com.metaeffekt.artifact.analysis
ae-inventory-enrichment-plugin
diff --git a/advisors/selected-component-advisor/context/CTX_external-attackers.yaml b/advisors/keycloak-contextualized-advisor/context/CTX_external-attacker.yaml
similarity index 78%
rename from advisors/selected-component-advisor/context/CTX_external-attackers.yaml
rename to advisors/keycloak-contextualized-advisor/context/CTX_external-attacker.yaml
index ec972aa..51a56df 100755
--- a/advisors/selected-component-advisor/context/CTX_external-attackers.yaml
+++ b/advisors/keycloak-contextualized-advisor/context/CTX_external-attacker.yaml
@@ -2,6 +2,7 @@ sets:
- name: external attacker
category: external threat
score: 3.0
+ notes: An adversary may attempt to attack the system from remote. The adversary may modify / reconfigure existing code or introduce code from remote.
min:
- amount: 1
keywords:
diff --git a/advisors/example-advisor/context/CTX_information-disclosure.yaml b/advisors/keycloak-contextualized-advisor/context/CTX_information-disclosure.yaml
similarity index 61%
rename from advisors/example-advisor/context/CTX_information-disclosure.yaml
rename to advisors/keycloak-contextualized-advisor/context/CTX_information-disclosure.yaml
index 7812a23..4d1d47d 100755
--- a/advisors/example-advisor/context/CTX_information-disclosure.yaml
+++ b/advisors/keycloak-contextualized-advisor/context/CTX_information-disclosure.yaml
@@ -2,6 +2,7 @@ sets:
- name: information disclosure
category: confidentiality threat
score: 2.0
+ notes: Confidential or restricted information may be exposed to an adversary. The adversary gains unauthorized access.
min:
- amount: 1
keywords:
@@ -10,10 +11,17 @@ sets:
- leaking credential
- leaked credential
- leaked credentials
+ - leaking secret
+ - leaked secret
+ - leaked secrets
- credential leak
- credentials leak
- - exposed credantial
+ - exposed credential
- credential exposed
- credentials exposed
- readable by unauthorized
- readable by unauthorised
+ - information leak
+ - privacy leak
+ - data leak
+ - data leakage
diff --git a/advisors/openssl-3.0-advisor/context/CTX_malicious-content.yaml b/advisors/keycloak-contextualized-advisor/context/CTX_malicious-content.yaml
similarity index 58%
rename from advisors/openssl-3.0-advisor/context/CTX_malicious-content.yaml
rename to advisors/keycloak-contextualized-advisor/context/CTX_malicious-content.yaml
index d0e219c..e3c26c3 100755
--- a/advisors/openssl-3.0-advisor/context/CTX_malicious-content.yaml
+++ b/advisors/keycloak-contextualized-advisor/context/CTX_malicious-content.yaml
@@ -2,6 +2,7 @@ sets:
- name: malicious content
category: integrity threat
score: 3.0
+ notes: An adversary may attempt to inject executable code or drafted messages to destabilize or compromise the system.
min:
- amount: 1
keywords:
@@ -13,5 +14,8 @@ sets:
- XML External Entity Injection
- XML Entity Expansion
- XXE
- - specifically crafted request
- - specifically crafted conent
+ - crafted request
+ - crafted content
+ - crafted document
+ - crafted PDF
+ - crafted HTML
diff --git a/advisors/openssl-1.1-advisor/context/CTX_privilege-escalation.yaml b/advisors/keycloak-contextualized-advisor/context/CTX_privilege-escalation.yaml
similarity index 77%
rename from advisors/openssl-1.1-advisor/context/CTX_privilege-escalation.yaml
rename to advisors/keycloak-contextualized-advisor/context/CTX_privilege-escalation.yaml
index 01250bb..1684759 100755
--- a/advisors/openssl-1.1-advisor/context/CTX_privilege-escalation.yaml
+++ b/advisors/keycloak-contextualized-advisor/context/CTX_privilege-escalation.yaml
@@ -2,6 +2,7 @@ sets:
- name: privilege escalation
category: general threat
score: 3.0
+ notes: An adversary may gain further privileges and gain unauthorized access to the system or services.
