keyhog-core 0.5.37

keyhog-core: shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

//! Static SARIF taxonomy metadata (CWE + OWASP).

/// CWE / OWASP taxonomy block for SARIF `runs[0].taxonomies`.
pub fn sarif_taxonomies_json() -> serde_json::Value {
    serde_json::json!([
        {
            "name": "CWE",
            "version": "4.13",
            "informationUri": "https://cwe.mitre.org/data/definitions/798.html",
            "shortDescription": { "text": "Common Weakness Enumeration" },
            "taxa": [{
                "id": "CWE-798",
                "name": "Use of Hard-coded Credentials",
                "shortDescription": {
                    "text": "The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
                },
                "helpUri": "https://cwe.mitre.org/data/definitions/798.html"
            }]
        },
        {
            "name": "OWASP",
            "version": "2021",
            "informationUri": "https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/",
            "shortDescription": { "text": "OWASP Top 10:2021" },
            "taxa": [{
                "id": "A07:2021",
                "name": "Identification and Authentication Failures",
                "shortDescription": {
                    "text": "Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks."
                },
                "helpUri": "https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/"
            }]
        }
    ])
}