diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..e69de29bb diff --git a/cwe_extract.py b/cwe_extract.py new file mode 100755 index 000000000..951511980 --- /dev/null +++ b/cwe_extract.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +import os +import re +import json + +CURDIR = os.path.dirname(os.path.abspath(__file__)) +path = os.path.join(CURDIR, 'cqe-challenges') +os.chdir(path) + +rlist = {'r1': r"(CWE-[\d]{2,3}).?\n{1,2}", + 'r2': r"\n(.*)\s\((CWE-[\d]{2,3})\)\n", + 'r3': r"\n{1,2}(.*)\n(CWE-[\d]{2,3})", + 'r4': r"\n{0,1}(CWE-[\d]{2,3}).?\s([^]\n]*).*?(?!\band\b)", + 'r5': r"([\d]{2,3}):\s(.*)"} + +def dump(cwe_dict): + with open(os.path.join(CURDIR,'data.txt'),'w') as f: + f.write(json.dumps(cwe_dict, f, ensure_ascii=False, sort_keys=True, + indent=4)) + f.close() + +def extract_cwe(): + cwe = dict() + for p in os.listdir('.'): + vlist = [] + cve = [] + with open(os.path.join(p, 'README.md')) as f: + buf = f.read() + for k, r in rlist.iteritems(): + vlist = re.findall(r,buf) + if len(vlist): + if k == 'r3' and any('classification' in s[0] for s in vlist): + continue + elif type(vlist[0]) is not tuple: + continue + elif k == 'r3' and any(b in p for b in ['KPRCA', 'CROMU']) and vlist[0][0] == '': + continue + elif k == 'r2' or k == 'r3': + vlist[:] = [(c[1], c[0]) for c in vlist] + elif k == 'r5': + vlist[:] = [('CWE-'+c[0], c[1]) for c in vlist] + elif 'NRFIN' in p and type(vlist[0]) is not tuple: + continue + break + f.close() + for v in vlist: + if type(v) is tuple: + cve.append({'CWE':v[0], + 'desc':v[1].replace(':','').strip()}) + else: + cve.append({'CWE':v, 'desc':''}) + cwe[p] = cve + return cwe + +if __name__ == '__main__': + cwe_dict = extract_cwe() + dump(cwe_dict) diff --git a/data.txt b/data.txt new file mode 100644 index 000000000..8e632ec75 --- /dev/null +++ b/data.txt @@ -0,0 +1,1328 @@ +{ + "CROMU_00001": [ + { + "CWE": "CWE-190", + "desc": "Integer overflow or wraparound" + }, + { + "CWE": "CWE-131", + "desc": "Incorrect calculation of buffer size" + }, + { + "CWE": "CWE-120", + "desc": "Buffer copy without checking size of input" + }, + { + "CWE": "CWE-190", + "desc": "but it results in CWE-131 and since the size of the write is not checked, the ultimate crash is due to CWE-120." + } + ], + "CROMU_00002": [ + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + } + ], + "CROMU_00003": [ + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + } + ], + "CROMU_00004": [ + { + "CWE": "CWE-120", + "desc": "- Buffer Copy without Checking Size of Input" + } + ], + "CROMU_00005": [ + { + "CWE": "CWE-787", + "desc": "Out of Bounds Write" + } + ], + "CROMU_00006": [ + { + "CWE": "CWE-120", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + } + ], + "CROMU_00008": [ + { + "CWE": "CWE-119", + "desc": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ], + "CROMU_00009": [ + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "CROMU_00010": [ + { + "CWE": "CWE-467", + "desc": "## Challenges" + } + ], + "CROMU_00011": [ + { + "CWE": "CWE-120", + "desc": "Buffer copy without checking size of input" + }, + { + "CWE": "CWE-400", + "desc": "Uncontrolled Resource Consumption" + } + ], + "CROMU_00012": [ + { + "CWE": "CWE-787", + "desc": "NULL Pointer Dereference" + } + ], + "CROMU_00014": [ + { + "CWE": "CWE-122", + "desc": "Heap Buffer Overflow" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + } + ], + "CROMU_00015": [ + { + "CWE": "CWE-120", + "desc": "Buffer copy without checking size of input" + }, + { + "CWE": "CWE-122", + "desc": "Heap-based buffer overflow" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "CROMU_00016": [ + { + "CWE": "CWE-131", + "desc": "Incorrect Calculation of Buffer Size" + }, + { + "CWE": "CWE-120", + "desc": "Buffer Copy without Checking Size of Input" + } + ], + "CROMU_00017": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "CROMU_00018": [ + { + "CWE": "CWE-119", + "desc": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + }, + { + "CWE": "CWE-196", + "desc": "Unsigned to Signed Conversion Error" + }, + { + "CWE": "CWE-191", + "desc": "Integer Underflow (Wrap or Wraparound)" + } + ], + "CROMU_00019": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "CROMU_00020": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "CROMU_00021": [ + { + "CWE": "CWE-843", + "desc": "Type Confusion" + }, + { + "CWE": "CWE-125", + "desc": "Out of bounds read" + }, + { + "CWE": "CWE-787", + "desc": "Ouf of bounds write" + }, + { + "CWE": "CWE-190", + "desc": "CWE-476 NULL Pointer DREF" + } + ], + "CROMU_00022": [ + { + "CWE": "CWE-787", + "desc": "CWE-839" + } + ], + "CROMU_00023": [ + { + "CWE": "CWE-119", + "desc": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ], + "CROMU_00024": [ + { + "CWE": "CWE-476", + "desc": "" + } + ], + "CROMU_00025": [ + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index. The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. Also known as out-of-bounds array index." + }, + { + "CWE": "CWE-416", + "desc": "Use after free. Referencing memory after it has been freed." + } + ], + "CROMU_00026": [ + { + "CWE": "CWE-131", + "desc": "Improper Calculation of Buffer Size" + }, + { + "CWE": "CWE-119", + "desc": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + }, + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "CROMU_00027": [ + { + "CWE": "CWE-787", + "desc": "- Out of bounds write" + }, + { + "CWE": "CWE-476", + "desc": "- Null pointer dereference" + }, + { + "CWE": "CWE-195", + "desc": "- Signed to unsigned conversion error" + } + ], + "CROMU_00028": [ + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + } + ], + "CROMU_00029": [ + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + }, + { + "CWE": "CWE-131", + "desc": "Incorrect Calculation of Buffer Size" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + } + ], + "CROMU_00030": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "CROMU_00031": [ + { + "CWE": "CWE-787", + "desc": "Out-of-bounds write" + } + ], + "CROMU_00032": [ + { + "CWE": "CWE-120", + "desc": "Buffer copy without checking size of input" + } + ], + "CROMU_00033": [ + { + "CWE": "CWE-125", + "desc": "Out-of-bounds Read" + } + ], + "CROMU_00034": [ + { + "CWE": "CWE-125", + "desc": "Out-of-bounds Read" + }, + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-125", + "desc": "Out-of-bounds Read" + }, + { + "CWE": "CWE-476", + "desc": "Null pointer dereference" + } + ], + "CROMU_00035": [ + { + "CWE": "CWE-785", + "desc": "Use of Path Manipulation Function without Maximum-sized Buffer" + }, + { + "CWE": "CWE-416", + "desc": "Use After Free" + } + ], + "CROMU_00036": [ + { + "CWE": "CWE-805", + "desc": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ], + "CROMU_00037": [ + { + "CWE": "CWE-798", + "desc": "Use of Hard-coded Credentials" + }, + { + "CWE": "CWE-131", + "desc": "Incorrect Calculation of Buffer Size" + } + ], + "CROMU_00038": [ + { + "CWE": "CWE-823", + "desc": "CWE-824 Access of Uninitialized Pointer" + } + ], + "CROMU_00039": [ + { + "CWE": "CWE-120", + "desc": "Buffer Copy without Checking Size of Input" + } + ], + "CROMU_00040": [ + { + "CWE": "CWE-193", + "desc": "CWE-476 -- Null