;Not Using a Random IV with CBC Mode;X;;2 - Low
330;Use of Insufficiently Random Values;X;;3 - Medium
331;Insufficient Entropy;X;;3 - Medium
338;Use of Cryptographically Weak Pseudo-Random Number Generator;X;;3 - Medium
347;Improper Verification of Cryptographic Signature;X;;2 - Low
354;Improper Validation of Integrity Check Value;X;;3 - Medium
547;Use of Hard-coded, Security-relevant Constants;X;;3 - Medium
614;Sensitive Cookie in HTTPS Session Without Secure Attribute;X;X;2 - Low
760;Use of a One-Way Hash with a Predictable Salt;X;;3 - Medium
780;Use of RSA with Optimal Asymmetric Encryption Padding;X;;3 - Medium
916;Use of Password Hash With Insufficient Computational Effort;X;;3 - Medium
242;Use of Inherently Dangerous Function;X;;5 - Very High
676;Use of Potentially Dangerous Function;X;;3 - Medium
402;Transmission of Private Resources into a New Sphere (Resource Leak);;X;3 - Medium
668;Exposure of Resource to Wrong Sphere;X;X;3 - Medium
926;Improper Export of Android Application Components;X;;3 - Medium
22;Improper Limitation of a Pathname to a Restricted Directory (Path Traversal);X;X;3 - Medium
35;Path Traversal;X;;2 - Low
73;External Control of File Name or Path;X;;3 - Medium
494;Download of Code Without Integrity Check;X;;5 - Very High
501;Trust Boundary Violation;X;;3 - Medium
502;Deserialization of Untrusted Data;X;;3 - Medium
749;Exposed Dangerous Method or Function;X;;4 - High
248;Uncaught Exception;X;;2 - Low
252;Unchecked Return Value;X;;2 - Low
134;Use of Externally-Controlled Format String;X;;5 - Very High
200;Information Exposure;X;X;2 - Low
201;Insertion of Sensitive Information Into Sent Data;X;;2 - Low
209;Information Exposure Through an Error Message;X;X;2 - Low
215;Information Exposure Through Debug Information;X;X;2 - Low
359;Exposure of Private Information (Privacy Violation);X;;2 - Low
497;Exposure of System Data to an Unauthorized Control Sphere;X;;2 - Low
526;Information Exposure Through Environmental Variables;;X;2 - Low
530;Exposure of Backup File to an Unauthorized Control Sphere;;X;2 - Low
532;Insertion of Sensitive Information into Log File;X;;2 - Low
538;File and Directory Information Exposure;;X;0 - Informational
548;Information Exposure Through Directory Listing;;X;2 - Low
611;Information Exposure Through XML External Entity Reference;X;X;3 - Medium
615;Information Exposure Through Comments;X;X;0 - Informational
665;Improper Initialization;X;;2 - Low
918;Server-side Request Forgery;X;X;3 - Medium
829;Inclusion of Functionality from Untrusted Control Sphere;X;X;3 - Medium
20;Improper Input Validation;X;;0 - Informational
90;Improper Neutralization of Special Elements Used in an LDAP Query (LDAP Injection);X;;3 - Medium
103;Struts: Incomplete validate() Method Definition;X;;3 - Medium
104;Struts: Form Bean Does Not Extend Validation Class;X;;3 - Medium
112;Missing XML Validation;X;;3 - Medium
183;Permissive List of Allowed Inputs;X;;3 - Medium
345;Insufficient Verification of Data Authenticity;X;;4 - High
434;Unrestricted Upload of File with Dangerous Type;;X;4 - High
470;Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection);X;;3 - Medium
472;External Control of Assumed-Immutable Web Parameter;X;;3 - Medium
601;URL Redirection to Untrusted Site (Open Redirect);X;X;3 - Medium
618;Exposed Unsafe ActiveX Method;X;;5 - Very High
915;Improperly Controlled Modification of Dynamically-Determined Object Attributes;X;;3 - Medium
1174;ASP.NET Misconfiguration: Improper Model Validation;X;;2 - Low
1236;Improper Neutralization of Formula Elements in a CSV File;X;;3 - Medium
223;Omission of Security-relevant Information;X;X;2 - Low
190;Integer Overflow or Wraparound;X;;5 - Very High
191;Integer Underflow (Wrap or Wraparound);X;;3 - Medium
192;Integer Coercion Error;X;;3 - Medium
195;Signed to Unsigned Conversion Error;X;;3 - Medium
196;Unsigned to Signed Conversion Error;X;;3 - Medium
197;Numeric Truncation Error;X;;3 - Medium
398;Indicator of Poor Code Quality;X;;0 - Informational
506;Embedded Malicious Code;X;;4 - High
511;Logic/Time Bomb;X;;5 - Very High
514;Covert Channel;X;;2 - Low
656;Reliance on Security Through Obscurity;X;;0 - Informational
366;Race Condition within a Thread;X;;3 - Medium
367;Time-of-check Time-of-use (TOCTOU) Race Condition;X;;3 - Medium
421;Race Condition During Access to Alternate Channel;X;;3 - Medium
16;Configuration;;X;0 - Informational
441;Unintended Proxy or Intermediary (Confused Deputy);X;;3 - Medium
642;External Control of Critical State Data;;X;2 - Low
757;Selection of Less-Secure Algorithm During Negotiation (Algorithm Downgrade);X;X;3 - Medium
384;Session Fixation;X;X;3 - Medium
89;Improper Neutralization of Special Elements used in an SQL Command (SQL Injection);X;X;4 - High
564;SQL Injection: Hibernate;X;;4 - High
943;Improper Neutralization of Special Elements in Data Query Logic;X;;4 - High
377;Insecure Temporary File;X;;3 - Medium
382;J2EE Bad Practices: Use of System.exit();X;;2 - Low
557;Concurrency Issues;X;;2 - Low
691;Insufficient Control Flow Management;X;;0 - Informational
15;External Control of System or Configuration Setting;X;;4 - High
454;External Initialization of Trusted Variables or Data Stores;X;;0 - Informational
114;Process Control;X;;5 - Very High
426;Untrusted Search Path;X;;3 - Medium
427;Uncontrolled Search Path Element;X;;3 - Medium

