diff --git a/rules/S1079/cfamily/rule.adoc b/rules/S1079/cfamily/rule.adoc index 6d36c0756cc..5eb585d9163 100644 --- a/rules/S1079/cfamily/rule.adoc +++ b/rules/S1079/cfamily/rule.adoc @@ -50,7 +50,7 @@ If this code is given the word ``noncompliant`` as an input, ``noncompliā€`` wi * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input] ('Classic Buffer Overflow') * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S1081/common/resources/standards.adoc b/rules/S1081/common/resources/standards.adoc index 3ed57bf2bdb..0743e3f8c21 100644 --- a/rules/S1081/common/resources/standards.adoc +++ b/rules/S1081/common/resources/standards.adoc @@ -5,5 +5,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S1913/cfamily/rule.adoc b/rules/S1913/cfamily/rule.adoc index c1fa544df1f..b5a51ece93a 100644 --- a/rules/S1913/cfamily/rule.adoc +++ b/rules/S1913/cfamily/rule.adoc @@ -47,7 +47,7 @@ void function() { === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S2053/common/resources/standards-mobile.adoc b/rules/S2053/common/resources/standards-mobile.adoc index 595876a5871..878037ab61f 100644 --- a/rules/S2053/common/resources/standards-mobile.adoc +++ b/rules/S2053/common/resources/standards-mobile.adoc @@ -5,5 +5,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography] * CWE - https://cwe.mitre.org/data/definitions/759[CWE-759 - Use of a One-Way Hash without a Salt] * CWE - https://cwe.mitre.org/data/definitions/760[CWE-760 - Use of a One-Way Hash with a Predictable Salt] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. diff --git a/rules/S2053/common/resources/standards.adoc b/rules/S2053/common/resources/standards.adoc index a69aee6dd6a..cde0664f679 100644 --- a/rules/S2053/common/resources/standards.adoc +++ b/rules/S2053/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * CWE - https://cwe.mitre.org/data/definitions/759[CWE-759 - Use of a One-Way Hash without a Salt] * CWE - https://cwe.mitre.org/data/definitions/760[CWE-760 - Use of a One-Way Hash with a Predictable Salt] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. diff --git a/rules/S2076/common/resources/standards-mobile.adoc b/rules/S2076/common/resources/standards-mobile.adoc index 9c78673f0cb..04ae5ee6704 100644 --- a/rules/S2076/common/resources/standards-mobile.adoc +++ b/rules/S2076/common/resources/standards-mobile.adoc @@ -5,6 +5,6 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/78[CWE-78 - Improper Neutralization of Special Elements used in an OS Command] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222604[Application Security and Development: V-222604] - The application must protect from command injection. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222604[Application Security and Development: V-222604] - The application must protect from command injection. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S2076/common/resources/standards.adoc b/rules/S2076/common/resources/standards.adoc index 8ef32399e57..36d7401a90d 100644 --- a/rules/S2076/common/resources/standards.adoc +++ b/rules/S2076/common/resources/standards.adoc @@ -4,6 +4,6 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/78[CWE-78 - Improper Neutralization of Special Elements used in an OS Command] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222604[Application Security and Development: V-222604] - The application must protect from command injection. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222604[Application Security and Development: V-222604] - The application must protect from command injection. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S2078/common/resources/standards.adoc b/rules/S2078/common/resources/standards.adoc index a033391a76a..537f27dd68f 100644 --- a/rules/S2078/common/resources/standards.adoc +++ b/rules/S2078/common/resources/standards.adoc @@ -6,5 +6,5 @@ * IETF - https://www.ietf.org/rfc/rfc4515.txt[RFC 4515 - LDAP: String Representation of Search Filters] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/90[CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S2083/common/resources/standards-mobile.adoc b/rules/S2083/common/resources/standards-mobile.adoc index a2ed108caac..294c11adf1a 100644 --- a/rules/S2083/common/resources/standards-mobile.adoc +++ b/rules/S2083/common/resources/standards-mobile.adoc @@ -7,5 +7,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S2083/common/resources/standards.adoc b/rules/S2083/common/resources/standards.adoc index 97a216c1077..d87b2d95458 100644 --- a/rules/S2083/common/resources/standards.adoc +++ b/rules/S2083/common/resources/standards.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S2091/common/resources/standards.adoc b/rules/S2091/common/resources/standards.adoc index c9f79c9320c..091831d4cc6 100644 --- a/rules/S2091/common/resources/standards.adoc +++ b/rules/S2091/common/resources/standards.adoc @@ -4,6 +4,6 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/643[CWE-643 - Improper Neutralization of Data within XPath Expressions] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S2092/see.adoc b/rules/S2092/see.adoc index 1a0ae5af63f..5013c985724 100644 --- a/rules/S2092/see.adoc +++ b/rules/S2092/see.adoc @@ -6,5 +6,5 @@ * CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] * CWE - https://cwe.mitre.org/data/definitions/315[CWE-315 - Cleartext Storage of Sensitive Information in a Cookie] * CWE - https://cwe.mitre.org/data/definitions/614[CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222576[Application Security and Development: V-222576] - The application must set the secure flag on session cookies. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222576[Application Security and Development: V-222576] - The application must set the secure flag on session cookies. diff --git a/rules/S2184/cfamily/rule.adoc b/rules/S2184/cfamily/rule.adoc index 48a934510cb..4caf238ee07 100644 --- a/rules/S2184/cfamily/rule.adoc +++ b/rules/S2184/cfamily/rule.adoc @@ -38,7 +38,7 @@ void compliant2() { * MISRA {cpp}:2008, 5-0-8 - An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression. * CWE - https://cwe.mitre.org/data/definitions/190[CWE-190 - Integer Overflow or Wraparound] * https://wiki.sei.cmu.edu/confluence/x/I9cxBQ[CERT, INT18-C.] - Evaluate integer expressions in a larger size before comparing or assigning to that size -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S2184/csharp/rule.adoc b/rules/S2184/csharp/rule.adoc index 54f1f9921ff..661927816ae 100644 --- a/rules/S2184/csharp/rule.adoc +++ b/rules/S2184/csharp/rule.adoc @@ -33,7 +33,7 @@ static void Method(float f) { } === Standards * CWE - https://cwe.mitre.org/data/definitions/190[CWE-190 - Integer Overflow or Wraparound] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S2184/java/rule.adoc b/rules/S2184/java/rule.adoc index cdf09bbf16a..2c7a7158929 100644 --- a/rules/S2184/java/rule.adoc +++ b/rules/S2184/java/rule.adoc @@ -67,7 +67,7 @@ public float compute2(float factor){ * CWE - https://cwe.mitre.org/data/definitions/190[CWE-190 - Integer Overflow or Wraparound] * https://wiki.sei.cmu.edu/confluence/x/AjdGBQ[CERT, NUM50-J.] - Convert integers to floating point for floating-point operations * https://wiki.sei.cmu.edu/confluence/x/I9cxBQ[CERT, INT18-C.] - Evaluate integer expressions in a larger size before comparing or assigning to that size -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S2226/java/rule.adoc b/rules/S2226/java/rule.adoc index 302234d6901..a5ae7bf082d 100644 --- a/rules/S2226/java/rule.adoc +++ b/rules/S2226/java/rule.adoc @@ -170,7 +170,7 @@ public class MyServlet extends HttpServlet { === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. ifdef::env-github,rspecator-view[] diff --git a/rules/S2254/java/rule.adoc