dref" + } + ], + "CROMU_00041": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "CROMU_00042": [ + { + "CWE": "CWE-195", + "desc": "sort command" + }, + { + "CWE": "CWE-131", + "desc": "CWE-190 Integer Overflow or Wraparound" + }, + { + "CWE": "CWE-121", + "desc": "simon command" + } + ], + "CROMU_00043": [ + { + "CWE": "CWE-134", + "desc": "- Uncontrolled Format String" + }, + { + "CWE": "CWE-125", + "desc": "- Out of Bounds Read" + } + ], + "CROMU_00044": [ + { + "CWE": "CWE-416", + "desc": "Use After Free" + } + ], + "KPRCA_00002": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + } + ], + "KPRCA_00007": [ + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + } + ], + "KPRCA_00008": [ + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + } + ], + "KPRCA_00009": [ + { + "CWE": "CWE-170", + "desc": "Improper Null Termination" + } + ], + "KPRCA_00010": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + } + ], + "KPRCA_00011": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-416", + "desc": "Use-After-Free" + } + ], + "KPRCA_00012": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + } + ], + "KPRCA_00013": [ + { + "CWE": "CWE-457", + "desc": "CWE-193 Off-by-one Error" + } + ], + "KPRCA_00014": [ + { + "CWE": "CWE-127", + "desc": "Buffer Under-read" + } + ], + "KPRCA_00016": [ + { + "CWE": "CWE-195", + "desc": "Signed to Unsigned Conversion Error" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + }, + { + "CWE": "CWE-908", + "desc": "Use of Uninitiailized Resource" + } + ], + "KPRCA_00017": [ + { + "CWE": "CWE-457", + "desc": "Use of Uninitialized Variable" + } + ], + "KPRCA_00018": [ + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + } + ], + "KPRCA_00019": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + } + ], + "KPRCA_00020": [ + { + "CWE": "CWE-125", + "desc": "Out-of-bounds Read" + } + ], + "KPRCA_00021": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-908", + "desc": "Use of Uninitialized Resource" + } + ], + "KPRCA_00022": [ + { + "CWE": "CWE-120", + "desc": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ], + "KPRCA_00023": [ + { + "CWE": "CWE-122", + "desc": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ], + "KPRCA_00024": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-252", + "desc": "Unchecked Return Value" + } + ], + "KPRCA_00025": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + }, + { + "CWE": "CWE-908", + "desc": "Use of Uninitialized Resource" + } + ], + "KPRCA_00026": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-367", + "desc": "TOCTOU Error" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "KPRCA_00027": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "KPRCA_00028": [ + { + "CWE": "CWE-476", + "desc": "Null Pointer Dereference" + }, + { + "CWE": "CWE-843", + "desc": "Access of Resource Using Incompatible Type ('Type Confusion')" + } + ], + "KPRCA_00029": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "KPRCA_00030": [ + { + "CWE": "CWE-690", + "desc": "Unchecked Return Value" + } + ], + "KPRCA_00031": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + } + ], + "KPRCA_00032": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-755", + "desc": "Improper Handling of Exceptional Conditions" + } + ], + "KPRCA_00033": [ + { + "CWE": "CWE-843", + "desc": "Access of Resource Using Incompatible Type 'Type Confusion'" + } + ], + "KPRCA_00034": [ + { + "CWE": "CWE-134", + "desc": "Uncontrolled Format Sting" + } + ], + "KPRCA_00035": [ + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + }, + { + "CWE": "CWE-665", + "desc": "Improper