{ "cells": [ { "cell_type": "code", "execution_count": 18, "metadata": { "collapsed": true }, "outputs": [], "source": [ "from pymongo import MongoClient\n", "import pandas as pd\n", "import json\n", "from bson.json_util import dumps\n", "from pandas.io.json import json_normalize" ] }, { "cell_type": "code", "execution_count": 102, "metadata": { "collapsed": true }, "outputs": [], "source": [ "client = MongoClient('mongodb://test:test@ds129796.mlab.com:29796/android-vulnerabilities')\n", "db = client['android-vulnerabilities']\n", "# LLAMADO A LA COLECCION JoinedVulnerabilitiesDateFormat\n", "vulnerabilities = db['JoinedVulnerabilitiesDateFormat']" ] }, { "cell_type": "code", "execution_count": 103, "metadata": {}, "outputs": [], "source": [ "def getRootAndSeverity():\n", " return vulnerabilities.aggregate(\n", " [\n", " { \"$match\" : {\"webScrapingInformation.cweId\": {\"$ne\" : -1}}},\n", " { \"$project\" : \n", " { \n", " \"_id\" : 0,\n", " \"cwe\" : \"$webScrapingInformation.cweId\",\n", " \"link\" : \"$webScrapingInformation.cweIdLink\",\n", " \"CWE vulneratbility type\" : 1,\n", " \"Severity\" : \"$webScrapingInformation.cvssScoreNVD2.severity\"\n", " }\n", " }\n", " ]\n", " )" ] }, { "cell_type": "code", "execution_count": 104, "metadata": {}, "outputs": [], "source": [ "MongoResponse = getRootAndSeverity()\n", "dataFrame = pd.DataFrame([])\n", "dataFromMongoResponse = json.loads(dumps(MongoResponse))\n", "dataFrameTemp = json_normalize(dataFromMongoResponse)\n", "dataFrame = dataFrame.append(pd.DataFrame(dataFrameTemp))\n", "dfResult = dataFrame.reset_index()" ] }, { "cell_type": "code", "execution_count": 105, "metadata": {}, "outputs": [], "source": [ "dfResult = dfResult.groupby([\"cwe\",\"CWE vulneratbility type\",\"link\", \"Severity\"]).count().unstack('Severity')\n", "dfResult = dfResult.fillna(0)" ] }, { "cell_type": "code", "execution_count": 106, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
SeverityHIGHLOWMEDIUM
cweCWE vulneratbility typelink
16CWE-16: Configurationhttp://cwe.mitre.org/data/definitions/16.html1.00.00.0
17CWE-17: Codehttp://cwe.mitre.org/data/definitions/17.html1.00.02.0
19CWE-19: Data Handlinghttp://cwe.mitre.org/data/definitions/19.html3.00.05.0
CWE-19: Data Processing Errorshttp://cwe.mitre.org/data/definitions/19.html1.00.00.0
20CWE-20: Improper Input Validationhttp://cwe.mitre.org/data/definitions/20.html51.00.021.0
77CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')http://cwe.mitre.org/data/definitions/77.html0.00.01.0
89CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')http://cwe.mitre.org/data/definitions/89.html1.00.00.0
94CWE-94: Improper Control of Generation of Code ('Code Injection')http://cwe.mitre.org/data/definitions/94.html1.00.01.0
119CWE-119: Improper Restriction of Operations within the Bounds of a Memory Bufferhttp://cwe.mitre.org/data/definitions/119.html154.01.016.0
CWE-190: Integer Overflow or Wraparoundhttp://cwe.mitre.org/data/definitions/119.html1.00.00.0
CWE-200: Information Exposurehttp://cwe.mitre.org/data/definitions/119.html1.00.00.0
125CWE-125: Out-of-bounds Readhttp://cwe.mitre.org/data/definitions/125.html1.00.06.0
129CWE-129: Improper Validation of Array Indexhttp://cwe.mitre.org/data/definitions/129.html1.00.00.0
172CWE-172: Encoding Errorhttp://cwe.mitre.org/data/definitions/172.html4.00.00.0
189CWE-189: Numeric Errorshttp://cwe.mitre.org/data/definitions/189.html23.00.04.0
190CWE-190: Integer Overflow or Wraparoundhttp://cwe.mitre.org/data/definitions/190.html11.00.01.0
191CWE-191: Integer Underflow (Wrap or Wraparound)http://cwe.mitre.org/data/definitions/191.html1.00.01.0
200CWE-200: Information Exposurehttp://cwe.mitre.org/data/definitions/200.html5.056.0135.0
CWE-200: Information exposurehttp://cwe.mitre.org/data/definitions/200.html0.00.06.0
254CWE-254: Security Featureshttp://cwe.mitre.org/data/definitions/254.html4.00.010.0
255CWE-255: Credentials Managementhttp://cwe.mitre.org/data/definitions/255.html0.00.01.0
264CWE-16: Configurationhttp://cwe.mitre.org/data/definitions/264.html0.00.01.0
CWE-264: Permissions, Privileges, and Access Controlshttp://cwe.mitre.org/data/definitions/264.html416.04.081.0
CWE-264: Permissions, Privileges, and Access Controlshttp://cwe.mitre.org/data/definitions/264.html17.00.00.0
275CWE-275: Permission Issueshttp://cwe.mitre.org/data/definitions/275.html1.00.00.0
284CWE-264: Permissions, Privileges, and Access Controlshttp://cwe.mitre.org/data/definitions/284.html0.00.02.0
CWE-284: Improper Access Controlhttp://cwe.mitre.org/data/definitions/284.html38.01.028.0
CWE-284: Improper access controlhttp://cwe.mitre.org/data/definitions/284.html2.00.04.0
285CWE-285: Improper Authorizationhttp://cwe.mitre.org/data/definitions/285.html1.00.00.0
287CWE-287: Improper Authenticationhttp://cwe.mitre.org/data/definitions/287.html0.00.01.0
310CWE-310: Cryptographic Issueshttp://cwe.mitre.org/data/definitions/310.html2.01.04.0
345CWE-345: Insufficient Verification of Data Authenticityhttp://cwe.mitre.org/data/definitions/345.html0.00.01.0
352CWE-352: Cross-Site Request Forgery (CSRF)http://cwe.mitre.org/data/definitions/352.html0.00.01.0
358CWE-358: Improperly Implemented Security Check for Standardhttp://cwe.mitre.org/data/definitions/358.html1.00.00.0
362CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')http://cwe.mitre.org/data/definitions/362.html8.01.04.0
388CWE-388: Error Handlinghttp://cwe.mitre.org/data/definitions/388.html1.00.00.0
399CWE-399: Resource Management Errorshttp://cwe.mitre.org/data/definitions/399.html10.01.03.0
