Coverage Matrix - Vulnerability Categories
This table lists the vulnerability categories DryRun Security can detect with the Code Review Agent. CWE mappings below are examples to help readers anchor each category to common weakness definitions.
We are always adding features and capabilities, and this list is updated accordingly.
| Category | Description | Example CWE links |
|---|---|---|
| API Query Injection | Improper handling of user-controlled input in API queries that allows attackers to manipulate backend queries or filters. | CWE-943 (opens in a new tab) CWE-74 (opens in a new tab) |
| Authentication Bypass | Flaws that allow users to bypass authentication mechanisms and gain access without valid credentials. | CWE-287 (opens in a new tab) CWE-306 (opens in a new tab) |
| Missing Authorization Checks | Endpoints or functions that fail to enforce authorization, allowing users to access resources they should not. | CWE-862 (opens in a new tab) |
| Business Logic Flaw | Errors in application logic that can be abused to gain unintended outcomes, even when traditional security controls are in place. | CWE-840 (opens in a new tab) |
| Cache Poisoning | Manipulation of cache entries to serve malicious or incorrect content to other users. | CWE-444 (opens in a new tab) CWE-113 (opens in a new tab) |
| Configuration Injection | Injection of untrusted input into configuration files, environment variables, or runtime settings. | CWE-15 (opens in a new tab) CWE-20 (opens in a new tab) |
| Cryptographic Weakness | Use of weak, broken, or outdated cryptographic algorithms, keys, or practices. | CWE-327 (opens in a new tab) CWE-326 (opens in a new tab) |
| Cross-Site Request Forgery (CSRF) | Actions performed on behalf of an authenticated user without their consent due to missing or weak CSRF protections. | CWE-352 (opens in a new tab) |
| CSV Injection | Injection of spreadsheet formulas into CSV exports that execute when opened in spreadsheet software. | CWE-1236 (opens in a new tab) |
| Email Header Injection | Manipulation of email headers through unsanitized input, potentially enabling spam or phishing attacks. | CWE-93 (opens in a new tab) |
| Excessive Privileges | Users, services, or tokens granted more permissions than required for their intended function. | CWE-250 (opens in a new tab) CWE-269 (opens in a new tab) |
| Hardcoded Credentials | Credentials such as passwords, API keys, or tokens embedded directly in source code. | CWE-798 (opens in a new tab) CWE-259 (opens in a new tab) |
| HTTP Header Injection | Injection of malicious content into HTTP headers due to improper input validation. | CWE-113 (opens in a new tab) CWE-93 (opens in a new tab) |
| Insecure Direct Object Reference (IDOR) | Direct access to internal objects using user-controlled identifiers without proper authorization checks. | CWE-639 (opens in a new tab) CWE-284 (opens in a new tab) |
| Information Disclosure | Exposure of sensitive data such as secrets, internal paths, stack traces, or system details. | CWE-200 (opens in a new tab) CWE-209 (opens in a new tab) |
| Insecure Client Storage | Sensitive data stored insecurely on the client side, such as in local storage or cookies. | CWE-922 (opens in a new tab) CWE-312 (opens in a new tab) |
| Insecure Defaults | Unsafe default configurations that weaken security if not explicitly changed. | CWE-276 (opens in a new tab) CWE-1188 (opens in a new tab) |
| Insecure Deserialization | Deserializing untrusted data in a way that allows code execution or data manipulation. | CWE-502 (opens in a new tab) |
| Insecure File Upload | File upload functionality that allows malicious files or unrestricted file types. | CWE-434 (opens in a new tab) |
| Insecure Transport | Use of unencrypted or improperly secured network communication channels. | CWE-319 (opens in a new tab) CWE-295 (opens in a new tab) |
| Intent Redirection | Unvalidated or unsafe redirection logic that can be abused to send users to unintended destinations specifically in mobile applications. | CWE-601 (opens in a new tab) |