b/rules/S2254/java/rule.adoc index eeb1738fb05..b6241c4e70c 100644 --- a/rules/S2254/java/rule.adoc +++ b/rules/S2254/java/rule.adoc @@ -64,7 +64,7 @@ The compliant example instead uses the server's session ID to verify if the sess * OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] * OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] * CWE - https://cwe.mitre.org/data/definitions/807[CWE-807 - Reliance on Untrusted Inputs in a Security Decision] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. ifdef::env-github,rspecator-view[] diff --git a/rules/S2435/cfamily/rule.adoc b/rules/S2435/cfamily/rule.adoc index d0f9876a1c8..600d03f54c7 100644 --- a/rules/S2435/cfamily/rule.adoc +++ b/rules/S2435/cfamily/rule.adoc @@ -10,7 +10,7 @@ include::../rule-except-see.adoc[] * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] * CWE - https://cwe.mitre.org/data/definitions/91[CWE-91 - XML Injection (aka Blind XPath Injection)] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S2435/java/rule.adoc b/rules/S2435/java/rule.adoc index a85f38398be..a871b879537 100644 --- a/rules/S2435/java/rule.adoc +++ b/rules/S2435/java/rule.adoc @@ -11,7 +11,7 @@ include::../rule-except-see.adoc[] * OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] * CWE - https://cwe.mitre.org/data/definitions/91[CWE-91 - XML Injection (aka Blind XPath Injection)] * https://wiki.sei.cmu.edu/confluence/x/7jdGBQ[CERT, IDS51-J.] - Properly encode or escape output -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/ansible/rule.adoc b/rules/S2612/ansible/rule.adoc index 7cd8afaa010..063d44777b1 100644 --- a/rules/S2612/ansible/rule.adoc +++ b/rules/S2612/ansible/rule.adoc @@ -60,7 +60,7 @@ set the target user and group. * Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/[Ansible.Builtin module] * Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/community/general/[Community.General module] * GNU Coreutils - https://www.gnu.org/software/coreutils/manual/html_node/chown-invocation.html[chmod command] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/cfamily/rule.adoc b/rules/S2612/cfamily/rule.adoc index 9e92e8b1334..ea2f454f12a 100644 --- a/rules/S2612/cfamily/rule.adoc +++ b/rules/S2612/cfamily/rule.adoc @@ -64,7 +64,7 @@ umask(S_IRWXO); // Compliant: further created files or directories will not have * CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] * CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] * https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions[CERT, FIO06-C.] - Create files with appropriate access permissions -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/docker/rule.adoc b/rules/S2612/docker/rule.adoc index fcdc84991db..4a1e41b19c5 100644 --- a/rules/S2612/docker/rule.adoc +++ b/rules/S2612/docker/rule.adoc @@ -45,7 +45,7 @@ RUN chmod +t resource * https://docs.docker.com/engine/reference/builder/#copy[COPY] - Docker COPY command * https://man.archlinux.org/man/core/man-pages/chmod.1p.en[chmod reference] - `chmod` command * https://man.archlinux.org/man/chown.1.en[chown reference] - `chown` command -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/java/rule.adoc b/rules/S2612/java/rule.adoc index 0dea0afec3d..7f96378f7cb 100644 --- a/rules/S2612/java/rule.adoc +++ b/rules/S2612/java/rule.adoc @@ -72,7 +72,7 @@ On operating systems that implement POSIX standard. This will throw a ``++Unsupp * CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] * https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions[CERT, FIO01-J.] - Create files with appropriate access permissions * https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions[CERT, FIO06-C.] - Create files with appropriate access permissions -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/see.adoc b/rules/S2612/see.adoc index 1b512527ba7..054324582a6 100644 --- a/rules/S2612/see.adoc +++ b/rules/S2612/see.adoc @@ -6,5 +6,5 @@ * https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission[OWASP File Permission] * CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] * CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. diff --git a/rules/S2631/common/resources/standards.adoc b/rules/S2631/common/resources/standards.adoc index 4c60f6b3f15..2536ca99550 100644 --- a/rules/S2631/common/resources/standards.adoc +++ b/rules/S2631/common/resources/standards.adoc @@ -5,7 +5,7 @@ * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] * CWE - https://cwe.mitre.org/data/definitions/1333[CWE-1333 - Inefficient Regular Expression Complexity] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222594[Application Security and Development: V-222594] - The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222594[Application Security and Development: V-222594] - The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. diff --git a/rules/S2647/common/resources/standards.adoc b/rules/S2647/common/resources/standards.adoc index 46331f40b54..6d15ec5d4c6 100644 --- a/rules/S2647/common/resources/standards.adoc +++ b/rules/S2647/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html#user-authentication[OWASP Web Service Security Cheat Sheet] * CWE - https://cwe.mitre.org/data/definitions/522[CWE-522 - Insufficiently Protected Credentials] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222533[Application Security and Development: V-222533] - The application must authenticate all network connected endpoint devices before establishing any connection. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222533[Application Security and Development: V-222533] - The application must authenticate all network connected endpoint devices before establishing any connection. diff --git a/rules/S2696/common/resources/standards.adoc b/rules/S2696/common/resources/standards.adoc index a7d9d7297c9..49ab34d1272 100644 --- a/rules/S2696/common/resources/standards.adoc +++ b/rules/S2696/common/resources/standards.adoc @@ -1,4 +1,4 @@ === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. diff --git a/rules/S2755/common/resources/standards-mobile.adoc b/rules/S2755/common/resources/standards-mobile.adoc index 844cdbff509..3ea80411671 100644 --- a/rules/S2755/common/resources/standards-mobile.adoc +++ b/rules/S2755/common/resources/standards-mobile.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration[Mobile Top 10 2024 Category M8 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Information Exposure Through XML External Entity Reference] * CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. diff --git a/rules/S2755/common/resources/standards.adoc b/rules/S2755/common/resources/standards.adoc index 80624efb7b4..5cfae3c0ed8 100644 --- a/rules/S2755/common/resources/standards.adoc +++ b/rules/S2755/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] * CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Information Exposure Through XML External Entity Reference] * CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. diff --git a/rules/S2885/java/rule.adoc b/rules/S2885/java/rule.adoc index 974403b094c..3e9915aa2f1 100644 --- a/rules/S2885/java/rule.adoc +++ b/rules/S2885/java/rule.adoc @@ -57,7 +57,7 @@ public class MyClass { === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. ifdef::env-github,rspecator-view[] diff --git a/rules/S2886/java/rule.adoc b/rules/S2886/java/rule.adoc index 6170b83ee74..2b8d72df958 100644 --- a/rules/S2886/java/rule.adoc +++ b/rules/S2886/java/rule.adoc @@ -90,7 +90,7 @@ public class Person { === Standards * https://wiki.sei.cmu.edu/confluence/x/4jdGBQ[CERT, VNA01-J.] - Ensure visibility of shared references to immutable objects -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. ifdef::env-github,rspecator-view[] diff --git a/rules/S3330/see.adoc b/rules/S3330/see.adoc index 304a751f41d..d91be36e664 100644 --- a/rules/S3330/see.adoc +++ b/rules/S3330/see.adoc @@ -5,5 +5,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] * CWE - https://cwe.mitre.org/data/definitions/1004[CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag] * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#HTTPONLY_COOKIE[HTTPONLY_COOKIE] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222575[Application Security and Development: V-222575] - The application must set the HTTPOnly flag on session cookies. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222575[Application Security and Development: V-222575] - The application must set the HTTPOnly flag on session cookies. diff --git a/rules/S3518/cfamily/rule.adoc b/rules/S3518/cfamily/rule.adoc index e6b8c397326..5eb2e8b9972 100644 --- a/rules/S3518/cfamily/rule.adoc +++ b/rules/S3518/cfamily/rule.adoc @@ -138,7 +138,7 @@ std::optional safe_division(int a, int b) { * CERT - https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow[INT32-C. Ensure that operations on signed integers do not result in overflow] * CERT - https://wiki.sei.cmu.edu/confluence/x/ftYxBQ[INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors] * CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. === External coding guidelines diff --git a/rules/S3518/java/rule.adoc b/rules/S3518/java/rule.adoc index ac83eff1552..53e9e7029d7 100644 --- a/rules/S3518/java/rule.adoc +++ b/rules/S3518/java/rule.adoc @@ -66,7 +66,7 @@ void test_divide() { * CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] * https://wiki.sei.cmu.edu/confluence/x/CTZGBQ[CERT, NUM02-J.] - Ensure that division and remainder operations do not result in divide-by-zero errors -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S3518/python/rule.adoc b/rules/S3518/python/rule.adoc index ee1998773ab..39b13db1805 100644 --- a/rules/S3518/python/rule.adoc +++ b/rules/S3518/python/rule.adoc @@ -107,5 +107,5 @@ if the denominator is zero. === Standards * CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S3519/cfamily/rule.adoc b/rules/S3519/cfamily/rule.adoc index 716a2e17541..e2e7281113a 100644 --- a/rules/S3519/cfamily/rule.adoc +++ b/rules/S3519/cfamily/rule.adoc @@ -389,7 +389,7 @@ void tar(std::string const &s) { * CWE - https://cwe.mitre.org/data/definitions/131[CWE-131 Incorrect Calculation of Buffer Size] * CWE - https://cwe.mitre.org/data/definitions/193[CWE-193 Off-by-one Error] * CWE - https://cwe.mitre.org/data/definitions/788[CWE-788 Access of Memory Location After End of Buffer] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. === Related rules diff --git a/rules/S3649/common/resources/standards-mobile.adoc b/rules/S3649/common/resources/standards-mobile.adoc index 6a10a4dc893..a547e2d04dd 100644 --- a/rules/S3649/common/resources/standards-mobile.adoc +++ b/rules/S3649/common/resources/standards-mobile.adoc @@ -6,6 +6,6 @@ * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] * https://wiki.sei.cmu.edu/confluence/x/ITdGBQ[CERT, IDS00-J.] - Prevent SQL injection -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222607[Application Security and Development: V-222607] - The application must not be vulnerable to SQL Injection. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222607[Application Security and Development: V-222607] - The application must not be vulnerable to SQL Injection. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S3649/common/resources/standards.adoc b/rules/S3649/common/resources/standards.adoc index a382d152ef2..0ea04b384b5 100644 --- a/rules/S3649/common/resources/standards.adoc +++ b/rules/S3649/common/resources/standards.adoc @@ -5,6 +5,6 @@ * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] * https://wiki.sei.cmu.edu/confluence/x/ITdGBQ[CERT, IDS00-J.] - Prevent SQL injection -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222607[Application Security and Development: V-222607] - The application must not be vulnerable to SQL Injection. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222607[Application Security and Development: V-222607] - The application must not be vulnerable to SQL Injection. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S3687/cfamily/rule.adoc b/rules/S3687/cfamily/rule.adoc index a9496b7ecd5..042f0754a5f 100644 --- a/rules/S3687/cfamily/rule.adoc +++ b/rules/S3687/cfamily/rule.adoc @@ -42,7 +42,7 @@ User volatile * pvUser; * https://wiki.sei.cmu.edu/confluence/display/c/CON02-C.+Do+not+use+volatile+as+a+synchronization+primitive[CERT CON02-C] - Do not use volatile as a synchronization primitive * {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp200-use-volatile-only-to-talk-to-non-c-memory[CP.200: Use `volatile` only to talk to non-{cpp} memory] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. ifdef::env-github,rspecator-view[] diff --git a/rules/S3949/common/resources/standards.adoc b/rules/S3949/common/resources/standards.adoc index c80df97e74c..4e60a3ea713 100644 --- a/rules/S3949/common/resources/standards.adoc +++ b/rules/S3949/common/resources/standards.adoc @@ -1,4 +1,4 @@ === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S4502/see.adoc b/rules/S4502/see.adoc index 082c5599c62..b458f9a1684 100644 --- a/rules/S4502/see.adoc +++ b/rules/S4502/see.adoc @@ -4,6 +4,6 @@ * CWE - https://cwe.mitre.org/data/definitions/352[CWE-352 - Cross-Site Request Forgery (CSRF)] * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * OWASP - https://owasp.org/www-community/attacks/csrf[Cross-Site Request Forgery] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222603[Application Security and Development: V-222603] - The application must protect from Cross-Site Request Forgery (CSRF) vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222603[Application Security and Development: V-222603] - The application must protect from Cross-Site Request Forgery (CSRF) vulnerabilities. * PortSwigger - https://portswigger.net/research/web-storage-the-lesser-evil-for-session-tokens[Web storage: the lesser evil for session tokens] diff --git a/rules/S4830/common/resources/standards-mobile.adoc b/rules/S4830/common/resources/standards-mobile.adoc index 7d23b4e9c7a..e44d58f31bb 100644 --- a/rules/S4830/common/resources/standards-mobile.adoc +++ b/rules/S4830/common/resources/standards-mobile.adoc @@ -9,5 +9,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m5-insecure-communication[Mobile Top 10 2024 Category M5 - Insecure Communication] * OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements] * CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. diff --git a/rules/S4830/common/resources/standards.adoc b/rules/S4830/common/resources/standards.adoc index e96dbb6dd33..01d492c283e 100644 --- a/rules/S4830/common/resources/standards.adoc +++ b/rules/S4830/common/resources/standards.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. diff --git a/rules/S5034/rule.adoc b/rules/S5034/rule.adoc index 5b3e789b77c..e87546cd5bf 100644 --- a/rules/S5034/rule.adoc +++ b/rules/S5034/rule.adoc @@ -53,5 +53,5 @@ int value = await ComputeAsync().AsTask(); === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. diff --git a/rules/S5131/common/resources/standards.adoc b/rules/S5131/common/resources/standards.adoc index ac12800c343..841b2b89e65 100644 --- a/rules/S5131/common/resources/standards.adoc +++ b/rules/S5131/common/resources/standards.adoc @@ -3,6 +3,6 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] * CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222602[Application Security and Development: V-222602] - The application must protect from Cross-Site Scripting (XSS) vulnerabilities. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222602[Application Security and Development: V-222602] - The application must protect from Cross-Site Scripting (XSS) vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5135/common/resources/standards.adoc b/rules/S5135/common/resources/standards.adoc index bc3b43bdd59..50a75339ea4 100644 --- a/rules/S5135/common/resources/standards.adoc +++ b/rules/S5135/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization[Top 10 2017 Category A8 - Insecure Deserialization] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/502[CWE-502 - Deserialization of Untrusted Data] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5144/common/resources/standards.adoc b/rules/S5144/common/resources/standards.adoc index 76326f58595..0b13df6a4ba 100644 --- a/rules/S5144/common/resources/standards.adoc +++ b/rules/S5144/common/resources/standards.adoc @@ -4,4 +4,4 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/918[CWE-918 - Server-Side Request Forgery (SSRF)] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5145/common/resources/standards.adoc b/rules/S5145/common/resources/standards.adoc index 89dffd6cb95..0ad6f4dbe11 100644 --- a/rules/S5145/common/resources/standards.adoc +++ b/rules/S5145/common/resources/standards.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/117[CWE-117 - Improper Output Neutralization for Logs] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5147/common/resources/standards.adoc b/rules/S5147/common/resources/standards.adoc index db880041c74..1f059463933 100644 --- a/rules/S5147/common/resources/standards.adoc +++ b/rules/S5147/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/943[CWE-943 - Improper Neutralization of Special Elements in Data Query Logic] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5273/cfamily/rule.adoc b/rules/S5273/cfamily/rule.adoc index 50876a925d5..b566599e000 100644 --- a/rules/S5273/cfamily/rule.adoc +++ b/rules/S5273/cfamily/rule.adoc @@ -141,7 +141,7 @@ void bar(const char *src) { * CWE - https://cwe.mitre.org/data/definitions/121[CWE-121 Stack-based Buffer Overflow] * CWE - https://cwe.mitre.org/data/definitions/122[CWE-122 Heap-based Buffer Overflow] * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 Use of Potentially Dangerous Function] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5283/cfamily/rule.adoc b/rules/S5283/cfamily/rule.adoc index b0156446fac..a0bebb66505 100644 --- a/rules/S5283/cfamily/rule.adoc +++ b/rules/S5283/cfamily/rule.adoc @@ -208,7 +208,7 @@ and the {cpp} standard never supported it, however, they are commonly accepted a === Standards * CERT - https://wiki.sei.cmu.edu/confluence/display/c/ARR32-C.+Ensure+size+arguments+for+variable+length+arrays+are+in+a+valid+range[ARR32-C. Ensure size arguments for variable length arrays are in a valid range] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5314/cfamily/rule.adoc b/rules/S5314/cfamily/rule.adoc index 02ce11d7425..d078a0ff713 100644 --- a/rules/S5314/cfamily/rule.adoc +++ b/rules/S5314/cfamily/rule.adoc @@ -200,7 +200,7 @@ the ABA problem, where `A` and `B` refers to the values of the resource. === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. === External coding guidelines diff --git a/rules/S5328/php/rule.adoc b/rules/S5328/php/rule.adoc index ac348c535b4..3ad21500c63 100644 --- a/rules/S5328/php/rule.adoc +++ b/rules/S5328/php/rule.adoc @@ -43,8 +43,8 @@ session_id(bin2hex(random_bytes(16))); // Compliant * CWE - https://cwe.mitre.org/data/definitions/340[CWE-340 - Generation of Predictable Numbers or Identifiers] * https://www.php.net/random-bytes[PHP: random_bytes()] * https://www.php.net/session-regenerate-id[PHP: session_regenerate_id()] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222579[Application Security and Development: V-222579] - Applications must use system-generated session identifiers that protect against session fixation. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222579[Application Security and Development: V-222579] - Applications must use system-generated session identifiers that protect against session fixation. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. ifdef::env-github,rspecator-view[] diff --git a/rules/S5332/common/resources/standards-iac.adoc b/rules/S5332/common/resources/standards-iac.adoc index 6515aaea448..bc34b5346bc 100644 --- a/rules/S5332/common/resources/standards-iac.adoc +++ b/rules/S5332/common/resources/standards-iac.adoc @@ -2,12 +2,12 @@ * CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] * CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. diff --git a/rules/S5332/common/resources/standards-mobile.adoc b/rules/S5332/common/resources/standards-mobile.adoc index e980c83fd46..4eeff0ffb00 100644 --- a/rules/S5332/common/resources/standards-mobile.adoc +++ b/rules/S5332/common/resources/standards-mobile.adoc @@ -7,12 +7,12 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m5-insecure-communication[Mobile Top 10 2024 Category M5 - Insecure Communication] * CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] * CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. diff --git a/rules/S5332/common/resources/standards.adoc b/rules/S5332/common/resources/standards.adoc index 419de525c3a..0ad0c0bef03 100644 --- a/rules/S5332/common/resources/standards.adoc +++ b/rules/S5332/common/resources/standards.adoc @@ -4,12 +4,12 @@ * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] * CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] * CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. diff --git a/rules/S5334/common/resources/standards.adoc b/rules/S5334/common/resources/standards.adoc index b9c1a912cec..2c7bbd96b81 100644 --- a/rules/S5334/common/resources/standards.adoc +++ b/rules/S5334/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/95[CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5335/php/rule.adoc b/rules/S5335/php/rule.adoc index 877e948207d..c857a260212 100644 --- a/rules/S5335/php/rule.adoc +++ b/rules/S5335/php/rule.adoc @@ -105,7 +105,7 @@ client-side front-ends. * CWE - https://cwe.mitre.org/data/definitions/97[CWE-97 - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page] * CWE - https://cwe.mitre.org/data/definitions/98[CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')] * CWE - https://cwe.mitre.org/data/definitions/829[CWE-829 - Inclusion of Functionality from Untrusted Control Sphere] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. ifdef::env-github,rspecator-view[] diff --git a/rules/S5344/common/resources/standards-mobile.adoc b/rules/S5344/common/resources/standards-mobile.adoc index bf9e0eefc46..d91a6118558 100644 --- a/rules/S5344/common/resources/standards-mobile.adoc +++ b/rules/S5344/common/resources/standards-mobile.