415CWE-415: Double Freehttp://cwe.mitre.org/data/definitions/415.html3.00.01.0
416CWE-416: Use After Freehttp://cwe.mitre.org/data/definitions/416.html12.00.05.0
Not definedhttp://cwe.mitre.org/data/definitions/416.html1.00.00.0
476CWE-476: NULL Pointer Dereferencehttp://cwe.mitre.org/data/definitions/476.html3.01.00.0
787CWE-787: Out-of-bounds Writehttp://cwe.mitre.org/data/definitions/787.html1.00.03.0
\n", "
" ], "text/plain": [ "Severity HIGH \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 1.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 1.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 3.0 \n", " CWE-19: Data Processing Errors http://cwe.mitre.org/data/definitions/19.html 1.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 51.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 1.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 154.0 \n", " CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/119.html 1.0 \n", " CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/119.html 1.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 1.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 1.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 4.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 23.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 11.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 5.0 \n", " CWE-200: Information exposure http://cwe.mitre.org/data/definitions/200.html 0.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 4.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n", "264 CWE-16: Configuration http://cwe.mitre.org/data/definitions/264.html 0.0 \n", " CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 416.0 \n", " CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 17.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 1.0 \n", "284 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/284.html 0.0 \n", " CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 38.0 \n", " CWE-284: Improper access control http://cwe.mitre.org/data/definitions/284.html 2.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 1.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 2.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 1.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 8.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 1.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 10.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 3.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 12.0 \n", " Not defined http://cwe.mitre.org/data/definitions/416.html 1.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 3.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 1.0 \n", "\n", "Severity LOW \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 0.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 0.0 \n", " CWE-19: Data Processing Errors http://cwe.mitre.org/data/definitions/19.html 0.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 0.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 0.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 1.0 \n", " CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/119.html 0.0 \n", " CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/119.html 0.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 0.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 0.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 0.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 0.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 56.0 \n", " CWE-200: Information exposure http://cwe.mitre.org/data/definitions/200.html 0.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 0.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n", "264 CWE-16: Configuration http://cwe.mitre.org/data/definitions/264.html 0.0 \n", " CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 4.0 \n", " CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 0.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n", "284 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/284.html 0.0 \n", " CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 1.0 \n", " CWE-284: Improper access control http://cwe.mitre.org/data/definitions/284.html 0.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 1.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 1.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 1.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 0.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 0.0 \n", " Not defined http://cwe.mitre.org/data/definitions/416.html 0.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 1.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 0.0 \n", "\n", "Severity MEDIUM \n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 2.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 5.0 \n", " CWE-19: Data Processing Errors http://cwe.mitre.org/data/definitions/19.html 0.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 21.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 1.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 16.0 \n", " CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/119.html 0.0 \n", " CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/119.html 0.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 6.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 4.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 1.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 135.0 \n", " CWE-200: Information exposure http://cwe.mitre.org/data/definitions/200.html 6.