| Language Version Risk | Use of outdated or unsupported programming language versions with known security issues. | CWE-1104 (opens in a new tab) |
| LLM Tool Misuse | Unsafe or unintended use of large language model tools, including insecure prompt handling or tool invocation. | CWE-20 (opens in a new tab) CWE-74 (opens in a new tab) CWE-1426 (opens in a new tab) |
| Log Injection | Injection of untrusted input into logs that can mislead monitoring systems or hide malicious activity. | CWE-117 (opens in a new tab) |
| Mass Assignment | Automatic binding of user input to object properties without restricting sensitive fields. | CWE-915 (opens in a new tab) |
| Memory Safety Issue | Unsafe memory operations that can lead to crashes, data corruption, or code execution. | CWE-119 (opens in a new tab) CWE-787 (opens in a new tab) CWE-416 (opens in a new tab) |
| Network Exposure | Unintended exposure of internal services, ports, or network resources. | CWE-668 (opens in a new tab) |
| Open CORS Policy | Overly permissive Cross-Origin Resource Sharing policies that allow unintended access. | CWE-942 (opens in a new tab) |
| Open Redirect | Redirects that accept untrusted input, enabling phishing or malicious redirection attacks. | CWE-601 (opens in a new tab) |
| Path Traversal | Manipulation of file paths to access files or directories outside the intended scope. | CWE-22 (opens in a new tab) |
| Privilege Escalation | Flaws that allow users or processes to gain higher privileges than intended. | CWE-269 (opens in a new tab) CWE-284 (opens in a new tab) |
| Prompt Injection | Manipulation of LLM prompts that alters behavior, bypasses safeguards, or leaks sensitive data. | CWE-77 (opens in a new tab) CWE-74 (opens in a new tab) CWE-913 (opens in a new tab) CWE-1427 (opens in a new tab) |
| Prototype Pollution | Modification of object prototypes that can impact application logic or security. | CWE-1321 (opens in a new tab) |
| Remote Code Execution (RCE) | Flaws that allow attackers to execute arbitrary code on the host system. | CWE-94 (opens in a new tab) CWE-78 (opens in a new tab) |
| Resource Exhaustion | Operations that can be abused to consume excessive CPU, memory, or other resources. | CWE-400 (opens in a new tab) |
| SQL Injection (SQLi) | Injection of malicious SQL queries through unsanitized input. | CWE-89 (opens in a new tab) |
| Server-Side Request Forgery (SSRF) | Ability to make server-side requests to internal or unintended external resources. | CWE-918 (opens in a new tab) |
| Subdomain Takeover | Dangling or misconfigured subdomains that can be claimed by attackers, as defined by Infrastructure as Code (IaC). | CWE-668 (opens in a new tab) CWE-284 (opens in a new tab) |
| Supply Chain Risk | Risks introduced through third-party libraries, dependencies, or external services. | CWE-1104 (opens in a new tab) CWE-829 (opens in a new tab) |
| Terminal Escape Injection | Injection of terminal control characters that can manipulate terminal output or behavior. | CWE-150 (opens in a new tab) CWE-74 (opens in a new tab) |
| Time-of-Check Time-of-Use (TOCTOU) | Race conditions where system state changes between validation and use. | CWE-367 (opens in a new tab) |
| Timing Side Channel | Information leakage through measurable differences in execution time. | CWE-208 (opens in a new tab) |
| UI Spoofing | User interface elements designed to deceive users into taking unintended actions. | CWE-451 (opens in a new tab) |
| User Enumeration | Ability to determine valid users based on application responses. | CWE-203 (opens in a new tab) CWE-204 (opens in a new tab) |
| Vulnerable Dependency | Use of third-party dependencies with known security vulnerabilities. | CWE-937 (opens in a new tab) CWE-1104 (opens in a new tab) |
| XML Injection | Injection of malicious XML content that alters processing or behavior. | CWE-91 (opens in a new tab) |
| Cross-Site Scripting (XSS) | Injection of malicious scripts that execute in a user’s browser. | CWE-79 (opens in a new tab) |
| XML External Entity (XXE) | XML parsing vulnerabilities that allow access to internal files or services. | CWE-611 (opens in a new tab) |