Add Additional CWE mappings to MASWE

[cpholguera]

MASWE supports CWE mappings already:

https://github.com/search?q=repo%3AOWASP%2Fowasp-mastg%20%22cwe%3A%22&type=code

For example, in MASWE-0041:

mappings:
  masvs-v1: [MSTG-AUTH-1]
  masvs-v2: [MASVS-AUTH-2]
  cwe: [603, 307, 287]

Review the suggestions below and add the remaining missing mappings to the rest of the MASWE.

Discussed in #2857

^{Originally posted by poffo-mobisec August 2, 2024}
I love the introduction of Weaknesses in mobile security. It was missing and it is brilliant. But let's go straight to the point.

Nowadays most of enterprises have standardized systems and works with CWE.
Have you considered relate each MASWE to a CWE, to ease the risk management and company integration?

I think this could give a lot of extra value to the project, allowing MASWE to be very specific on mobile weaknesses but at the same time bring compatibility with nowadays market.

THE FOLLOWING CONTENT IS AI-GENERATED, so this work would absolutlely need a check, but it gives the idea of the result:

MASWE ID	MASWE Title	Relevant CWE ID	CWE Title
MASWE-0001	Insertion of Sensitive Data into Logs	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0002	Sensitive Data Stored With Insufficient Access Restrictions	CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
MASWE-0003	Sensitive Data Remains in App Backups	CWE-212	Improper Cross-boundary Removal of Sensitive Data
MASWE-0004	Unencrypted Sensitive Data Stored in Non-Volatile Memory	CWE-311	Missing Encryption of Sensitive Data
MASWE-0005	Insecure Data Storage in Shared Preferences	CWE-922	Insecure Storage of Sensitive Information
MASWE-0006	Insecure Data Storage in SQL Databases	CWE-312	Cleartext Storage of Sensitive Information
MASWE-0007	Insecure Data Storage in External Storage	CWE-922	Insecure Storage of Sensitive Information
MASWE-0008	Insecure Data Storage in Cloud Services	CWE-256	Unprotected Storage of Credentials
MASWE-0009	Insecure Data Storage in Cache	CWE-922	Insecure Storage of Sensitive Information
MASWE-0010	Insecure Data Storage in Clipboard	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0011	Sensitive Data in Application Memory	CWE-226	Sensitive Information in Data Storage Element
MASWE-0012	Sensitive Data in System Logs	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0013	Sensitive Data in Browser Cache	CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
MASWE-0014	Sensitive Data in WebView	CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
MASWE-0015	Sensitive Data in URL	CWE-598	Use of GET Request Method with Sensitive Query Strings
MASWE-0016	Lack of Data Protection During Transmission	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0017	Insecure Use of Cryptography	CWE-327	Use of a Broken or Risky Cryptographic Algorithm
MASWE-0018	Insecure Random Number Generation	CWE-338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
MASWE-0019	Missing Integrity Checks on Sensitive Data	CWE-354	Improper Validation of Integrity Check Value
MASWE-0020	Missing Confidentiality Protections	CWE-311	Missing Encryption of Sensitive Data
MASWE-0021	Sensitive Data in Logs	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0022	Missing Security Controls for Sensitive Data	CWE-284	Improper Access Control
MASWE-0023	Insecure Use of Hashing	CWE-327	Use of a Broken or Risky Cryptographic Algorithm
MASWE-0024	Unsecured External Communication	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0025	Insecure Data Storage in Memory	CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
MASWE-0026	Sensitive Data in Third-Party Services	CWE-295	Improper Certificate Validation
MASWE-0027	Insecure Data Transmission Using SMS	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0028	Sensitive Data in Keyboard Cache	CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
MASWE-0029	Insecure Data Storage in Keychain	CWE-312	Cleartext Storage of Sensitive Information
