Class AttackVulnerability

Namespace
Kuestenlogik.Bowire.Security
Assembly
Kuestenlogik.Bowire.dll

Identifying + classification metadata for a vulnerability template. Attached to a BowireRecording via its Vulnerability field when the recording is being used as a security-test probe rather than as a mock-server fixture.

public sealed class AttackVulnerability
Inheritance
AttackVulnerability
Inherited Members

Remarks

Every field except Id is optional. Cwe follows the CWE-NNN shorthand; OwaspApi the API1-2023-BOLA shorthand used by the OWASP API Security Top 10. Cvss is the CVSS 3.1 base score (0.0..10.0) — left null when the template author hasn't scored it.

Constructors

AttackVulnerability() 

public AttackVulnerability()

Properties

Authors

Author handles — display names or GitHub usernames.

[JsonPropertyName("authors")]
public IList<string> Authors { get; init; }

Property Value

IList<string>

Cve

CVE entries this template covers, when applicable. Empty for templates that probe a general weakness pattern not pinned to a specific CVE.

[JsonPropertyName("cve")]
public IList<string> Cve { get; init; }

Property Value

IList<string>

Cvss

CVSS 3.1 base score (0.0..10.0), optional.

[JsonPropertyName("cvss")]
public double? Cvss { get; set; }

Property Value

double?

Cwe

CWE classification — single entry in CWE-NNN form.

[JsonPropertyName("cwe")]
public string? Cwe { get; set; }

Property Value

string

Id

Stable identifier for the template — typically the BWR-PROTOCOL-NNN convention the public vulndb uses. Required.

[JsonPropertyName("id")]
public string Id { get; set; }

Property Value

string

Introduced

ISO-8601 date the template was first published (YYYY-MM-DD).

[JsonPropertyName("introduced")]
public string? Introduced { get; set; }

Property Value

string

OwaspApi

OWASP API Security Top 10 entry, e.g. API1-2023-BOLA.

[JsonPropertyName("owaspApi")]
public string? OwaspApi { get; set; }

Property Value

string

Protocols

Protocols this template applies to — e.g. grpc, rest, graphql, odata, signalr, websocket, mqtt, socketio, sse, grpc-web.

[JsonPropertyName("protocols")]
public IList<string> Protocols { get; init; }

Property Value

IList<string>

References

External references — links to NVD entries, vendor advisories, blog posts.

[JsonPropertyName("references")]
public IList<string> References { get; init; }

Property Value

IList<string>

Remediation

Free-form remediation guidance — Markdown-friendly multi-line text. Surfaced in the scanner's finding output and in any HTML report.

[JsonPropertyName("remediation")]
public string? Remediation { get; set; }

Property Value

string

Severity

Severity bucket — one of low, medium, high, critical. Drives default filtering in bowire scan (--severity high excludes low+medium).

[JsonPropertyName("severity")]
public string Severity { get; set; }

Property Value

string