## categories.json
[
    {
       "Flaw Category":"API Abuse",
       "CWEs":[
          {
             "CWE ID":"234",
             "CWE Name":"Failure to Handle Missing Parameter",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"243",
             "CWE Name":"Creation of Chroot Jail Without Changing Working Directory",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"245",
             "CWE Name":"J2EE Bad Practices: Direct Management of Connections",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"560",
             "CWE Name":"Use of Umask() with Chmod-Style Argument",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"628",
             "CWE Name":"Function Call with Incorrectly Specified Arguments",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"675",
             "CWE Name":"Duplicate Operations on Resource",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Authentication Issues",
       "CWEs":[
          {
             "CWE ID":"287",
             "CWE Name":"Improper Authentication",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"352",
             "CWE Name":"Cross-Site Request Forgery (CSRF)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"693",
             "CWE Name":"Protection Mechanism Failure",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"Authorization Issues",
       "CWEs":[
          {
             "CWE ID":"99",
             "CWE Name":"Improper Control of Resource Identifiers",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"272",
             "CWE Name":"Least Privilege Violation",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"273",
             "CWE Name":"Improper Check for Dropped Privileges",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"274",
             "CWE Name":"Improper Handling of Insufficient Privileges",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"282",
             "CWE Name":"Improper Ownership Management",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"285",
             "CWE Name":"Improper Authorization",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"346",
             "CWE Name":"Origin Validation Error",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"350",
             "CWE Name":"Reliance on Reverse DNS Resolution for a Security-Critical Action",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"639",
             "CWE Name":"Authorization Bypass Through User-Controlled Key",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"566",
             "CWE Name":"Authorization Bypass Through User-Controlled SQL Primary Key",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"708",
             "CWE Name":"Incorrect Ownership Assignment",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"732",
             "CWE Name":"Incorrect Permission Assignment for Critical Resource",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"942",
             "CWE Name":"Permissive Cross-domain Policy with Untrusted Domains",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"Buffer Management Errors",
       "CWEs":[
          {
             "CWE ID":"118",
             "CWE Name":"Improper Access of Indexable Resource (Range Error)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"125",
             "CWE Name":"Out-of-Bounds Read",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"129",
             "CWE Name":"Improper Validation of Array Index",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"135",
             "CWE Name":"Incorrect Calculation of Multi-Byte String Length",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"170",
             "CWE Name":"Improper Null Termination",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"193",
             "CWE Name":"Off-by-One Error",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"787",
             "CWE Name":"Out-of-Bounds Write",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"823",
             "CWE Name":"Use of Out-of-Range Pointer Offset",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"824",
             "CWE Name":"Access of Uninitialized Pointer",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Buffer Overflow",
       "CWEs":[
          {
             "CWE ID":"121",
             "CWE Name":"Stack-Based Buffer Overflow",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Code Injection",
       "CWEs":[
          {
             "CWE ID":"74",
             "CWE Name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)",
             "Flaw Severity":"4",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"91",
             "CWE Name":"XML Injection (Blind XPath Injection)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"94",
             "CWE Name":"Improper Control of Generation of Code",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"95",
             "CWE Name":"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"98",
             "CWE Name":"Improper Control of Filename for Include/Require Statement in PHP Program (PHP File Inclusion)",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"185",
             "CWE Name":"Incorrect Regular Expression",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"830",
             "CWE Name":"Inclusion of Web Functionality from an Untrusted Source",
             "Flaw Severity":"2",
             "Static":false,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"Code Quality",
       "CWEs":[
          {
             "CWE ID":"111",
             "CWE Name":"Direct Use of Unsafe JNI",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"159",
             "CWE Name":"Failure to Sanitize Special Element",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"401",
             "CWE Name":"Improper Release of Memory Before Removing Last Reference (Memory Leak)",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"404",
             "CWE Name":"Improper Resource Shutdown or Release",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"415",
             "CWE Name":"Double Free",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"416",
             "CWE Name":"Use After Free",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"477",
             "CWE Name":"Use of Obsolete Functions",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"479",
             "CWE Name":"Signal Handler Use of a Non-Reentrant Function",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"489",
             "CWE Name":"Leftover Debug Code",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"597",
             "CWE Name":"Use of Wrong Operator in String Comparison",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Command or Argument Injection",
       "CWEs":[
          {
             "CWE ID":"77",
             "CWE Name":"Improper Neutralization of Special Elements used in a Command (Command Injection)",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"78",
             "CWE Name":"Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"88",
             "CWE Name":"Argument Injection or Modification",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Credentials Management",
       "CWEs":[
          {
             "CWE ID":"256",
             "CWE Name":"Plaintext Storage of a Password",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"259",
             "CWE Name":"Use of Hard-coded Password",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"522",
             "CWE Name":"Insufficiently Protected Credentials",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"798",
             "CWE Name":"Use of Hard-code Credentials",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"CRLF Injection",
       "CWEs":[
          {
             "CWE ID":"93",
             "CWE Name":"Improper Neutralization of CRLF Sequences (CRLF Injection)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"113",
             "CWE Name":"Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"117",
             "CWE Name":"Improper Output Neutralization for Logs",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Cross-Site Scripting (XSS)",
       "CWEs":[
          {
             "CWE ID":"79",
             "CWE Name":"Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"80",
             "CWE Name":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"83",
             "CWE Name":"Improper Neutralization of Script in Attributes in a Web Page",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"86",
             "CWE Name":"Improper Neutralization of Invalid Characters in Identifiers in Web Pages",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Cryptographic Issues",
       "CWEs":[
          {
             "CWE ID":"261",
             "CWE Name":"Weak Cryptography for Passwords",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"295",
             "CWE Name":"Improper Certificate Validation",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"296",
             "CWE Name":"Improper Following of Chain of Trust for Certificate Validation",
             "Flaw Severity":"3",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"297",
             "CWE Name":"Improper Validation of Host-specific Certificate Data",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"298",
             "CWE Name":"Improper Validation of Certificate Expiration",
             "Flaw Severity":"3",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"299",
             "CWE Name":"Improper Check for Certificate Revocation",
             "Flaw Severity":"3",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"311",
             "CWE Name":"Missing Encryption of Sensitive Data",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"312",
             "CWE Name":"Cleartext Storage of Sensitive Information",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"313",
             "CWE Name":"Plaintext Storage in a File or on Disk",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"316",
             "CWE Name":"Plaintext Storage in Memory",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"319",
             "CWE Name":"Cleartext Transmission of Sensitive Information",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"321",
             "CWE Name":"Use of Hard-coded Cryptographic Key",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"326",
             "CWE Name":"Inadequate Encryption Strength",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"327",
             "CWE Name":"Use of a Broken or Risky Cryptographic Algorithm",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"328",
             "CWE Name":"Reversible One-Way Hash",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"329",
             "CWE Name":"Not Using a Random IV with CBC Mode",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"330",
             "CWE Name":"Use of Insufficiently Random Values",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"331",
             "CWE Name":"Insufficient Entropy",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"338",
             "CWE Name":"Use of Cryptographically Weak Pseudo-Random Number Generator",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"347",
             "CWE Name":"Improper Verification of Cryptographic Signature",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"354",
             "CWE Name":"Improper Validation of Integrity Check Value",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"547",
             "CWE Name":"Use of Hard-coded, Security-relevant Constants",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"614",
             "CWE Name":"Sensitive Cookie in HTTPS Session Without Secure Attribute",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"760",
             "CWE Name":"Use of a One-Way Hash with a Predictable Salt",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"780",
             "CWE Name":"Use of RSA with Optimal Asymmetric Encryption Padding",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"916",
             "CWE Name":"Use of Password Hash With Insufficient Computational Effort",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Dangerous Functions",
       "CWEs":[
          {
             "CWE ID":"242",
             "CWE Name":"Use of Inherently Dangerous Function",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"676",
             "CWE Name":"Use of Potentially Dangerous Function",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Deployment Configuration",
       "CWEs":[
          {
             "CWE ID":"402",
             "CWE Name":"Transmission of Private Resources into a New Sphere (Resource Leak)",
             "Flaw Severity":"3",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"668",
             "CWE Name":"Exposure of Resource to Wrong Sphere",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"926",
             "CWE Name":"Improper Export of Android Application Components",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Directory Traversal",
       "CWEs":[
          {
             "CWE ID":"22",
             "CWE Name":"Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"35",
             "CWE Name":"Path Traversal",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"73",
             "CWE Name":"External Control of File Name or Path",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Encapsulation",
       "CWEs":[
          {
             "CWE ID":"494",
             "CWE Name":"Download of Code Without Integrity Check",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"501",
             "CWE Name":"Trust Boundary Violation",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"502",
             "CWE Name":"Deserialization of Untrusted Data",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"749",
             "CWE Name":"Exposed Dangerous Method or Function",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Error Handling",
       "CWEs":[
          {
             "CWE ID":"248",
             "CWE Name":"Uncaught Exception",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"252",
             "CWE Name":"Unchecked Return Value",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Format String",
       "CWEs":[
          {
             "CWE ID":"134",
             "CWE Name":"Use of Externally-Controlled Format String",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Information Leakage",
       "CWEs":[
          {
             "CWE ID":"200",
             "CWE Name":"Information Exposure",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"201",
             "CWE Name":"Insertion of Sensitive Information Into Sent Data",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"209",
             "CWE Name":"Information Exposure Through an Error Message",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"215",
             "CWE Name":"Information Exposure Through Debug Information",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"359",
             "CWE Name":"Exposure of Private Information (Privacy Violation)",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"497",
             "CWE Name":"Exposure of System Data to an Unauthorized Control Sphere",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"526",
             "CWE Name":"Information Exposure Through Environmental Variables",
             "Flaw Severity":"2",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"530",
             "CWE Name":"Exposure of Backup File to an Unauthorized Control Sphere",
             "Flaw Severity":"2",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"532",
             "CWE Name":"Insertion of Sensitive Information into Log File",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"538",
             "CWE Name":"File and Directory Information Exposure",
             "Flaw Severity":"0",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"548",
             "CWE Name":"Information Exposure Through Directory Listing",
             "Flaw Severity":"2",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"611",
             "CWE Name":"Information Exposure Through XML External Entity Reference",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"615",
             "CWE Name":"Information Exposure Through Comments",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"665",
             "CWE Name":"Improper Initialization",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"918",
             "CWE Name":"Server-side Request Forgery",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"Insecure Dependencies",
       "CWEs":[
          {
             "CWE ID":"829",
             "CWE Name":"Inclusion of Functionality from Untrusted Control Sphere",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"Insufficient Input Validation",
       "CWEs":[
          {
             "CWE ID":"20",
             "CWE Name":"Improper Input Validation",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"90",
             "CWE Name":"Improper Neutralization of Special Elements Used in an LDAP Query (LDAP Injection)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"103",
             "CWE Name":"Struts: Incomplete validate() Method Definition",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"104",
             "CWE Name":"Struts: Form Bean Does Not Extend Validation Class",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"112",
             "CWE Name":"Missing XML Validation",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"183",
             "CWE Name":"Permissive List of Allowed Inputs",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"345",
             "CWE Name":"Insufficient Verification of Data Authenticity",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"434",
             "CWE Name":"Unrestricted Upload of File with Dangerous Type",
             "Flaw Severity":"4",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"470",
             "CWE Name":"Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"472",
             "CWE Name":"External Control of Assumed-Immutable Web Parameter",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"601",
             "CWE Name":"URL Redirection to Untrusted Site (Open Redirect)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"618",
             "CWE Name":"Exposed Unsafe ActiveX Method",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"915",
             "CWE Name":"Improperly Controlled Modification of Dynamically-Determined Object Attributes",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"1174",
             "CWE Name":"ASP.NET Misconfiguration: Improper Model Validation",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"1236",
             "CWE Name":"Improper Neutralization of Formula Elements in a CSV File",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Insufficient Logging & Monitoring",
       "CWEs":[
          {
             "CWE ID":"223",
             "CWE Name":"Omission of Security-relevant Information",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"Numeric Errors",
       "CWEs":[
          {
             "CWE ID":"190",
             "CWE Name":"Integer Overflow or Wraparound",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"191",
             "CWE Name":"Integer Underflow (Wrap or Wraparound)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"192",
             "CWE Name":"Integer Coercion Error",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"195",
             "CWE Name":"Signed to Unsigned Conversion Error",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"196",
             "CWE Name":"Unsigned to Signed Conversion Error",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"197",
             "CWE Name":"Numeric Truncation Error",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Potential Backdoor",
       "CWEs":[
          {
             "CWE ID":"398",
             "CWE Name":"Indicator of Poor Code Quality",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"506",
             "CWE Name":"Embedded Malicious Code",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"511",
             "CWE Name":"Logic/Time Bomb",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"514",
             "CWE Name":"Covert Channel",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"656",
             "CWE Name":"Reliance on Security Through Obscurity",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Race Conditions",
       "CWEs":[
          {
             "CWE ID":"366",
             "CWE Name":"Race Condition within a Thread",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"367",
             "CWE Name":"Time-of-check Time-of-use (TOCTOU) Race Condition",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"421",
             "CWE Name":"Race Condition During Access to Alternate Channel",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Server Configuration",
       "CWEs":[
          {
             "CWE ID":"16",
             "CWE Name":"Configuration",
             "Flaw Severity":"0",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"441",
             "CWE Name":"Unintended Proxy or Intermediary (Confused Deputy)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"642",
             "CWE Name":"External Control of Critical State Data",
             "Flaw Severity":"2",
             "Static":false,
             "Dynamic":true
          },
          {
             "CWE ID":"757",
             "CWE Name":"Selection of Less-Secure Algorithm During Negotiation (Algorithm Downgrade)",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"Session Fixation",
       "CWEs":[
          {
             "CWE ID":"384",
             "CWE Name":"Session Fixation",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":true
          }
       ]
    },
    {
       "Flaw Category":"SQL Injection",
       "CWEs":[
          {
             "CWE ID":"89",
             "CWE Name":"Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":true
          },
          {
             "CWE ID":"564",
             "CWE Name":"SQL Injection: Hibernate",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"943",
             "CWE Name":"Improper Neutralization of Special Elements in Data Query Logic",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Time and State",
       "CWEs":[
          {
             "CWE ID":"377",
             "CWE Name":"Insecure Temporary File",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"382",
             "CWE Name":"J2EE Bad Practices: Use of System.exit()",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"557",
             "CWE Name":"Concurrency Issues",
             "Flaw Severity":"2",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"691",
             "CWE Name":"Insufficient Control Flow Management",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Untrusted Initialization",
       "CWEs":[
          {
             "CWE ID":"15",
             "CWE Name":"External Control of System or Configuration Setting",
             "Flaw Severity":"4",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"454",
             "CWE Name":"External Initialization of Trusted Variables or Data Stores",
             "Flaw Severity":"0",
             "Static":true,
             "Dynamic":false
          }
       ]
    },
    {
       "Flaw Category":"Untrusted Search Path",
       "CWEs":[
          {
             "CWE ID":"114",
             "CWE Name":"Process Control",
             "Flaw Severity":"5",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"426",
             "CWE Name":"Untrusted Search Path",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          },
          {
             "CWE ID":"427",
             "CWE Name":"Uncontrolled Search Path Element",
             "Flaw Severity":"3",
             "Static":true,
             "Dynamic":false
          }
       ]
    }
 ]

