-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathCWE_LLM_DATASET.json
More file actions
480 lines (480 loc) · 23.6 KB
/
CWE_LLM_DATASET.json
File metadata and controls
480 lines (480 loc) · 23.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
{
"metadata": {
"title": "CWE Security Patterns Dataset for LLM Integration",
"version": "1.0",
"description": "Comprehensive CWE vulnerability patterns optimized for LLM consumption and TinyBrain integration",
"source": "CWE Top 25 Most Dangerous Software Errors + Critical CWEs",
"authorization": "AUTHORIZED SECURITY ASSESSMENTS by CERTIFIED CYBERSECURITY PROFESSIONALS",
"standards": ["CWE", "OWASP", "NIST", "SANS Top 25"],
"total_patterns": 28,
"languages_covered": ["C", "C++", "Java", "Python", "JavaScript", "PHP", "C#", "Ruby", "Go", "TypeScript", "Rust"]
},
"cwe_patterns": {
"CWE-787": {
"id": "CWE-787",
"name": "Out-of-bounds Write",
"severity": "Critical",
"description": "Writing past the end of allocated memory buffer",
"languages": ["C", "C++", "Assembly"],
"vulnerable_pattern": "strcpy(buffer, input); // No bounds checking",
"secure_pattern": "strncpy(buffer, input, copy_len); buffer[copy_len] = '\\0';",
"exploitation": "Buffer overflow leading to code execution",
"remediation": "Use bounds-checking functions, validate input length",
"tinybrain_tags": ["buffer-overflow", "memory-corruption", "critical", "cwe-787"],
"priority": 10,
"confidence": 0.95
},
"CWE-79": {
"id": "CWE-79",
"name": "Cross-site Scripting (XSS)",
"severity": "High",
"description": "Improper neutralization of input during web page generation",
"languages": ["JavaScript", "HTML", "PHP", "Java", "C#"],
"vulnerable_pattern": "res.send(`<h1>Search: ${query}</h1>`); // No encoding",
"secure_pattern": "res.send(`<h1>Search: ${escapeHtml(query)}</h1>`);",
"exploitation": "Session hijacking, credential theft, defacement",
"remediation": "Output encoding, Content Security Policy, input validation",
"tinybrain_tags": ["xss", "web-security", "high", "cwe-79"],
"priority": 9,
"confidence": 0.9
},
"CWE-20": {
"id": "CWE-20",
"name": "Improper Input Validation",
"severity": "High",
"description": "Product does not validate or incorrectly validates input",
"languages": ["All"],
"vulnerable_pattern": "return database.save(data); // No validation",
"secure_pattern": "if (!validate_input(data)) raise ValueError(); return database.save(sanitize_input(data));",
"exploitation": "Injection attacks, data corruption, logic bypass",
"remediation": "Comprehensive input validation, whitelist approach, sanitization",
"tinybrain_tags": ["input-validation", "injection", "high", "cwe-20"],
"priority": 9,
"confidence": 0.9
},
"CWE-125": {
"id": "CWE-125",
"name": "Out-of-bounds Read",
"severity": "High",
"description": "Reading past the end of allocated memory buffer",
"languages": ["C", "C++", "Assembly"],
"vulnerable_pattern": "return buffer[index]; // No bounds checking",
"secure_pattern": "if (index >= 0 && index < size) return buffer[index]; return -1;",
"exploitation": "Information disclosure, memory corruption",
"remediation": "Bounds checking, safe array access, input validation",
"tinybrain_tags": ["buffer-overread", "memory-corruption", "high", "cwe-125"],
"priority": 8,
"confidence": 0.9
},
"CWE-78": {
"id": "CWE-78",
"name": "OS Command Injection",
"severity": "Critical",
"description": "Improper neutralization of special elements in OS command",
"languages": ["All"],
"vulnerable_pattern": "os.system(f'cat {filename}'); // Command injection",
"secure_pattern": "subprocess.run(['cat', filename], check=True);",
"exploitation": "Remote code execution, system compromise",
"remediation": "Avoid shell commands, use parameterized execution, input validation",
"tinybrain_tags": ["command-injection", "rce", "critical", "cwe-78"],
"priority": 10,
"confidence": 0.95
},
"CWE-89": {
"id": "CWE-89",
"name": "SQL Injection",
"severity": "Critical",
"description": "Improper neutralization of special elements in SQL command",
"languages": ["All with SQL"],
"vulnerable_pattern": "query = f'SELECT * FROM users WHERE id = {user_id}';",
"secure_pattern": "query = 'SELECT * FROM users WHERE id = ?'; database.execute(query, (user_id,));",