Initialization" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + } + ], + "KPRCA_00036": [ + { + "CWE": "CWE-674", + "desc": "CWE-193 Off-by-one Error" + } + ], + "KPRCA_00037": [ + { + "CWE": "CWE-190", + "desc": "CWE-839 Numeric Range Comparison Without Minimum Check" + } + ], + "KPRCA_00038": [ + { + "CWE": "CWE-134", + "desc": "Uncontrolled Format Sting" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + }, + { + "CWE": "CWE-674", + "desc": "Uncontrolled Recursion" + } + ], + "KPRCA_00039": [ + { + "CWE": "CWE-134", + "desc": "Uncontrolled Format Sting" + } + ], + "KPRCA_00040": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + }, + { + "CWE": "CWE-788", + "desc": "Access of Memory Location After End of Buffer" + } + ], + "KPRCA_00041": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "KPRCA_00042": [ + { + "CWE": "CWE-134", + "desc": "Uncontrolled Format String" + } + ], + "KPRCA_00043": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + } + ], + "KPRCA_00044": [ + { + "CWE": "CWE-788", + "desc": "Access of Memory Location After End of Buffer" + } + ], + "KPRCA_00045": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + } + ], + "KPRCA_00046": [ + { + "CWE": "CWE-823", + "desc": "CWE-122 Heap-based Buffer Overflow" + } + ], + "KPRCA_00047": [ + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + } + ], + "KPRCA_00048": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-131", + "desc": "Incorrect Calculation of Buffer Size" + }, + { + "CWE": "CWE-788", + "desc": "Access of Memory Location After End of Buffer" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "KPRCA_00049": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-674", + "desc": "Uncontrolled Recursion" + } + ], + "KPRCA_00050": [ + { + "CWE": "CWE-822", + "desc": "Untrusted Pointer Dereference" + } + ], + "KPRCA_00051": [ + { + "CWE": "CWE-783", + "desc": "Operator Precedence Logic Error" + } + ], + "KPRCA_00052": [ + { + "CWE": "CWE-476", + "desc": "Null Pointer Dereference" + } + ], + "KPRCA_00053": [ + { + "CWE": "CWE-783", + "desc": "Operator Precedence Logic Error" + } + ], + "KPRCA_00054": [ + { + "CWE": "CWE-416", + "desc": "Use After Free" + } + ], + "NRFIN_00001": [ + { + "CWE": "CWE-134", + "desc": "Uncontrolled Format String" + } + ], + "NRFIN_00004": [ + { + "CWE": "CWE-122", + "desc": "CWE-120 Buffer Overflow" + } + ], + "NRFIN_00005": [ + { + "CWE": "CWE-120", + "desc": "Integer Overflow" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "NRFIN_00006": [ + { + "CWE": "CWE-416", + "desc": "Use After Free" + }, + { + "CWE": "CWE-200", + "desc": "Information Exposure" + } + ], + "NRFIN_00007": [ + { + "CWE": "CWE-120", + "desc": "" + } + ], + "NRFIN_00008": [ + { + "CWE": "CWE-680", + "desc": "" + } + ], + "NRFIN_00009": [ + { + "CWE": "CWE-120", + "desc": "Buffer Overflow" + }, + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-20", + "desc": "Improper Input Validation" + }, + { + "CWE": "CWE-839", + "desc": "Numeric Range Comparison Without Minimum Check" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + } + ], + "NRFIN_00011": [ + { + "CWE": "CWE-120", + "desc": "Buffer Overflow" + }, + { + "CWE": "CWE-121", + "desc": "Stack-Based Buffer Overflow" + } + ], + "NRFIN_00012": [ + { + "CWE": "CWE-125", + "desc": "CWE-457 Use of uninitialized variable" + } + ], + "NRFIN_00014": [ + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "NRFIN_00015": [ + { + "CWE": "CWE-193", + "desc": "Off-by-one Error" + }, + { + "CWE": "CWE-121", + "desc": "Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-125", + "desc": "Out-of-bounds