From 5d3b4d7ecd5506ec08fc3b9f20ea37b78f81d1b1 Mon Sep 17 00:00:00 2001
From: Riccardo Poffo <truerick@hotmail.it>
Date: Thu, 13 Feb 2025 14:48:14 +0100
Subject: [PATCH] Update CWE mapping on MASWE elements of MASVS-PLATFORM

---
 weaknesses/MASVS-PLATFORM/MASWE-0058.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0059.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0060.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0061.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0062.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0063.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0064.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0065.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0066.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0067.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0068.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0069.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0070.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0071.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0072.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0073.md | 1 +
 weaknesses/MASVS-PLATFORM/MASWE-0074.md | 1 +
 17 files changed, 17 insertions(+)

diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0058.md b/weaknesses/MASVS-PLATFORM/MASWE-0058.md
index 6f789eb935..ae7150f2a0 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0058.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0058.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-PLATFORM-3]
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-2, MASVS-CODE-4]
+  cwe: [939, 917]
 
 draft:
   description: e.g. use of URL Custom Schemes, unverified AppLinks/Universal Links,
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0059.md b/weaknesses/MASVS-PLATFORM/MASWE-0059.md
index 72d60efd9d..9c5e8561ac 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0059.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0059.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L1, L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-2]
+  cwe: [287]
 
 draft:
   description: e.g. (ab)using the clipboard or using localhost server for IPC
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0060.md b/weaknesses/MASVS-PLATFORM/MASWE-0060.md
index 544ecddc3b..539dd438a4 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0060.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0060.md
@@ -6,6 +6,7 @@ platform: [ios]
 profiles: [L1, L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-2]
+  cwe: [285, 358]
 
 draft:
   description: e.g. data (items) being shared, custom activities, excluded activity
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0061.md b/weaknesses/MASVS-PLATFORM/MASWE-0061.md
index a60b0b2b39..c0b51437f9 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0061.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0061.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-PLATFORM-11]
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-2]
+  cwe: [200, 276]
 
 draft:
   description: restricting use of certain extensions
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0062.md b/weaknesses/MASVS-PLATFORM/MASWE-0062.md
index f869ac1c67..27022fa8f5 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0062.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0062.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-PLATFORM-4]
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-2]
+  cwe: [926]
 
 refs:
 - https://developer.android.com/privacy-and-security/security-tips#Services
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0063.md b/weaknesses/MASVS-PLATFORM/MASWE-0063.md
index 0d56e023a2..38b321749b 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0063.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0063.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-PLATFORM-4]
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-2]
+  cwe: [925]
 
 refs:
 - https://developer.android.com/guide/components/broadcasts#security-and-best-practices
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0064.md b/weaknesses/MASVS-PLATFORM/MASWE-0064.md
index 75e7f52f5a..57617c7133 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0064.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0064.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-STORAGE-6]
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-1]
+  cwe: [926]
 
 refs:
 - https://developer.android.com/topic/security/risks/content-resolver
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0065.md b/weaknesses/MASVS-PLATFORM/MASWE-0065.md
index 1a940804e9..7f704098c3 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0065.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0065.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-STORAGE-6]
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-1]
+  cwe: [200, 276, 732]
 
 refs:
 - https://developer.android.com/topic/security/risks/content-resolver
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0066.md b/weaknesses/MASVS-PLATFORM/MASWE-0066.md
index 65776c40e1..4a0e2e5055 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0066.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0066.md
@@ -6,6 +6,7 @@ platform: [android]
 profiles: [L1, L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-1, MASVS-STORAGE-2]
+  cwe: [927]
 
 refs:
 - https://support.google.com/faqs/answer/9267555?hl=en
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0067.md b/weaknesses/MASVS-PLATFORM/MASWE-0067.md
index 765ae18f91..98dcfac9a2 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0067.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0067.md
@@ -7,6 +7,7 @@ profiles: [R]
 mappings:
   masvs-v1: [MSTG-RESILIENCE-2]
   masvs-v2: [MASVS-PLATFORM-1, MASVS-RESILIENCE-4]
+  cwe: [489]
 
 refs:
 - https://developer.android.com/topic/security/risks/android-debuggable
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0068.md b/weaknesses/MASVS-PLATFORM/MASWE-0068.md
index 08d5d6350e..e26713e539 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0068.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0068.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-PLATFORM-7]
   masvs-v2: [MASVS-PLATFORM-2, MASVS-STORAGE-2]
+  cwe: [749, 94]
 
 refs:
 - https://support.google.com/faqs/answer/9095419
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0069.md b/weaknesses/MASVS-PLATFORM/MASWE-0069.md
index 1e679b920a..3bd4c3b357 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0069.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0069.md
@@ -7,6 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-PLATFORM-6]
   masvs-v2: [MASVS-PLATFORM-2, MASVS-STORAGE-2]
+  cwe: [200, 22]
 
 draft:
   description: use of setAllowFileAccessFromFileURLs. Mitigations include setAllowFileAccess(false),
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0070.md b/weaknesses/MASVS-PLATFORM/MASWE-0070.md
index 1364a51391..f650b3943e 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0070.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0070.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L1, L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-2, MASVS-CODE-4]
+  cwe: [79, 20, 829]
 
 draft:
   description: e.g. not validating the source of the JavaScript code
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0071.md b/weaknesses/MASVS-PLATFORM/MASWE-0071.md
index ad7813fafa..299b9e17c2 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0071.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0071.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L1, L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-2, MASVS-CODE-4]
+  cwe: [601]
 
 draft:
   description: WebView objects shouldn't load URLs from untrusted sources. Also, your
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0072.md b/weaknesses/MASVS-PLATFORM/MASWE-0072.md
index 49f59121ef..a414ccf06d 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0072.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0072.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L1, L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-2, MASVS-CODE-4]
+  cwe: [79]
 
 refs:
 - https://hackerone.com/reports/532836
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0073.md b/weaknesses/MASVS-PLATFORM/MASWE-0073.md
index 42bcc78500..378b0b0016 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0073.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0073.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-2, MASVS-CODE-4]
+  cwe: [79, 200]
 
 refs:
 - https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/
diff --git a/weaknesses/MASVS-PLATFORM/MASWE-0074.md b/weaknesses/MASVS-PLATFORM/MASWE-0074.md
index 77535dcee1..a785a6ff68 100644
--- a/weaknesses/MASVS-PLATFORM/MASWE-0074.md
+++ b/weaknesses/MASVS-PLATFORM/MASWE-0074.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-PLATFORM-2, MASVS-RESILIENCE-4]
+  cwe: [489]
 
 refs:
 - https://developer.android.com/reference/android/webkit/WebView#setWebContentsDebuggingEnabled(boolean)