Merge branch 'feature/base-unittests' into develop #20

circle.yml

@@ -0,0 +1,15 @@
+#
+#   This file is used to configure the continuous integration for vulndb/data
+#
+#   As a user you don't need to understand this file.
+#
+machine:
+  python:
+    version: 2.7.9
+
+dependencies:
+  post:
+    - pip install --upgrade setuptools
+    - pip install --upgrade -r tests/requirements.txt
+    - pip --version
+    - pip freeze

db/14-cvs-svn-user-disclosure.json

@@ -29,7 +29,7 @@
   "references": [
     {
       "url": "http://cwe.mitre.org/data/definitions/200.html", 
-      "title": "CWE"
+      "title": "CWE-200"
     }
   ]
 }

db/15-directory-listing.json

@@ -43,7 +43,7 @@
     }, 
     {
       "url": "http://cwe.mitre.org/data/definitions/548.html", 
-      "title": "CWE"
+      "title": "CWE-548"
     }
   ]
 }

db/21-html-object.json

@@ -3,13 +3,16 @@
   "title": "HTML object", 
   "severity": "informational", 
   "description": [
-    "Logs the existence of HTML object tags.  Since the tool", 
-    "can't execute things like Java Applets and Flash  this", 
-    "serves as a heads-up to the penetration tester to review", 
+    "Most automated tools are not able to analyze the security of client-side",
+    "technologies such as Flash and Java applets. This informational finding",
+    "serves as a heads-up to the information security specialist to review",
     "the objects in question using a different method."
   ], 
   "fix": {
-    "effort": 50, 
-    "guidance": ""
+    "effort": 120,
+    "guidance": [
+        "Analyze the objects using manual analysis techniques such as",
+        "a local proxy, decompilation or reverse engineering."
+        ]
   }
 }

db/23-publicly-writable-directory.json

@@ -40,7 +40,7 @@
   "references": [
     {
       "url": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html", 
-      "title": "W3"
+      "title": "RFC-2616 document"
     }
   ]
 }

db/26-access-control-allow-origin-star.json

@@ -0,0 +1,44 @@
+{
+  "id": 26, 
+  "title": "Access-Control-Allow-Origin header set to '*'",
+  "severity": "medium",
+  "description": [
+      "Cross-Origin Resource Sharing (CORS) is one of the new HTML5",
+      "technologies which is widely implemented to create Web2.0 applications.",
+      "CORS allows the browser to perform HTTP requests to a domain outside",
+      "the Same-Origin Policy and access the response body. This feature is",
+      "secured by a new set of HTTP headers, being `Access-Control-Allow-Origin`",
+      "one of the most important ones.",
+      "\n\n",
+      "It was possible to identify an HTTP response which contained the",
+      "`Access-Control-Allow-Origin` header value set to '*', which allows any",
+      "third-party domain to perform requests and read the responses.",
+      "While this configuration is not a vulnerability per-se, it's only",
+      "recommended for sites which provide information that's public such as",
+      "weather or stock prices."
+  ],
+  "fix": {
+    "effort": 50, 
+    "guidance": [
+        "All CORS requests include the `Origin` header which indicates",
+        "the source domain name. Create a server-side list of trusted",
+        "domains which can consume the CORS resources and when a request is",
+        "received set the `Access-Control-Allow-Origin` response header",
+        "to the right value from the list matching the `Origin` request header."
+    ]
+  }, 
+  "references": [
+    {
+      "url": "https://www.owasp.org/index.php/CORS_OriginHeaderScrutiny", 
+      "title": "CORS security"
+    },
+    {
+      "url": "http://www.w3.org/TR/cors/",
+      "title": "CORS W3C Specification"
+    },
+    {
+      "url": "https://en.wikipedia.org/wiki/Cross-origin_resource_sharing",
+      "title": "CORS article at Wikipedia"
+    }
+  ]
+}

db/29-interesting-response.json

@@ -3,14 +3,14 @@
   "title": "Interesting response", 
   "severity": "informational", 
   "description": [
-    "The server responded with a non 200 (OK) nor 404 (Not Found) status", 
-    "code. This is a non-issue, however exotic HTTP response status codes", 
-    "can provide useful insights into the behavior of the web application", 
-    "and assist with the penetration test."
+    "The server responded with a strange HTTP status code. This is a non-issue",
+    "however exotic HTTP response status codes can provide useful insights",
+    "into the behavior of the web application and assist with the information",
+    "security analysis."
   ], 
   "fix": {
-    "effort": 50, 
-    "guidance": ""
+    "effort": 60,
+    "guidance": "Manually inspect the HTTP response status code and body"
   }, 
   "tags": [
     "interesting", 
@@ -20,7 +20,7 @@
   "references": [
     {
       "url": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html", 
-      "title": "w3.org"
+      "title": "RFC-2616"
     }
   ]
 }