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography] * CWE - https://cwe.mitre.org/data/definitions/256[CWE-256 - Plaintext Storage of a Password] * CWE - https://cwe.mitre.org/data/definitions/916[CWE-916 - Use of Password Hash With Insufficient Computational Effort] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. diff --git a/rules/S5344/common/resources/standards.adoc b/rules/S5344/common/resources/standards.adoc index ee360d15d97..17e70e9eab5 100644 --- a/rules/S5344/common/resources/standards.adoc +++ b/rules/S5344/common/resources/standards.adoc @@ -5,5 +5,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * CWE - https://cwe.mitre.org/data/definitions/256[CWE-256 - Plaintext Storage of a Password] * CWE - https://cwe.mitre.org/data/definitions/916[CWE-916 - Use of Password Hash With Insufficient Computational Effort] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. diff --git a/rules/S5421/cfamily/rule.adoc b/rules/S5421/cfamily/rule.adoc index 367c522406c..231122abab1 100644 --- a/rules/S5421/cfamily/rule.adoc +++ b/rules/S5421/cfamily/rule.adoc @@ -71,7 +71,7 @@ unsigned volatile const* const gpio3 = ...; // Compliant, used for input only === Standards * {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#i2-avoid-non-const-global-variables[I.2: Avoid non-`const` global variables] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. === Related rules diff --git a/rules/S5443/python/rule.adoc b/rules/S5443/python/rule.adoc index bdd80bd2f16..8f03625ff8b 100644 --- a/rules/S5443/python/rule.adoc +++ b/rules/S5443/python/rule.adoc @@ -33,7 +33,7 @@ file = tempfile.TemporaryFile(dir="/tmp/my_subdirectory", mode='"w+") # Complian * CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions] * https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File[OWASP, Insecure Temporary File] * https://docs.python.org/3/library/tempfile.html[Python tempfile module] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. ifdef::env-github,rspecator-view[] diff --git a/rules/S5443/see.adoc b/rules/S5443/see.adoc index 5db191a61de..cdef11e9db6 100644 --- a/rules/S5443/see.adoc +++ b/rules/S5443/see.adoc @@ -6,5 +6,5 @@ * CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] * CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions] * https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File[OWASP, Insecure Temporary File] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. diff --git a/rules/S5445/common/resources/standards.adoc b/rules/S5445/common/resources/standards.adoc index 36de23d3859..ad02f9a9357 100644 --- a/rules/S5445/common/resources/standards.adoc +++ b/rules/S5445/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] * CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. diff --git a/rules/S5486/cfamily/rule.adoc b/rules/S5486/cfamily/rule.adoc index c09be4ca2be..d734a1bea42 100644 --- a/rules/S5486/cfamily/rule.adoc +++ b/rules/S5486/cfamily/rule.adoc @@ -169,7 +169,7 @@ void locks(bool calcFib, int n) { * CWE - https://cwe.mitre.org/data/definitions/764[CWE-764 Multiple Locks of a Critical Resource] * CWE - https://cwe.mitre.org/data/definitions/362[CWE-362 Multiple Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. === Related rules diff --git a/rules/S5487/cfamily/rule.adoc b/rules/S5487/cfamily/rule.adoc index ee44574be31..6af41d3be2a 100644 --- a/rules/S5487/cfamily/rule.adoc +++ b/rules/S5487/cfamily/rule.adoc @@ -215,7 +215,7 @@ void use_and_destroy_initialized() === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. === Related rules diff --git a/rules/S5496/standards.adoc b/rules/S5496/standards.adoc index 861a87a7f9a..1f814ce1a9c 100644 --- a/rules/S5496/standards.adoc +++ b/rules/S5496/standards.adoc @@ -3,5 +3,5 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/94[CWE-94 - Improper Control of Generation of Code] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5527/common/resources/standards-mobile.adoc b/rules/S5527/common/resources/standards-mobile.adoc index d391db09871..de00bd75688 100644 --- a/rules/S5527/common/resources/standards-mobile.adoc +++ b/rules/S5527/common/resources/standards-mobile.adoc @@ -9,5 +9,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication] * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m5-insecure-communication[Mobile Top 10 2024 Category M5 - Insecure Communication] * CWE - https://cwe.mitre.org/data/definitions/297[CWE-297 - Improper Validation of Certificate with Host Mismatch] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. diff --git a/rules/S5527/common/resources/standards.adoc b/rules/S5527/common/resources/standards.adoc index 235efd95db8..c33d7328d42 100644 --- a/rules/S5527/common/resources/standards.adoc +++ b/rules/S5527/common/resources/standards.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/297[CWE-297 - Improper Validation of Certificate with Host Mismatch] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. diff --git a/rules/S5547/common/resources/standards-mobile.adoc b/rules/S5547/common/resources/standards-mobile.adoc index d9ca56e61b7..76a0f750c83 100644 --- a/rules/S5547/common/resources/standards-mobile.adoc +++ b/rules/S5547/common/resources/standards-mobile.adoc @@ -7,5 +7,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography] * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222396[Application Security and Development: V-222396] - The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222396[Application Security and Development: V-222396] - The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. diff --git a/rules/S5547/common/resources/standards.adoc b/rules/S5547/common/resources/standards.adoc index 2823320464e..f5b0e503e9a 100644 --- a/rules/S5547/common/resources/standards.adoc +++ b/rules/S5547/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222396[Application Security and Development: V-222396] - The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222396[Application Security and Development: V-222396] - The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. diff --git a/rules/S5696/common/resources/standards.adoc b/rules/S5696/common/resources/standards.adoc index 6e42c2c04a4..af81d8cbb80 100644 --- a/rules/S5696/common/resources/standards.adoc +++ b/rules/S5696/common/resources/standards.adoc @@ -3,5 +3,5 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] * CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5782/common/resources/standards.adoc b/rules/S5782/common/resources/standards.adoc index fe2f1d6d310..08427fccdbb 100644 --- a/rules/S5782/common/resources/standards.adoc +++ b/rules/S5782/common/resources/standards.adoc @@ -5,5 +5,5 @@ * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] * CWE - https://cwe.mitre.org/data/definitions/131[CWE-131 - Incorrect Calculation of Buffer Size] * CWE - https://cwe.mitre.org/data/definitions/788[CWE-788 - Access of Memory Location After End of Buffer] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S5801/cfamily/rule.adoc b/rules/S5801/cfamily/rule.adoc index 2aab61b073a..4cda9ce093a 100644 --- a/rules/S5801/cfamily/rule.adoc +++ b/rules/S5801/cfamily/rule.adoc @@ -54,7 +54,7 @@ int f(char *src) { * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5813/cfamily/rule.adoc b/rules/S5813/cfamily/rule.adoc index ee7aafdbca3..2d102394886 100644 --- a/rules/S5813/cfamily/rule.adoc +++ b/rules/S5813/cfamily/rule.adoc @@ -56,7 +56,7 @@ size_t f(char *src) { * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5814/cfamily/rule.adoc b/rules/S5814/cfamily/rule.adoc index 0cef868260c..4b943b933b5 100644 --- a/rules/S5814/cfamily/rule.adoc +++ b/rules/S5814/cfamily/rule.adoc @@ -57,7 +57,7 @@ int f(char *src) { * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5815/cfamily/rule.adoc b/rules/S5815/cfamily/rule.adoc index 3b7f7d54eab..7601f2a3746 100644 --- a/rules/S5815/cfamily/rule.adoc +++ b/rules/S5815/cfamily/rule.adoc @@ -55,7 +55,7 @@ int f(char *src) { * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5816/cfamily/rule.adoc b/rules/S5816/cfamily/rule.adoc index 4cc2d8a0759..0c33599a575 100644 --- a/rules/S5816/cfamily/rule.adoc +++ b/rules/S5816/cfamily/rule.adoc @@ -67,7 +67,7 @@ int f(char *src) { * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5824/cfamily/rule.adoc b/rules/S5824/cfamily/rule.adoc index 53d6a84b6bd..5c32370ebfa 100644 --- a/rules/S5824/cfamily/rule.adoc +++ b/rules/S5824/cfamily/rule.adoc @@ -58,8 +58,8 @@ int f(char *tempData) { * CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] * https://wiki.sei.cmu.edu/confluence/display/c/CON33-C.+Avoid+race+conditions+when+using+library+functions[CERT, CON33-C.] - Avoid race conditions when using library functions * https://wiki.sei.cmu.edu/confluence/display/c/FIO21-C.