"exploitation": "Database access, data theft, authentication bypass",
"remediation": "Parameterized queries, stored procedures, input validation",
"tinybrain_tags": ["sql-injection", "database", "critical", "cwe-89"],
"priority": 10,
"confidence": 0.95
},
"CWE-416": {
"id": "CWE-416",
"name": "Use After Free",
"severity": "Critical",
"description": "Referencing memory after it has been freed",
"languages": ["C", "C++"],
"vulnerable_pattern": "free(ptr); *ptr = 'A'; // Use after free",
"secure_pattern": "free(ptr); ptr = NULL; // Prevent use after free",
"exploitation": "Code execution, memory corruption, crash",
"remediation": "Set pointers to NULL after free, use smart pointers, static analysis",
"tinybrain_tags": ["use-after-free", "memory-corruption", "critical", "cwe-416"],
"priority": 10,
"confidence": 0.9
},
"CWE-190": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound",
"severity": "High",
"description": "Integer operation causes wraparound",
"languages": ["C", "C++", "Java", "C#"],
"vulnerable_pattern": "return a + b; // Can overflow",
"secure_pattern": "if (a > INT_MAX - b) return -1; return a + b;",
"exploitation": "Buffer overflow, logic errors, denial of service",
"remediation": "Overflow checking, use safe math libraries, input validation",
"tinybrain_tags": ["integer-overflow", "arithmetic", "high", "cwe-190"],
"priority": 8,
"confidence": 0.85
},
"CWE-352": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)",
"severity": "High",
"description": "Web application does not verify request source",
"languages": ["Web applications"],
"vulnerable_pattern": "<form action='/transfer' method='POST'> // No CSRF protection",
"secure_pattern": "<input type='hidden' name='csrf_token' value='random_token'>",
"exploitation": "Unauthorized actions, account takeover, data modification",
"remediation": "CSRF tokens, SameSite cookies, referrer validation",
"tinybrain_tags": ["csrf", "web-security", "high", "cwe-352"],
"priority": 8,
"confidence": 0.9
},
"CWE-22": {
"id": "CWE-22",
"name": "Path Traversal",
"severity": "High",
"description": "Improper limitation of pathname to restricted directory",
"languages": ["All"],
"vulnerable_pattern": "open(f'uploads/{filename}'); // No validation",
"secure_pattern": "safe_path = os.path.join('uploads', os.path.basename(filename));",
"exploitation": "File system access, sensitive data exposure",
"remediation": "Path validation, chroot, input sanitization",
"tinybrain_tags": ["path-traversal", "file-access", "high", "cwe-22"],
"priority": 8,
"confidence": 0.9
},
"CWE-494": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check",
"severity": "High",
"description": "Product downloads code without verifying integrity",
"languages": ["All"],
"vulnerable_pattern": "f.write(response.content); // No verification",
"secure_pattern": "if (hashlib.sha256(response.content).hexdigest() != expected_hash) raise ValueError();",
"exploitation": "Code injection, malware installation, supply chain attack",
"remediation": "Integrity verification, code signing, secure channels",
"tinybrain_tags": ["code-download", "integrity", "high", "cwe-494"],
"priority": 8,
"confidence": 0.85
},
"CWE-362": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization",
"severity": "High",
"description": "Race condition in shared resource access",
"languages": ["Multi-threaded applications"],
"vulnerable_pattern": "if (balance >= amount) balance -= amount; // Race condition",
"secure_pattern": "synchronized(lock) { if (balance >= amount) balance -= amount; }",
"exploitation": "Logic errors, data corruption, privilege escalation",
"remediation": "Synchronization primitives, atomic operations, thread safety",
"tinybrain_tags": ["race-condition", "concurrency", "high", "cwe-362"],
"priority": 8,
"confidence": 0.8
},
"CWE-770": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling",
"severity": "Medium",
"description": "No limit on resource allocation",
"languages": ["All"],
"vulnerable_pattern": "while True: process_request(get_request()); // No limits",
"secure_pattern": "semaphore = threading.Semaphore(10); semaphore.acquire();",
"exploitation": "Denial of service, resource exhaustion",