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 10.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 1.0 \n", "264 CWE-16: Configuration http://cwe.mitre.org/data/definitions/264.html 1.0 \n", " CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 81.0 \n", " CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 0.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n", "284 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/284.html 2.0 \n", " CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 28.0 \n", " CWE-284: Improper access control http://cwe.mitre.org/data/definitions/284.html 4.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 1.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 4.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 1.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 1.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 4.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 3.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 1.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 5.0 \n", " Not defined http://cwe.mitre.org/data/definitions/416.html 0.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 0.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 3.0 " ] }, "execution_count": 106, "metadata": {}, "output_type": "execute_result" } ], "source": [ "\n", "dfResult.columns = dfResult.columns.droplevel()\n", "dfResult" ] }, { "cell_type": "code", "execution_count": 109, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
SeverityHIGHLOWMEDIUM
cweCWE vulneratbility typelink
16CWE-16: Configurationhttp://cwe.mitre.org/data/definitions/16.html1.00.00.0
17CWE-17: Codehttp://cwe.mitre.org/data/definitions/17.html1.00.02.0
19CWE-19: Data Handlinghttp://cwe.mitre.org/data/definitions/19.html3.00.05.0
20CWE-20: Improper Input Validationhttp://cwe.mitre.org/data/definitions/20.html51.00.021.0
77CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')http://cwe.mitre.org/data/definitions/77.html0.00.01.0
89CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')http://cwe.mitre.org/data/definitions/89.html1.00.00.0
94CWE-94: Improper Control of Generation of Code ('Code Injection')http://cwe.mitre.org/data/definitions/94.html1.00.01.0
119CWE-119: Improper Restriction of Operations within the Bounds of a Memory Bufferhttp://cwe.mitre.org/data/definitions/119.html154.01.016.0
125CWE-125: Out-of-bounds Readhttp://cwe.mitre.org/data/definitions/125.html1.00.06.0
129CWE-129: Improper Validation of Array Indexhttp://cwe.mitre.org/data/definitions/129.html1.00.00.0
172CWE-172: Encoding Errorhttp://cwe.mitre.org/data/definitions/172.html4.00.00.0
189CWE-189: Numeric Errorshttp://cwe.mitre.org/data/definitions/189.html23.00.04.0
190CWE-190: Integer Overflow or Wraparoundhttp://cwe.mitre.org/data/definitions/190.html11.00.01.0
191CWE-191: Integer Underflow (Wrap or Wraparound)http://cwe.mitre.org/data/definitions/191.html1.00.01.0
200CWE-200: Information Exposurehttp://cwe.mitre.org/data/definitions/200.html5.056.0135.0
254CWE-254: Security Featureshttp://cwe.mitre.org/data/definitions/254.html4.00.010.0
255CWE-255: Credentials Managementhttp://cwe.mitre.org/data/definitions/255.html0.00.01.0
264CWE-264: Permissions, Privileges, and Access Controlshttp://cwe.mitre.org/data/definitions/264.html416.04.081.0
275CWE-275: Permission Issueshttp://cwe.mitre.org/data/definitions/275.html1.00.00.0
284CWE-284: Improper Access Controlhttp://cwe.mitre.org/data/definitions/284.html38.01.028.0
285CWE-285: Improper Authorizationhttp://cwe.mitre.org/data/definitions/285.html1.00.00.0
287CWE-287: Improper Authenticationhttp://cwe.mitre.org/data/definitions/287.html0.00.01.0
310CWE-310: Cryptographic Issueshttp://cwe.mitre.org/data/definitions/310.html2.01.04.0
345CWE-345: Insufficient Verification of Data Authenticityhttp://cwe.mitre.org/data/definitions/345.html0.00.01.0
352CWE-352: Cross-Site Request Forgery (CSRF)http://cwe.mitre.org/data/definitions/352.html0.00.01.0
358CWE-358: Improperly Implemented Security Check for Standardhttp://cwe.mitre.org/data/definitions/358.html1.00.00.0
362CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')http://cwe.mitre.org/data/definitions/362.html8.01.04.0
388CWE-388: Error Handlinghttp://cwe.mitre.org/data/definitions/388.html1.00.00.0
399CWE-399: Resource Management Errorshttp://cwe.mitre.org/data/definitions/399.html10.01.03.0
415CWE-415: Double Freehttp://cwe.mitre.org/data/definitions/415.html3.00.01.0
416CWE-416: Use After Freehttp://cwe.mitre.org/data/definitions/416.html12.00.05.0
476CWE-476: NULL Pointer Dereferencehttp://cwe.mitre.org/data/definitions/476.html3.01.00.0
787CWE-787: Out-of-bounds Writehttp://cwe.mitre.org/data/definitions/787.html1.00.03.0
\n", "
