{"id":3036,"date":"2020-03-27T12:36:04","date_gmt":"2020-03-27T03:36:04","guid":{"rendered":"\/blog\/?p=3036"},"modified":"2025-10-02T09:30:10","modified_gmt":"2025-10-02T00:30:10","slug":"fortify-rule-id-filter","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=3036","title":{"rendered":"[Fortify] Rule ID Filter"},"content":{"rendered":"\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">##############################################################################\n#\n# \uc774 \ud544\ud130 \ud30c\uc77c\uc740 \ud2b9\uc815 rule ID\ub97c \ud544\ud130\ub9c1\ud558\uc5ec \ucde8\uc57d\uc810\uc73c\ub85c \uc7a1\ud788\uc9c0 \uc54a\uac8c \ud569\ub2c8\ub2e4.\n#\n# Usage:\n# sourceanalyzer -b test -filter ruleid_filter.txt -scan -f test.fpr\n#\n##############################################################################\n\n##############################################################################\n#\n# \ud2b9\uc815 \uce74\ud14c\uace0\ub9ac \ud544\ud130\ub9c1\n#\n##############################################################################\nCross-Site Scripting\nInsecure SSL\nPassword Management\n\n##############################################################################\n#\n# rule ID \ud544\ud130\ub9c1\n# Password Management: Hardcoded Password\n#\n##############################################################################\n# FieldAccess: PASSWORD\nC204F020-1CA1-4c25-A6CB-BAA69CA2DA0B\n\n# FieldAccess: PASSWORD_TAG\nDD48C0E5-3651-4DF1-9BE8-EB989C64E33A\n\n# FunctionCall: equals\nF9D3C462-8D1E-4457-967F-9F082B973F88\n\n# SetPasword()\nACBE009D-CD38-4DDC-BB9A-FC9CD21FCEC4\n\n\n##############################################################################\n#\n# rule ID \ud544\ud130\ub9c1\n# Cross-Site Scripting: DOM\n#\n##############################################################################\n# Read document.URL\nD20C6165-3FB2-4D6C-8E71-C124436A17D00\n\n# substring(this : return)\nEE5DE843-4380-46DA-97B4-3D4B7F04BA2A0\n\n# Taint Flags: VALIDATED_OPEN_REDIRECT, WEB, XSS\n6E6EE218-6A39-491A-B712-8EA63C5D8B270<\/pre>\n\n\n\n<p>LIST OF VULNERABILITY CATEGORIES<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">.NET Attribute Misuse\n.NET Bad Practices\nADF Bad Practices\nADF Faces Bad Practices\nASP.NET Bad Practices\nASP.NET MVC Bad Practices\nASP.NET Middleware Out of Order\nASP.NET Misconfiguration\nAWS Ansible Misconfiguration\nAWS CloudFormation Misconfiguration\nAWS Terraform Misconfiguration\nAccess Control\nAccess Specifier Manipulation\nAcegi Misconfiguration\nAndroid Bad Practices\nAndroid Class Loading Hijacking\nAndroid Misconfiguration\nAngularJS Misconfiguration\nAuthentication Bad Practice\nAuthorization Bypass\nAxis 2 Misconfiguration\nAxis 2 Service Provider Misconfiguration\nAxis 2 Service Requester Misconfiguration\nAxis Misconfiguration\nAxis Service Provider Misconfiguration\nAxis Service Requester Misconfiguration\nAzure ARM Misconfiguration\nAzure Ansible Misconfiguration\nAzure Terraform Misconfiguration\nBean Manipulation\nBiometric Authentication\nBuffer Overflow\nBuild Misconfiguration\nCache Management\nCakePHP Misconfiguration\nCastor Bad Practices\nCertificate Management\nClassLoader Manipulation\nClient-Side Template Injection\nCode Correctness\nColdFusion Bad Practices\nCommand Injection\nCompliance Failure\nConnection String Parameter Pollution\nContent Provider URI Injection\nCookie Security\nCredential Management\nCross-Client Data Access\nCross-Frame Scripting\nCross-Session Contamination\nCross-Site Flashing\nCross-Site Request Forgery\nCross-Site Scripting\nCross-Site WebSocket Hijacking\nDNS Spoofing\nDangerous Field\nDangerous File Inclusion\nDangerous File Injection\nDangerous Function\nDangerous Method\nDangerous Type\nDatabase Bad Practices\nDead Code\nDenial of Service\nDeserialization Bad Practice\nDirectory Restriction\nDirectory Traversal\nDjango Bad Practices\nDockerfile Misconfiguration\nDouble Free\nDynamic Code Evaluation\nEJB Bad Practices\nEncoding Confusion\nExperimental API\nExposure of POST Parameters in GET Request\nExpression Language Injection\nExternal Content\nFile Based Cross-Zone Scripting\nFile Disclosure\nFile Permission Manipulation\nFlash Bad