test_id,category,test_name,attack_type,severity,protocol,payload,expected_behavior,detection_method,mitigation,cvss_score,cwe_id,passed,notes
1,authentication,brute_force_password,credential_stuffing,high,CHAT,"{""attempts"": 1000, ""delay_ms"": 0}",rate_limited,attempt_counter,lockout_after_5_attempts,7.5,CWE-307,true,"Rapid password attempts"
2,authentication,dictionary_attack,credential_stuffing,high,CHAT,"{""wordlist"": ""rockyou.txt"", ""attempts"": 10000}",rate_limited,pattern_detection,progressive_delay,7.5,CWE-307,true,"Dictionary-based attack"
3,authentication,credential_replay,replay_attack,high,CHAT,"{""captured_auth"": true, ""replay_count"": 5}",rejected,nonce_validation,timestamp_nonce,8.1,CWE-294,true,"Replayed authentication"
4,authentication,session_fixation,session_attack,high,CHAT,"{""fixed_session"": ""abc123""}",rejected,session_regeneration,new_session_on_auth,7.1,CWE-384,true,"Fixed session token"
5,authentication,session_hijacking,session_attack,critical,CHAT,"{""stolen_token"": true, ""different_ip"": true}",rejected,ip_binding,multi_factor_verification,9.1,CWE-384,true,"Session token theft"
6,authentication,timing_attack,side_channel,medium,CHAT,"{""measure_response_time"": true, ""samples"": 1000}",constant_time_response,timing_analysis,constant_time_comparison,5.3,CWE-208,true,"Response timing analysis"
7,authentication,empty_password,input_validation,medium,CHAT,"{""username"": ""admin"", ""password"": """"}",rejected,input_validation,require_non_empty,5.3,CWE-521,true,"Empty password attempt"
8,authentication,null_byte_username,input_validation,high,CHAT,"{""username"": ""admin\\x00attacker""}",rejected,input_sanitization,filter_null_bytes,7.5,CWE-626,true,"Null byte injection"
9,authentication,unicode_normalization,input_validation,medium,CHAT,"{""username"": ""admin\\u200b""}",normalized,unicode_handling,normalize_before_compare,5.3,CWE-179,true,"Unicode normalization bypass"
10,authentication,case_sensitivity,logic_flaw,low,CHAT,"{""username"": ""Admin"", ""password"": ""correct""}",case_handled,case_normalization,consistent_case_handling,3.7,CWE-178,true,"Case sensitivity check"
11,encryption,downgrade_tls10,protocol_downgrade,high,TLS,"{""force_version"": ""TLS1.0""}",rejected,version_check,minimum_tls12,7.4,CWE-757,true,"TLS 1.0 downgrade attempt"
12,encryption,downgrade_ssl3,protocol_downgrade,critical,TLS,"{""force_version"": ""SSL3.0""}",rejected,version_check,disable_ssl3,9.1,CWE-757,true,"SSL 3.0 downgrade attempt"
13,encryption,weak_cipher,cipher_weakness,high,TLS,"{""cipher"": ""RC4-MD5""}",rejected,cipher_check,strong_cipher_only,7.4,CWE-327,true,"Weak cipher suite"
14,encryption,null_cipher,cipher_weakness,critical,TLS,"{""cipher"": ""NULL-SHA""}",rejected,cipher_check,no_null_cipher,9.8,CWE-327,true,"Null cipher attempt"
15,encryption,certificate_mismatch,certificate_attack,high,TLS,"{""hostname"": ""evil.com"", ""cert"": ""legitimate.com""}",rejected,hostname_verify,strict_verification,7.4,CWE-295,true,"Certificate hostname mismatch"
16,encryption,expired_certificate,certificate_attack,high,TLS,"{""cert"": ""expired""}",rejected,expiry_check,reject_expired,7.4,CWE-295,true,"Expired certificate"
17,encryption,self_signed,certificate_attack,medium,TLS,"{""cert"": ""self_signed""}",rejected,chain_verify,require_ca_signed,6.5,CWE-295,true,"Self-signed certificate"
18,encryption,key_reuse,cryptographic,medium,TLS,"{""nonce_reuse"": true}",detected,nonce_tracking,unique_nonces,6.5,CWE-323,true,"Nonce/IV reuse"
