-
-
Notifications
You must be signed in to change notification settings - Fork 2
Vulnerability Class Index
A curated, persistent reference of the vulnerability classes most likely to hide real bugs in
each kind of software. It lives in argo/data/vuln_index.yaml and is injected into the
recon stage as reference β "use the relevant ones, do not
limit yourself to them" β and surfaced in the web UI's Vuln index page. It
complements, never replaces the model's own dynamic discovery.
Once recon has classified the target's archetype, the matching
section below is what gets folded into the generated audit prompts as an "also consider these"
checklist. Each entry is a {CWE, class, where it tends to hide} triple. It is 9 archetype
groups, 64 entries β reproduced here so contributors can see and improve the exact reference
without reading the YAML.
This is advisory context, not an allowlist. A finding outside these classes is just as valid β the index exists to raise recall on the expected classes for weaker models and to keep coverage consistent across runs, not to cap what the audit looks for.
| CWE | Class | Where it hides |
|---|---|---|
| CWE-89 | SQL / NoSQL injection | unparameterized queries, ORM raw fragments, search/filter passthrough |
| CWE-79 | XSS (stored / reflected / DOM) | template auto-escaping bypass, rich-text/markdown sanitizer gaps |
| CWE-639 | IDOR / BOLA | object access by client-supplied id without an ownership check |
| CWE-862 | Missing function-level authz | state-changing endpoints lacking a policy/role check |
| CWE-918 | SSRF | user-controlled URL reaching an outbound HTTP client / metadata |
| CWE-915 | Mass assignment | binding request bodies straight onto models (privilege fields) |
| CWE-22 | Path traversal / file access | user input in file paths, upload handlers, template includes |
| CWE-502 | Insecure deserialization | native serializers on untrusted input |
| CWE-384 | Auth / session flaws | reset/invite tokens, fixation, SameSite/cookie prefix, JWT alg |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-94 | Placeholder / format-string injection | user text re-entering the host placeholder/template engine |
| CWE-77 | Command dispatch to host | config/user-driven commands run as console/host with privilege |
| CWE-862 | Permission-node / capability bypass | missing or inverted host permission checks; offline-mode identity |
| CWE-502 | Unsafe config/YAML deserialization | non-safe SnakeYAML/pickle constructors on any non-trusted document |
| CWE-306 | Unauthenticated cross-instance protocol | hand-rolled socket/IPC with weak/no auth, plaintext, no integrity |
| CWE-1333 | ReDoS in config-compiled regex | blacklist/anti-spam/url filters run on user input |
| CWE-494 | Runtime download supply chain | fetching jars/plugins validated by weak hash / no signature |
| CWE-200 | Secret leak via debug/diagnostics | status dumps exposing tokens/keys not masked |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-1188 | Insecure default | a footgun default (verification off, permissive parser) a caller inherits |
| CWE-502 | Deserialization / parsing | parsers that instantiate types or recurse on hostile input |
| CWE-1333 | ReDoS / algorithmic complexity | regexes and parsers with super-linear worst case on attacker input |
| CWE-787 | Memory safety (native libs) | OOB read/write, integer over/underflow, UAF/double-free on attacker-controlled length/offset/count |
| CWE-327 | Crypto misuse | weak primitives, static IV/nonce, non-constant-time comparison |
| CWE-326 | Weak/short MAC or key | truncated auth tags, short/hardcoded/zero-default keys, MAC not covering all bytes, weak KDF |
| CWE-294 | Missing replay/freshness | authenticated messages with no counter/nonce/timestamp; sender-elected integrity that fails open |
| CWE-89 | Injection passthrough | helpers that build queries/commands/paths from caller data unsanitized |
| CWE-400 | Resource exhaustion | unbounded allocation/recursion from a size/count field |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-787 | Out-of-bounds write | memcpy/array-index from attacker-controlled length/offset/count in a frame/packet parser |
| CWE-125 | Out-of-bounds read | reading header/length fields before validating the minimum frame size |
| CWE-190 | Integer overflow / underflow | signed/unsigned & width-truncation in length/offset math; size_t underflow on length - header
|
| CWE-416 | Use-after-free / double-free | packet/buffer-pool lifecycle β free-then-use, double-ownership, refcount errors |