MASWE-0030	Insecure Data Storage in Shared Directory	CWE-922	Insecure Storage of Sensitive Information
MASWE-0031	Insecure Data Storage in Logs	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0032	Insecure Data Storage in Debugging Information	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0033	Insecure Data Storage in Crash Reports	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0034	Insecure Data Storage in System Logs	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0035	Insecure Data Storage in Third-Party Components	CWE-295	Improper Certificate Validation
MASWE-0036	Insecure Data Storage in Cloud Storage	CWE-256	Unprotected Storage of Credentials
MASWE-0037	Insecure Data Storage in App Sandboxes	CWE-922	Insecure Storage of Sensitive Information
MASWE-0038	Insecure Data Storage in Cookie Storage	CWE-315	Cleartext Storage of Sensitive Information in a Cookie
MASWE-0039	Insecure Data Storage in Web Storage	CWE-922	Insecure Storage of Sensitive Information
MASWE-0040	Insecure Data Storage in IndexedDB	CWE-922	Insecure Storage of Sensitive Information
MASWE-0041	Insecure Data Storage in LocalStorage	CWE-922	Insecure Storage of Sensitive Information
MASWE-0042	Insecure Data Storage in SessionStorage	CWE-922	Insecure Storage of Sensitive Information
MASWE-0043	Insecure Data Storage in FileSystem API	CWE-922	Insecure Storage of Sensitive Information
MASWE-0044	Insecure Data Storage in App Bundle	CWE-312	Cleartext Storage of Sensitive Information
MASWE-0045	Insecure Data Storage in Application Data	CWE-922	Insecure Storage of Sensitive Information
MASWE-0046	Insecure Data Storage in Application Code	CWE-312	Cleartext Storage of Sensitive Information
MASWE-0047	Insecure Data Storage in System Services	CWE-922	Insecure Storage of Sensitive Information
MASWE-0048	Insecure Data Storage in App Configuration	CWE-312	Cleartext Storage of Sensitive Information
MASWE-0049	Insecure Data Storage in Environment Variables	CWE-312	Cleartext Storage of Sensitive Information
MASWE-0050	Insecure Data Storage in Shared Objects	CWE-922	Insecure Storage of Sensitive Information
MASWE-0051	Insecure Data Storage in Shared Libraries	CWE-922	Insecure Storage of Sensitive Information
MASWE-0052	Insecure Data Storage in Shared Components	CWE-922	Insecure Storage of Sensitive Information
MASWE-0053	Insecure Data Storage in Shared Resources	CWE-922	Insecure Storage of Sensitive Information
MASWE-0054	Insecure Data Storage in Shared Applications	CWE-922	Insecure Storage of Sensitive Information
MASWE-0055	Insecure Data Storage in Shared Files	CWE-922	Insecure Storage of Sensitive Information
MASWE-0056	Insecure Data Storage in Shared Devices	CWE-922	Insecure Storage of Sensitive Information
MASWE-0057	Insecure Data Storage in Shared Network Storage	CWE-922	Insecure Storage of Sensitive Information
MASWE-0058	Insecure Data Storage in Shared Infrastructure	CWE-922	Insecure Storage of Sensitive Information
MASWE-0059	Insecure Data Storage in Shared Services	CWE-922	Insecure Storage of Sensitive Information
MASWE-0060	Insecure Data Storage in Shared Platforms	CWE-922	Insecure Storage of Sensitive Information
MASWE-0061	Insecure Data Storage in Shared Cloud Services	CWE-922	Insecure Storage of Sensitive Information
MASWE-0062	Insecure Data Storage in Shared Virtualization Platforms	CWE-922	Insecure Storage of Sensitive Information
MASWE-0063	Insecure Data Storage in Shared Containers	CWE-922	Insecure Storage of Sensitive Information
MASWE-0064	Insecure Data Storage in Shared Hosts	CWE-922	Insecure Storage of Sensitive Information
MASWE-0065	Insecure Data Storage in Shared Hypervisors	CWE-922	Insecure Storage of Sensitive Information
MASWE-0066	Insecure Data Storage in Shared Orchestration	CWE-922	Insecure Storage of Sensitive Information
MASWE-0067	Insecure Data Storage in Shared Configuration Management	CWE-922	Insecure Storage of Sensitive Information
MASWE-0068	Insecure Data Storage in Shared DevOps Pipelines	CWE-922	Insecure Storage of Sensitive Information