Practices\nFlash Misconfiguration\nFlex Misconfiguration\nFormat String\nFormula Injection\nFragment Injection\nFrame Spoofing\nGCP Terraform Misconfiguration\nGo Bad Practices\nGraphQL Bad Practices\nHTML5\nHTTP Parameter Pollution\nHTTP Verb Tampering\nHadoop Cluster Manipulation\nHadoop Job Manipulation\nHandlebars Misconfiguration\nHardcoded Domain in HTML\nHeader Manipulation\nHeap Inspection\nHelmet Misconfiguration\nHidden Field\nIllegal Pointer Value\nImmutable Classes\nInformation Discovery\nInput Interception\nInsecure Compiler Optimization\nInsecure Deployment\nInsecure IPC\nInsecure Randomness\nInsecure SSL\nInsecure Sanitizer Policy\nInsecure Storage\nInsecure Temporary File\nInsecure Transport\nInsufficient Anti-Automation\nInteger Overflow\nIntent Manipulation\nJ2EE Bad Practices\nJ2EE Misconfiguration\nJSON Injection\nJSON Path Manipulation\nJSON Web Token\nJavaScript Hijacking\nKey Management\nKubernetes Misconfiguration\nKubernetes Terraform Misconfiguration\nLDAP Entry Poisoning\nLDAP Injection\nLDAP Manipulation\nLeast Privilege Violation\nLink Injection\nLog Forging\nLog Forging (debug)\nMail Command Injection\nMass Assignment\nMemcached Injection\nMemory Leak\nMissing Check against Null\nMissing Check for Null Parameter\nMissing Form Field Constraints\nMissing Form Field Validation\nMissing SecurityManager Check\nMissing XML Validation\nMule Misconfiguration\nNoSQL Injection\nNull Dereference\nOAuth2\nOGNL Expression Injection\nObject Injection\nObject Model Violation\nObsolete\nOften Misused\nOpen Redirect\nOpenAPI Misconfiguration\nOut-of-Bounds Read\nPCI Privacy Violation\nPHP Misconfiguration\nParameter Tampering\nPassword Management\nPath Manipulation\nPermission Manipulation\nPoor Condition Handling\nPoor Error Handling\nPoor Logging Practice\nPoor Style\nPortability Flaw\nPossible Variable Overwrite\nPredicate Injection\nPrivacy Violation\nPrivilege Management\nProcess Control\nPrompt Injection\nPrototype Pollution\nPython Bad Practices\nQuery String Injection\nRace Condition\nReact Bad Practices\nRedundant Null Check\nReflected File Download\nRegistry Manipulation\nResource Injection\nRestricted Method\nSAML Bad Practices\nSAPUI5 Misconfiguration\nSOQL Injection\nSOSL Injection\nSQL Bad Practices\nSQL Injection\nSSH Misconfiguration\nSSO Bad Practices\nSame-Origin Method Execution\nServer-Side Request Forgery\nServer-Side Script Injection\nServer-Side Template Injection\nSession Fixation\nSession Management\nSession Puzzling\nSetting Manipulation\nSilverlight Misconfiguration\nSolidity Bad Practices\nSolidity Misconfiguration\nSpring Beans Injection\nSpring Boot Misconfiguration\nSpring Misconfiguration\nSpring Security Misconfiguration\nString Termination Error\nStruts\nStruts 2\nStruts 2 Bad Practices\nStruts Misconfiguration\nSystem Field Overwrite\nSystem Information Leak\nTemplate Injection\nTomcat Configuration\nTrust Boundary Violation\nType Mismatch\nUnauthenticated Service\nUnchecked Return Value\nUndefined Behavior\nUninitialized Variable\nUnreleased Resource\nUnsafe JNI\nUnsafe JSNI\nUnsafe Mobile Code\nUnsafe Native Invoke\nUnsafe Reflection\nUse After Free\nUser or System Dependent Program Flow\nValue Shadowing\nWCF Misconfiguration\nWSE Misconfiguration\nWeak Cryptographic Hash\nWeak Cryptographic Implementation\nWeak Cryptographic Signature\nWeak Encryption\nWeak SecurityManager Check\nWeak WS-SecurityPolicy\nWeak XML Schema\nWeb Server Misconfiguration\nWebSphere Misconfiguration\nWebSphere Service Provider Misconfiguration\nWebSphere Service Requester Misconfiguration\nWeblogic Misconfiguration\nXML Entity Expansion Injection\nXML External Entity Injection\nXML Injection\nXPath Injection\nXQuery Injection\nXSLT Injection\ngRPC Metadata Manipulation<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>LIST OF VULNERABILITY CATEGORIES<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[66],"tags":[],"class_list":["post-3036","post","type-post","status-publish","format-standard","hentry","category-computing_fortify"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3036"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3036\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}