19,encryption,padding_oracle,cryptographic,high,CHAT,"{""padding_attack"": true, ""samples"": 256}",no_leak,constant_time,authenticated_encryption,7.5,CWE-649,true,"Padding oracle attack"
20,encryption,mitm_attempt,mitm,critical,TLS,"{""intercept"": true}",detected,certificate_pinning,pin_certificates,9.1,CWE-300,true,"Man-in-the-middle"
21,injection,sql_username,sql_injection,critical,CHAT,"{""username"": ""admin'--""}",rejected,input_validation,parameterized_queries,9.8,CWE-89,true,"SQL injection in username"
22,injection,sql_message,sql_injection,critical,CHAT,"{""content"": ""'; DROP TABLE users;--""}",rejected,input_validation,parameterized_queries,9.8,CWE-89,true,"SQL injection in message"
23,injection,xss_script,xss,high,CHAT,"{""content"": ""<script>alert(1)</script>""}",sanitized,output_encoding,html_escape,7.1,CWE-79,true,"XSS script injection"
24,injection,xss_img,xss,high,CHAT,"{""content"": ""<img src=x onerror=alert(1)>""}",sanitized,output_encoding,html_escape,7.1,CWE-79,true,"XSS via img tag"
25,injection,xss_svg,xss,high,CHAT,"{""content"": ""<svg onload=alert(1)>""}",sanitized,output_encoding,html_escape,7.1,CWE-79,true,"XSS via SVG"
26,injection,command_injection,command_injection,critical,CHAT,"{""filename"": ""; rm -rf /""}",rejected,input_validation,whitelist_chars,9.8,CWE-78,true,"OS command injection"
27,injection,path_traversal,path_traversal,high,CHAT,"{""path"": ""../../../etc/passwd""}",rejected,path_validation,canonicalize_path,7.5,CWE-22,true,"Directory traversal"
28,injection,ldap_injection,ldap_injection,high,CHAT,"{""username"": ""*)(uid=*))(|(uid=*""}",rejected,input_validation,escape_ldap,7.5,CWE-90,true,"LDAP injection"
29,injection,log_injection,log_injection,medium,CHAT,"{""username"": ""user\\nINFO: Admin logged in""}",sanitized,log_sanitization,escape_newlines,5.3,CWE-117,true,"Log injection"
30,injection,header_injection,http_injection,high,CHAT,"{""header"": ""X-Custom: value\\r\\nX-Injected: evil""}",rejected,header_validation,single_line_headers,7.5,CWE-113,true,"HTTP header injection"
31,dos,connection_flood,resource_exhaustion,high,TCP,"{""connections_per_sec"": 10000, ""duration_s"": 60}",rate_limited,connection_rate,max_conn_per_ip,7.5,CWE-400,true,"Connection flood attack"
32,dos,slowloris,slow_attack,high,TCP,"{""slow_headers"": true, ""connections"": 1000}",timeout_kill,timeout_monitoring,aggressive_timeouts,7.5,CWE-400,true,"Slowloris attack"
33,dos,syn_flood,protocol_attack,high,TCP,"{""syn_only"": true, ""rate"": 100000}",handled,syn_cookies,enable_syn_cookies,7.5,CWE-400,true,"SYN flood attack"
34,dos,large_message,resource_exhaustion,medium,CHAT,"{""size_mb"": 100}",rejected,size_limit,max_message_size,5.3,CWE-400,true,"Oversized message"
35,dos,message_flood,resource_exhaustion,high,CHAT,"{""messages_per_sec"": 10000, ""duration_s"": 60}",rate_limited,message_rate,per_user_rate_limit,7.5,CWE-400,true,"Message flood attack"
36,dos,room_flood,resource_exhaustion,medium,CHAT,"{""rooms_created"": 10000}",rate_limited,creation_rate,room_creation_limit,5.3,CWE-400,true,"Room creation flood"
37,dos,decompression_bomb,resource_exhaustion,high,CHAT,"{""compressed_size"": 1024, ""decompressed_size"": 1073741824}",rejected,ratio_check,max_compression_ratio,7.5,CWE-409,true,"Zip bomb"
38,dos,regex_dos,algorithmic,medium,CHAT,"{""pattern"": ""(a+)+$"", ""input"": ""aaaaaaaaaaaaaaaaaaaaaaaaaaa!""}",timeout,regex_timeout,bounded_regex,5.3,CWE-1333,true,"ReDoS attack"
