############################################################################## # # 이 필터 파일은 특정 rule ID를 필터링하여 취약점으로 잡히지 않게 합니다. # # Usage: # sourceanalyzer -b test -filter ruleid_filter.txt -scan -f test.fpr # ############################################################################## ############################################################################## # # 특정 카테고리 필터링 # ############################################################################## Cross-Site Scripting Insecure SSL Password Management ############################################################################## # # rule ID 필터링 # Password Management: Hardcoded Password # ############################################################################## # FieldAccess: PASSWORD C204F020-1CA1-4c25-A6CB-BAA69CA2DA0B # FieldAccess: PASSWORD_TAG DD48C0E5-3651-4DF1-9BE8-EB989C64E33A # FunctionCall: equals F9D3C462-8D1E-4457-967F-9F082B973F88 # SetPasword() ACBE009D-CD38-4DDC-BB9A-FC9CD21FCEC4 ############################################################################## # # rule ID 필터링 # Cross-Site Scripting: DOM # ############################################################################## # Read document.URL D20C6165-3FB2-4D6C-8E71-C124436A17D00 # substring(this : return) EE5DE843-4380-46DA-97B4-3D4B7F04BA2A0 # Taint Flags: VALIDATED_OPEN_REDIRECT, WEB, XSS 6E6EE218-6A39-491A-B712-8EA63C5D8B270
LIST OF VULNERABILITY CATEGORIES
.NET Attribute Misuse .NET Bad Practices ADF Bad Practices ADF Faces Bad Practices ASP.NET Bad Practices ASP.NET MVC Bad Practices ASP.NET Middleware Out of Order ASP.NET Misconfiguration AWS Ansible Misconfiguration AWS CloudFormation Misconfiguration AWS Terraform Misconfiguration Access Control Access Specifier Manipulation Acegi Misconfiguration Android Bad Practices Android Class Loading Hijacking Android Misconfiguration AngularJS Misconfiguration Authentication Bad Practice Authorization Bypass Axis 2 Misconfiguration Axis 2 Service Provider Misconfiguration Axis 2 Service Requester Misconfiguration Axis Misconfiguration Axis Service Provider Misconfiguration Axis Service Requester Misconfiguration Azure ARM Misconfiguration Azure Ansible Misconfiguration Azure Terraform Misconfiguration Bean Manipulation Biometric Authentication Buffer Overflow Build Misconfiguration Cache Management CakePHP Misconfiguration Castor Bad Practices Certificate Management ClassLoader Manipulation Client-Side Template Injection Code Correctness ColdFusion Bad Practices Command Injection Compliance Failure Connection String Parameter Pollution Content Provider URI Injection Cookie Security Credential Management Cross-Client Data Access Cross-Frame Scripting Cross-Session Contamination Cross-Site Flashing Cross-Site Request Forgery Cross-Site Scripting Cross-Site WebSocket Hijacking DNS Spoofing Dangerous Field Dangerous File Inclusion Dangerous File Injection Dangerous Function Dangerous Method Dangerous Type Database Bad Practices Dead Code Denial of Service Deserialization Bad Practice Directory Restriction Directory Traversal Django Bad Practices Dockerfile Misconfiguration Double Free Dynamic Code Evaluation EJB Bad Practices Encoding Confusion Experimental API Exposure of POST Parameters in GET Request Expression Language Injection External Content File Based Cross-Zone Scripting File Disclosure File Permission Manipulation Flash Bad Practices Flash Misconfiguration Flex Misconfiguration Format String Formula Injection Fragment Injection Frame Spoofing GCP Terraform Misconfiguration Go Bad Practices GraphQL Bad Practices HTML5 HTTP Parameter Pollution HTTP Verb Tampering Hadoop Cluster Manipulation Hadoop Job Manipulation Handlebars Misconfiguration Hardcoded Domain in HTML Header Manipulation Heap Inspection Helmet Misconfiguration Hidden Field Illegal Pointer Value Immutable Classes Information Discovery Input Interception Insecure Compiler Optimization Insecure Deployment Insecure IPC Insecure Randomness Insecure SSL Insecure Sanitizer Policy Insecure Storage Insecure Temporary File Insecure Transport Insufficient Anti-Automation Integer Overflow Intent Manipulation J2EE Bad Practices J2EE Misconfiguration JSON Injection JSON Path Manipulation JSON Web Token JavaScript Hijacking Key Management Kubernetes Misconfiguration Kubernetes Terraform Misconfiguration LDAP Entry Poisoning LDAP Injection LDAP Manipulation Least Privilege Violation Link Injection Log Forging Log Forging (debug) Mail Command Injection Mass Assignment Memcached Injection Memory Leak Missing Check against Null Missing Check for Null Parameter Missing Form Field Constraints Missing Form Field Validation Missing SecurityManager Check Missing XML Validation Mule Misconfiguration NoSQL Injection Null Dereference OAuth2 OGNL Expression Injection Object Injection Object Model Violation Obsolete Often Misused Open Redirect OpenAPI Misconfiguration Out-of-Bounds Read PCI Privacy Violation PHP Misconfiguration Parameter Tampering Password Management Path Manipulation Permission Manipulation Poor Condition Handling Poor Error Handling Poor Logging Practice Poor Style Portability Flaw Possible Variable Overwrite Predicate Injection Privacy Violation Privilege Management Process Control Prompt Injection Prototype Pollution Python Bad Practices Query String Injection Race Condition React Bad Practices Redundant Null Check Reflected File Download Registry Manipulation Resource Injection Restricted Method SAML Bad Practices SAPUI5 Misconfiguration SOQL Injection SOSL Injection SQL Bad Practices SQL Injection SSH Misconfiguration SSO Bad Practices Same-Origin Method Execution Server-Side Request Forgery Server-Side Script Injection Server-Side Template Injection Session Fixation Session Management Session Puzzling Setting Manipulation Silverlight Misconfiguration Solidity Bad Practices Solidity Misconfiguration Spring Beans Injection Spring Boot Misconfiguration Spring Misconfiguration Spring Security Misconfiguration String Termination Error Struts Struts 2 Struts 2 Bad Practices Struts Misconfiguration System Field Overwrite System Information Leak Template Injection Tomcat Configuration Trust Boundary Violation Type Mismatch Unauthenticated Service Unchecked Return Value Undefined Behavior Uninitialized Variable Unreleased Resource Unsafe JNI Unsafe JSNI Unsafe Mobile Code Unsafe Native Invoke Unsafe Reflection Use After Free User or System Dependent Program Flow Value Shadowing WCF Misconfiguration WSE Misconfiguration Weak Cryptographic Hash Weak Cryptographic Implementation Weak Cryptographic Signature Weak Encryption Weak SecurityManager Check Weak WS-SecurityPolicy Weak XML Schema Web Server Misconfiguration WebSphere Misconfiguration WebSphere Service Provider Misconfiguration WebSphere Service Requester Misconfiguration Weblogic Misconfiguration XML Entity Expansion Injection XML External Entity Injection XML Injection XPath Injection XQuery Injection XSLT Injection gRPC Metadata Manipulation