+Do+not+create+temporary+files+in+shared+directories[CERT, FIO21-C.] - Do not create temporary files in shared directories -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5847/cfamily/rule.adoc b/rules/S5847/cfamily/rule.adoc index 03f82b42687..98a5dc1726e 100644 --- a/rules/S5847/cfamily/rule.adoc +++ b/rules/S5847/cfamily/rule.adoc @@ -64,7 +64,7 @@ check for its existence beforehand. * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/367[CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. ifdef::env-github,rspecator-view[] diff --git a/rules/S5876/common/resources/standards.adoc b/rules/S5876/common/resources/standards.adoc index c7309aaacc4..b0be938414b 100644 --- a/rules/S5876/common/resources/standards.adoc +++ b/rules/S5876/common/resources/standards.adoc @@ -4,6 +4,6 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] * https://owasp.org/www-community/attacks/Session_fixation[OWASP Sesssion Fixation] * CWE - https://cwe.mitre.org/data/definitions/384[CWE-384 - Session Fixation] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222579[Application Security and Development: V-222579] - Applications must use system-generated session identifiers that protect against session fixation. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222579[Application Security and Development: V-222579] - Applications must use system-generated session identifiers that protect against session fixation. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. diff --git a/rules/S5883/common/resources/standards-mobile.adoc b/rules/S5883/common/resources/standards-mobile.adoc index 37c20fd0131..3cc4f2d9a3b 100644 --- a/rules/S5883/common/resources/standards-mobile.adoc +++ b/rules/S5883/common/resources/standards-mobile.adoc @@ -5,5 +5,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/88[CWE-88 - Argument Injection or Modification] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5883/common/resources/standards.adoc b/rules/S5883/common/resources/standards.adoc index 187f8e7ab49..d6ed3a54c55 100644 --- a/rules/S5883/common/resources/standards.adoc +++ b/rules/S5883/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/88[CWE-88 - Argument Injection or Modification] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6069/cfamily/rule.adoc b/rules/S6069/cfamily/rule.adoc index d0bb7061d07..56c2e6c3e1f 100644 --- a/rules/S6069/cfamily/rule.adoc +++ b/rules/S6069/cfamily/rule.adoc @@ -53,7 +53,7 @@ sprintf(buf, "%s", message);{code} * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S6096/common/resources/standards-mobile.adoc b/rules/S6096/common/resources/standards-mobile.adoc index a2ed108caac..294c11adf1a 100644 --- a/rules/S6096/common/resources/standards-mobile.adoc +++ b/rules/S6096/common/resources/standards-mobile.adoc @@ -7,5 +7,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6096/common/resources/standards.adoc b/rules/S6096/common/resources/standards.adoc index 97a216c1077..d87b2d95458 100644 --- a/rules/S6096/common/resources/standards.adoc +++ b/rules/S6096/common/resources/standards.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6105/common/resources/standards.adoc b/rules/S6105/common/resources/standards.adoc index 4f27cf9e317..f6d1756109d 100644 --- a/rules/S6105/common/resources/standards.adoc +++ b/rules/S6105/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/601[CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6173/common/resources/standards.adoc b/rules/S6173/common/resources/standards.adoc index 20895759781..d26017a74fc 100644 --- a/rules/S6173/common/resources/standards.adoc +++ b/rules/S6173/common/resources/standards.adoc @@ -3,5 +3,5 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/470[CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6179/cfamily/rule.adoc b/rules/S6179/cfamily/rule.adoc index f4cee388fac..0e689063f1b 100644 --- a/rules/S6179/cfamily/rule.adoc +++ b/rules/S6179/cfamily/rule.adoc @@ -40,7 +40,7 @@ auto third = std::lerp(a, b, 0.3f); === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S6183/cfamily/rule.adoc b/rules/S6183/cfamily/rule.adoc index 75d132bacd1..7ace94e0472 100644 --- a/rules/S6183/cfamily/rule.adoc +++ b/rules/S6183/cfamily/rule.adoc @@ -176,7 +176,7 @@ void foo() { * CERT - https://wiki.sei.cmu.edu/confluence/display/c/INT02-C.+Understand+integer+conversion+rules[INT02-C. Understand integer conversion rules] * CERT - https://wiki.sei.cmu.edu/confluence/display/c/INT31-C.+Ensure+that+integer+conversions+do+not+result+in+lost+or+misinterpreted+data[INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data] * CWE - https://cwe.mitre.org/data/definitions/195[CWE-195 Signed to Unsigned Conversion Error] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. === Related rules diff --git a/rules/S6270/see.adoc b/rules/S6270/see.adoc index d2aed85fbfd..fa5478dc863 100644 --- a/rules/S6270/see.adoc +++ b/rules/S6270/see.adoc @@ -3,5 +3,5 @@ * https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege[AWS Documentation] - Grant least privilege * CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] * CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. diff --git a/rules/S6281/see.adoc b/rules/S6281/see.adoc index e4e36b22c4e..6d8fe3b93a8 100644 --- a/rules/S6281/see.adoc +++ b/rules/S6281/see.adoc @@ -2,5 +2,5 @@ * https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html[AWS Documentation] - Blocking public access to your Amazon S3 storage * CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. diff --git a/rules/S6287/common/resources/standards.adoc b/rules/S6287/common/resources/standards.adoc index c64ed9e868a..bc7893a9d7d 100644 --- a/rules/S6287/common/resources/standards.adoc +++ b/rules/S6287/common/resources/standards.adoc @@ -4,6 +4,6 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/384[CWE-384 - Session Fixation] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6303/see.adoc b/rules/S6303/see.adoc index 035465c64fa..bd90b7a6be0 100644 --- a/rules/S6303/see.adoc +++ b/rules/S6303/see.adoc @@ -2,5 +2,5 @@ * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html[AWS Documentation] - Encrypting Amazon RDS resources * CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6308/elasticsearch_see.adoc b/rules/S6308/elasticsearch_see.adoc index f66398deadc..25bc055f56a 100644 --- a/rules/S6308/elasticsearch_see.adoc +++ b/rules/S6308/elasticsearch_see.adoc @@ -2,5 +2,5 @@ * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/encryption-at-rest.html[AWS Documentation] - Encryption of data at rest for Amazon Elasticsearch Service * CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6308/opensearch_see.adoc b/rules/S6308/opensearch_see.adoc index 062b89830ea..da8556445af 100644 --- a/rules/S6308/opensearch_see.adoc +++ b/rules/S6308/opensearch_see.adoc @@ -2,5 +2,5 @@ * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html[AWS Documentation] - Encryption of data at rest for Amazon OpenSearch Service * CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6319/see.adoc b/rules/S6319/see.adoc index 0d37d1c494c..06cc26d664f 100644 --- a/rules/S6319/see.adoc +++ b/rules/S6319/see.adoc @@ -2,4 +2,4 @@ * https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest.html[Protect Data at Rest Using Encryption] * CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6327/see.adoc b/rules/S6327/see.adoc index d43a57148f0..b0c8920dea1 100644 --- a/rules/S6327/see.adoc +++ b/rules/S6327/see.adoc @@ -3,4 +3,4 @@ * https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html[AWS Documentation] - Encryption at rest * https://aws.amazon.com/blogs/compute/encrypting-messages-published-to-amazon-sns-with-aws-kms/[Encrypting messages published to Amazon SNS with AWS