Skip to content

Add OWASP Top 10 guideline #4482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 12, 2025
Merged

Add OWASP Top 10 guideline #4482

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions config/guidelines/owasp-top-10-2021.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
guideline: owasp-top-10-2021
guideline_title: OWASP Top 10 Web Application Security Risks 2021
rules:
- rule_id: owasp-A01-2021
title: Broken Access Control
rule_url: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
- rule_id: owasp-A02-2021
title: Cryptographic Failures
rule_url: https://owasp.org/Top10/A02_2021-Cryptographic_Failures/
- rule_id: owasp-A03-2021
title: Injection
rule_url: https://owasp.org/Top10/A03_2021-Injection/
- rule_id: owasp-A04-2021
title: Insecure Design
rule_url: https://owasp.org/Top10/A04_2021-Insecure_Design/
- rule_id: owasp-A05-2021
title: Security Misconfiguration
rule_url: https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
- rule_id: owasp-A06-2021
title: Vulnerable and Outdated Components
rule_url: https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
- rule_id: owasp-A07-2021
title: Identification and Authentication Failures
rule_url: https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
- rule_id: owasp-A08-2021
title: Software and Data Integrity Failures
rule_url: https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/
- rule_id: owasp-A09-2021
title: Security Logging and Monitoring Failures
rule_url: https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/
- rule_id: owasp-A10-2021
title: Server-Side Request Forgery (SSRF)
rule_url: https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
20 changes: 20 additions & 0 deletions config/labels/analyzers/clang-tidy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,8 @@
],
"android-cloexec-open": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/android/cloexec-open.html",
"guideline:owasp-top-10-2021",
"owasp-top-10-2021:owasp-A01-2021",
"severity:HIGH"
],
"android-cloexec-pipe": [
Expand Down Expand Up @@ -649,11 +651,13 @@
"bugprone-suspicious-memset-usage": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/suspicious-memset-usage.html",
"guideline:sei-cert-c",
"guideline:owasp-top-10-2021",
"profile:default",
"profile:extreme",
"profile:security",
"profile:sensitive",
"sei-cert-c:int31-c",
"owasp-top-10-2021:owasp-A04-2021",
"severity:HIGH"
],
"bugprone-suspicious-missing-comma": [
Expand Down Expand Up @@ -743,12 +747,14 @@
"bugprone-undefined-memory-manipulation": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/undefined-memory-manipulation.html",
"guideline:sei-cert-cpp",
"guideline:owasp-top-10-2021",
"profile:default",
"profile:extreme",
"profile:security",
"profile:sensitive",
"sei-cert-cpp:exp62-cpp",
"sei-cert-cpp:oop57-cpp",
"owasp-top-10-2021:owasp-A01-2021",
"severity:MEDIUM"
],
"bugprone-undelegated-constructor": [
Expand Down Expand Up @@ -792,6 +798,7 @@
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/unsafe-functions.html",
"guideline:cwe-top-25-2024",
"guideline:sei-cert-c",
"guideline:owasp-top-10-2021",
"profile:extreme",
"profile:security",
"profile:sensitive",
Expand All @@ -800,6 +807,7 @@
"cwe-top-25-2024:cwe-787",
"sei-cert-c:msc24-c",
"sei-cert-c:msc33-c",
"owasp-top-10-2021:owasp-A04-2021",
"severity:LOW"
],
"bugprone-unused-local-non-trivial-variable": [
Expand Down Expand Up @@ -923,10 +931,12 @@
"cert-env33-c": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/env33-c.html",
"guideline:sei-cert-c",
"guideline:owasp-top-10-2021",
"profile:extreme",
"profile:security",
"profile:sensitive",
"sei-cert-c:env33-c",
"owasp-top-10-2021:owasp-A03-2021",
"severity:MEDIUM"
],
"cert-err09-cpp": [
Expand Down Expand Up @@ -1029,10 +1039,14 @@
],
"cert-msc30-c": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/msc30-c.html",
"guideline:owasp-top-10-2021",
"owasp-top-10-2021:owasp-A02-2021",
"severity:LOW"
],
"cert-msc32-c": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/msc32-c.html",