min:
- amount: 1
keywords:
diff --git a/advisors/openssl-3.0-advisor/context/CTX_request-forgery.yaml b/advisors/keycloak-contextualized-advisor/context/CTX_request-forgery.yaml
similarity index 70%
rename from advisors/openssl-3.0-advisor/context/CTX_request-forgery.yaml
rename to advisors/keycloak-contextualized-advisor/context/CTX_request-forgery.yaml
index 138095b..fd4db4a 100755
--- a/advisors/openssl-3.0-advisor/context/CTX_request-forgery.yaml
+++ b/advisors/keycloak-contextualized-advisor/context/CTX_request-forgery.yaml
@@ -2,6 +2,7 @@ sets:
- name: request forgery
category: external threat
score: 2.0
+ notes: An adversary may attempt to gain access to information and spoof a user.
min:
- amount: 1
keywords:
diff --git a/advisors/example-advisor/context/CTX_resource-exemption.yaml b/advisors/keycloak-contextualized-advisor/context/CTX_resource-exemption.yaml
similarity index 73%
rename from advisors/example-advisor/context/CTX_resource-exemption.yaml
rename to advisors/keycloak-contextualized-advisor/context/CTX_resource-exemption.yaml
index 4b6830b..8383d71 100755
--- a/advisors/example-advisor/context/CTX_resource-exemption.yaml
+++ b/advisors/keycloak-contextualized-advisor/context/CTX_resource-exemption.yaml
@@ -1,7 +1,7 @@
sets:
- name: resource exemption
category: external threat
- notes: The adversary may attempt to exhaust resources of the application service by injecting foreign log messages.
+ notes: An adversary may attempt to exhaust resources of the system compromising performance objectives and availability.
score: 1.0
min:
- amount: 1
diff --git a/advisors/openssl-1.1-advisor/context/README.md b/advisors/keycloak-contextualized-advisor/context/README.md
similarity index 100%
rename from advisors/openssl-1.1-advisor/context/README.md
rename to advisors/keycloak-contextualized-advisor/context/README.md
diff --git a/advisors/keycloak-contextualized-advisor/inventory/ae-example-keycloak-25.0.0.xlsx b/advisors/keycloak-contextualized-advisor/inventory/ae-example-keycloak-25.0.0.xlsx
index 85106e4..a8c6885 100644
Binary files a/advisors/keycloak-contextualized-advisor/inventory/ae-example-keycloak-25.0.0.xlsx and b/advisors/keycloak-contextualized-advisor/inventory/ae-example-keycloak-25.0.0.xlsx differ
diff --git a/advisors/keycloak-contextualized-advisor/pom.xml b/advisors/keycloak-contextualized-advisor/pom.xml
index d96e4e1..6b0d636 100755
--- a/advisors/keycloak-contextualized-advisor/pom.xml
+++ b/advisors/keycloak-contextualized-advisor/pom.xml
@@ -15,7 +15,7 @@
${project.basedir}/inventory/ae-example-keycloak-25.0.0.xlsx
- Keycloak
+ Keycloak 25.0.0
Vulnerability Assessment Dashboard
Demo Dashboard for Keycloak
diff --git a/advisors/openssl-1.1-advisor/assessment/README.md b/advisors/openssl-1.1-advisor/assessment/README.md
index 6bb164e..1b8e6ad 100755
--- a/advisors/openssl-1.1-advisor/assessment/README.md
+++ b/advisors/openssl-1.1-advisor/assessment/README.md
@@ -1,8 +1,3 @@
# Vulnerability Assessment
The `assessment` folder container yaml files that contain context-specific assessment information.
-
-The example uses an assessment of CVE-2021-44228 (here as an applicable vulnerability) and CVE-2021-45046 as
-vulnerability that is not applicable, because the affected MDC feature is not used in this context.
-
-The example is artifical and meant to illustrate the different options for vulnerability assessment.
\ No newline at end of file
diff --git a/advisors/openssl-1.1-advisor/assessment/baseline.yaml_ b/advisors/openssl-1.1-advisor/assessment/baseline.yaml_
deleted file mode 100755
index e9337e0..0000000
--- a/advisors/openssl-1.1-advisor/assessment/baseline.yaml_
+++ /dev/null
@@ -1,20 +0,0 @@
-history:
- - rationale:
- "
- The application services are operated in an isolated network. No direct access from the external adversaries
- shall be possible.