## cwes-mobile.json
[
   {
      "CWE ID":"15",
      "CWE Name":"External Control of System or Configuration Setting",
      "Static":true,
      "Veracode Severity":"4 - High"
   },
   {
      "CWE ID":"73",
      "CWE Name":"External Control of File Name or Path",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"77",
      "CWE Name":"Improper Neutralization of Special Elements in a Command",
      "Static":true,
      "Veracode Severity":"5 - Very High"
   },
   {
      "CWE ID":"78",
      "CWE Name":"Improper Neutralization of Special Elements in an OS Command",
      "Static":true,
      "Veracode Severity":"5 - Very High"
   },
   {
      "CWE ID":"80",
      "CWE Name":"Improper Neutralization of Script Related HTML Tags",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"88",
      "CWE Name":"Improper Neutralization of Argument Delimeters",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"89",
      "CWE Name":"Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
      "Static":true,
      "Veracode Severity":"4 - High"
   },
   {
      "CWE ID":"114",
      "CWE Name":"Process Control",
      "Static":true,
      "Veracode Severity":"5 - Very High"
   },
   {
      "CWE ID":"183",
      "CWE Name":"Permissive List of Allowed Inputs",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"201",
      "CWE Name":"Information Exposure Through Sent Data",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"209",
      "CWE Name":"Information Exposure Through an Error Message",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"215",
      "CWE Name":"Information Exposure Through Debug Information",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"242",
      "CWE Name":"Use of Inherently Dangerous Function",
      "Static":true,
      "Veracode Severity":"5 - Very High"
   },
   {
      "CWE ID":"252",
      "CWE Name":"Unchecked Return Value",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"256",
      "CWE Name":"Unprotected Storage of Credentials",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"259",
      "CWE Name":"Use of Hard-coded Password",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"287",
      "CWE Name":"Improper Authentication",
      "Static":true,
      "Veracode Severity":"4 - High"
   },
   {
      "CWE ID":"296",
      "CWE Name":"Improper Following of a Certificate's Chain of Trust",
      "Static":false,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"297",
      "CWE Name":"Improper Validation of Certificate with Host Mismatch",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"311",
      "CWE Name":"Missing Encryption of Sensitive Data",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"312",
      "CWE Name":"Cleartext Storage of Sensitive Information",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"313",
      "CWE Name":"Cleartext Storage in a File or on Disk",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"316",
      "CWE Name":"Cleartext Storage of Sensitive Information in Memory",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"319",
      "CWE Name":"Cleartext Transmission of Sensitive Information",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"321",
      "CWE Name":"Use of Hard-coded Cryptographic Key",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"326",
      "CWE Name":"Inadequate Encryption Strength",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"327",
      "CWE Name":"Use of a Broken or Risky Cryptographic Algorithm",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"329",
      "CWE Name":"Not Using a Random IV with CBC Mode",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"331",
      "CWE Name":"Insufficient Entropy",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"345",
      "CWE Name":"Insufficient Verification of Data Authenticity",
      "Static":true,
      "Veracode Severity":"4 - High"
   },
   {
      "CWE ID":"347",
      "CWE Name":"Improper Verification of Cryptographic Signature",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"354",
      "CWE Name":"Improper Validation of Integrity Check Value",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"377",
      "CWE Name":"Insecure Temporary File",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"378",
      "CWE Name":"Creation of Temporary File With Insecure Permissions",
      "Static":false,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"404",
      "CWE Name":"Improper Resource Shutdown",
      "Static":true,
      "Veracode Severity":"0 - Informational"
   },
   {
      "CWE ID":"415",
      "CWE Name":"Double Free",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"416",
      "CWE Name":"Use After Free",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"470",
      "CWE Name":"Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"489",
      "CWE Name":"Leftover Debug Code",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"497",
      "CWE Name":"Exposure of System Data to an Unauthorized Control Sphere",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"501",
      "CWE Name":"Trust Boundary Violation",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"506",
      "CWE Name":"Embedded Malicious Code",
      "Static":true,
      "Veracode Severity":"4 - High"
   },
   {
      "CWE ID":"511",
      "CWE Name":"Logic/Time Bomb",
      "Static":true,
      "Veracode Severity":"5 - Very High"
   },
   {
      "CWE ID":"514",
      "CWE Name":"Covert Channel",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"522",
      "CWE Name":"Insufficiently Protected Credentials",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"601",
      "CWE Name":"URL Redirection to Untrusted Site",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"614",
      "CWE Name":"Sensitive Cookie without Secure Attribute",
      "Static":true,
      "Veracode Severity":"2 - Low"
   },
   {
      "CWE ID":"676",
      "CWE Name":"Use of Potentially Dangerous Function",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"693",
      "CWE Name":"Protection Mechanism Failure",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"732",
      "CWE Name":"Incorrect Permission Assignment for Critical Resource",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"757",
      "CWE Name":"Selection of Less Secure Algorithm During Negotiation",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   },
   {
      "CWE ID":"798",
      "CWE Name":"Use of Hard-coded Credentials",
      "Static":true,
      "Veracode Severity":"3 - Medium"
   }
]

## main.go
package main

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"log"
	"os"
)

func main() {
	categories := readCategories()
	mobileCWEs := readMobileCWEs()

	updatedMobileCWEs := augmentWithCategories(mobileCWEs, categories)

	//outputNewJson(updatedMobileCWEs)
	outputNewExcelCsv(updatedMobileCWEs)
}

func readCategories() []FlawCategory {
	categoriesJson, err := os.Open("categories.json")
	if err != nil {
		log.Panicln(err)
	}
	defer categoriesJson.Close()

	byteValue, _ := ioutil.ReadAll(categoriesJson)
	var categories []FlawCategory
	json.Unmarshal(byteValue, &categories)
	return categories
}

func readMobileCWEs() []CWE {
	mobileCwesJson, err := os.Open("cwes-mobile.json")
	if err != nil {
		log.Panicln(err)
	}
	defer mobileCwesJson.Close()

	byteValue, _ := ioutil.ReadAll(mobileCwesJson)
	var mobileCwes []CWE
	json.Unmarshal(byteValue, &mobileCwes)
	return mobileCwes
}

func augmentWithCategories(mobileCWEs []CWE, categories []FlawCategory) []CWE {
	var newMobileCwes []CWE
	// O^3, don't run this on large inputs
	for i := 0; i < len(mobileCWEs); i++ {
		mobileCWE := mobileCWEs[i]

		if !mobileCWE.Static {
			//log.Printf("DEBUG: Skipping unsupported CWE %s", mobileCWE.ID)
			newMobileCwes = append(newMobileCwes, mobileCWE)
			continue
		}

