9ee16daa47
* Update JSON schema to include STIG ASD 2023-06-08 mapping * Update rules to add STIG metadata mappings --------- Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
32 lines
1.1 KiB
Plaintext
32 lines
1.1 KiB
Plaintext
== Why is this an issue?
|
|
|
|
include::../rule-except-see.adoc[]
|
|
|
|
== Resources
|
|
|
|
=== Standards
|
|
|
|
* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)]
|
|
* CWE - https://cwe.mitre.org/data/definitions/91[CWE-91 - XML Injection (aka Blind XPath Injection)]
|
|
* https://wiki.sei.cmu.edu/confluence/x/7jdGBQ[CERT, IDS51-J.] - Properly encode or escape output
|
|
* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks.
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|