@@ -99,8 +99,8 @@ private TestCaseResult parseBurpVulnerability(Node issue) {
9999
100100 return null ;
101101 }
102- // https://portswigger.net/burp/help/scanner_issuetypes.html - This page lists all the issue types Burp
103- // looks for, and their customer ID #'s. There are more on this page. The following primarily lists those
102+ // https://portswigger.net/kb/issues - This page lists all the issue types Burp looks for, and their
103+ // customer ID #'s. There are more on this page. The following primarily lists those
104104 // that are currently relevant in the Benchmark.
105105 private int translate (String id ) {
106106 switch (id ) {
@@ -116,41 +116,25 @@ private int translate(String id) {
116116 case "2097920" : return 79 ; // Reflected XSS
117117 case "2097936" : return 79 ; // DOM-Based XSS (Probably want separate ID for this in the future)
118118 case "2098944" : return 352 ; // CSRF Vulnerability
119+ case "3146240" : return 918 ; // External service interaction (DNS)
119120 case "4194560" : return 9999 ; // Referer Dependent Response
120121 case "4194576" : return 9999 ; // X-Forwarded-For header dependency
122+ case "4197376" : return 20 ; // Input returned in response (reflected)
123+ case "4197632" : return 20 ; // Suspicious input transformation (reflected)
121124 case "5243392" : return 614 ; // SSL cookie without secure flag set
122125 case "5244416" : return 9998 ; // Cookie without HttpOnly flag set - There is no CWE defined for this weakness
123126 case "5245344" : return 8888 ; // Clickjacking - There is no CWE # for this.
127+ case "5245360" : return 16 ; // Browser cross-site scripting filter disabled
128+ case "5245952" : return 9999 ; // Ajax request header manipulation (DOM-based) - Map to nothing right now.
124129 case "5247488" : return 9999 ; // DOM Trust Boundary Violation - Map to nothing right now.
125130 case "6291968" : return 200 ; // Information Disclosure - Email Address Disclosed
126131 case "6292736" : return 200 ; // Information Disclosure - Credit Card # Disclosed
127132 case "7340288" : return 525 ; // Information Exposure Through Browser Caching-Cacheable HTTPS Response
128133 case "8389120" : return 9999 ; // HTML doesn't specify character set - Don't care. Map to nothing.
129134 case "8389632" : return 9999 ; // Incorrect Content Type - Don't care. Map to nothing right now.
130- case "8389888" : return 16 ; // Content type is not specified
131- case "5245360" : return 16 ; // Browser cross-site scripting filter disabled
132- case "4197632" : return 20 ; // Suspicious input transformation (reflected)
133- case "4197376" : return 20 ; // Input returned in response (reflected)
134- case "3146240" : return 918 ; // External service interaction (DNS)
135+ case "8389888" : return 16 ; // Content type is not specified
135136
136- // case "Build Misconfiguration" : return 00;
137- // case "Cookie Security" : return 614;
138- // case "Dead Code" : return 00;
139- // case "Denial of Service" : return 00;
140- // case "Header Manipulation" : return 113;
141- // case "Insecure Randomness" : return 330;
142- // case "J2EE Bad Practices" : return 00;
143- // case "Missing Check against Null" : return 00;
144- // case "Null Dereference" : return 00;
145- // case "Password Management" : return 00;
146- // case "Poor Error Handling" : return 00;
147- // case "Poor Logging Practice" : return 00;
148- // case "Poor Style" : return 00;
149- // case "Resource Injection" : return 00;
150- // case "System Information Leak" : return 00;
151137 // case "Trust Boundary Violation" : return 501;
152- // case "Unreleased Resource" : return 00;
153- // case "Unsafe Reflection" : return 00;
154138 // case "Weak Cryptographic Hash" : return 328;
155139 // case "Weak Encryption" : return 327;
156140 } // end switch(id)
0 commit comments