KMS] * CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6329/see.adoc b/rules/S6329/see.adoc index a96400fb9eb..b306e6da3ee 100644 --- a/rules/S6329/see.adoc +++ b/rules/S6329/see.adoc @@ -5,4 +5,4 @@ * https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html[AWS Documentation] - VPC Peering * CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] * CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. diff --git a/rules/S6330/see.adoc b/rules/S6330/see.adoc index f9f1b360441..efc4b059e62 100644 --- a/rules/S6330/see.adoc +++ b/rules/S6330/see.adoc @@ -2,4 +2,4 @@ * https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html[AWS Documentation] - Encryption at rest * CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6333/see.adoc b/rules/S6333/see.adoc index 9ebc9b06bf3..e0ef62994d1 100644 --- a/rules/S6333/see.adoc +++ b/rules/S6333/see.adoc @@ -2,4 +2,4 @@ * https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html[AWS Documentation] - Controlling and managing access to a REST API in API Gateway * CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. diff --git a/rules/S6350/see.adoc b/rules/S6350/see.adoc index aa9dcc2e3f3..daad6543d9e 100644 --- a/rules/S6350/see.adoc +++ b/rules/S6350/see.adoc @@ -4,4 +4,4 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/88[CWE-88 - Argument Injection or Modification] * https://blog.sonarsource.com/php-supply-chain-attack-on-composer[CVE-2021-29472] - PHP Supply Chain Attack on Composer -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6373/java/rule.adoc b/rules/S6373/java/rule.adoc index 8a98fbc86b9..8138284af00 100644 --- a/rules/S6373/java/rule.adoc +++ b/rules/S6373/java/rule.adoc @@ -77,7 +77,7 @@ property to `false`. * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration[Mobile Top 10 2024 Category M8 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Improper Restriction of XML External Entity Reference] * CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S6376/java/rule.adoc b/rules/S6376/java/rule.adoc index 7ccfbc5f81b..2d154a8d487 100644 --- a/rules/S6376/java/rule.adoc +++ b/rules/S6376/java/rule.adoc @@ -42,9 +42,9 @@ include::how-to-fix-it/jdom2.adoc[] * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation] * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration[Mobile Top 10 2024 Category M8 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/776[CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222593[Application Security and Development: V-222593] - XML-based applications must mitigate DoS attacks by using XML filters, parser options, or gateways. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222593[Application Security and Development: V-222593] - XML-based applications must mitigate DoS attacks by using XML filters, parser options, or gateways. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S6377/common/resources/standards.adoc b/rules/S6377/common/resources/standards.adoc index 65e0a7babde..e0962e470a4 100644 --- a/rules/S6377/common/resources/standards.adoc +++ b/rules/S6377/common/resources/standards.adoc @@ -3,4 +3,4 @@ * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10:2021 A02:2021 - Cryptographic Failures] * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * CWE - https://cwe.mitre.org/data/definitions/347[CWE-347 - Improper Verification of Cryptographic Signature] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. diff --git a/rules/S6384/common/resources/standards.adoc b/rules/S6384/common/resources/standards.adoc index 437907ead60..8059cf3b204 100644 --- a/rules/S6384/common/resources/standards.adoc +++ b/rules/S6384/common/resources/standards.adoc @@ -4,4 +4,4 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage] * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6390/common/resources/standards.adoc b/rules/S6390/common/resources/standards.adoc index 45b75363f88..399167c1bbf 100644 --- a/rules/S6390/common/resources/standards.adoc +++ b/rules/S6390/common/resources/standards.adoc @@ -3,5 +3,5 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6398/common/resources/standards.adoc b/rules/S6398/common/resources/standards.adoc index 7c797513009..d024effa48a 100644 --- a/rules/S6398/common/resources/standards.adoc +++ b/rules/S6398/common/resources/standards.adoc @@ -4,4 +4,4 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/76[CWE-76 - Improper Neutralization of Equivalent Special Elements] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6399/common/resources/standards.adoc b/rules/S6399/common/resources/standards.adoc index 2fe8e557466..1e0a7d4a323 100644 --- a/rules/S6399/common/resources/standards.adoc +++ b/rules/S6399/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/91[CWE-91 - XML Injection (aka Blind XPath Injection)] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6404/terraform/rule.adoc b/rules/S6404/terraform/rule.adoc index a6be4946a5c..cf615ed3ffa 100644 --- a/rules/S6404/terraform/rule.adoc +++ b/rules/S6404/terraform/rule.adoc @@ -120,7 +120,7 @@ resource "google_container_cluster" "example" { == See * CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. ifdef::env-github,rspecator-view[] diff --git a/rules/S6423/csharp/rule.adoc b/rules/S6423/csharp/rule.adoc index b5cad79cd02..f6e128d8621 100644 --- a/rules/S6423/csharp/rule.adoc +++ b/rules/S6423/csharp/rule.adoc @@ -54,5 +54,5 @@ public static async Task Run( * https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-error-pages?tabs=csharp[Azure Functions error handling and retries] * https://docs.microsoft.com/en-us/azure/azure-functions/functions-monitoring[Monitor Azure Functions] * https://docs.microsoft.com/en-us/azure/azure-monitor/app/azure-functions-supported-features[Application Insights for Azure Functions supported features] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. diff --git a/rules/S6469/docker/rule.adoc b/rules/S6469/docker/rule.adoc index 2f75ac40dfb..2f25b4ee434 100644 --- a/rules/S6469/docker/rule.adoc +++ b/rules/S6469/docker/rule.adoc @@ -79,7 +79,7 @@ expose them to unintended parties. === Standards * CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. ifdef::env-github,rspecator-view[] diff --git a/rules/S6474/see.adoc b/rules/S6474/see.adoc index e77966aa178..1ed02a6232e 100644 --- a/rules/S6474/see.adoc +++ b/rules/S6474/see.adoc @@ -3,4 +3,4 @@ * OWASP - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[Top 10 2021 Category A8 - Software and Data Integrity Failures] * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m2-inadequate-supply-chain-security[Mobile Top 10 2024 Category M2 - Inadequate Supply Chain Security] * CWE - https://cwe.mitre.org/data/definitions/494[CWE-494 - Download of Code Without Integrity Check] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222618[Application Security and Development: V-222618] - Unsigned Category 1A mobile code must not be used in the application in accordance with DoD policy. \ No newline at end of file +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222618[Application Security and Development: V-222618] - Unsigned Category 1A mobile code must not be used in the application in accordance with DoD policy. \ No newline at end of file diff --git a/rules/S6547/common/resources/standards.adoc b/rules/S6547/common/resources/standards.adoc index b9bc1c30c7c..d8f699b879a 100644 --- a/rules/S6547/common/resources/standards.adoc +++ b/rules/S6547/common/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/454[CWE-454 - External Initialization of Trusted Variables or Data Stores] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6549/common/resources/standards-mobile.adoc b/rules/S6549/common/resources/standards-mobile.adoc index a2ed108caac..294c11adf1a 100644 --- a/rules/S6549/common/resources/standards-mobile.adoc +++ b/rules/S6549/common/resources/standards-mobile.adoc @@ -7,5 +7,5 @@ * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6549/common/resources/standards.adoc b/rules/S6549/common/resources/standards.adoc index 97a216c1077..d87b2d95458 100644 --- a/rules/S6549/common/resources/standards.adoc +++ b/rules/S6549/common/resources/standards.adoc @@ -6,5 +6,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6639/common/resources/standards.adoc b/rules/S6639/common/resources/standards.adoc index 367a10c0e80..c022e21f7e3 100644 --- a/rules/S6639/common/resources/standards.adoc +++ b/rules/S6639/common/resources/standards.adoc @@ -1,6 +1,6 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/789[CWE-789 - Memory Allocation with Excessive Size Value] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222594[Application Security and Development: V-222594] - The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222594[Application Security and Development: V-222594] - The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6641/common/resources/standards.adoc b/rules/S6641/common/resources/standards.adoc index eb761e25600..c63fba7cde1 100644 --- a/rules/S6641/common/resources/standards.adoc +++ b/rules/S6641/common/resources/standards.adoc @@ -1,4 +1,4 @@ * CWE - https://cwe.mitre.org/data/definitions/15[CWE-15 - External Control of System or Configuration Setting] * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6649/java/rule.adoc b/rules/S6649/java/rule.adoc index fafe8aa8055..b82d8e9b04e 100644 --- a/rules/S6649/java/rule.adoc +++ b/rules/S6649/java/rule.adoc @@ -66,7 +66,7 @@ void test_divide() { * CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] * https://wiki.sei.cmu.edu/confluence/x/CTZGBQ[CERT, NUM02-J.] - Ensure that division and remainder operations do not result in divide-by-zero errors -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S6680/common/resources/standards.adoc b/rules/S6680/common/resources/standards.adoc index 8ce26598f8d..c4226b0586f 100644 --- a/rules/S6680/common/resources/standards.adoc +++ b/rules/S6680/common/resources/standards.adoc @@ -3,5 +3,5 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * CWE - https://cwe.mitre.org/data/definitions/606[CWE-606 - Unchecked Input for Loop Condition] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6709/python/rule.adoc b/rules/S6709/python/rule.adoc index 88445c3b9b2..7b807755b35 100644 --- a/rules/S6709/python/rule.adoc +++ b/rules/S6709/python/rule.adoc @@ -43,7 +43,7 @@ include::how-to-fix-it/sklearn.adoc[] === Standards -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222642[Application Security and Development: V-222642] - The application must not contain embedded authentication data. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222642[Application Security and Development: V-222642] - The application must not contain embedded authentication data. === Related rules diff --git a/rules/S6776/csharp/rule.adoc b/rules/S6776/csharp/rule.adoc index 0bab83b20d2..2e153763372 100644 --- a/rules/S6776/csharp/rule.adoc +++ b/rules/S6776/csharp/rule.adoc @@ -23,7 +23,7 @@ include::how-to-fix-it/blazor.adoc[] * OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * CWE - https://cwe.mitre.org/data/definitions/209[CWE-209 - Generation of Error Message Containing Sensitive Information] * CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. ifdef::env-github,rspecator-view[] diff --git a/rules/S6776/python/rule.adoc b/rules/S6776/python/rule.adoc index 2fcf7124546..22e6cd9b1ae 100644 --- a/rules/S6776/python/rule.adoc +++ b/rules/S6776/python/rule.adoc @@ -21,7 +21,7 @@ Python Documentation - https://docs.python.org/3/library/traceback.html[tracebac * OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * CWE - https://cwe.mitre.org/data/definitions/209[CWE-209 - Generation of Error Message Containing Sensitive Information] * CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. ifdef::env-github,rspecator-view[] diff --git a/rules/S6785/python/rule.adoc b/rules/S6785/python/rule.adoc index 99bcb7bd9f2..3c2ab44c977 100644 --- a/rules/S6785/python/rule.adoc +++ b/rules/S6785/python/rule.adoc @@ -95,7 +95,7 @@ The easiest way to set such a limit is to use the query validation API available * OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/770[CWE-707 - Allocation of Resources Without Limits or Throttling] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. ifdef::env-github,rspecator-view[] diff --git a/rules/S6839/see.adoc b/rules/S6839/see.adoc index 80238451b7c..9c67698cf55 100644 --- a/rules/S6839/see.adoc +++ b/rules/S6839/see.adoc @@ -10,5 +10,5 @@ * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/113[CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S7039/common/resources/standards.adoc b/rules/S7039/common/resources/standards.adoc index c32a8cd58e3..8c663b9b4d9 100644 --- a/rules/S7039/common/resources/standards.adoc +++ b/rules/S7039/common/resources/standards.adoc @@ -3,5 +3,5 @@ * OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[Top 10 2017 Category A6 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/693[CWE-693 - Protection Mechanism Failure] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222602[Application Security and Development: V-222602] - The application must protect from Cross-Site Scripting (XSS) vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222602[Application Security and Development: V-222602] - The application must protect from Cross-Site Scripting (XSS) vulnerabilities. diff --git a/rules/S7044/common/resources/standards.adoc b/rules/S7044/common/resources/standards.adoc index 76326f58595..0b13df6a4ba 100644 --- a/rules/S7044/common/resources/standards.adoc +++ b/rules/S7044/common/resources/standards.adoc @@ -4,4 +4,4 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] * CWE - https://cwe.mitre.org/data/definitions/918[CWE-918 - Server-Side Request Forgery (SSRF)] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S7080/javascript/rule.adoc b/rules/S7080/javascript/rule.adoc index 96d4b26ec90..0e371c43719 100644 --- a/rules/S7080/javascript/rule.adoc +++ b/rules/S7080/javascript/rule.adoc @@ -157,7 +157,7 @@ content. Be sure to validate and sanitize all user content. * OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[Top 10 2017 Category A6 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/693[CWE-693 - Protection Mechanism Failure] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222602[Application Security and Development: V-222602] - The application must protect from Cross-Site Scripting (XSS) vulnerabilities. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222602[Application Security and Development: V-222602] - The application must protect from Cross-Site Scripting (XSS) vulnerabilities. === External coding guidelines diff --git a/shared_content/secrets/resources/standards.adoc b/shared_content/secrets/resources/standards.adoc index 4fc97bea513..53f610cfd2f 100644 --- a/shared_content/secrets/resources/standards.adoc +++ b/shared_content/secrets/resources/standards.adoc @@ -4,5 +4,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * CWE - https://cwe.mitre.org/data/definitions/798[CWE-798 - Use of Hard-coded Credentials] * CWE - https://cwe.mitre.org/data/definitions/259[CWE-259 - Use of Hard-coded Password] -* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222642[Application Security and Development: V-222642] - The application must not contain embedded authentication data. +* STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222642[Application Security and Development: V-222642] - The application must not contain embedded authentication data.