" ], "text/plain": [ "Severity HIGH \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 1.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 1.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 3.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 51.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 1.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 154.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 1.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 1.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 4.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 23.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 11.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 5.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 4.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 416.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 1.0 \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 38.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 1.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 2.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 1.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 8.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 1.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 10.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 3.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 12.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 3.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 1.0 \n", "\n", "Severity LOW \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 0.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 0.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 0.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 0.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 1.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 0.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 0.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 0.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 0.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 56.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 0.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 4.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 1.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 1.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 1.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 1.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 0.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 0.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 1.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 0.0 \n", "\n", "Severity MEDIUM \n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 2.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 5.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 21.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 1.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 16.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 6.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 4.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 1.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 135.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 10.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 1.0 \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 81.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 28.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 1.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 4.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 1.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 1.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 4.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 3.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 1.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 5.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 0.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 3.0 " ] }, "execution_count": 109, "metadata": {}, "output_type": "execute_result" } ], "source": [ "dfResult.index.values.tolist()\n", "dfResult = dfResult.reindex([(16,\n", " 'CWE-16: Configuration',\n", " 'http://cwe.mitre.org/data/definitions/16.html'),\n", " (17, 'CWE-17: Code', 'http://cwe.mitre.org/data/definitions/17.html'),\n", " (19,\n", " 'CWE-19: Data Handling',\n", " 'http://cwe.mitre.org/data/definitions/19.html'),\n", " (20,\n", " 'CWE-20: Improper Input Validation',\n", " 'http://cwe.mitre.org/data/definitions/20.html'),\n", " (77,\n", " \"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\",\n", " 'http://cwe.mitre.org/data/definitions/77.html'),\n", " (89,\n", " \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\",\n", " 'http://cwe.mitre.org/data/definitions/89.html'),\n", " (94,\n", " \"CWE-94: Improper Control of Generation of Code ('Code Injection')\",\n", " 'http://cwe.mitre.org/data/definitions/94.html'),\n", " (119,\n", " 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer',\n", " 'http://cwe.mitre.org/data/definitions/119.html'),\n", " (125,\n", " 'CWE-125: Out-of-bounds Read',\n", " 'http://cwe.mitre.org/data/definitions/125.html'),\n", " (129,\n", " 'CWE-129: Improper Validation of Array Index',\n", " 'http://cwe.mitre.org/data/definitions/129.html'),\n", " (172,\n", " 'CWE-172: Encoding Error',\n", " 'http://cwe.mitre.org/data/definitions/172.html'),\n", " (189,\n", " 'CWE-189: Numeric Errors',\n", " 'http://cwe.mitre.org/data/definitions/189.html'),\n", " (190,\n", " 'CWE-190: Integer Overflow or Wraparound',\n", " 'http://cwe.mitre.org/data/definitions/190.html'),\n", " (191,\n", " 'CWE-191: Integer Underflow (Wrap or Wraparound)',\n", " 'http://cwe.mitre.org/data/definitions/191.html'),\n", " (200,\n", " 'CWE-200: Information Exposure',\n", " 'http://cwe.mitre.org/data/definitions/200.html'),\n", " (254,\n", " 'CWE-254: Security Features',\n", " 'http://cwe.mitre.org/data/definitions/254.html'),\n", " (255,\n", " 'CWE-255: Credentials Management',\n", " 'http://cwe.mitre.org/data/definitions/255.html'),\n", " (264,\n", " 'CWE-264: Permissions, Privileges, and Access Controls',\n", " 'http://cwe.mitre.org/data/definitions/264.html'),\n", " (275,\n", " 'CWE-275: Permission Issues',\n", " 