39,dos,hash_collision,algorithmic,medium,CHAT,"{""collision_inputs"": 10000}",handled,collision_resistant,use_siphash,5.3,CWE-407,true,"Hash collision DoS"
40,dos,memory_exhaustion,resource_exhaustion,high,CHAT,"{""allocate_per_conn_mb"": 100, ""connections"": 1000}",limited,memory_limit,per_conn_memory_limit,7.5,CWE-400,true,"Memory exhaustion"
41,protocol,malformed_header,protocol_violation,medium,CHAT,"{""header"": ""corrupted""}",rejected,header_validation,strict_parsing,5.3,CWE-20,true,"Malformed message header"
42,protocol,invalid_magic,protocol_violation,medium,CHAT,"{""magic"": 0xDEADBEEF}",rejected,magic_check,verify_magic_number,5.3,CWE-20,true,"Invalid magic number"
43,protocol,version_overflow,integer_overflow,high,CHAT,"{""version"": 4294967296}",rejected,bounds_check,validate_range,7.5,CWE-190,true,"Version field overflow"
44,protocol,length_overflow,integer_overflow,critical,CHAT,"{""length"": 4294967295, ""actual"": 100}",rejected,length_verify,check_actual_length,9.8,CWE-190,true,"Length field overflow"
45,protocol,negative_length,integer_underflow,critical,CHAT,"{""length"": -1}",rejected,signed_check,use_unsigned_length,9.8,CWE-191,true,"Negative length value"
46,protocol,sequence_wrap,protocol_violation,medium,CHAT,"{""sequence"": 4294967295, ""next"": 0}",handled,wrap_detection,handle_sequence_wrap,5.3,CWE-682,true,"Sequence number wrap"
47,protocol,duplicate_message,replay_attack,medium,CHAT,"{""msg_id"": 12345, ""replay"": true}",rejected,duplicate_check,message_id_tracking,5.3,CWE-294,true,"Duplicate message replay"
48,protocol,out_of_order,protocol_violation,low,CHAT,"{""expected_seq"": 10, ""received_seq"": 15}",handled,reorder_buffer,sequence_reordering,3.7,CWE-696,true,"Out-of-order messages"
49,protocol,incomplete_message,protocol_violation,low,CHAT,"{""expected_len"": 1024, ""received_len"": 512}",buffered,fragmentation,reassembly_buffer,3.7,CWE-20,true,"Incomplete message"
50,protocol,extra_data,protocol_violation,low,CHAT,"{""expected_len"": 100, ""received_len"": 200}",truncated,length_enforce,ignore_extra_data,3.7,CWE-20,true,"Extra trailing data"
51,buffer,stack_overflow,memory_corruption,critical,CHAT,"{""overflow_stack"": true, ""size"": 65536}",rejected,stack_guard,stack_canaries,9.8,CWE-121,true,"Stack buffer overflow"
52,buffer,heap_overflow,memory_corruption,critical,CHAT,"{""overflow_heap"": true, ""size"": 65536}",rejected,heap_guard,bounds_checking,9.8,CWE-122,true,"Heap buffer overflow"
53,buffer,use_after_free,memory_corruption,critical,CHAT,"{""freed_ptr"": true}",crash_prevented,memory_sanitizer,safe_memory_management,9.8,CWE-416,true,"Use after free"
54,buffer,double_free,memory_corruption,critical,CHAT,"{""double_free"": true}",crash_prevented,allocation_tracking,smart_pointers,9.8,CWE-415,true,"Double free"
55,buffer,null_deref,memory_corruption,high,CHAT,"{""null_ptr"": true}",crash_prevented,null_check,validate_pointers,7.5,CWE-476,true,"Null pointer dereference"
56,buffer,format_string,memory_corruption,critical,CHAT,"{""content"": ""%s%s%s%s%s""}",sanitized,format_validation,no_user_format,9.8,CWE-134,true,"Format string attack"
57,buffer,off_by_one,memory_corruption,high,CHAT,"{""boundary"": ""exact+1""}",prevented,bounds_check,careful_indexing,7.5,CWE-193,true,"Off-by-one error"
58,buffer,integer_truncation,memory_corruption,high,CHAT,"{""value"": 4294967296, ""truncate_to"": ""uint32""}",handled,safe_cast,explicit_range_check,7.5,CWE-197,true,"Integer truncation"
