Merge pull request #6153 from kingthorin/cwe-8714

ascanrulesBeta: Replace usage of CWE-200

Author: thc202

addOns/ascanrulesBeta/CHANGELOG.md

@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
-
+### Changed
+- Replace usage of CWE-200 for the Insecure HTTP Method scan rule (Issue 8714).
 
 ## [57] - 2025-01-15
 ### Changed

addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java

@@ -336,7 +336,7 @@ public int getRisk() {
 
     @Override
     public int getCweId() {
-        return 200; // Information Exposure (primarily via TRACK / TRACE)
+        return 749; // CWE-749: Exposed Dangerous Method or Function
     }
 
     @Override

addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRuleUnitTest.java

@@ -114,7 +114,7 @@ void shouldReturnExpectedMappings() {
         int wasc = rule.getWascId();
         Map<String, String> tags = rule.getAlertTags();
         // Then
-        assertThat(cwe, is(equalTo(200)));
+        assertThat(cwe, is(equalTo(749)));
         assertThat(wasc, is(equalTo(45)));
         assertThat(tags.size(), is(equalTo(5)));
         assertThat(