Read" + } + ], + "NRFIN_00016": [ + { + "CWE": "CWE-121", + "desc": "CWE-120 Buffer copy without Checking Size of Input" + }, + { + "CWE": "CWE-195", + "desc": "CWE-191 Integer Underflow" + } + ], + "NRFIN_00017": [ + { + "CWE": "CWE-20", + "desc": "Improper Input Validation" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + }, + { + "CWE": "CWE-193", + "desc": "Off-by-one Error" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "NRFIN_00018": [ + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + } + ], + "NRFIN_00019": [ + { + "CWE": "CWE-120", + "desc": "Buffer Overflow" + }, + { + "CWE": "CWE-121", + "desc": "Stack-Based Buffer Overflow" + }, + { + "CWE": "CWE-122", + "desc": "Heap-Based Buffer Overflow" + }, + { + "CWE": "CWE-125", + "desc": "Out-of-Bounds Read" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-Bounds Write" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + } + ], + "NRFIN_00020": [ + { + "CWE": "CWE-20", + "desc": "Improper Input Validation" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + }, + { + "CWE": "CWE-193", + "desc": "Off-by-one Error" + } + ], + "NRFIN_00021": [ + { + "CWE": "CWE-476", + "desc": "Null Pointer Dereference)" + }, + { + "CWE": "CWE-476", + "desc": "Null Pointer Dereference" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow" + } + ], + "NRFIN_00022": [ + { + "CWE": "CWE-20", + "desc": "Improper Input Validation" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + }, + { + "CWE": "CWE-191", + "desc": "Integer Underflow or Wraparound" + }, + { + "CWE": "CWE-193", + "desc": "Off-by-one Error" + }, + { + "CWE": "CWE-195", + "desc": "Signed to Unsigned Conversion Error" + }, + { + "CWE": "CWE-680", + "desc": "Integer Overfow to Buffer Overflow" + } + ], + "NRFIN_00023": [ + { + "CWE": "CWE-822", + "desc": "Dereference of untrusted pointer" + }, + { + "CWE": "CWE-190", + "desc": "Integer overflow or wraparound" + }, + { + "CWE": "CWE-129", + "desc": "Improper validation of array index" + }, + { + "CWE": "CWE-122", + "desc": "Heap-based buffer overflow" + }, + { + "CWE": "CWE-416", + "desc": "Use after free" + }, + { + "CWE": "CWE-843", + "desc": "Access of resource using incompatible type" + } + ], + "NRFIN_00024": [ + { + "CWE": "CWE-193", + "desc": "CWE-122 Heap-based buffer overflow" + }, + { + "CWE": "CWE-825", + "desc": "CWE-416 Use After Free" + } + ], + "NRFIN_00025": [ + { + "CWE": "CWE-674", + "desc": "" + } + ], + "NRFIN_00026": [ + { + "CWE": "CWE-121", + "desc": "CWE-131 Incorrect Calculation of Buffer Size" + } + ], + "NRFIN_00027": [ + { + "CWE": "CWE-125", + "desc": "Out of bound read" + }, + { + "CWE": "CWE-190", + "desc": "Integer overflow or wraparound" + }, + { + "CWE": "CWE-369", + "desc": "Divide by zero" + }, + { + "CWE": "CWE-682", + "desc": "Incorrect calculation" + }, + { + "CWE": "CWE-704", + "desc": "Incorrect type conversion or cast" + }, + { + "CWE": "CWE-843", + "desc": "Access of resource using incompatible type" + } + ], + "NRFIN_00029": [ + { + "CWE": "CWE-22", + "desc": "CWE-20 Improper input validation" + }, + { + "CWE": "CWE-822", + "desc": "CWE-176 Improper handling of unicode encoding" + } + ], + "NRFIN_00030": [ + { + "CWE": "CWE-20", + "desc": "Improper Input Validation" + }, + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + }, + { + "CWE": "CWE-131", + "desc": "Incorrect Calculation of Buffer Size" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + } + ], + "NRFIN_00032": [ + { + "CWE": "CWE-122", + "desc": "CWE-131 Incorrect Calculation of Buffer Size" + } + ], + "NRFIN_00033": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-457", + "desc": "Use