59,buffer,uninitialized_read,information_leak,medium,CHAT,"{""read_uninitialized"": true}",prevented,memory_init,zero_initialize,5.3,CWE-908,true,"Uninitialized memory read"
60,buffer,read_beyond_bounds,information_leak,high,CHAT,"{""read_past_buffer"": true}",prevented,bounds_check,array_bounds_checking,7.5,CWE-125,true,"Out-of-bounds read"
61,information,error_disclosure,information_leak,medium,CHAT,"{""trigger_error"": true}",generic_error,error_handling,sanitize_errors,5.3,CWE-209,true,"Detailed error messages"
62,information,stack_trace_leak,information_leak,medium,CHAT,"{""cause_exception"": true}",hidden,exception_handling,no_stack_in_response,5.3,CWE-209,true,"Stack trace in response"
63,information,version_disclosure,information_leak,low,CHAT,"{""query_version"": true}",minimal_info,version_hiding,generic_server_id,3.7,CWE-200,true,"Server version disclosure"
64,information,user_enumeration,information_leak,medium,CHAT,"{""check_username"": ""admin""}",consistent_response,timing_analysis,constant_time_check,5.3,CWE-203,true,"Username enumeration"
65,information,timing_leak,information_leak,medium,CHAT,"{""measure_auth_time"": true}",constant_time,timing_analysis,constant_time_compare,5.3,CWE-208,true,"Authentication timing"
66,information,memory_leak,information_leak,high,CHAT,"{""heartbleed_style"": true}",prevented,bounds_check,validate_length,7.5,CWE-126,true,"Memory content leak"
67,information,debug_endpoint,information_leak,high,CHAT,"{""access"": ""/debug""}",rejected,access_control,disable_debug,7.5,CWE-489,true,"Debug endpoint exposed"
68,information,source_disclosure,information_leak,medium,CHAT,"{""request"": ""/src/main.cpp""}",rejected,access_control,no_source_serving,5.3,CWE-540,true,"Source code disclosure"
69,information,config_exposure,information_leak,high,CHAT,"{""request"": ""/config.json""}",rejected,access_control,protect_config,7.5,CWE-200,true,"Configuration exposure"
70,information,log_exposure,information_leak,high,CHAT,"{""request"": ""/logs/server.log""}",rejected,access_control,protect_logs,7.5,CWE-532,true,"Log file exposure"
71,race,toctou,race_condition,high,CHAT,"{""check_use_delay_ms"": 100}",atomic_operation,atomic_checks,atomic_operations,7.0,CWE-367,true,"Time-of-check time-of-use"
72,race,double_spend,race_condition,high,CHAT,"{""concurrent_operations"": 2, ""same_resource"": true}",prevented,locking,database_transactions,7.0,CWE-362,true,"Double operation race"
73,race,auth_race,race_condition,high,CHAT,"{""concurrent_auth"": 10}",serialized,auth_lock,serialize_auth,7.0,CWE-362,true,"Authentication race"
74,race,session_race,race_condition,medium,CHAT,"{""concurrent_session_ops"": 10}",handled,session_lock,mutex_protection,5.9,CWE-362,true,"Session operation race"
75,race,counter_race,race_condition,medium,CHAT,"{""increment_concurrent"": 100}",atomic_increment,atomic_ops,use_atomic_types,5.9,CWE-362,true,"Counter increment race"
76,privilege,horizontal_priv_esc,authorization,high,CHAT,"{""access_other_user_data"": true, ""user_id"": 54321}",rejected,authz_check,verify_ownership,7.5,CWE-639,true,"Access other user's data"
77,privilege,vertical_priv_esc,authorization,critical,CHAT,"{""become_admin"": true}",rejected,role_check,strict_role_validation,9.8,CWE-269,true,"Become administrator"
78,privilege,insecure_direct_ref,authorization,high,CHAT,"{""direct_room_id"": 999, ""not_member"": true}",rejected,membership_check,validate_membership,7.5,CWE-639,true,"Direct object reference"