"remediation": "Resource limits, throttling, rate limiting",
"tinybrain_tags": ["resource-exhaustion", "dos", "medium", "cwe-770"],
"priority": 6,
"confidence": 0.8
},
"CWE-918": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)",
"severity": "High",
"description": "Web server makes requests to arbitrary URLs",
"languages": ["Web applications"],
"vulnerable_pattern": "requests.get(url); // No validation",
"secure_pattern": "if (!is_allowed_url(url)) raise ValueError(); requests.get(url);",
"exploitation": "Internal network access, port scanning, data exfiltration",
"remediation": "URL validation, network segmentation, allowlists",
"tinybrain_tags": ["ssrf", "network-access", "high", "cwe-918"],
"priority": 8,
"confidence": 0.9
},
"CWE-311": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data",
"severity": "High",
"description": "Sensitive data not encrypted",
"languages": ["All"],
"vulnerable_pattern": "database.save('password', password); // Plain text",
"secure_pattern": "hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt());",
"exploitation": "Data theft, credential exposure, privacy violation",
"remediation": "Encryption at rest and in transit, strong algorithms",
"tinybrain_tags": ["encryption", "data-protection", "high", "cwe-311"],
"priority": 8,
"confidence": 0.9
},
"CWE-74": {
"id": "CWE-74",
"name": "Injection",
"severity": "High",
"description": "Improper neutralization of special elements",
"languages": ["All"],
"vulnerable_pattern": "query = f'(uid={username})'; // LDAP injection",
"secure_pattern": "query = '(uid={})'.format(ldap.escape_filter_chars(username));",
"exploitation": "Data access, authentication bypass, system compromise",
"remediation": "Parameterized queries, input validation, output encoding",
"tinybrain_tags": ["injection", "ldap", "high", "cwe-74"],
"priority": 9,
"confidence": 0.9
},
"CWE-434": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type",
"severity": "High",
"description": "File upload without type validation",
"languages": ["Web applications"],
"vulnerable_pattern": "move_uploaded_file($_FILES['upload']['tmp_name'], $uploadFile);",
"secure_pattern": "if (in_array($_FILES['upload']['type'], $allowedTypes)) move_uploaded_file();",
"exploitation": "Malware upload, code execution, system compromise",
"remediation": "File type validation, content scanning, restricted directories",
"tinybrain_tags": ["file-upload", "malware", "high", "cwe-434"],
"priority": 8,
"confidence": 0.9
},
"CWE-807": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision",
"severity": "High",
"description": "Security decision based on untrusted input",
"languages": ["All"],
"vulnerable_pattern": "return user.isAdmin; // Client can modify",
"secure_pattern": "const user = database.getUser(userId); return user.role === 'admin';",
"exploitation": "Privilege escalation, authorization bypass",
"remediation": "Server-side validation, trusted data sources",
"tinybrain_tags": ["untrusted-input", "authorization", "high", "cwe-807"],
"priority": 8,
"confidence": 0.9
},
"CWE-250": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges",
"severity": "Medium",
"description": "Application runs with excessive privileges",
"languages": ["All"],
"vulnerable_pattern": "sudo ./myapp; // Running as root",
"secure_pattern": "sudo -u appuser ./myapp; // Minimal privileges",
"exploitation": "Privilege escalation, system compromise",
"remediation": "Principle of least privilege, user separation",
"tinybrain_tags": ["privileges", "escalation", "medium", "cwe-250"],
"priority": 6,
"confidence": 0.8
},
"CWE-863": {
"id": "CWE-863",
"name": "Incorrect Authorization",
"severity": "High",
"description": "Access control implementation is incorrect",
"languages": ["All"],
"vulnerable_pattern": "if (current_user.id == user_id) delete_user(user_id);",
"secure_pattern": "if (current_user.role == 'admin' || current_user.id == user_id) delete_user(user_id);",
"exploitation": "Unauthorized access, data modification",
"remediation": "Proper authorization checks, role-based access control",
"tinybrain_tags": ["authorization", "access-control", "high", "cwe-863"],
"priority": 8,
"confidence": 0.9
},
