Resolves #308 (#309)

aidanstansfield · adamrdavid · web-flow · commit 4e811e73eb38 · 2021-02-12T11:57:35.000-08:00
* update remediation advice for cache-control

* update cache control advice notes in changelog

* updated changelog

Co-authored-by: Adam David &lt;adamrdavid@gmail.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,6 +19,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 - broken_authentication_and_session_management.weak_login_function.lan_only
 
 ### Changed
+ - server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_non_sensitive_page updated remediation advice
+ - server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_sensitive_page updated remediation advice
 
 ## [v1.9](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.8...v1.9) - 2020-05-22
 ### Added
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -412,7 +412,7 @@
             },
             {
               "id": "cache_control_for_a_non_sensitive_page",
-              "remediation_advice": "As a best practice, consider using the `Cache-Control: no-cache` as it will help insure that the browser does not cache pages. Although the page may not currently contain sensitive data, sensitive data may be unintentionally placed there in the future.",
+              "remediation_advice": "As a best practice, consider using the `Cache-Control: no-store` as it will help insure that the browser does not cache pages. Although the page may not currently contain sensitive data, sensitive data may be unintentionally placed there in the future.",
               "references": [
                 "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control"
               ]
@@ -483,7 +483,7 @@
             },
             {
               "id": "cache_control_for_a_sensitive_page",
-              "remediation_advice": "Add the `Cache-Control` HTTP response header such as `Cache-Control: no-cache`, as it will help insure that the browser does not cache sensitive pages."
+              "remediation_advice": "Add the `Cache-Control` HTTP response header such as `Cache-Control: no-store`, as it will help insure that the browser does not cache sensitive pages."
             }
           ]
         },

Original file line number	Diff line number	Diff line change
`@@ -412,7 +412,7 @@`
`412`	`412`	`},`
`413`	`413`	`{`
`414`	`414`	`"id": "cache_control_for_a_non_sensitive_page",`
`415`		- "remediation_advice": "As a best practice, consider using the `Cache-Control: no-cache` as it will help insure that the browser does not cache pages. Although the page may not currently contain sensitive data, sensitive data may be unintentionally placed there in the future.",
	`415`	+ "remediation_advice": "As a best practice, consider using the `Cache-Control: no-store` as it will help insure that the browser does not cache pages. Although the page may not currently contain sensitive data, sensitive data may be unintentionally placed there in the future.",
`416`	`416`	`"references": [`
`417`	`417`	`"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control"`
`418`	`418`	`]`
`@@ -483,7 +483,7 @@`
`483`	`483`	`},`
`484`	`484`	`{`
`485`	`485`	`"id": "cache_control_for_a_sensitive_page",`
`486`		- "remediation_advice": "Add the `Cache-Control` HTTP response header such as `Cache-Control: no-cache`, as it will help insure that the browser does not cache sensitive pages."
	`486`	+ "remediation_advice": "Add the `Cache-Control` HTTP response header such as `Cache-Control: no-store`, as it will help insure that the browser does not cache sensitive pages."
`487`	`487`	`}`
`488`	`488`	`]`
`489`	`489`	`},`