fix(SnykReader): fix incorrect mapping of cwe-1004 to cwe-614

OWASP-Benchmark / BenchmarkUtils

OWASP Benchmark Project Utilities - Provides scorecard generation and crawling tools for Benchmark style test suites.

https://owasp.org/www-project-benchmark/

GNU General Public License v3.0

13 stars 48 forks source link

fix(SnykReader): fix incorrect mapping of cwe-1004 to cwe-614 #49

Closed avihayoun closed 1 year ago

avihayoun commented 1 year ago

Snyk's "WebCookieMissesCallToSetHttpOnly" rule id corresponds to cwe-1004, not to cwe-614, as the mapping to 'CweNumber.INSECURE_COOKIE' would suggest.

davewichers commented 1 year ago

You are correct, it was mapped wrong. Thanks for the fix.