		//log.Printf("DEBUG: Looking for a category for CWE %s", mobileCWE.ID)

		for j := 0; j < len(categories) && mobileCWE.CategoryName == ""; j++ {
			category := categories[j]

			//log.Printf("DEBUG: Inspecting category %s", category.Name)

			for k := 0; k < len(category.CWEs) && mobileCWE.CategoryName == ""; k++ {
				categoryCWE := category.CWEs[k]

				//log.Printf("DEBUG: Inspecting category CWE %s", categoryCWE.ID)

				if mobileCWE.ID == categoryCWE.ID {
					// log.Printf(
					// 	"DEBUG: %s==%s MATCH, setting CategoryName to %s",
					// 	mobileCWE.ID,
					// 	categoryCWE.ID,
					// 	category.Name,
					// )
					mobileCWE.CategoryName = category.Name
				}
			}
		}

		if mobileCWE.CategoryName == "" {
			log.Printf("WARN no category found for CWE %s", mobileCWE.ID)
		}
		newMobileCwes = append(newMobileCwes, mobileCWE)
	}
	return newMobileCwes
}

func outputNewJson(mobileCwes []CWE) {
	bytes, _ := json.MarshalIndent(mobileCwes, "", "\t")
	fmt.Print(string(bytes))
}

func outputNewExcelCsv(mobileCWEs []CWE) {
	fmt.Println("\"Category Name\";\"ID\";\"Name\";\"Static\";\"Veracode Severity\"")
	for i := 0; i < len(mobileCWEs); i++ {
		mobileCWE := mobileCWEs[i]
		static := ""
		if mobileCWE.Static {
			static = "X"
		}
		fmt.Printf(
			"\"%s\";\"%s\";\"%s\";\"%s\";\"%s\"\n",
			mobileCWE.CategoryName,
			mobileCWE.ID,
			mobileCWE.Name,
			static,
			mobileCWE.VeracodeSeverity,
		)
	}
}

type FlawCategory struct {
	Name string        `json:"Flaw Category"`
	CWEs []CategoryCWE `json:"CWEs"`
}

type CWE struct {
	ID               string `json:"CWE ID"`
	Name             string `json:"CWE Name"`
	Static           bool   `json:"Static"`
	VeracodeSeverity string `json:"Veracode Severity"`
	CategoryName     string `json:"Category Name"`
}

type CategoryCWE struct {
	ID               string `json:"CWE ID"`
	Name             string `json:"CWE Name"`
	Static           bool   `json:"Static"`
	Dynamic          bool   `json:"Dynamic"`
	VeracodeSeverity string `json:"Veracode Severity"`
	Severity         string `json:"Flaw Severity"`
	CategoryName     string `json:"Category Name"`
}

## new-cwes-mobile.csv
"Category Name";"ID";"Name";"Static";"Veracode Severity"
"Untrusted Initialization";"15";"External Control of System or Configuration Setting";"X";"4 - High"
"Directory Traversal";"73";"External Control of File Name or Path";"X";"3 - Medium"
"Command or Argument Injection";"77";"Improper Neutralization of Special Elements in a Command";"X";"5 - Very High"
"Command or Argument Injection";"78";"Improper Neutralization of Special Elements in an OS Command";"X";"5 - Very High"
"Cross-Site Scripting (XSS)";"80";"Improper Neutralization of Script Related HTML Tags";"X";"3 - Medium"
"Command or Argument Injection";"88";"Improper Neutralization of Argument Delimeters";"X";"3 - Medium"
"SQL Injection";"89";"Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)";"X";"4 - High"
"Untrusted Search Path";"114";"Process Control";"X";"5 - Very High"
"Insufficient Input Validation";"183";"Permissive List of Allowed Inputs";"X";"3 - Medium"
"Information Leakage";"201";"Information Exposure Through Sent Data";"X";"2 - Low"
"Information Leakage";"209";"Information Exposure Through an Error Message";"X";"2 - Low"
"Information Leakage";"215";"Information Exposure Through Debug Information";"X";"2 - Low"
"Dangerous Functions";"242";"Use of Inherently Dangerous Function";"X";"5 - Very High"
"Error Handling";"252";"Unchecked Return Value";"X";"2 - Low"
"Credentials Management";"256";"Unprotected Storage of Credentials";"X";"3 - Medium"
"Credentials Management";"259";"Use of Hard-coded Password";"X";"3 - Medium"
"Authentication Issues";"287";"Improper Authentication";"X";"4 - High"
"";"296";"Improper Following of a Certificate's Chain of Trust";"";"3 - Medium"
"Cryptographic Issues";"297";"Improper Validation of Certificate with Host Mismatch";"X";"3 - Medium"
"Cryptographic Issues";"311";"Missing Encryption of Sensitive Data";"X";"3 - Medium"
"Cryptographic Issues";"312";"Cleartext Storage of Sensitive Information";"X";"3 - Medium"
"Cryptographic Issues";"313";"Cleartext Storage in a File or on Disk";"X";"3 - Medium"
"Cryptographic Issues";"316";"Cleartext Storage of Sensitive Information in Memory";"X";"3 - Medium"
"Cryptographic Issues";"319";"Cleartext Transmission of Sensitive Information";"X";"3 - Medium"
"Cryptographic Issues";"321";"Use of Hard-coded Cryptographic Key";"X";"3 - Medium"
"Cryptographic Issues";"326";"Inadequate Encryption Strength";"X";"3 - Medium"
"Cryptographic Issues";"327";"Use of a Broken or Risky Cryptographic Algorithm";"X";"3 - Medium"
"Cryptographic Issues";"329";"Not Using a Random IV with CBC Mode";"X";"2 - Low"
"Cryptographic Issues";"331";"Insufficient Entropy";"X";"3 - Medium"
"Insufficient Input Validation";"345";"Insufficient Verification of Data Authenticity";"X";"4 - High"
"Cryptographic Issues";"347";"Improper Verification of Cryptographic Signature";"X";"2 - Low"
"Cryptographic Issues";"354";"Improper Validation of Integrity Check Value";"X";"3 - Medium"
"Time and State";"377";"Insecure Temporary File";"X";"3 - Medium"
"";"378";"Creation of Temporary File With Insecure Permissions";"";"3 - Medium"
"Code Quality";"404";"Improper Resource Shutdown";"X";"0 - Informational"
"Code Quality";"415";"Double Free";"X";"3 - Medium"
"Code Quality";"416";"Use After Free";"X";"2 - Low"
"Insufficient Input Validation";"470";"Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)";"X";"3 - Medium"
"Code Quality";"489";"Leftover Debug Code";"X";"3 - Medium"
"Information Leakage";"497";"Exposure of System Data to an Unauthorized Control Sphere";"X";"2 - Low"
"Encapsulation";"501";"Trust Boundary Violation";"X";"3 - Medium"
"Potential Backdoor";"506";"Embedded Malicious Code";"X";"4 - High"
"Potential Backdoor";"511";"Logic/Time Bomb";"X";"5 - Very High"
"Potential Backdoor";"514";"Covert Channel";"X";"2 - Low"
"Credentials Management";"522";"Insufficiently Protected Credentials";"X";"3 - Medium"
"Insufficient Input Validation";"601";"URL Redirection to Untrusted Site";"X";"3 - Medium"
"Cryptographic Issues";"614";"Sensitive Cookie without Secure Attribute";"X";"2 - Low"
"Dangerous Functions";"676";"Use of Potentially Dangerous Function";"X";"3 - Medium"
"Authentication Issues";"693";"Protection Mechanism Failure";"X";"3 - Medium"
"Authorization Issues";"732";"Incorrect Permission Assignment for Critical Resource";"X";"3 - Medium"
"Server Configuration";"757";"Selection of Less Secure Algorithm During Negotiation";"X";"3 - Medium"
"Credentials Management";"798";"Use of Hard-coded Credentials";"X";"3 - Medium"