"guideline:owasp-top-10-2021",
"owasp-top-10-2021:owasp-A02-2021",
"severity:MEDIUM"
],
"cert-msc33-c": [
Expand All @@ -1047,22 +1061,26 @@
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/msc50-cpp.html",
"guideline:sei-cert-c",
"guideline:sei-cert-cpp",
"guideline:owasp-top-10-2021",
"profile:extreme",
"profile:security",
"profile:sensitive",
"sei-cert-c:msc30-c",
"sei-cert-cpp:msc50-cpp",
"owasp-top-10-2021:owasp-A02-2021",
"severity:LOW"
],
"cert-msc51-cpp": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/msc51-cpp.html",
"guideline:sei-cert-c",
"guideline:sei-cert-cpp",
"guideline:owasp-top-10-2021",
"profile:extreme",
"profile:security",
"profile:sensitive",
"sei-cert-c:msc32-c",
"sei-cert-cpp:msc51-cpp",
"owasp-top-10-2021:owasp-A02-2021",
"severity:MEDIUM"
],
"cert-msc54-cpp": [
Expand Down Expand Up @@ -5897,8 +5915,10 @@
"concurrency-mt-unsafe": [
"doc_url:https://clang.llvm.org/extra/clang-tidy/checks/concurrency/mt-unsafe.html",
"guideline:sei-cert-c",
"guideline:owasp-top-10-2021",
"profile:security",
"sei-cert-c:con33-c",
"owasp-top-10-2021:owasp-A02-2021",
"severity:MEDIUM"
],
"concurrency-thread-canceltype-asynchronous": [
Expand Down
16 changes: 16 additions & 0 deletions config/labels/analyzers/clangsa.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -802,6 +802,7 @@
"optin.taint.GenericTaint": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-taint-generictaint-c-c",
"guideline:cwe-top-25-2024",
"guideline:owasp-top-10-2021",
"profile:extreme",
"profile:sensitive",
"cwe-top-25-2024:cwe-20",
Expand All @@ -811,18 +812,27 @@
"cwe-top-25-2024:cwe-79",
"cwe-top-25-2024:cwe-89",
"cwe-top-25-2024:cwe-94",
"owasp-top-10-2021:owasp-A01-2021",
"owasp-top-10-2021:owasp-A03-2021",
"owasp-top-10-2021:owasp-A04-2021",
"owasp-top-10-2021:owasp-A08-2021",
"owasp-top-10-2021:owasp-A10-2021",
"severity:HIGH"
],
"optin.taint.TaintedAlloc": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-taint-taintedalloc-c-c",
"guideline:owasp-top-10-2021",
"profile:extreme",
"profile:sensitive",
"owasp-top-10-2021:owasp-A03-2021",
"severity:HIGH"
],
"optin.taint.TaintedDiv": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-taint-tainteddiv-c-c-objc",
"guideline:owasp-top-10-2021",
"profile:extreme",
"profile:sensitive",
"owasp-top-10-2021:owasp-A03-2021",
"severity:HIGH"
],
"optin.taint.TaintPropagation": [
Expand Down Expand Up @@ -970,11 +980,13 @@
"security.SetgidSetuidOrder": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-setgidsetuidorder-c",
"guideline:sei-cert-c",
"guideline:owasp-top-10-2021",
"profile:default",
"profile:extreme",
"profile:security",
"profile:sensitive",
"sei-cert-c:pos36-c",
"owasp-top-10-2021:owasp-A04-2021",
"severity:MEDIUM"
],
"security.cert.env.InvalidPtr": [
Expand Down Expand Up @@ -1051,16 +1063,20 @@
],
"security.insecureAPI.mktemp": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-mktemp-c",
"guideline:owasp-top-10-2021",
"profile:default",
"profile:extreme",
"profile:sensitive",
"owasp-top-10-2021:owasp-A01-2021",
"severity:MEDIUM"
],
"security.insecureAPI.rand": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-rand-c",
"guideline:owasp-top-10-2021",
"profile:default",
"profile:extreme",
"profile:sensitive",
"owasp-top-10-2021:owasp-A02-2021",
"severity:MEDIUM"
],
"security.insecureAPI.strcpy": [
Expand Down
7 changes: 6 additions & 1 deletion web/server/vue-cli/src/components/Statistics/Guideline/GuidelineStatistics.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,11 @@ export default {
id: "cwe-top-25-2024",
name: "CWE Top 25 Most Dangerous Software Weaknesses 2024",
value: 2
},
{
id: "owasp-top-10-2021",
name: "OWASP Top 10 Web Application Security Risks 2021",
value: 3
}
];

Expand All @@ -196,7 +201,7 @@ export default {
runs: null,
runData: [],
selectedCheckerName: null,
selectedGuidelineIndexes: [ 0, 1, 2 ],
selectedGuidelineIndexes: [ 0, 1, 2, 3 ],
showRuns: {
enabled: false,
disabled: false,
Expand Down
Loading