'http://cwe.mitre.org/data/definitions/275.html'),\n", " (284,\n", " 'CWE-284: Improper Access Control',\n", " 'http://cwe.mitre.org/data/definitions/284.html'),\n", " (285,\n", " 'CWE-285: Improper Authorization',\n", " 'http://cwe.mitre.org/data/definitions/285.html'),\n", " (287,\n", " 'CWE-287: Improper Authentication',\n", " 'http://cwe.mitre.org/data/definitions/287.html'),\n", " (310,\n", " 'CWE-310: Cryptographic Issues',\n", " 'http://cwe.mitre.org/data/definitions/310.html'),\n", " (345,\n", " 'CWE-345: Insufficient Verification of Data Authenticity',\n", " 'http://cwe.mitre.org/data/definitions/345.html'),\n", " (352,\n", " 'CWE-352: Cross-Site Request Forgery (CSRF)',\n", " 'http://cwe.mitre.org/data/definitions/352.html'),\n", " (358,\n", " 'CWE-358: Improperly Implemented Security Check for Standard',\n", " 'http://cwe.mitre.org/data/definitions/358.html'),\n", " (362,\n", " \"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')\",\n", " 'http://cwe.mitre.org/data/definitions/362.html'),\n", " (388,\n", " 'CWE-388: Error Handling',\n", " 'http://cwe.mitre.org/data/definitions/388.html'),\n", " (399,\n", " 'CWE-399: Resource Management Errors',\n", " 'http://cwe.mitre.org/data/definitions/399.html'),\n", " (415,\n", " 'CWE-415: Double Free',\n", " 'http://cwe.mitre.org/data/definitions/415.html'),\n", " (416,\n", " 'CWE-416: Use After Free',\n", " 'http://cwe.mitre.org/data/definitions/416.html'),\n", " (476,\n", " 'CWE-476: NULL Pointer Dereference',\n", " 'http://cwe.mitre.org/data/definitions/476.html'),\n", " (787,\n", " 'CWE-787: Out-of-bounds Write',\n", " 'http://cwe.mitre.org/data/definitions/787.html')])\n", "dfResult\n", " " ] }, { "cell_type": "code", "execution_count": 116, "metadata": {}, "outputs": [], "source": [ "index = dfResult.index.values.tolist()\n", "ids = [ x[0] for x in index]\n", "names = [x[1] for x in index]\n", "links = [x[2] for x in index]" ] }, { "cell_type": "code", "execution_count": 117, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
SeveritynamecwelinkLOWMEDIUMHIGH
cweCWE vulneratbility typelink
16CWE-16: Configurationhttp://cwe.mitre.org/data/definitions/16.htmlCWE-16: Configuration16http://cwe.mitre.org/data/definitions/16.html0.00.01.0
17CWE-17: Codehttp://cwe.mitre.org/data/definitions/17.htmlCWE-17: Code17http://cwe.mitre.org/data/definitions/17.html0.02.01.0
19CWE-19: Data Handlinghttp://cwe.mitre.org/data/definitions/19.htmlCWE-19: Data Handling19http://cwe.mitre.org/data/definitions/19.html0.05.03.0
20CWE-20: Improper Input Validationhttp://cwe.mitre.org/data/definitions/20.htmlCWE-20: Improper Input Validation20http://cwe.mitre.org/data/definitions/20.html0.021.051.0
77CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')http://cwe.mitre.org/data/definitions/77.htmlCWE-77: Improper Neutralization of Special Ele...77http://cwe.mitre.org/data/definitions/77.html0.01.00.0
89CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')http://cwe.mitre.org/data/definitions/89.htmlCWE-89: Improper Neutralization of Special Ele...89http://cwe.mitre.org/data/definitions/89.html0.00.01.0
94CWE-94: Improper Control of Generation of Code ('Code Injection')http://cwe.mitre.org/data/definitions/94.htmlCWE-94: Improper Control of Generation of Code...94http://cwe.mitre.org/data/definitions/94.html0.01.01.0
119CWE-119: Improper Restriction of Operations within the Bounds of a Memory Bufferhttp://cwe.mitre.org/data/definitions/119.htmlCWE-119: Improper Restriction of Operations wi...119http://cwe.mitre.org/data/definitions/119.html1.016.0154.0
125CWE-125: Out-of-bounds Readhttp://cwe.mitre.org/data/definitions/125.htmlCWE-125: Out-of-bounds Read125http://cwe.mitre.org/data/definitions/125.html0.06.01.0
129CWE-129: Improper Validation of Array Indexhttp://cwe.mitre.org/data/definitions/129.htmlCWE-129: Improper Validation of Array Index129http://cwe.mitre.org/data/definitions/129.html0.00.01.0
172CWE-172: Encoding Errorhttp://cwe.mitre.org/data/definitions/172.htmlCWE-172: Encoding Error172http://cwe.mitre.org/data/definitions/172.html0.00.04.0
189CWE-189: Numeric Errorshttp://cwe.mitre.org/data/definitions/189.htmlCWE-189: Numeric Errors189http://cwe.mitre.org/data/definitions/189.html0.04.023.0
190CWE-190: Integer Overflow or Wraparoundhttp://cwe.mitre.org/data/definitions/190.htmlCWE-190: Integer Overflow or Wraparound190http://cwe.mitre.org/data/definitions/190.html0.01.011.0
191CWE-191: Integer Underflow (Wrap or Wraparound)http://cwe.mitre.org/data/definitions/191.htmlCWE-191: Integer Underflow (Wrap or Wraparound)191http://cwe.mitre.org/data/definitions/191.html0.01.01.0
200CWE-200: Information Exposurehttp://cwe.mitre.org/data/definitions/200.htmlCWE-200: Information Exposure200http://cwe.mitre.org/data/definitions/200.html56.0135.05.0
254CWE-254: Security Featureshttp://cwe.mitre.org/data/definitions/254.htmlCWE-254: Security Features254http://cwe.mitre.org/data/definitions/254.html0.010.04.0
255CWE-255: Credentials Managementhttp://cwe.mitre.org/data/definitions/255.htmlCWE-255: Credentials Management255http://cwe.mitre.org/data/definitions/255.html0.01.00.0
264CWE-264: Permissions, Privileges, and Access Controlshttp://cwe.mitre.org/data/definitions/264.htmlCWE-264: Permissions, Privileges, and Access C...264http://cwe.mitre.org/data/definitions/264.html4.081.0416.0
275CWE-275: Permission Issueshttp://cwe.mitre.org/data/definitions/275.htmlCWE-275: Permission Issues275http://cwe.mitre.org/data/definitions/275.html0.00.01.0