## new-cwes-mobile.json
[
	{
		"CWE ID": "15",
		"CWE Name": "External Control of System or Configuration Setting",
		"Static": true,
		"Veracode Severity": "4 - High",
		"Category Name": "Untrusted Initialization"
	},
	{
		"CWE ID": "73",
		"CWE Name": "External Control of File Name or Path",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Directory Traversal"
	},
	{
		"CWE ID": "77",
		"CWE Name": "Improper Neutralization of Special Elements in a Command",
		"Static": true,
		"Veracode Severity": "5 - Very High",
		"Category Name": "Command or Argument Injection"
	},
	{
		"CWE ID": "78",
		"CWE Name": "Improper Neutralization of Special Elements in an OS Command",
		"Static": true,
		"Veracode Severity": "5 - Very High",
		"Category Name": "Command or Argument Injection"
	},
	{
		"CWE ID": "80",
		"CWE Name": "Improper Neutralization of Script Related HTML Tags",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cross-Site Scripting (XSS)"
	},
	{
		"CWE ID": "88",
		"CWE Name": "Improper Neutralization of Argument Delimeters",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Command or Argument Injection"
	},
	{
		"CWE ID": "89",
		"CWE Name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
		"Static": true,
		"Veracode Severity": "4 - High",
		"Category Name": "SQL Injection"
	},
	{
		"CWE ID": "114",
		"CWE Name": "Process Control",
		"Static": true,
		"Veracode Severity": "5 - Very High",
		"Category Name": "Untrusted Search Path"
	},
	{
		"CWE ID": "183",
		"CWE Name": "Permissive List of Allowed Inputs",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Insufficient Input Validation"
	},
	{
		"CWE ID": "201",
		"CWE Name": "Information Exposure Through Sent Data",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Information Leakage"
	},
	{
		"CWE ID": "209",
		"CWE Name": "Information Exposure Through an Error Message",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Information Leakage"
	},
	{
		"CWE ID": "215",
		"CWE Name": "Information Exposure Through Debug Information",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Information Leakage"
	},
	{
		"CWE ID": "242",
		"CWE Name": "Use of Inherently Dangerous Function",
		"Static": true,
		"Veracode Severity": "5 - Very High",
		"Category Name": "Dangerous Functions"
	},
	{
		"CWE ID": "252",
		"CWE Name": "Unchecked Return Value",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Error Handling"
	},
	{
		"CWE ID": "256",
		"CWE Name": "Unprotected Storage of Credentials",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Credentials Management"
	},
	{
		"CWE ID": "259",
		"CWE Name": "Use of Hard-coded Password",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Credentials Management"
	},
	{
		"CWE ID": "287",
		"CWE Name": "Improper Authentication",
		"Static": true,
		"Veracode Severity": "4 - High",
		"Category Name": "Authentication Issues"
	},
	{
		"CWE ID": "296",
		"CWE Name": "Improper Following of a Certificate's Chain of Trust",
		"Static": false,
		"Veracode Severity": "3 - Medium",
		"Category Name": ""
	},
	{
		"CWE ID": "297",
		"CWE Name": "Improper Validation of Certificate with Host Mismatch",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "311",
		"CWE Name": "Missing Encryption of Sensitive Data",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "312",
		"CWE Name": "Cleartext Storage of Sensitive Information",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "313",
		"CWE Name": "Cleartext Storage in a File or on Disk",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "316",
		"CWE Name": "Cleartext Storage of Sensitive Information in Memory",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "319",
		"CWE Name": "Cleartext Transmission of Sensitive Information",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "321",
		"CWE Name": "Use of Hard-coded Cryptographic Key",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "326",
		"CWE Name": "Inadequate Encryption Strength",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "327",
		"CWE Name": "Use of a Broken or Risky Cryptographic Algorithm",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "329",
		"CWE Name": "Not Using a Random IV with CBC Mode",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "331",
		"CWE Name": "Insufficient Entropy",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "345",
		"CWE Name": "Insufficient Verification of Data Authenticity",
		"Static": true,
		"Veracode Severity": "4 - High",
		"Category Name": "Insufficient Input Validation"
	},
	{
		"CWE ID": "347",
		"CWE Name": "Improper Verification of Cryptographic Signature",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "354",
		"CWE Name": "Improper Validation of Integrity Check Value",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "377",
		"CWE Name": "Insecure Temporary File",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Time and State"
	},
	{
		"CWE ID": "378",
		"CWE Name": "Creation of Temporary File With Insecure Permissions",
		"Static": false,
		"Veracode Severity": "3 - Medium",
		"Category Name": ""
	},
	{
		"CWE ID": "404",
		"CWE Name": "Improper Resource Shutdown",
		"Static": true,
		"Veracode Severity": "0 - Informational",
		"Category Name": "Code Quality"
	},
	{
		"CWE ID": "415",
		"CWE Name": "Double Free",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Code Quality"
	},
	{
		"CWE ID": "416",
		"CWE Name": "Use After Free",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Code Quality"
	},
	{
		"CWE ID": "470",
		"CWE Name": "Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Insufficient Input Validation"
	},
	{
		"CWE ID": "489",
		"CWE Name": "Leftover Debug Code",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Code Quality"
	},
	{
		"CWE ID": "497",
		"CWE Name": "Exposure of System Data to an Unauthorized Control Sphere",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Information Leakage"
	},
	{
		"CWE ID": "501",
		"CWE Name": "Trust Boundary Violation",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Encapsulation"
	},
	{
		"CWE ID": "506",
		"CWE Name": "Embedded Malicious Code",
		"Static": true,
		"Veracode Severity": "4 - High",
		"Category Name": "Potential Backdoor"
	},
	{
		"CWE ID": "511",
		"CWE Name": "Logic/Time Bomb",
		"Static": true,
		"Veracode Severity": "5 - Very High",
		"Category Name": "Potential Backdoor"
	},
	{
		"CWE ID": "514",
		"CWE Name": "Covert Channel",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Potential Backdoor"
	},
	{
		"CWE ID": "522",
		"CWE Name": "Insufficiently Protected Credentials",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Credentials Management"
	},
	{
		"CWE ID": "601",
		"CWE Name": "URL Redirection to Untrusted Site",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Insufficient Input Validation"
	},
	{
		"CWE ID": "614",
		"CWE Name": "Sensitive Cookie without Secure Attribute",
		"Static": true,
		"Veracode Severity": "2 - Low",
		"Category Name": "Cryptographic Issues"
	},
	{
		"CWE ID": "676",
		"CWE Name": "Use of Potentially Dangerous Function",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Dangerous Functions"
	},
	{
		"CWE ID": "693",
		"CWE Name": "Protection Mechanism Failure",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Authentication Issues"
	},
	{
		"CWE ID": "732",
		"CWE Name": "Incorrect Permission Assignment for Critical Resource",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Authorization Issues"
	},
	{
		"CWE ID": "757",
		"CWE Name": "Selection of Less Secure Algorithm During Negotiation",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Server Configuration"
	},
	{
		"CWE ID": "798",
		"CWE Name": "Use of Hard-coded Credentials",
		"Static": true,
		"Veracode Severity": "3 - Medium",
		"Category Name": "Credentials Management"
	}
]
	package main

	import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"log"
	"os"
	)

	func main() {
	categories := readCategories()

	fmt.Println("CWE ID;CWE Name;Static Support;Dynamic Support;Veracode Severity")

	for i := 0; i < len(categories); i++ {
	category := categories[i]
	for k := 0; k < len(category.CWEs); k++ {
	categoryCWE := category.CWEs[k]
	staticSupport := ""
	if categoryCWE.Static {
	staticSupport = "X"
	}
	dynamicSupport := ""
	if categoryCWE.Dynamic {
	dynamicSupport = "X"
	}
	severity := "UNKNOWN"
	if categoryCWE.Severity == "0" {
	severity = "0 - Informational"
	}
	if categoryCWE.Severity == "1" {
	severity = "1 - Very Low"
	}
	if categoryCWE.Severity == "2" {
	severity = "2 - Low"
	}
	if categoryCWE.Severity == "3" {
	severity = "3 - Medium"
	}
	if categoryCWE.Severity == "4" {
	severity = "4 - High"
	}
	if categoryCWE.Severity == "5" {
	severity = "5 - Very High"
	}

	fmt.Printf("%s;%s;%s;%s;%s\r\n", categoryCWE.ID, categoryCWE.Name, staticSupport, dynamicSupport, severity)
	}
	}
	}

	func readCategories() []FlawCategory {
	categoriesJson, err := os.Open("categories.json")
	if err != nil {
	log.Panicln(err)
	}
	defer categoriesJson.Close()

	byteValue, _ := ioutil.ReadAll(categoriesJson)
	var categories []FlawCategory
	json.Unmarshal(byteValue, &categories)
	return categories
	}

	type FlawCategory struct {
	Name string `json:"Flaw Category"`
	CWEs []CategoryCWE `json:"CWEs"`
	}

	type CWE struct {
	ID string `json:"CWE ID"`
	Name string `json:"CWE Name"`
	Static bool `json:"Static"`
	VeracodeSeverity string `json:"Veracode Severity"`
	CategoryName string `json:"Category Name"`
	}

