From afbf4e7f9c5aa005e2c3e5532143b50aa1f72c38 Mon Sep 17 00:00:00 2001 From: TimmyBc Date: Sun, 12 Jan 2025 17:52:16 +0100 Subject: [PATCH 1/3] Updating IDOR's MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: P1 – Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Read/Edit/Delete Sensitive Information/Iterable Object Identifiers P2 – Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Edit/Delete Sensitive Information/Iterable Object Identifiers P3 – Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Read Sensitive Information/Iterable Object Identifiers P4 – Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Read/Edit/Delete Sensitive Information/Complex Object Identifiers(GUID) P5 – Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Read/Edit/Delete Non-Sensitive Information To: P1 - Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Modify/View Sensitive Information(Iterable Object Identifiers) P2 - Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Modify Sensitive Information(Iterable Object Identifiers) P3 - Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > View Sensitive Information(Iterable Object Identifiers) P4 - Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > Modify/View Sensitive Information(Complex Object Identifiers GUID/UUID) P5 - Broken Access Control (BAC) > Insecure Direct Object References (IDOR) > View Non-Sensitive Information --- vulnerability-rating-taxonomy.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index 993e0057..0801c0a1 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -396,32 +396,32 @@ "type": "subcategory", "children": [ { - "id": "edit_delete_sensitive_information_iterable_object_identifiers", - "name": "Edit/Delete Sensitive Information/Iterable Object Identifiers", + "id": "modify_sensitive_information_iterable_object_identifiers", + "name": "Modify Sensitive Information(Iterable Object Identifiers)", "type": "variant", "priority": 2 }, { - "id": "read_edit_delete_non_sensitive_information", - "name": "Read/Edit/Delete Non-Sensitive Information", + "id": "modify_view_sensitive_information_guid", + "name": "Modify/View Sensitive Information(Complex Object Identifiers GUID/UUID)", "type": "variant", - "priority": 5 + "priority": 4 }, { - "id": "read_edit_delete_sensitive_information_guid", - "name": "Read/Edit/Delete Sensitive Information/Complex Object Identifiers(GUID)", + "id": "modify_view_sensitive_information_iterable_object_identifiers", + "name": "Modify/View Sensitive Information(Iterable Object Identifiers)", "type": "variant", - "priority": 4 + "priority": 1 }, { - "id": "read_edit_delete_sensitive_information_iterable_object_identifiers", - "name": "Read/Edit/Delete Sensitive Information/Iterable Object Identifiers", + "id": "view_non_sensitive_information", + "name": "View Non-Sensitive Information", "type": "variant", - "priority": 1 + "priority": 5 }, { - "id": "read_sensitive_information_iterable_object_identifiers", - "name": "Read Sensitive Information/Iterable Object Identifiers", + "id": "view_sensitive_information_iterable_object_identifiers", + "name": "View Sensitive Information(Iterable Object Identifiers)", "type": "variant", "priority": 3 } From 5f05a049163b43bdc0068cddec4b90409622db57 Mon Sep 17 00:00:00 2001 From: Abhinav Nain Date: Wed, 15 Jan 2025 13:59:49 +0530 Subject: [PATCH 2/3] Additional Files --- deprecated-node-mapping.json | 15 +++++++++++++++ .../secure-code-warrior-links.json | 10 +++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/deprecated-node-mapping.json b/deprecated-node-mapping.json index e43f6f39..cf2ec914 100644 --- a/deprecated-node-mapping.json +++ b/deprecated-node-mapping.json @@ -238,5 +238,20 @@ }, "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": { "1.14.1": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover" + }, + "broken_access_control.idor.view_non_sensitive_information": { + "1.14.2": "broken_access_control.idor.read_edit_delete_non_sensitive_information" + }, + "broken_access_control.idor.modify_view_sensitive_information_guid": { + "1.14.2": "broken_access_control.idor.read_edit_delete_sensitive_information_guid" + }, + "broken_access_control.idor.view_sensitive_information_iterable_object_identifiers": { + "1.14.2": "broken_access_control.idor.read_sensitive_information_iterable_object_identifiers" + }, + "broken_access_control.idor.modify_sensitive_information_iterable_object_identifiers": { + "1.14.2": "broken_access_control.idor.edit_delete_sensitive_information_iterable_object_identifiers" + }, + "broken_access_control.idor.modify_view_sensitive_information_iterable_object_identifiers": { + "1.14.2": "broken_access_control.idor.read_edit_delete_sensitive_information_iterable_object_identifiers" } } diff --git a/third-party-mappings/remediation_training/secure-code-warrior-links.json b/third-party-mappings/remediation_training/secure-code-warrior-links.json index 4a7a8f98..4b4a0cd1 100755 --- a/third-party-mappings/remediation_training/secure-code-warrior-links.json +++ b/third-party-mappings/remediation_training/secure-code-warrior-links.json @@ -62,11 +62,11 @@ "broken_access_control.exposed_sensitive_android_intent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_android_intent&redirect=true", "broken_access_control.exposed_sensitive_ios_url_scheme": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_ios_url_scheme&redirect=true", "broken_access_control.idor": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:idor&redirect=true", - "broken_access_control.idor.edit_delete_sensitive_information_iterable_object_identifiers": null, - "broken_access_control.idor.read_edit_delete_non_sensitive_information": null, - "broken_access_control.idor.read_edit_delete_sensitive_information_guid": null, - "broken_access_control.idor.read_edit_delete_sensitive_information_iterable_object_identifiers": null, - "broken_access_control.idor.read_sensitive_information_iterable_object_identifiers": null, + "broken_access_control.idor.view_non_sensitive_information": null, + "broken_access_control.idor.modify_view_sensitive_information_guid": null, + "broken_access_control.idor.view_sensitive_information_iterable_object_identifiers": null, + "broken_access_control.idor.modify_sensitive_information_iterable_object_identifiers": null, + "broken_access_control.idor.modify_view_sensitive_information_iterable_object_identifiers": null, "broken_access_control.privilege_escalation": null, "broken_access_control.username_enumeration": null, "broken_access_control.username_enumeration.non_brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:username_enumeration:non_brute_force&redirect=true", From d930b33dea6f3b9872094864b14a2cdb9bfba0dc Mon Sep 17 00:00:00 2001 From: Abhinav Nain Date: Thu, 16 Jan 2025 11:12:14 +0530 Subject: [PATCH 3/3] Rebase changes --- .../remediation_training/secure-code-warrior-links.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/third-party-mappings/remediation_training/secure-code-warrior-links.json b/third-party-mappings/remediation_training/secure-code-warrior-links.json index 4b4a0cd1..615a3188 100755 --- a/third-party-mappings/remediation_training/secure-code-warrior-links.json +++ b/third-party-mappings/remediation_training/secure-code-warrior-links.json @@ -62,11 +62,11 @@ "broken_access_control.exposed_sensitive_android_intent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_android_intent&redirect=true", "broken_access_control.exposed_sensitive_ios_url_scheme": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_ios_url_scheme&redirect=true", "broken_access_control.idor": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:idor&redirect=true", - "broken_access_control.idor.view_non_sensitive_information": null, - "broken_access_control.idor.modify_view_sensitive_information_guid": null, - "broken_access_control.idor.view_sensitive_information_iterable_object_identifiers": null, "broken_access_control.idor.modify_sensitive_information_iterable_object_identifiers": null, + "broken_access_control.idor.modify_view_sensitive_information_guid": null, "broken_access_control.idor.modify_view_sensitive_information_iterable_object_identifiers": null, + "broken_access_control.idor.view_non_sensitive_information": null, + "broken_access_control.idor.view_sensitive_information_iterable_object_identifiers": null, "broken_access_control.privilege_escalation": null, "broken_access_control.username_enumeration": null, "broken_access_control.username_enumeration.non_brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:username_enumeration:non_brute_force&redirect=true",