PaloAltoNetworks · tsmithv11 · Oct 11, 2023 · Oct 17, 2023 · Oct 17, 2023
diff --git a/application-security/policy-reference/book.yml b/application-security/policy-reference/book.yml
diff --git a/...curity/policy-reference/sast-policies/java-policies/sast-java-policy-index.adoc b/...curity/policy-reference/sast-policies/java-policies/sast-java-policy-index.adoc
@@ -0,0 +1,338 @@
+== SAST Java Policy Index
+
+[width=85%]
+[cols="1,1,1"]
+|===
+|Policy|Checkov ID| Severity
+
+|xref:sast-policy-1.adoc[Improper neutralization of input during web page generation ('Cross-site Scripting')]
+|CKV3_SAST_1
+|LOW
+
+|xref:sast-policy-7.adoc[Improper neutralization of argument delimiters in a command ('Argument Injection')]
+|CKV3_SAST_7
+|HIGH
+
+|xref:sast-policy-8.adoc[Files or directories accessible to external parties]
+|CKV3_SAST_8
+|HIGH
+
+|xref:sast-policy-9.adoc[Improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')]
+|CKV3_SAST_9
+|MEDIUM
+
+|xref:sast-policy-12.adoc[Integrity of the data during transmission is not being verified]
+|CKV3_SAST_12
+|MEDIUM
+
+|xref:sast-policy-13.adoc[Unsafe custom MessageDigest is implemented]
+|CKV3_SAST_13
+|MEDIUM
+
+|xref:sast-policy-14.adoc[Unsafe use of Cross-Origin Resource Sharing (CORS)]
+|CKV3_SAST_14
+|MEDIUM
+
+|xref:sast-policy-15.adoc[Unsafe use of hazelcast symmetric encryption]
+|CKV3_SAST_15
+|LOW
+
+|xref:sast-policy-16.adoc[Cookie created without HttpOnly flag]
+|CKV3_SAST_16
+|LOW
+
+|xref:sast-policy-17.adoc[Unsafe DES algorithm used]
+|CKV3_SAST_17
+|MEDIUM
+
+|xref:sast-policy-18.adoc[Encryption keys with less than 128 bits]
+|CKV3_SAST_18
+|MEDIUM
+
+|xref:sast-policy-19.adoc[Cookie created without Secure flag set]
+|CKV3_SAST_19
+|LOW
+
+|xref:sast-policy-20.adoc[Cookie stored for an extended period of time]
+|CKV3_SAST_20
+|MEDIUM
+
+|xref:sast-policy-21.adoc[Cookie contains sensitive session info]
+|CKV3_SAST_21
+|HIGH
+
+|xref:sast-policy-22.adoc[Trust Boundary is Violated]
+|CKV3_SAST_22
+|LOW
+
+|xref:sast-policy-23.adoc[Security of REST web service is not analyzed]
+|CKV3_SAST_23
+|MEDIUM
+
+|xref:sast-policy-24.adoc[File Creation in Publicly Shared Directories]
+|CKV3_SAST_24
+|MEDIUM
+
+|xref:sast-policy-25.adoc[CSRF is Disabled]
+|CKV3_SAST_25
+|MEDIUM
+
+|xref:sast-policy-26.adoc[Authorization is not robust]
+|CKV3_SAST_26
+|MEDIUM
+
+|xref:sast-policy-43.adoc[Pathname input not restricted]
+|CKV3_SAST_43
+|MEDIUM
+
+|xref:sast-policy-44.adoc[File path not validated in file uploads]
+|CKV3_SAST_44
+|LOW
+
+|xref:sast-policy-45.adoc[Pathname not restricted in HTTP requests]
+|CKV3_SAST_45
+|MEDIUM
+
+|xref:sast-policy-46.adoc[File path not validated for file writes]
+|CKV3_SAST_46
+|MEDIUM
+
+|xref:sast-policy-47.adoc[Missing validation for paths when processing style sheets]
+|CKV3_SAST_47