-
-
- The CVSS vectors have been adjusted to expect that an adversary must have access to the network the
- application service are deployed (MAV:A; AV:A). Additional privileges are required (MAC:H) as the adversary
- must have already passed the gateway-level security perimeter or the physical protection of the data center.
-
"
- date: 2024-08-24
- author: KKL
-
-scope: inventory
-
-cvssV3:
- lower: MAV:A/MAC:H
-cvssV2:
- lower: AV:A
diff --git a/advisors/openssl-1.1-advisor/context/CTX_external-attackers.yaml b/advisors/openssl-1.1-advisor/context/CTX_external-attackers.yaml
deleted file mode 100755
index ec972aa..0000000
--- a/advisors/openssl-1.1-advisor/context/CTX_external-attackers.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-sets:
- - name: external attacker
- category: external threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - external attacker
- - external attackers
- - external adversary
- - external adversaries
- - external user
- - remote attacker
- - remote attackers
- - remote adversary
- - remote adversaries
- - remote code execution
- - remote code executions
- - RCE
- - execute arbitrary code
- - initiate the attack remotely
diff --git a/advisors/openssl-1.1-advisor/context/CTX_information-disclosure.yaml b/advisors/openssl-1.1-advisor/context/CTX_information-disclosure.yaml
deleted file mode 100755
index 40856a7..0000000
--- a/advisors/openssl-1.1-advisor/context/CTX_information-disclosure.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-sets:
- - name: information disclosure
- category: confidentiality threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - information disclosure
- - making private services on the VM accessible to the network
- - leaking credential
- - leaked credential
- - leaked credentials
- - credential leak
- - credentials leak
- - exposed credantial
- - credential exposed
- - credentials exposed
- - readable by unauthorized
- - readable by unauthorised
diff --git a/advisors/openssl-1.1-advisor/context/CTX_resource-exemption.yaml b/advisors/openssl-1.1-advisor/context/CTX_resource-exemption.yaml
deleted file mode 100755
index 2bc3bfb..0000000
--- a/advisors/openssl-1.1-advisor/context/CTX_resource-exemption.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-sets:
- - name: resource exemption
- category: external threat
- score: 1.0
- min:
- - amount: 1
- keywords:
- - resource consumption
- - resource exemption
- - denial of service
- - denial of service attacks
- - connection pool exhaustion
- - memory leak
- - resource leak
diff --git a/advisors/openssl-3.0-advisor/assessment/README.md b/advisors/openssl-3.0-advisor/assessment/README.md
index 6bb164e..1b8e6ad 100755
--- a/advisors/openssl-3.0-advisor/assessment/README.md
+++ b/advisors/openssl-3.0-advisor/assessment/README.md
@@ -1,8 +1,3 @@
# Vulnerability Assessment
The `assessment` folder container yaml files that contain context-specific assessment information.
-
-The example uses an assessment of CVE-2021-44228 (here as an applicable vulnerability) and CVE-2021-45046 as
-vulnerability that is not applicable, because the affected MDC feature is not used in this context.
-
-The example is artifical and meant to illustrate the different options for vulnerability assessment.
\ No newline at end of file
diff --git a/advisors/openssl-3.0-advisor/assessment/baseline.yaml_ b/advisors/openssl-3.0-advisor/assessment/baseline.yaml_
deleted file mode 100755
index e9337e0..0000000
--- a/advisors/openssl-3.0-advisor/assessment/baseline.yaml_
+++ /dev/null
@@ -1,20 +0,0 @@
-history:
- - rationale:
- "
- The application services are operated in an isolated network. No direct access from the external adversaries
- shall be possible.
-
-
- The CVSS vectors have been adjusted to expect that an adversary must have access to the network the
- application service are deployed (MAV:A; AV:A). Additional privileges are required (MAC:H) as the adversary
- must have already passed the gateway-level security perimeter or the physical protection of the data center.