db/44-source-code-disclosure.json

@@ -46,7 +46,7 @@
   "references": [
     {
       "url": "http://cwe.mitre.org/data/definitions/540.html", 
-      "title": "CWE"
+      "title": "CWE-540"
     }
   ]
 }

db/53-missing-x-frame-options-header.json

@@ -22,15 +22,15 @@
   "references": [
     {
       "url": "http://tools.ietf.org/html/rfc7034", 
-      "title": "RFC"
+      "title": "RFC-7034"
     }, 
     {
       "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options", 
-      "title": "MDN"
+      "title": "Mozilla developer network"
     }, 
     {
       "url": "https://www.owasp.org/index.php/Clickjacking", 
-      "title": "OWASP"
+      "title": "OWASP Clickjacking document"
     }
   ]
 }

db/6-code-injection.json

@@ -37,19 +37,19 @@
   "references": [
     {
       "url": "http://docs.python.org/py3k/library/functions.html#eval", 
-      "title": "Python"
+      "title": "Python eval documentation"
     }, 
     {
       "url": "http://www.aspdev.org/asp/asp-eval-execute/", 
-      "title": "ASP"
+      "title": "ASP eval documentation"
     }, 
     {
       "url": "http://php.net/manual/en/function.eval.php", 
-      "title": "PHP"
+      "title": "PHP eval documentation"
     }, 
     {
       "url": "http://perldoc.perl.org/functions/eval.html", 
-      "title": "Perl"
+      "title": "Perl eval documentation"
     }
   ]
 }

db/72-cache-control-headers.json

@@ -0,0 +1,27 @@
+{
+  "id": 72,
+  "title": "Insecure or no Cache-Control header",
+  "severity": "low",
+  "description": [
+    "The `cache-control` and `pragma` HTTP header have not been set properly",
+    "allowing the browser and proxies to cache the HTTP response."
+  ],
+  "fix": {
+    "effort": 10,
+    "guidance": [
+      "Ensure that the `Cache-control` HTTP response header is set to",
+      "`no-cache, no-store` and the `Pragma` header must be set to `no-cache`."
+    ]
+  }, 
+  "tags": [
+    "browser",
+    "cache",
+    "session"
+  ],
+  "references": [
+    {
+      "url": "https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Web_Content_Caching",
+      "title": "Session Management Cheat Sheet"
+    }
+  ]
+}

db/8-code-injection-timing-attack.json

@@ -38,23 +38,23 @@
   "references": [
     {
       "url": "http://docs.python.org/py3k/library/functions.html#eval", 
-      "title": "Python"
+      "title": "Python eval documentation"
     }, 
     {
       "url": "http://www.aspdev.org/asp/asp-eval-execute/", 
-      "title": "ASP"
+      "title": "ASP eval documentation"
     }, 
     {
       "url": "http://en.wikipedia.org/wiki/Eval#Ruby", 
-      "title": "Ruby"
+      "title": "Ruby eval documentation"
     }, 
     {
       "url": "http://php.net/manual/en/function.eval.php", 
-      "title": "PHP"
+      "title": "PHP eval documentation"
     }, 
     {
       "url": "http://perldoc.perl.org/functions/eval.html", 
-      "title": "Perl"
+      "title": "Perl eval documentation"
     }
   ]
 }

db/9-common-directory.json

@@ -38,11 +38,11 @@
   "references": [
     {
       "url": "http://cwe.mitre.org/data/definitions/538.html", 
-      "title": "CWE"
+      "title": "CWE-538"
     }, 
     {
       "url": "https://www.owasp.org/index.php/Forced_browsing", 
-      "title": "OWASP"
+      "title": "OWASP - Forced browsing"
     }
   ]
 }

tests/requirements.txt

@@ -0,0 +1,6 @@
+vulndb>=0.0.8
+requests
+jsonschema
+pyopenssl
+ndg-httpsclient
+pyasn1