+|HIGH
+
+|xref:sast-policy-48.adoc[Unrestricted directory for pathname construction from HTTP requests]
+|CKV3_SAST_48
+|MEDIUM
+
+|xref:sast-policy-49.adoc[Unrestricted pathnames from HTTP requests]
+|CKV3_SAST_49
+|HIGH
+
+|xref:sast-policy-102.adoc[Cleartext Transmission of Sensitive Information]
+|CKV3_SAST_102
+|MEDIUM
+
+|xref:sast-policy-103.adoc[Collapse of data into unsafe value]
+|CKV3_SAST_103
+|MEDIUM
+
+|xref:sast-policy-104.adoc[Cross-Site Request Forgery (CSRF)]
+|CKV3_SAST_104
+|MEDIUM
+
+|xref:sast-policy-105.adoc[Deserialization of untrusted data]
+|CKV3_SAST_105
+|MEDIUM
+
+|xref:sast-policy-106.adoc[Deserialization of Untrusted Data]
+|CKV3_SAST_106
+|MEDIUM
+
+|xref:sast-policy-107.adoc[External Control of System or Configuration Setting]
+|CKV3_SAST_107
+|HIGH
+
+|xref:sast-policy-108.adoc[External control of system or configuration setting]
+|CKV3_SAST_108
+|MEDIUM
+
+|xref:sast-policy-109.adoc[Improper authentication]
+|CKV3_SAST_109
+|MEDIUM
+
+|xref:sast-policy-110.adoc[Improper certificate validation]
+|CKV3_SAST_110
+|MEDIUM
+
+|xref:sast-policy-111.adoc[Improper certificate validation]
+|CKV3_SAST_111
+|MEDIUM
+
+|xref:sast-policy-112.adoc[Improper control of generation of code ('Code Injection')]
+|CKV3_SAST_112
+|HIGH
+
+|xref:sast-policy-113.adoc[Improper control of generation of code ('Code Injection')]
+|CKV3_SAST_113
+|HIGH
+
+|xref:sast-policy-114.adoc[Improper Handling of Unicode Encoding]
+|CKV3_SAST_114
+|HIGH
+
+|xref:sast-policy-115.adoc[Improper Input Validation]
+|CKV3_SAST_115
+|MEDIUM
+
+|xref:sast-policy-116.adoc[Improper Input Validation]
+|CKV3_SAST_116
+|HIGH
+
+|xref:sast-policy-117.adoc[Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')]
+|CKV3_SAST_117
+|HIGH
+
+|xref:sast-policy-118.adoc[Improper neutralization of CRLF sequences ('CRLF Injection')]
+|CKV3_SAST_118
+|HIGH
+
+|xref:sast-policy-119.adoc[Improper neutralization of data within XPath expressions ('XPath Injection')]
+|CKV3_SAST_119
+|HIGH
+
+|xref:sast-policy-120.adoc[Improper neutralization of CRLF sequences ('CRLF Injection')]
+|CKV3_SAST_120
+|HIGH
+
+|xref:sast-policy-121.adoc[Improper neutralization of special elements used in a command]
+|CKV3_SAST_121
+|HIGH
+
+|xref:sast-policy-122.adoc[Improper neutralization of special elements used in an expression language statement ('Expression Language Injection')]
+|CKV3_SAST_122
+|HIGH
+
+|xref:sast-policy-123.adoc[Improper neutralization of special elements used in an OS command ('OS Command Injection')]
+|CKV3_SAST_123
+|MEDIUM
+
+|xref:sast-policy-124.adoc[Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')]
+|CKV3_SAST_124
+|HIGH
+
+|xref:sast-policy-125.adoc[Utilizing a class that isn't primitive in Java RMI could lead to a vulnerability associated with insecure deserialization.]