284CWE-284: Improper Access Controlhttp://cwe.mitre.org/data/definitions/284.htmlCWE-284: Improper Access Control284http://cwe.mitre.org/data/definitions/284.html1.028.038.0
285CWE-285: Improper Authorizationhttp://cwe.mitre.org/data/definitions/285.htmlCWE-285: Improper Authorization285http://cwe.mitre.org/data/definitions/285.html0.00.01.0
287CWE-287: Improper Authenticationhttp://cwe.mitre.org/data/definitions/287.htmlCWE-287: Improper Authentication287http://cwe.mitre.org/data/definitions/287.html0.01.00.0
310CWE-310: Cryptographic Issueshttp://cwe.mitre.org/data/definitions/310.htmlCWE-310: Cryptographic Issues310http://cwe.mitre.org/data/definitions/310.html1.04.02.0
345CWE-345: Insufficient Verification of Data Authenticityhttp://cwe.mitre.org/data/definitions/345.htmlCWE-345: Insufficient Verification of Data Aut...345http://cwe.mitre.org/data/definitions/345.html0.01.00.0
352CWE-352: Cross-Site Request Forgery (CSRF)http://cwe.mitre.org/data/definitions/352.htmlCWE-352: Cross-Site Request Forgery (CSRF)352http://cwe.mitre.org/data/definitions/352.html0.01.00.0
358CWE-358: Improperly Implemented Security Check for Standardhttp://cwe.mitre.org/data/definitions/358.htmlCWE-358: Improperly Implemented Security Check...358http://cwe.mitre.org/data/definitions/358.html0.00.01.0
362CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')http://cwe.mitre.org/data/definitions/362.htmlCWE-362: Concurrent Execution using Shared Res...362http://cwe.mitre.org/data/definitions/362.html1.04.08.0
388CWE-388: Error Handlinghttp://cwe.mitre.org/data/definitions/388.htmlCWE-388: Error Handling388http://cwe.mitre.org/data/definitions/388.html0.00.01.0
399CWE-399: Resource Management Errorshttp://cwe.mitre.org/data/definitions/399.htmlCWE-399: Resource Management Errors399http://cwe.mitre.org/data/definitions/399.html1.03.010.0
415CWE-415: Double Freehttp://cwe.mitre.org/data/definitions/415.htmlCWE-415: Double Free415http://cwe.mitre.org/data/definitions/415.html0.01.03.0
416CWE-416: Use After Freehttp://cwe.mitre.org/data/definitions/416.htmlCWE-416: Use After Free416http://cwe.mitre.org/data/definitions/416.html0.05.012.0
476CWE-476: NULL Pointer Dereferencehttp://cwe.mitre.org/data/definitions/476.htmlCWE-476: NULL Pointer Dereference476http://cwe.mitre.org/data/definitions/476.html1.00.03.0
787CWE-787: Out-of-bounds Writehttp://cwe.mitre.org/data/definitions/787.htmlCWE-787: Out-of-bounds Write787http://cwe.mitre.org/data/definitions/787.html0.03.01.0
\n", "
" ], "text/plain": [ "Severity name \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html CWE-16: Configuration \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html CWE-17: Code \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html CWE-19: Data Handling \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html CWE-20: Improper Input Validation \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html CWE-77: Improper Neutralization of Special Ele... \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html CWE-89: Improper Neutralization of Special Ele... \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html CWE-94: Improper Control of Generation of Code... \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html CWE-119: Improper Restriction of Operations wi... \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html CWE-125: Out-of-bounds Read \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html CWE-129: Improper Validation of Array Index \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html CWE-172: Encoding Error \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html CWE-189: Numeric Errors \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html CWE-190: Integer Overflow or Wraparound \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html CWE-191: Integer Underflow (Wrap or Wraparound) \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html CWE-200: Information Exposure \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html CWE-254: Security Features \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html CWE-255: Credentials Management \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html CWE-264: Permissions, Privileges, and Access C... \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html CWE-275: Permission Issues \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html CWE-284: Improper Access Control \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html CWE-285: Improper Authorization \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html CWE-287: Improper Authentication \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html CWE-310: Cryptographic Issues \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html CWE-345: Insufficient Verification of Data Aut... \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html CWE-352: Cross-Site Request Forgery (CSRF) \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html CWE-358: Improperly Implemented Security Check... \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html CWE-362: Concurrent Execution using Shared Res... \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html CWE-388: Error Handling \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html CWE-399: Resource Management Errors \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html CWE-415: Double Free \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html CWE-416: Use After Free \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html CWE-476: NULL Pointer Dereference \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html CWE-787: Out-of-bounds Write \n", "\n", "Severity cwe \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 16 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 17 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 19 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 20 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 77 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 89 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 94 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 119 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 125 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 129 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 172 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 189 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 190 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 191 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 200 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 254 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 255 \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 264 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 275 \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 284 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 285 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 287 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 310 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 345 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 352 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 358 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 362 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 388 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 399 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 415 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 416 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 476 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 787 \n", "\n", "Severity link \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html http://cwe.mitre.org/data/definitions/16.html \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html http://cwe.mitre.org/data/definitions/17.html \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html http://cwe.mitre.org/data/definitions/19.html \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html http://cwe.mitre.org/data/definitions/20.html \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html http://cwe.mitre.org/data/definitions/77.html \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html http://cwe.mitre.org/data/definitions/89.html \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html http://cwe.mitre.org/data/definitions/94.html \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html http://cwe.mitre.org/data/definitions/119.html \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html http://cwe.mitre.org/data/definitions/125.html \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html http://cwe.mitre.org/data/definitions/129.html \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html http://cwe.mitre.org/data/definitions/172.html \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html http://cwe.mitre.org/data/definitions/189.html \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html http://cwe.mitre.org/data/definitions/190.html \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html http://cwe.mitre.org/data/definitions/191.html \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html http://cwe.mitre.org/data/definitions/200.html \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html http://cwe.mitre.org/data/definitions/254.html \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html http://cwe.mitre.org/data/definitions/255.html \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html http://cwe.mitre.org/data/definitions/264.html \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html http://cwe.mitre.org/data/definitions/275.html \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html http://cwe.mitre.org/data/definitions/284.html \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html http://cwe.mitre.org/data/definitions/285.html \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html http://cwe.mitre.org/data/definitions/287.html \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html http://cwe.mitre.org/data/definitions/310.html \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html http://cwe.mitre.org/data/definitions/345.html \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html http://cwe.mitre.org/data/definitions/352.html \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html http://cwe.mitre.org/data/definitions/358.html \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html http://cwe.mitre.org/data/definitions/362.html \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html http://cwe.mitre.org/data/definitions/388.html \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html http://cwe.mitre.org/data/definitions/399.html \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html http://cwe.mitre.org/data/definitions/415.html \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html http://cwe.mitre.org/data/definitions/416.html \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html http://cwe.mitre.org/data/definitions/476.html \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html http://cwe.mitre.org/data/definitions/787.html \n", "\n", "Severity LOW \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 0.