	type CategoryCWE struct {
	ID string `json:"CWE ID"`
	Name string `json:"CWE Name"`
	Static bool `json:"Static"`
	Dynamic bool `json:"Dynamic"`
	VeracodeSeverity string `json:"Veracode Severity"`
	Severity string `json:"Flaw Severity"`
	CategoryName string `json:"Category Name"`
	}
	CWE ID;CWE Name;Static Support;Dynamic Support;Veracode Severity
	234;Failure to Handle Missing Parameter;X;;3 - Medium
	243;Creation of Chroot Jail Without Changing Working Directory;X;;4 - High
	245;J2EE Bad Practices: Direct Management of Connections;X;;2 - Low
	560;Use of Umask() with Chmod-Style Argument;X;;3 - Medium
	628;Function Call with Incorrectly Specified Arguments;X;;2 - Low
	675;Duplicate Operations on Resource;X;;2 - Low
	287;Improper Authentication;X;X;4 - High
	352;Cross-Site Request Forgery (CSRF);X;X;3 - Medium
	693;Protection Mechanism Failure;X;X;3 - Medium
	99;Improper Control of Resource Identifiers;X;;3 - Medium
	272;Least Privilege Violation;X;;3 - Medium
	273;Improper Check for Dropped Privileges;X;;3 - Medium
	274;Improper Handling of Insufficient Privileges;X;;0 - Informational
	282;Improper Ownership Management;X;;3 - Medium
	285;Improper Authorization;X;X;3 - Medium
	346;Origin Validation Error;X;;3 - Medium
	350;Reliance on Reverse DNS Resolution for a Security-Critical Action;X;;3 - Medium
	639;Authorization Bypass Through User-Controlled Key;X;;4 - High
	566;Authorization Bypass Through User-Controlled SQL Primary Key;X;;3 - Medium
	708;Incorrect Ownership Assignment;X;;4 - High
	732;Incorrect Permission Assignment for Critical Resource;X;;3 - Medium
	942;Permissive Cross-domain Policy with Untrusted Domains;X;X;3 - Medium
	118;Improper Access of Indexable Resource (Range Error);X;;3 - Medium
	125;Out-of-Bounds Read;X;;3 - Medium
	129;Improper Validation of Array Index;X;;3 - Medium
	135;Incorrect Calculation of Multi-Byte String Length;X;;5 - Very High
	170;Improper Null Termination;X;;3 - Medium
	193;Off-by-One Error;X;;3 - Medium
	787;Out-of-Bounds Write;X;;3 - Medium
	823;Use of Out-of-Range Pointer Offset;X;;3 - Medium
	824;Access of Uninitialized Pointer;X;;3 - Medium
	121;Stack-Based Buffer Overflow;X;;5 - Very High
	74;Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection);;X;4 - High
	91;XML Injection (Blind XPath Injection);X;X;3 - Medium
	94;Improper Control of Generation of Code;X;;3 - Medium
	95;Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection');X;X;5 - Very High
	98;Improper Control of Filename for Include/Require Statement in PHP Program (PHP File Inclusion);X;X;4 - High
	185;Incorrect Regular Expression;X;;2 - Low
	830;Inclusion of Web Functionality from an Untrusted Source;;X;2 - Low
	111;Direct Use of Unsafe JNI;X;;4 - High
	159;Failure to Sanitize Special Element;X;;0 - Informational
	401;Improper Release of Memory Before Removing Last Reference (Memory Leak);X;;2 - Low
	404;Improper Resource Shutdown or Release;X;;0 - Informational
	415;Double Free;X;;3 - Medium
	416;Use After Free;X;;2 - Low
	477;Use of Obsolete Functions;X;X;0 - Informational
	479;Signal Handler Use of a Non-Reentrant Function;X;;3 - Medium
	489;Leftover Debug Code;X;;3 - Medium
	597;Use of Wrong Operator in String Comparison;X;;2 - Low
	77;Improper Neutralization of Special Elements used in a Command (Command Injection);X;;5 - Very High
	78;Improper Neutralization of Special Elements used in an OS Command (OS Command Injection);X;X;5 - Very High
	88;Argument Injection or Modification;X;;3 - Medium
	256;Plaintext Storage of a Password;X;;3 - Medium
	259;Use of Hard-coded Password;X;;3 - Medium
	522;Insufficiently Protected Credentials;X;X;3 - Medium
	798;Use of Hard-code Credentials;X;;3 - Medium
	93;Improper Neutralization of CRLF Sequences (CRLF Injection);X;;3 - Medium
	113;Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting);X;X;3 - Medium
	117;Improper Output Neutralization for Logs;X;;3 - Medium
	79;Improper Neutralization of Input During Web Page Generation (Cross-site Scripting);X;X;3 - Medium
	80;Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS);X;X;3 - Medium
	83;Improper Neutralization of Script in Attributes in a Web Page;X;X;3 - Medium
	86;Improper Neutralization of Invalid Characters in Identifiers in Web Pages;X;;3 - Medium
	261;Weak Cryptography for Passwords;X;;3 - Medium
	295;Improper Certificate Validation;X;;3 - Medium
	296;Improper Following of Chain of Trust for Certificate Validation;;X;3 - Medium
	297;Improper Validation of Host-specific Certificate Data;X;X;3 - Medium
	298;Improper Validation of Certificate Expiration;;X;3 - Medium
	299;Improper Check for Certificate Revocation;;X;3 - Medium
	311;Missing Encryption of Sensitive Data;X;;3 - Medium
	312;Cleartext Storage of Sensitive Information;X;;3 - Medium
	313;Plaintext Storage in a File or on Disk;X;;3 - Medium
	316;Plaintext Storage in Memory;X;;3 - Medium
	319;Cleartext Transmission of Sensitive Information;X;;3 - Medium
	321;Use of Hard-coded Cryptographic Key;X;X;3 - Medium
	326;Inadequate Encryption Strength;X;X;3 - Medium
	327;Use of a Broken or Risky Cryptographic Algorithm;X;X;3 - Medium
	328;Reversible One-Way Hash;X;;3 - Medium
	329;Not Using a Random IV with CBC Mode;X;;2 - Low
	330;Use of Insufficiently Random Values;X;;3 - Medium
	331;Insufficient Entropy;X;;3 - Medium
	338;Use of Cryptographically Weak Pseudo-Random Number Generator;X;;3 - Medium
	347;Improper Verification of Cryptographic Signature;X;;2 - Low
	354;Improper Validation of Integrity Check Value;X;;3 - Medium
	547;Use of Hard-coded, Security-relevant Constants;X;;3 - Medium
	614;Sensitive Cookie in HTTPS Session Without Secure Attribute;X;X;2 - Low
	760;Use of a One-Way Hash with a Predictable Salt;X;;3 - Medium
	780;Use of RSA with Optimal Asymmetric Encryption Padding;X;;3 - Medium
	916;Use of Password Hash With Insufficient Computational Effort;X;;3 - Medium
	242;Use of Inherently Dangerous Function;X;;5 - Very High
	676;Use of Potentially Dangerous Function;X;;3 - Medium
	402;Transmission of Private Resources into a New Sphere (Resource Leak);;X;3 - Medium
	668;Exposure of Resource to Wrong Sphere;X;X;3 - Medium
	926;Improper Export of Android Application Components;X;;3 - Medium
	22;Improper Limitation of a Pathname to a Restricted Directory (Path Traversal);X;X;3 - Medium
	35;Path Traversal;X;;2 - Low
	73;External Control of File Name or Path;X;;3 - Medium
	494;Download of Code Without Integrity Check;X;;5 - Very High
	501;Trust Boundary Violation;X;;3 - Medium
	502;Deserialization of Untrusted Data;X;;3 - Medium
	749;Exposed Dangerous Method or Function;X;;4 - High
	248;Uncaught Exception;X;;2 - Low
	252;Unchecked Return Value;X;;2 - Low
	134;Use of Externally-Controlled Format String;X;;5 - Very High
	200;Information Exposure;X;X;2 - Low
	201;Insertion of Sensitive Information Into Sent Data;X;;2 - Low
	209;Information Exposure Through an Error Message;X;X;2 - Low
	215;Information Exposure Through Debug Information;X;X;2 - Low
	359;Exposure of Private Information (Privacy Violation);X;;2 - Low
	497;Exposure of System Data to an Unauthorized Control Sphere;X;;2 - Low
	526;Information Exposure Through Environmental Variables;;X;2 - Low
	530;Exposure of Backup File to an Unauthorized Control Sphere;;X;2 - Low
	532;Insertion of Sensitive Information into Log File;X;;2 - Low
	538;File and Directory Information Exposure;;X;0 - Informational
	548;Information Exposure Through Directory Listing;;X;2 - Low
	611;Information Exposure Through XML External Entity Reference;X;X;3 - Medium
	615;Information Exposure Through Comments;X;X;0 - Informational
	665;Improper Initialization;X;;2 - Low
	918;Server-side Request Forgery;X;X;3 - Medium
	829;Inclusion of Functionality from Untrusted Control Sphere;X;X;3 - Medium
	20;Improper Input Validation;X;;0 - Informational
	90;Improper Neutralization of Special Elements Used in an LDAP Query (LDAP Injection);X;;3 - Medium
	103;Struts: Incomplete validate() Method Definition;X;;3 - Medium
	104;Struts: Form Bean Does Not Extend Validation Class;X;;3 - Medium
	112;Missing XML Validation;X;;3 - Medium
	183;Permissive List of Allowed Inputs;X;;3 - Medium
	345;Insufficient Verification of Data Authenticity;X;;4 - High
	434;Unrestricted Upload of File with Dangerous Type;;X;4 - High
	470;Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection);X;;3 - Medium
	472;External Control of Assumed-Immutable Web Parameter;X;;3 - Medium
	601;URL Redirection to Untrusted Site (Open Redirect);X;X;3 - Medium
	618;Exposed Unsafe ActiveX Method;X;;5 - Very High
	915;Improperly Controlled Modification of Dynamically-Determined Object Attributes;X;;3 - Medium
	1174;ASP.NET Misconfiguration: Improper Model Validation;X;;2 - Low
	1236;Improper Neutralization of Formula Elements in a CSV File;X;;3 - Medium
	223;Omission of Security-relevant Information;X;X;2 - Low
	190;Integer Overflow or Wraparound;X;;5 - Very High
	191;Integer Underflow (Wrap or Wraparound);X;;3 - Medium
	192;Integer Coercion Error;X;;3 - Medium
	195;Signed to Unsigned Conversion Error;X;;3 - Medium
	196;Unsigned to Signed Conversion Error;X;;3 - Medium
	197;Numeric Truncation Error;X;;3 - Medium
	398;Indicator of Poor Code Quality;X;;0 - Informational
	506;Embedded Malicious Code;X;;4 - High
	511;Logic/Time Bomb;X;;5 - Very High
	514;Covert Channel;X;;2 - Low
	656;Reliance on Security Through Obscurity;X;;0 - Informational
	366;Race Condition within a Thread;X;;3 - Medium
	367;Time-of-check Time-of-use (TOCTOU) Race Condition;X;;3 - Medium
	421;Race Condition During Access to Alternate Channel;X;;3 - Medium
	16;Configuration;;X;0 - Informational