| CWE-306 | Unauthenticated management surface | reserved/management commands (reboot, memory peek/poke, route/clock set) with no auth |
| CWE-330 | Predictable / weak randomness | sequence numbers, nonces, tokens from rand()/clock seeds instead of a CSPRNG |
| CWE-770 | Resource / connection exhaustion | fixed connection pools, half-open state, shared static queues exhausted by unauthenticated frames |
| CWE-294 | Protocol replay / weak integrity | CRC-as-trust, missing replay window, truncated/uncovered MAC, sender-elected integrity that fails open |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-78 | OS command / argument injection | argv/env/config interpolated into a shell or exec |
| CWE-22 | Path traversal / symlink | user paths, archive extraction (zip-slip), temp-file races |
| CWE-269 | Privilege / setuid issues | dropping privileges incorrectly, world-writable install paths |
| CWE-494 | Insecure update mechanism | unsigned/over-HTTP updates, no integrity on downloaded code |
| CWE-312 | Local secret storage | credentials/tokens in plaintext config or logs |
| CWE-502 | Local-file deserialization | loading project/state files that can execute code |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-77 | Prompt injection (direct/indirect) | untrusted content steering tool use; data exfil via tool outputs |
| CWE-94 | Unsafe tool invocation | tool args derived from model/untrusted text reaching code-exec/shell |
| CWE-829 | Untrusted tool-output feedback | tool results re-entering context and being trusted as instructions |
| CWE-693 | Sandbox / permission escape | tools that can read/write/network beyond the intended boundary |
| CWE-200 | Secret exposure to the model | keys/PII placed in the prompt or reachable via a tool |
| CWE-918 | SSRF via tools | fetch/browse tools with attacker-influenced URLs |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-312 | Insecure local storage | secrets/PII in shared prefs, plists, unencrypted DB |
| CWE-927 | Exported component / IPC | exported activities/services/receivers, intent redirection |
| CWE-939 | Deeplink / URL-scheme hijack | unvalidated deeplink params driving sensitive actions |
| CWE-749 | WebView / JS bridge |
addJavascriptInterface exposure, file:// access, mixed content |
| CWE-295 | Improper cert validation | disabled pinning / trust-all managers |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-502 | Model / pickle deserialization | loading model/checkpoint/notebook files that execute code |
| CWE-94 | UDF / notebook code execution | user-supplied transforms/expressions evaluated unsandboxed |
| CWE-89 | Query / pipeline injection | dynamic SQL/SparkSQL/templating in ETL steps |
| CWE-918 | SSRF in data fetch | ingesting from attacker-influenced URLs/paths |
| CWE-1395 | Model/dataset supply chain | untrusted weights/datasets pulled without integrity |
| CWE | Class | Where it hides |
|---|---|---|
| CWE-200 | Sensitive-data exposure | secrets/PII via logs, errors, debug dumps, verbose responses |
| CWE-285 | Improper authorization | checks declared but not enforced on every path |
| CWE-20 | Improper input validation | missing length/type/allow-list before a sink |
| CWE-400 | Resource exhaustion / DoS | unbounded allocation/recursion/connection from an attacker-controlled size/count; census every untrusted-driven collection |
| CWE-248 | Panic / abort DoS (memory-safe) | unwrap/expect/unreachable/index/overflow/parse reachable from untrusted input; census every panic point |
| CWE-532 | Secrets in logs / sinks | passwords/tokens/keys/SASL written to logs, telemetry, errors, caches, crash reports |
| CWE-489 | Leftover debug / test code | backdoors, hard-coded credentials, debug endpoints |
| CWE-1104 | Outdated / vulnerable deps | pinned versions with known advisories (cross-referenced by the SCA stage) |
- The coverage checklist and variant census turn several of these classes (resource exhaustion, panic census, memory-safety, insecure-defaults/fail-open) into deterministic, code-injected lenses that can't be dropped by the recon model's focus choices.
- The
CWE-1104outdated-deps class is what the SCA stage automates β reading dependency manifests and flagging pinned versions with known advisories as adependenciesfocus. - CWEs assigned here flow all the way to the dedup key and the benchmark's CWE-sliced precision/recall.
- Archetype-Driven Prompts β how the archetype is classified and how this index is injected.
- Glossary & FAQ β definitions of archetype, focus, carve-out, etc.