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 0.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 0.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 0.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 1.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 0.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 0.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 0.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 0.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 56.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 0.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 4.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 1.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 1.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 1.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 1.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 0.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 0.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 1.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 0.0 \n", "\n", "Severity MEDIUM \\\n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 2.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 5.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 21.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 1.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 16.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 6.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 4.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 1.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 135.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 10.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 1.0 \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 81.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 28.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 1.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 4.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 1.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 1.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 4.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 3.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 1.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 5.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 0.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 3.0 \n", "\n", "Severity HIGH \n", "cwe CWE vulneratbility type link \n", "16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 1.0 \n", "17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 1.0 \n", "19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 3.0 \n", "20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 51.0 \n", "77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n", "89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 1.0 \n", "94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n", "119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 154.0 \n", "125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 1.0 \n", "129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 1.0 \n", "172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 4.0 \n", "189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 23.0 \n", "190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 11.0 \n", "191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n", "200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 5.0 \n", "254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 4.0 \n", "255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n", "264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 416.0 \n", "275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 1.0 \n", "284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 38.0 \n", "285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 1.0 \n", "287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n", "310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 2.0 \n", "345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n", "352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n", "358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 1.0 \n", "362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 8.0 \n", "388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 1.0 \n", "399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 10.0 \n", "415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 3.0 \n", "416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 12.0 \n", "476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 3.0 \n", "787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 1.0 " ] }, "execution_count": 117, "metadata": {}, "output_type": "execute_result" } ], "source": [ "#dfResult = dfResult.xs('one', level='second', axis=1)\n", "dfResult[\"cwe\"] = ids\n", "dfResult[\"name\"] = names\n", "dfResult[\"link\"] = links\n", "reindexiado = dfResult.reindex(columns=[\"name\", \"cwe\", \"link\", \"LOW\", \"MEDIUM\", \"HIGH\"])\n", "reindexiado" ] }, { "cell_type": "code", "execution_count": 118, "metadata": { "collapsed": true }, "outputs": [], "source": [ "reindexiado.to_csv(path_or_buf=\"vtbacEMSE.csv\", index=False)" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true }, "outputs": [], "source": [] } ], "metadata": { "kernelspec": { "display_name": "Python 3", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.6.3" } }, "nbformat": 4, "nbformat_minor": 2 }