of Uninitialized Variable" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + }, + { + "CWE": "CWE-788", + "desc": "Access of Memory Location After End of Buffer" + } + ], + "NRFIN_00034": [ + { + "CWE": "CWE-61", + "desc": "CWE-59 Improper link resolution before file access" + }, + { + "CWE": "CWE-434", + "desc": "CWE-275 Permission issues" + } + ], + "NRFIN_00035": [ + { + "CWE": "CWE-20", + "desc": "Improper Input Validation" + }, + { + "CWE": "CWE-128", + "desc": "Wrap-around Error" + }, + { + "CWE": "CWE-129", + "desc": "Improper Validation of Array Index" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + }, + { + "CWE": "CWE-788", + "desc": "Access of Memory Location After End of Buffer" + }, + { + "CWE": "CWE-805", + "desc": "Buffer Access with Incorrect Length Value" + }, + { + "CWE": "CWE-824", + "desc": "Access of Uninitialized Pointer" + } + ], + "NRFIN_00036": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-125", + "desc": "Out-of-bounds Read" + }, + { + "CWE": "CWE-131", + "desc": "Incorrect Calculation of Buffer Size" + }, + { + "CWE": "CWE-193", + "desc": "Off-by-one Error" + }, + { + "CWE": "CWE-469", + "desc": "Use of Pointer Subtraction to Determine Size" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-bounds Write" + } + ], + "NRFIN_00037": [ + { + "CWE": "CWE-20", + "desc": "Improper Input Validation" + }, + { + "CWE": "CWE-119", + "desc": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + }, + { + "CWE": "CWE-125", + "desc": "Out-of-Bounds Read" + }, + { + "CWE": "CWE-367", + "desc": "Time-of-Chceck Time-of-Use (TOCTOU)" + }, + { + "CWE": "CWE-476", + "desc": "NULL Pointer Dereference" + }, + { + "CWE": "CWE-787", + "desc": "Out-of-Bounds Write" + } + ], + "NRFIN_00038": [ + { + "CWE": "CWE-822", + "desc": "CWE-121 Stack-based Buffer Overflow" + }, + { + "CWE": "CWE-201", + "desc": "CWE-471 Modification if Assumed-Immutable Data" + }, + { + "CWE": "CWE-327", + "desc": "CWE-326 Inadequate Encryption Strength" + } + ], + "NRFIN_00039": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + }, + { + "CWE": "CWE-123", + "desc": "Write-what-where Condition" + }, + { + "CWE": "CWE-190", + "desc": "Integer Overflow or Wraparound" + }, + { + "CWE": "CWE-763", + "desc": "Release of Invalid Pointer or Reference" + }, + { + "CWE": "CWE-788", + "desc": "Access of Memory Location After End of Buffer" + } + ], + "NRFIN_00040": [ + { + "CWE": "CWE-843", + "desc": "Type Confusion" + }, + { + "CWE": "CWE-824", + "desc": "Access of Uninitialized Pointer" + }, + { + "CWE": "CWE-704", + "desc": "Incorrect Type Conversion or Cast" + }, + { + "CWE": "CWE-476", + "desc": "Null Pointer Dereference" + } + ], + "NRFIN_00041": [ + { + "CWE": "CWE-120", + "desc": "CWE-20 Improper Input Validation" + }, + { + "CWE": "CWE-129", + "desc": "CWE-122 Heap-based Buffer Overflow" + } + ], + "NRFIN_00042": [ + { + "CWE": "CWE-787", + "desc": "CWE-131 Incorrect Calculation of Buffer Size" + } + ], + "YAN01_00007": [ + { + "CWE": "CWE-824", + "desc": "Access of Uninitialized Pointer" + }, + { + "CWE": "CWE-476", + "desc": "Null Pointer Derefernece" + } + ], + "YAN01_00009": [ + { + "CWE": "CWE-134", + "desc": "Uncontrolled Format String" + } + ], + "YAN01_00010": [ + { + "CWE": "CWE-824", + "desc": "Access of Uninitialized Pointer" + }, + { + "CWE": "CWE-476", + "desc": "Null Pointer Derefernece" + } + ], + "YAN01_00011": [ + { + "CWE": "CWE-125", + "desc": "Out of Bounds Read" + } + ], + "YAN01_00012": [ + { + "CWE": "CWE-122", + "desc": "Heap-based Buffer Overflow" + } + ] +}