Supported CWEs
Here are the following CWEs supported, that you can specify as an argument to --query when using src/iris.py.
cwe-022wLLM- CWE-022 (Path Traversal)cwe-078wLLM- CWE-078 (OS Command Injection)cwe-079wLLM- CWE-079 (Cross-Site Scripting)cwe-089wLLM- CWE-089 (SQL Injection)cwe-094wLLM- CWE-094 (Code Injection)cwe-295wLLM- CWE-295 (Improper Certificate Validation)cwe-352wLLM- CWE-352 (Cross-Site Request Forgery)cwe-502wLLM- CWE-502 (Deserialization of Untrusted Data)cwe-611wLLM- CWE-611 (Improper Restriction of XML External Entity Reference)cwe-807wLLM- CWE-807 (Reliance on Untrusted Inputs in a Security Decision)cwe-918wLLM- CWE-918 (Server-Side Request Forgery)