-
"
- date: 2024-08-24
- author: KKL
-
-scope: inventory
-
-cvssV3:
- lower: MAV:A/MAC:H
-cvssV2:
- lower: AV:A
diff --git a/advisors/openssl-3.0-advisor/context/CTX_external-attackers.yaml b/advisors/openssl-3.0-advisor/context/CTX_external-attackers.yaml
deleted file mode 100755
index ec972aa..0000000
--- a/advisors/openssl-3.0-advisor/context/CTX_external-attackers.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-sets:
- - name: external attacker
- category: external threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - external attacker
- - external attackers
- - external adversary
- - external adversaries
- - external user
- - remote attacker
- - remote attackers
- - remote adversary
- - remote adversaries
- - remote code execution
- - remote code executions
- - RCE
- - execute arbitrary code
- - initiate the attack remotely
diff --git a/advisors/openssl-3.0-advisor/context/CTX_information-disclosure.yaml b/advisors/openssl-3.0-advisor/context/CTX_information-disclosure.yaml
deleted file mode 100755
index 40856a7..0000000
--- a/advisors/openssl-3.0-advisor/context/CTX_information-disclosure.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-sets:
- - name: information disclosure
- category: confidentiality threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - information disclosure
- - making private services on the VM accessible to the network
- - leaking credential
- - leaked credential
- - leaked credentials
- - credential leak
- - credentials leak
- - exposed credantial
- - credential exposed
- - credentials exposed
- - readable by unauthorized
- - readable by unauthorised
diff --git a/advisors/openssl-3.0-advisor/context/README.md b/advisors/openssl-3.0-advisor/context/README.md
deleted file mode 100755
index a21f1da..0000000
--- a/advisors/openssl-3.0-advisor/context/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Vulnerability Context Definition
-
-Within the folder `context` configurations can be places that help to prioritize vulnerabilities on a general level.
diff --git a/advisors/pom.xml b/advisors/pom.xml
index eaabb30..697a117 100755
--- a/advisors/pom.xml
+++ b/advisors/pom.xml
@@ -47,8 +47,11 @@
2147483647
../correlation
- ${project.basedir}/context
-
+
+
+ ../context
+
+
${project.basedir}/assessment
${project.basedir}/custom-vulnerabilities
@@ -210,7 +213,6 @@
${activate.correlation}
${correlation.dir}
- /Users/ywittmann/workspace/metaeffekt-vulnerability-correlation/correlation
@@ -367,7 +369,6 @@
minor
-
diff --git a/advisors/selected-component-advisor/context/CTX_information-disclosure.yaml b/advisors/selected-component-advisor/context/CTX_information-disclosure.yaml
deleted file mode 100755
index 7812a23..0000000
--- a/advisors/selected-component-advisor/context/CTX_information-disclosure.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-sets:
- - name: information disclosure
- category: confidentiality threat
- score: 2.0
- min:
- - amount: 1
- keywords:
- - information disclosure
- - making private services on the VM accessible to the network
- - leaking credential
- - leaked credential
- - leaked credentials
- - credential leak
- - credentials leak
- - exposed credantial
- - credential exposed
- - credentials exposed
- - readable by unauthorized
- - readable by unauthorised
diff --git a/advisors/selected-component-advisor/context/CTX_malicious-content.yaml b/advisors/selected-component-advisor/context/CTX_malicious-content.yaml
deleted file mode 100755
index d0e219c..0000000
--- a/advisors/selected-component-advisor/context/CTX_malicious-content.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-sets:
- - name: malicious content
- category: integrity threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - request smuggling
- - missing input validation
- - SQL injection
- - sql injection
- - sql-injection
- - XML External Entity Injection
- - XML Entity Expansion
- - XXE
- - specifically crafted request
- - specifically crafted conent
diff --git a/advisors/selected-component-advisor/context/CTX_privilege-escalation.yaml b/advisors/selected-component-advisor/context/CTX_privilege-escalation.yaml
deleted file mode 100755
index 01250bb..0000000
--- a/advisors/selected-component-advisor/context/CTX_privilege-escalation.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-sets:
- - name: privilege escalation
- category: general threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - privilege escalation
- - jailbreak
- - container escape
- - to access any other file
- - arbitrary code execution
- - allows unauthorized acccess
- - allows unauthorised acccess
diff --git a/advisors/selected-component-advisor/context/CTX_request-forgery.yaml b/advisors/selected-component-advisor/context/CTX_request-forgery.yaml
deleted file mode 100755
index 138095b..0000000
--- a/advisors/selected-component-advisor/context/CTX_request-forgery.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-sets:
- - name: request forgery
- category: external threat
- score: 2.0
- min:
- - amount: 1
- keywords:
- - cross-site request forgery
- - CSFR
- - forge requests
diff --git a/advisors/selected-component-advisor/context/CTX_resource-exemption.yaml b/advisors/selected-component-advisor/context/CTX_resource-exemption.yaml
deleted file mode 100755
index 2bc3bfb..0000000
--- a/advisors/selected-component-advisor/context/CTX_resource-exemption.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-sets:
- - name: resource exemption
- category: external threat
- score: 1.0
- min:
- - amount: 1
- keywords:
- - resource consumption
- - resource exemption
- - denial of service
- - denial of service attacks
- - connection pool exhaustion
- - memory leak
- - resource leak
diff --git a/advisors/selected-component-advisor/context/README.md b/advisors/selected-component-advisor/context/README.md
deleted file mode 100755
index f5eec57..0000000
--- a/advisors/selected-component-advisor/context/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# Vulnerability Context Definition
-
-Within the folder `context` configurations can be places that help to prioritize vulnerabilities on a general level.