	441;Unintended Proxy or Intermediary (Confused Deputy);X;;3 - Medium
	642;External Control of Critical State Data;;X;2 - Low
	757;Selection of Less-Secure Algorithm During Negotiation (Algorithm Downgrade);X;X;3 - Medium
	384;Session Fixation;X;X;3 - Medium
	89;Improper Neutralization of Special Elements used in an SQL Command (SQL Injection);X;X;4 - High
	564;SQL Injection: Hibernate;X;;4 - High
	943;Improper Neutralization of Special Elements in Data Query Logic;X;;4 - High
	377;Insecure Temporary File;X;;3 - Medium
	382;J2EE Bad Practices: Use of System.exit();X;;2 - Low
	557;Concurrency Issues;X;;2 - Low
	691;Insufficient Control Flow Management;X;;0 - Informational
	15;External Control of System or Configuration Setting;X;;4 - High
	454;External Initialization of Trusted Variables or Data Stores;X;;0 - Informational
	114;Process Control;X;;5 - Very High
	426;Untrusted Search Path;X;;3 - Medium
	427;Uncontrolled Search Path Element;X;;3 - Medium
	[
	{
	"CWE ID":"15",
	"CWE Name":"External Control of System or Configuration Setting",
	"Static":true,
	"Veracode Severity":"4 - High"
	},
	{
	"CWE ID":"73",
	"CWE Name":"External Control of File Name or Path",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"77",
	"CWE Name":"Improper Neutralization of Special Elements in a Command",
	"Static":true,
	"Veracode Severity":"5 - Very High"
	},
	{
	"CWE ID":"78",
	"CWE Name":"Improper Neutralization of Special Elements in an OS Command",
	"Static":true,
	"Veracode Severity":"5 - Very High"
	},
	{
	"CWE ID":"80",
	"CWE Name":"Improper Neutralization of Script Related HTML Tags",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"88",
	"CWE Name":"Improper Neutralization of Argument Delimeters",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"89",
	"CWE Name":"Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
	"Static":true,
	"Veracode Severity":"4 - High"
	},
	{
	"CWE ID":"114",
	"CWE Name":"Process Control",
	"Static":true,
	"Veracode Severity":"5 - Very High"
	},
	{
	"CWE ID":"183",
	"CWE Name":"Permissive List of Allowed Inputs",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"201",
	"CWE Name":"Information Exposure Through Sent Data",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"209",
	"CWE Name":"Information Exposure Through an Error Message",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"215",
	"CWE Name":"Information Exposure Through Debug Information",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"242",
	"CWE Name":"Use of Inherently Dangerous Function",
	"Static":true,
	"Veracode Severity":"5 - Very High"
	},
	{
	"CWE ID":"252",
	"CWE Name":"Unchecked Return Value",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"256",
	"CWE Name":"Unprotected Storage of Credentials",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"259",
	"CWE Name":"Use of Hard-coded Password",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"287",
	"CWE Name":"Improper Authentication",
	"Static":true,
	"Veracode Severity":"4 - High"
	},
	{
	"CWE ID":"296",
	"CWE Name":"Improper Following of a Certificate's Chain of Trust",
	"Static":false,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"297",
	"CWE Name":"Improper Validation of Certificate with Host Mismatch",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"311",
	"CWE Name":"Missing Encryption of Sensitive Data",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"312",
	"CWE Name":"Cleartext Storage of Sensitive Information",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"313",
	"CWE Name":"Cleartext Storage in a File or on Disk",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"316",
	"CWE Name":"Cleartext Storage of Sensitive Information in Memory",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"319",
	"CWE Name":"Cleartext Transmission of Sensitive Information",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"321",
	"CWE Name":"Use of Hard-coded Cryptographic Key",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"326",
	"CWE Name":"Inadequate Encryption Strength",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"327",
	"CWE Name":"Use of a Broken or Risky Cryptographic Algorithm",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"329",
	"CWE Name":"Not Using a Random IV with CBC Mode",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"331",
	"CWE Name":"Insufficient Entropy",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"345",
	"CWE Name":"Insufficient Verification of Data Authenticity",
	"Static":true,
	"Veracode Severity":"4 - High"
	},
	{
	"CWE ID":"347",
	"CWE Name":"Improper Verification of Cryptographic Signature",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"354",
	"CWE Name":"Improper Validation of Integrity Check Value",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"377",
	"CWE Name":"Insecure Temporary File",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"378",
	"CWE Name":"Creation of Temporary File With Insecure Permissions",
	"Static":false,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"404",
	"CWE Name":"Improper Resource Shutdown",
	"Static":true,
	"Veracode Severity":"0 - Informational"
	},
	{
	"CWE ID":"415",
	"CWE Name":"Double Free",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"416",
	"CWE Name":"Use After Free",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"470",
	"CWE Name":"Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"489",
	"CWE Name":"Leftover Debug Code",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"497",
	"CWE Name":"Exposure of System Data to an Unauthorized Control Sphere",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"501",
	"CWE Name":"Trust Boundary Violation",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"506",
	"CWE Name":"Embedded Malicious Code",
	"Static":true,
	"Veracode Severity":"4 - High"
	},
	{
	"CWE ID":"511",
	"CWE Name":"Logic/Time Bomb",
	"Static":true,
	"Veracode Severity":"5 - Very High"
	},
	{
	"CWE ID":"514",
	"CWE Name":"Covert Channel",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"522",
	"CWE Name":"Insufficiently Protected Credentials",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"601",
	"CWE Name":"URL Redirection to Untrusted Site",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"614",
	"CWE Name":"Sensitive Cookie without Secure Attribute",
	"Static":true,
	"Veracode Severity":"2 - Low"
	},
	{
	"CWE ID":"676",
	"CWE Name":"Use of Potentially Dangerous Function",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"693",
	"CWE Name":"Protection Mechanism Failure",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"732",
	"CWE Name":"Incorrect Permission Assignment for Critical Resource",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"757",
	"CWE Name":"Selection of Less Secure Algorithm During Negotiation",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	},
	{
	"CWE ID":"798",
	"CWE Name":"Use of Hard-coded Credentials",
	"Static":true,
	"Veracode Severity":"3 - Medium"
	}
	]
	"Category Name";"ID";"Name";"Static";"Veracode Severity"
	"Untrusted Initialization";"15";"External Control of System or Configuration Setting";"X";"4 - High"
	"Directory Traversal";"73";"External Control of File Name or Path";"X";"3 - Medium"
	"Command or Argument Injection";"77";"Improper Neutralization of Special Elements in a Command";"X";"5 - Very High"
	"Command or Argument Injection";"78";"Improper Neutralization of Special Elements in an OS Command";"X";"5 - Very High"
	"Cross-Site Scripting (XSS)";"80";"Improper Neutralization of Script Related HTML Tags";"X";"3 - Medium"
	"Command or Argument Injection";"88";"Improper Neutralization of Argument Delimeters";"X";"3 - Medium"
	"SQL Injection";"89";"Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)";"X";"4 - High"
	"Untrusted Search Path";"114";"Process Control";"X";"5 - Very High"
	"Insufficient Input Validation";"183";"Permissive List of Allowed Inputs";"X";"3 - Medium"
	"Information Leakage";"201";"Information Exposure Through Sent Data";"X";"2 - Low"
	"Information Leakage";"209";"Information Exposure Through an Error Message";"X";"2 - Low"
	"Information Leakage";"215";"Information Exposure Through Debug Information";"X";"2 - Low"
	"Dangerous Functions";"242";"Use of Inherently Dangerous Function";"X";"5 - Very High"
	"Error Handling";"252";"Unchecked Return Value";"X";"2 - Low"
	"Credentials Management";"256";"Unprotected Storage of Credentials";"X";"3 - Medium"
	"Credentials Management";"259";"Use of Hard-coded Password";"X";"3 - Medium"
	"Authentication Issues";"287";"Improper Authentication";"X";"4 - High"
	"";"296";"Improper Following of a Certificate's Chain of Trust";"";"3 - Medium"
	"Cryptographic Issues";"297";"Improper Validation of Certificate with Host Mismatch";"X";"3 - Medium"
	"Cryptographic Issues";"311";"Missing Encryption of Sensitive Data";"X";"3 - Medium"
	"Cryptographic Issues";"312";"Cleartext Storage of Sensitive Information";"X";"3 - Medium"
	"Cryptographic Issues";"313";"Cleartext Storage in a File or on Disk";"X";"3 - Medium"
	"Cryptographic Issues";"316";"Cleartext Storage of Sensitive Information in Memory";"X";"3 - Medium"
	"Cryptographic Issues";"319";"Cleartext Transmission of Sensitive Information";"X";"3 - Medium"
	"Cryptographic Issues";"321";"Use of Hard-coded Cryptographic Key";"X";"3 - Medium"
	"Cryptographic Issues";"326";"Inadequate Encryption Strength";"X";"3 - Medium"
	"Cryptographic Issues";"327";"Use of a Broken or Risky Cryptographic Algorithm";"X";"3 - Medium"
	"Cryptographic Issues";"329";"Not Using a Random IV with CBC Mode";"X";"2 - Low"