"CWE-639": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key",
"severity": "High",
"description": "Authorization bypass using user-controlled key",
"languages": ["All"],
"vulnerable_pattern": "return database.get(f'user_{user_id}'); // IDOR",
"secure_pattern": "if (current_user.id == user_id || current_user.role == 'admin') return database.get(f'user_{user_id}');",
"exploitation": "Unauthorized data access, IDOR attacks",
"remediation": "Authorization checks, access control validation",
"tinybrain_tags": ["idor", "authorization-bypass", "high", "cwe-639"],
"priority": 8,
"confidence": 0.9
},
"CWE-327": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm",
"severity": "High",
"description": "Use of weak cryptographic algorithm",
"languages": ["All"],
"vulnerable_pattern": "hashlib.md5(password.encode()).hexdigest(); // MD5 is weak",
"secure_pattern": "bcrypt.hashpw(password.encode(), bcrypt.gensalt());",
"exploitation": "Password cracking, data compromise",
"remediation": "Use strong algorithms, proper key management",
"tinybrain_tags": ["weak-crypto", "hashing", "high", "cwe-327"],
"priority": 8,
"confidence": 0.9
},
"CWE-306": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function",
"severity": "High",
"description": "Critical function lacks authentication",
"languages": ["All"],
"vulnerable_pattern": "def admin_panel(): return render_admin_panel(); // No auth",
"secure_pattern": "if not is_authenticated() or not is_admin(): return redirect('/login');",
"exploitation": "Unauthorized access, privilege escalation",
"remediation": "Authentication checks, session management",
"tinybrain_tags": ["missing-auth", "authentication", "high", "cwe-306"],
"priority": 8,
"confidence": 0.9
},
"CWE-862": {
"id": "CWE-862",
"name": "Missing Authorization",
"severity": "High",
"description": "Function lacks authorization check",
"languages": ["All"],
"vulnerable_pattern": "def delete_file(filename): os.remove(filename); // No permission check",
"secure_pattern": "if user.has_permission('delete', filename): os.remove(filename);",
"exploitation": "Unauthorized actions, data modification",
"remediation": "Authorization checks, permission validation",
"tinybrain_tags": ["missing-authorization", "permissions", "high", "cwe-862"],
"priority": 8,
"confidence": 0.9
},
"CWE-732": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource",
"severity": "Medium",
"description": "Critical resource has incorrect permissions",
"languages": ["All"],
"vulnerable_pattern": "chmod 666 /etc/myapp.conf; // World-writable",
"secure_pattern": "chmod 600 /etc/myapp.conf; // Restricted permissions",
"exploitation": "Data modification, configuration tampering",
"remediation": "Principle of least privilege, proper file permissions",
"tinybrain_tags": ["file-permissions", "access-control", "medium", "cwe-732"],
"priority": 6,
"confidence": 0.8
},
"CWE-502": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data",
"severity": "Critical",
"description": "Deserializing untrusted data without validation",
"languages": ["Java", "Python", ".NET", "PHP"],
"vulnerable_pattern": "return ois.readObject(); // Dangerous deserialization",
"secure_pattern": "return JsonUtils.fromJson(new String(data), MyClass.class);",
"exploitation": "Remote code execution, system compromise",
"remediation": "Safe deserialization, input validation, code signing",
"tinybrain_tags": ["deserialization", "rce", "critical", "cwe-502"],
"priority": 10,
"confidence": 0.95
},
"CWE-798": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials",
"severity": "High",
"description": "Hard-coded credentials in source code",
"languages": ["All"],
"vulnerable_pattern": "DB_PASSWORD = 'admin123'; // Hard-coded",
"secure_pattern": "DB_PASSWORD = os.getenv('DB_PASSWORD'); // Environment variable",
"exploitation": "Credential theft, unauthorized access",
"remediation": "Environment variables, secure key management, secrets management",
"tinybrain_tags": ["hardcoded-credentials", "secrets", "high", "cwe-798"],
"priority": 8,
"confidence": 0.9
},
"CWE-330": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values",
"severity": "Medium",
"description": "Use of predictable random values",
"languages": ["All"],
