lib/pwn/sast/eval.rb in pwn-0.4.505 vs lib/pwn/sast/eval.rb in pwn-0.4.507
- old
+ new
@@ -46,11 +46,11 @@
else
str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
hash_line = {
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
- test_case: nist_800_53_requirements,
+ security_requirements: security_requirements,
filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
line_no_and_contents: '',
raw_content: str,
test_case_filter: test_case_filter
}
@@ -103,14 +103,16 @@
# Used primarily to map NIST 800-53 Revision 4 Security Controls
# https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
# Determine the level of Testing Coverage w/ PWN.
- public_class_method def self.nist_800_53_requirements
+ public_class_method def self.security_requirements
{
sast_module: self,
section: 'MALICIOUS CODE PROTECTION',
- nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3'
+ nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
+ cwe_id: '95',
+ cwe_uri: 'https://cwe.mitre.org/data/definitions/95.html'
}
rescue StandardError => e
raise e
end