	"Cryptographic Issues";"331";"Insufficient Entropy";"X";"3 - Medium"
	"Insufficient Input Validation";"345";"Insufficient Verification of Data Authenticity";"X";"4 - High"
	"Cryptographic Issues";"347";"Improper Verification of Cryptographic Signature";"X";"2 - Low"
	"Cryptographic Issues";"354";"Improper Validation of Integrity Check Value";"X";"3 - Medium"
	"Time and State";"377";"Insecure Temporary File";"X";"3 - Medium"
	"";"378";"Creation of Temporary File With Insecure Permissions";"";"3 - Medium"
	"Code Quality";"404";"Improper Resource Shutdown";"X";"0 - Informational"
	"Code Quality";"415";"Double Free";"X";"3 - Medium"
	"Code Quality";"416";"Use After Free";"X";"2 - Low"
	"Insufficient Input Validation";"470";"Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)";"X";"3 - Medium"
	"Code Quality";"489";"Leftover Debug Code";"X";"3 - Medium"
	"Information Leakage";"497";"Exposure of System Data to an Unauthorized Control Sphere";"X";"2 - Low"
	"Encapsulation";"501";"Trust Boundary Violation";"X";"3 - Medium"
	"Potential Backdoor";"506";"Embedded Malicious Code";"X";"4 - High"
	"Potential Backdoor";"511";"Logic/Time Bomb";"X";"5 - Very High"
	"Potential Backdoor";"514";"Covert Channel";"X";"2 - Low"
	"Credentials Management";"522";"Insufficiently Protected Credentials";"X";"3 - Medium"
	"Insufficient Input Validation";"601";"URL Redirection to Untrusted Site";"X";"3 - Medium"
	"Cryptographic Issues";"614";"Sensitive Cookie without Secure Attribute";"X";"2 - Low"
	"Dangerous Functions";"676";"Use of Potentially Dangerous Function";"X";"3 - Medium"
	"Authentication Issues";"693";"Protection Mechanism Failure";"X";"3 - Medium"
	"Authorization Issues";"732";"Incorrect Permission Assignment for Critical Resource";"X";"3 - Medium"
	"Server Configuration";"757";"Selection of Less Secure Algorithm During Negotiation";"X";"3 - Medium"
	"Credentials Management";"798";"Use of Hard-coded Credentials";"X";"3 - Medium"
	[
	{
	"CWE ID": "15",
	"CWE Name": "External Control of System or Configuration Setting",
	"Static": true,
	"Veracode Severity": "4 - High",
	"Category Name": "Untrusted Initialization"
	},
	{
	"CWE ID": "73",
	"CWE Name": "External Control of File Name or Path",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Directory Traversal"
	},
	{
	"CWE ID": "77",
	"CWE Name": "Improper Neutralization of Special Elements in a Command",
	"Static": true,
	"Veracode Severity": "5 - Very High",
	"Category Name": "Command or Argument Injection"
	},
	{
	"CWE ID": "78",
	"CWE Name": "Improper Neutralization of Special Elements in an OS Command",
	"Static": true,
	"Veracode Severity": "5 - Very High",
	"Category Name": "Command or Argument Injection"
	},
	{
	"CWE ID": "80",
	"CWE Name": "Improper Neutralization of Script Related HTML Tags",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cross-Site Scripting (XSS)"
	},
	{
	"CWE ID": "88",
	"CWE Name": "Improper Neutralization of Argument Delimeters",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Command or Argument Injection"
	},
	{
	"CWE ID": "89",
	"CWE Name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
	"Static": true,
	"Veracode Severity": "4 - High",
	"Category Name": "SQL Injection"
	},
	{
	"CWE ID": "114",
	"CWE Name": "Process Control",
	"Static": true,
	"Veracode Severity": "5 - Very High",
	"Category Name": "Untrusted Search Path"
	},
	{
	"CWE ID": "183",
	"CWE Name": "Permissive List of Allowed Inputs",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Insufficient Input Validation"
	},
	{
	"CWE ID": "201",
	"CWE Name": "Information Exposure Through Sent Data",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Information Leakage"
	},
	{
	"CWE ID": "209",
	"CWE Name": "Information Exposure Through an Error Message",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Information Leakage"
	},
	{
	"CWE ID": "215",
	"CWE Name": "Information Exposure Through Debug Information",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Information Leakage"
	},
	{
	"CWE ID": "242",
	"CWE Name": "Use of Inherently Dangerous Function",
	"Static": true,
	"Veracode Severity": "5 - Very High",
	"Category Name": "Dangerous Functions"
	},
	{
	"CWE ID": "252",
	"CWE Name": "Unchecked Return Value",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Error Handling"
	},
	{
	"CWE ID": "256",
	"CWE Name": "Unprotected Storage of Credentials",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Credentials Management"
	},
	{
	"CWE ID": "259",
	"CWE Name": "Use of Hard-coded Password",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Credentials Management"
	},
	{
	"CWE ID": "287",
	"CWE Name": "Improper Authentication",
	"Static": true,
	"Veracode Severity": "4 - High",
	"Category Name": "Authentication Issues"
	},
	{
	"CWE ID": "296",
	"CWE Name": "Improper Following of a Certificate's Chain of Trust",
	"Static": false,
	"Veracode Severity": "3 - Medium",
	"Category Name": ""
	},
	{
	"CWE ID": "297",
	"CWE Name": "Improper Validation of Certificate with Host Mismatch",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "311",
	"CWE Name": "Missing Encryption of Sensitive Data",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "312",
	"CWE Name": "Cleartext Storage of Sensitive Information",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "313",
	"CWE Name": "Cleartext Storage in a File or on Disk",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "316",
	"CWE Name": "Cleartext Storage of Sensitive Information in Memory",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "319",
	"CWE Name": "Cleartext Transmission of Sensitive Information",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "321",
	"CWE Name": "Use of Hard-coded Cryptographic Key",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "326",
	"CWE Name": "Inadequate Encryption Strength",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "327",
	"CWE Name": "Use of a Broken or Risky Cryptographic Algorithm",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "329",
	"CWE Name": "Not Using a Random IV with CBC Mode",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "331",
	"CWE Name": "Insufficient Entropy",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "345",
	"CWE Name": "Insufficient Verification of Data Authenticity",
	"Static": true,
	"Veracode Severity": "4 - High",
	"Category Name": "Insufficient Input Validation"
	},
	{
	"CWE ID": "347",
	"CWE Name": "Improper Verification of Cryptographic Signature",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "354",
	"CWE Name": "Improper Validation of Integrity Check Value",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "377",
	"CWE Name": "Insecure Temporary File",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Time and State"
	},
	{
	"CWE ID": "378",
	"CWE Name": "Creation of Temporary File With Insecure Permissions",
	"Static": false,
	"Veracode Severity": "3 - Medium",
	"Category Name": ""
	},
	{
	"CWE ID": "404",
	"CWE Name": "Improper Resource Shutdown",
	"Static": true,
	"Veracode Severity": "0 - Informational",
	"Category Name": "Code Quality"
	},
	{
	"CWE ID": "415",
	"CWE Name": "Double Free",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Code Quality"
	},
	{
	"CWE ID": "416",
	"CWE Name": "Use After Free",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Code Quality"
	},
	{
	"CWE ID": "470",
	"CWE Name": "Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Insufficient Input Validation"
	},
	{
	"CWE ID": "489",
	"CWE Name": "Leftover Debug Code",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Code Quality"
	},
	{
	"CWE ID": "497",
	"CWE Name": "Exposure of System Data to an Unauthorized Control Sphere",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Information Leakage"
	},
	{
	"CWE ID": "501",
	"CWE Name": "Trust Boundary Violation",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Encapsulation"
	},
	{
	"CWE ID": "506",
	"CWE Name": "Embedded Malicious Code",
	"Static": true,
	"Veracode Severity": "4 - High",
	"Category Name": "Potential Backdoor"
	},
	{
	"CWE ID": "511",
	"CWE Name": "Logic/Time Bomb",
	"Static": true,
	"Veracode Severity": "5 - Very High",
	"Category Name": "Potential Backdoor"
	},
	{
	"CWE ID": "514",
	"CWE Name": "Covert Channel",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Potential Backdoor"
	},
	{
	"CWE ID": "522",
	"CWE Name": "Insufficiently Protected Credentials",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Credentials Management"
	},
	{
	"CWE ID": "601",
	"CWE Name": "URL Redirection to Untrusted Site",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Insufficient Input Validation"
	},
	{
	"CWE ID": "614",
	"CWE Name": "Sensitive Cookie without Secure Attribute",
	"Static": true,
	"Veracode Severity": "2 - Low",
	"Category Name": "Cryptographic Issues"
	},
	{
	"CWE ID": "676",
	"CWE Name": "Use of Potentially Dangerous Function",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Dangerous Functions"
	},
	{
	"CWE ID": "693",
	"CWE Name": "Protection Mechanism Failure",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Authentication Issues"
	},
	{
	"CWE ID": "732",
	"CWE Name": "Incorrect Permission Assignment for Critical Resource",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Authorization Issues"
	},
	{
	"CWE ID": "757",
	"CWE Name": "Selection of Less Secure Algorithm During Negotiation",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Server Configuration"
	},
	{
	"CWE ID": "798",
	"CWE Name": "Use of Hard-coded Credentials",
	"Static": true,
	"Veracode Severity": "3 - Medium",
	"Category Name": "Credentials Management"
	}
	]