"vulnerable_pattern": "session_id = random.randint(1, 1000000); // Predictable",
"secure_pattern": "session_id = secrets.token_hex(16); // Cryptographically secure",
"exploitation": "Session hijacking, token prediction",
"remediation": "Cryptographically secure random, proper entropy",
"tinybrain_tags": ["weak-randomness", "session-security", "medium", "cwe-330"],
"priority": 6,
"confidence": 0.8
}
},
"search_index": {
"by_severity": {
"critical": ["CWE-787", "CWE-78", "CWE-89", "CWE-416", "CWE-502"],
"high": ["CWE-79", "CWE-20", "CWE-125", "CWE-190", "CWE-352", "CWE-22", "CWE-494", "CWE-362", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-798"],
"medium": ["CWE-770", "CWE-250", "CWE-732", "CWE-330"]
},
"by_language": {
"C": ["CWE-787", "CWE-125", "CWE-416", "CWE-190"],
"C++": ["CWE-787", "CWE-125", "CWE-416", "CWE-190"],
"Java": ["CWE-79", "CWE-20", "CWE-78", "CWE-89", "CWE-190", "CWE-362", "CWE-502", "CWE-798", "CWE-330"],
"Python": ["CWE-20", "CWE-78", "CWE-89", "CWE-22", "CWE-494", "CWE-770", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-732", "CWE-502", "CWE-798", "CWE-330"],
"JavaScript": ["CWE-79", "CWE-20", "CWE-78", "CWE-89", "CWE-352", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-798", "CWE-330"],
"PHP": ["CWE-79", "CWE-20", "CWE-78", "CWE-89", "CWE-352", "CWE-22", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-502", "CWE-798", "CWE-330"],
"C#": ["CWE-79", "CWE-20", "CWE-78", "CWE-89", "CWE-190", "CWE-352", "CWE-22", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-502", "CWE-798", "CWE-330"],
"Ruby": ["CWE-20", "CWE-78", "CWE-89", "CWE-352", "CWE-22", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-798", "CWE-330"],
"Go": ["CWE-20", "CWE-78", "CWE-89", "CWE-22", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-798", "CWE-330"],
"TypeScript": ["CWE-79", "CWE-20", "CWE-78", "CWE-89", "CWE-352", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-798", "CWE-330"],
"Rust": ["CWE-20", "CWE-78", "CWE-89", "CWE-22", "CWE-918", "CWE-311", "CWE-74", "CWE-434", "CWE-807", "CWE-863", "CWE-639", "CWE-327", "CWE-306", "CWE-862", "CWE-798", "CWE-330"]
},
"by_category": {
"injection": ["CWE-78", "CWE-89", "CWE-74"],
"memory-corruption": ["CWE-787", "CWE-125", "CWE-416", "CWE-190"],
"web-security": ["CWE-79", "CWE-352", "CWE-918", "CWE-434"],
"authentication": ["CWE-306", "CWE-862", "CWE-863", "CWE-639"],
"cryptography": ["CWE-311", "CWE-327", "CWE-330"],
"file-security": ["CWE-22", "CWE-434", "CWE-732"],
"concurrency": ["CWE-362", "CWE-770"],
"deserialization": ["CWE-502"],
"secrets": ["CWE-798"],
"integrity": ["CWE-494"]
}
},
"tinybrain_integration": {
"store_cwe_finding": {
"template": {
"title": "[CWE-XXX] [Vulnerability Name] in [Location]",
"content": "AUTHORIZED SECURITY ASSESSMENT: [CWE-XXX] vulnerability identified in [LOCATION]. [DETAILED_DESCRIPTION]. EXPLOITATION CONFIRMED: [EXPLOITATION_DETAILS].",
"category": "vulnerability",
"priority": "[1-10]",
"confidence": "[0.0-1.0]",
"tags": ["[cwe-xxx]", "[vulnerability-type]", "[severity]", "authorized-testing"],
"source": "authorized-security-assessment",
"cwe_id": "CWE-XXX",
"severity": "[critical|high|medium|low]",
"exploitation_status": "confirmed"
},
"example_commands": [
"Store CWE-89 SQL injection vulnerability in TinyBrain: Priority 10, affects login endpoint",
"Store CWE-79 XSS vulnerability in TinyBrain: Priority 9, affects search functionality",
"Store CWE-78 command injection vulnerability in TinyBrain: Priority 10, affects file processing"
]
},
"search_cwe_patterns": {
"by_severity": [
"Search TinyBrain for critical CWE vulnerabilities (priority >= 9)",
"Search TinyBrain for high-severity CWE patterns in target codebase"
],
"by_language": [
"Search TinyBrain for Python-specific CWE patterns",
"Search TinyBrain for JavaScript CWE vulnerabilities"
],
"by_category": [
"Search TinyBrain for injection-related CWE patterns",
"Search TinyBrain for authentication CWE vulnerabilities"
]
},
"correlate_findings": {
"commands": [
"Find similar CWE patterns in TinyBrain based on vulnerability type",
"Correlate CWE findings with OWASP Top 10 categories in TinyBrain",
"Map CWE vulnerabilities to exploitation techniques in TinyBrain"
]
}
}
}