MASWE-0069	Insecure Data Storage in Shared CI/CD Tools	CWE-922	Insecure Storage of Sensitive Information
MASWE-0070	Insecure Data Storage in Shared Testing Environments	CWE-922	Insecure Storage of Sensitive Information
MASWE-0071	Insecure Data Storage in Shared Monitoring Tools	CWE-922	Insecure Storage of Sensitive Information
MASWE-0072	Insecure Data Storage in Shared Logging Services	CWE-922	Insecure Storage of Sensitive Information
MASWE-0073	Insecure Data Storage in Shared Security Tools	CWE-922	Insecure Storage of Sensitive Information
MASWE-0074	Insecure Data Storage in Shared Automation Tools	CWE-922	Insecure Storage of Sensitive Information
MASWE-0075	Insecure Data Storage in Shared Resource Management Tools	CWE-922	Insecure Storage of Sensitive Information
MASWE-0076	Dependencies with Known Vulnerabilities	CWE-1104	Use of Unmaintained Third-party Components
MASWE-0077	Running on a recent Platform Version Not Ensured	CWE-1105	Insufficient Software Version Update
MASWE-0078	Latest Platform Version Not Targeted	CWE-1105	Insufficient Software Version Update
MASWE-0079	App Runs on Jailbroken or Rooted Devices	CWE-862	Incorrect Authorization
MASWE-0080	App Runs on Emulator	CWE-325	Missing Cryptographic Step
MASWE-0081	Debugging Enabled	CWE-489	Active Debug Code
MASWE-0082	Developer Options Enabled	CWE-489	Active Debug Code
MASWE-0083	Unsafe Handling of Data From The User Interface	CWE-20	Improper Input Validation
MASWE-0084	Unsafe Handling of Data from IPC	CWE-20	Improper Input Validation
MASWE-0085	Insecure Inter-Process Communication	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0086	SQL Injection	CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
MASWE-0087	Insecure Parsing and Escaping	CWE-116	Improper Encoding or Escaping of Output
MASWE-0088	Insecure Object Deserialization	CWE-502	Deserialization of Untrusted Data
MASWE-0089	Improper Certificate Validation	CWE-295	Improper Certificate Validation
MASWE-0090	Improper Use of Platform APIs	CWE-749	Exposed Dangerous Method or Function
MASWE-0091	Sensitive Data in Logs	CWE-532	Insertion of Sensitive Information into Log File
MASWE-0092	Insecure Data Storage in External Devices	CWE-922	Insecure Storage of Sensitive Information
MASWE-0093	Sensitive Data in Backup Files	CWE-212	Improper Cross-boundary Removal of Sensitive Data
MASWE-0094	Insecure Data Transmission Using Insecure Protocols	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0095	Insecure Use of Third-party Libraries	CWE-1104	Use of Unmaintained Third-party Components
MASWE-0096	Unencrypted Sensitive Data Stored in Volatile Memory	CWE-311	Missing Encryption of Sensitive Data
MASWE-0097	Insecure Data Transmission Using Push Notifications	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0098	Insecure Data Transmission Using Email	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0099	Insecure Data Transmission Using Third-party Services	CWE-319	Cleartext Transmission of Sensitive Information
MASWE-0100	Insecure Data Storage in Temporary Files	CWE-922	Insecure Storage of Sensitive Information
MASWE-0101	Insecure Data Storage in Local Databases	CWE-312	Cleartext Storage of Sensitive Information
MASWE-0102	Sensitive Data in Memory Dumps	CWE-226	Sensitive Information in Data Storage Element
MASWE-0103	Insecure Data Storage in Shared Drives	CWE-922	Insecure Storage of Sensitive Information
MASWE-0104	App Integrity Not Verified	CWE-353	Missing Support for Integrity Check
MASWE-0105	Integrity of App Resources Not Verified	CWE-353	Missing Support for Integrity Check
MASWE-0106	Official Store Verification Not Implemented	CWE-353	Missing Support for Integrity Check
MASWE-0107	Runtime Code Integrity Not Verified	CWE-353	Missing Support for Integrity Check
MASWE-0108	Sensitive Data in Network Traffic	CWE-319	Cleartext Transmission of Sensitive Information

[cpholguera]

Assigned to @poffo-mobisec. Expected: September 2024