-
-Currently, no context information is provided.
\ No newline at end of file
diff --git a/advisors/selected-component-advisor/inventories/selected-components-inventory.xls b/advisors/selected-component-advisor/inventories/selected-components-inventory.xls
index 6f45f03..7104025 100644
Binary files a/advisors/selected-component-advisor/inventories/selected-components-inventory.xls and b/advisors/selected-component-advisor/inventories/selected-components-inventory.xls differ
diff --git a/advisors/windows11-advisor/context/CTX_external-attackers.yaml b/advisors/windows11-advisor/context/CTX_external-attackers.yaml
deleted file mode 100755
index ec972aa..0000000
--- a/advisors/windows11-advisor/context/CTX_external-attackers.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-sets:
- - name: external attacker
- category: external threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - external attacker
- - external attackers
- - external adversary
- - external adversaries
- - external user
- - remote attacker
- - remote attackers
- - remote adversary
- - remote adversaries
- - remote code execution
- - remote code executions
- - RCE
- - execute arbitrary code
- - initiate the attack remotely
diff --git a/advisors/windows11-advisor/context/CTX_malicious-content.yaml b/advisors/windows11-advisor/context/CTX_malicious-content.yaml
deleted file mode 100755
index d0e219c..0000000
--- a/advisors/windows11-advisor/context/CTX_malicious-content.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-sets:
- - name: malicious content
- category: integrity threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - request smuggling
- - missing input validation
- - SQL injection
- - sql injection
- - sql-injection
- - XML External Entity Injection
- - XML Entity Expansion
- - XXE
- - specifically crafted request
- - specifically crafted conent
diff --git a/advisors/windows11-advisor/context/CTX_privilege-escalation.yaml b/advisors/windows11-advisor/context/CTX_privilege-escalation.yaml
deleted file mode 100755
index 8b730cc..0000000
--- a/advisors/windows11-advisor/context/CTX_privilege-escalation.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-sets:
- - name: privilege escalation
- category: general threat
- score: 3.0
- min:
- - amount: 1
- keywords:
- - privilege escalation
- - privilege elevation
- - elevation of privilege
- - jailbreak
- - container escape
- - to access any other file
- - arbitrary code execution
- - allows unauthorized acccess
- - allows unauthorised acccess
diff --git a/advisors/windows11-advisor/context/CTX_request-forgery.yaml b/advisors/windows11-advisor/context/CTX_request-forgery.yaml
deleted file mode 100755
index 138095b..0000000
--- a/advisors/windows11-advisor/context/CTX_request-forgery.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-sets:
- - name: request forgery
- category: external threat
- score: 2.0
- min:
- - amount: 1
- keywords:
- - cross-site request forgery
- - CSFR
- - forge requests
diff --git a/advisors/windows11-advisor/context/CTX_resource-exemption.yaml b/advisors/windows11-advisor/context/CTX_resource-exemption.yaml
deleted file mode 100755
index 2bc3bfb..0000000
--- a/advisors/windows11-advisor/context/CTX_resource-exemption.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-sets:
- - name: resource exemption
- category: external threat
- score: 1.0
- min:
- - amount: 1
- keywords:
- - resource consumption
- - resource exemption
- - denial of service
- - denial of service attacks
- - connection pool exhaustion
- - memory leak
- - resource leak