79,privilege,missing_authz,authorization,high,CHAT,"{""admin_action"": true, ""not_admin"": true}",rejected,permission_check,require_admin_role,7.5,CWE-862,true,"Missing authorization"
80,privilege,role_manipulation,authorization,critical,CHAT,"{""set_role"": ""admin""}",rejected,role_validation,server_side_roles,9.8,CWE-269,true,"Role parameter tampering"
81,network,ip_spoofing,spoofing,medium,TCP,"{""spoofed_ip"": ""192.168.1.1""}",detected,ip_validation,tcp_handshake,5.3,CWE-290,true,"IP address spoofing"
82,network,arp_spoofing,spoofing,high,ETHERNET,"{""arp_spoof"": true}",detected,arp_inspection,static_arp_or_vpn,7.4,CWE-290,true,"ARP spoofing"
83,network,dns_spoofing,spoofing,high,DNS,"{""dns_spoof"": true}",detected,dnssec,use_dnssec,7.4,CWE-350,true,"DNS spoofing"
84,network,port_scan,reconnaissance,low,TCP,"{""scan_ports"": true}",logged,port_scan_detection,rate_limit_new_conn,3.7,CWE-200,true,"Port scanning"
85,network,connection_reset,disruption,medium,TCP,"{""rst_injection"": true}",handled,connection_tracking,tcp_sequence_validation,5.3,CWE-940,true,"TCP reset injection"
86,network,icmp_flood,dos,medium,ICMP,"{""icmp_flood"": true}",rate_limited,icmp_rate,limit_icmp,5.3,CWE-400,true,"ICMP flood"
87,network,fragmentation_attack,protocol_attack,high,IP,"{""overlapping_fragments"": true}",handled,fragment_reassembly,drop_overlapping,7.5,CWE-20,true,"IP fragmentation attack"
88,network,amplification,dos,high,UDP,"{""amplification_factor"": 100}",prevented,response_limiting,no_amplification,7.5,CWE-406,true,"Amplification attack"
89,compliance,weak_hash,cryptographic,high,CHAT,"{""hash"": ""md5""}",rejected,hash_check,use_sha256_plus,7.5,CWE-328,true,"Weak hash algorithm"
90,compliance,short_key,cryptographic,high,CHAT,"{""key_bits"": 512}",rejected,key_length_check,minimum_2048_rsa,7.5,CWE-326,true,"Short encryption key"
91,compliance,predictable_random,cryptographic,high,CHAT,"{""prng"": ""rand()""}",improved,random_quality,use_csprng,7.5,CWE-330,true,"Weak random number"
92,compliance,hardcoded_secret,credential_management,critical,CHAT,"{""secret"": ""hardcoded_in_source""}",removed,code_review,use_env_vars,9.8,CWE-798,true,"Hardcoded credential"
93,compliance,insecure_storage,credential_management,high,CHAT,"{""storage"": ""plaintext_file""}",encrypted,storage_check,encrypted_storage,7.5,CWE-256,true,"Insecure credential storage"
94,compliance,missing_encryption,data_protection,high,CHAT,"{""transmission"": ""plaintext""}",encrypted,traffic_analysis,require_tls,7.5,CWE-319,true,"Unencrypted transmission"
95,compliance,missing_integrity,data_protection,high,CHAT,"{""no_mac"": true}",added,integrity_check,add_hmac,7.5,CWE-353,true,"Missing integrity check"
96,compliance,audit_bypass,logging,medium,CHAT,"{""bypass_logging"": true}",logged,audit_enforcement,mandatory_logging,5.3,CWE-778,true,"Audit log bypass"
97,compliance,pii_exposure,privacy,high,CHAT,"{""log_pii"": true}",masked,log_review,mask_sensitive_data,7.5,CWE-359,true,"PII in logs"
98,compliance,session_not_invalidate,session_management,medium,CHAT,"{""logout_no_invalidate"": true}",invalidated,session_check,proper_logout,5.3,CWE-613,true,"Session not invalidated"
99,compliance,long_session,session_management,medium,CHAT,"{""session_hours"": 720}",limited,expiry_check,reasonable_expiry,5.3,CWE-613,true,"Excessive session length"
100,compliance,no_rate_limit,access_control,medium,CHAT,"{""unlimited_requests"": true}",limited,rate_monitoring,implement_rate_limiting,5.3,CWE-770,true,"Missing rate limiting"