+|CKV3_SAST_125
+|MEDIUM
+
+|xref:sast-policy-126.adoc[Improper privilege management]
+|CKV3_SAST_126
+|MEDIUM
+
+|xref:sast-policy-127.adoc[Improper restriction of XML external entity reference ('XXE')]
+|CKV3_SAST_127
+|HIGH
+
+|xref:sast-policy-128.adoc[Improper restriction of XML external entity reference ('XXE')]
+|CKV3_SAST_128
+|HIGH
+
+|xref:sast-policy-129.adoc[Improper validation of certificate with host mismatch]
+|CKV3_SAST_129
+|HIGH
+
+|xref:sast-policy-130.adoc[Inadequate encryption strength]
+|CKV3_SAST_130
+|MEDIUM
+
+|xref:sast-policy-131.adoc[Inadequate encryption strength]
+|CKV3_SAST_131
+|MEDIUM
+
+|xref:sast-policy-132.adoc[Inadequate encryption strength]
+|CKV3_SAST_132
+|MEDIUM
+
+|xref:sast-policy-133.adoc[Incorrect behavior order: validate before canonicalize]
+|CKV3_SAST_133
+|MEDIUM
+
+|xref:sast-policy-134.adoc[Incorrect permission assignment for critical resource]
+|CKV3_SAST_134
+|MEDIUM
+
+|xref:sast-policy-135.adoc[Incorrect Permission Assignment for Critical Resource]
+|CKV3_SAST_135
+|MEDIUM
+
+|xref:sast-policy-136.adoc[Incorrect type conversion or cast]
+|CKV3_SAST_136
+|MEDIUM
+
+|xref:sast-policy-137.adoc[Information exposure through an error message]
+|CKV3_SAST_137
+|MEDIUM
+
+|xref:sast-policy-138.adoc[Information exposure through an error message]
+|CKV3_SAST_138
+|MEDIUM
+
+|xref:sast-policy-139.adoc[Missing authentication for critical function (database)]
+|CKV3_SAST_139
+|MEDIUM
+
+|xref:sast-policy-140.adoc[Missing authentication for critical function (LDAP)]
+|CKV3_SAST_140
+|MEDIUM
+
+|xref:sast-policy-141.adoc[Permissive Cross-domain Policy with Untrusted Domains]
+|CKV3_SAST_141
+|HIGH
+
+|xref:sast-policy-142.adoc[Sensitive Cookie in HTTPS Session Without 'Secure' Attribute]
+|CKV3_SAST_142
+|MEDIUM
+
+|xref:sast-policy-143.adoc[Sensitive Cookie in HTTPS Session Without 'Secure' Attribute]
+|CKV3_SAST_143
+|MEDIUM
+
+|xref:sast-policy-144.adoc[Sensitive cookie without 'HttpOnly' flag]
+|CKV3_SAST_144
+|MEDIUM
+
+|xref:sast-policy-145.adoc[Server-Side Request Forgery (SSRF)]
+|CKV3_SAST_145
+|HIGH
+
+|xref:sast-policy-147.adoc[URL Redirection to Untrusted Site ('Open Redirect')]
+|CKV3_SAST_147
+|HIGH
+
+|xref:sast-policy-148.adoc[Use of a broken or risky cryptographic algorithm]
+|CKV3_SAST_148
+|HIGH
+
+|xref:sast-policy-149.adoc[Use of a broken or risky cryptographic algorithm (SHA1/MD5)]
+|CKV3_SAST_149
+|MEDIUM
+
+|xref:sast-policy-150.adoc[Use of externally-controlled format string]
+|CKV3_SAST_150
+|HIGH
+
+|xref:sast-policy-151.adoc[Unencrypted payload with JWT]
+|CKV3_SAST_151
+|MEDIUM
+
+|xref:sast-policy-155.adoc[Use of insufficiently random values]
+|CKV3_SAST_155
+|MEDIUM
+
+|xref:sast-policy-156.adoc[Use of RSA algorithm without OAEP]
+|CKV3_SAST_156
+|MEDIUM
+
+|xref:sast-policy-162.adoc[Permissive cross-domain policy with untrusted domains]
+|CKV3_SAST_162
+|MEDIUM
+
+|xref:sast-policy-163.adoc[Improper neutralization of special elements in output used by a downstream component ('Injection')]
+|CKV3_SAST_163
+|MEDIUM
+
+|xref:sast-policy-164.adoc[Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
+|CKV3_SAST_164
+|LOW
+
+|xref:sast-policy-165.adoc[Improper Neutralization of Special Elements in Data Query Logic]
+|CKV3_SAST_165
+|MEDIUM
+
+|xref:sast-policy-171.adoc[Expression injection (OGNL)]
+|CKV3_SAST_171
+|HIGH
+
+|xref:sast-policy-172.adoc[Improper neutralization of special elements used in an LDAP query ('LDAP Injection')]
+|CKV3_SAST_172
+|HIGH