From a824a7fa72b4a01c918cf6e783a27196b29b3a96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= <francois@boostsecurity.io>
Date: Mon, 16 Mar 2026 11:58:37 -0400
Subject: [PATCH] Add CWE-399 to mitre-cwe rules for Brakeman coverage

Brakeman v7.0.0 emits CWE-399 (Resource Management Errors) from its
DoS checks (check_route_dos, check_mime_type_dos). Without this entry,
those findings would fall back to CWE-UNKNOWN.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 rules-realm/boostsecurityio/mitre-cwe/rules.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/rules-realm/boostsecurityio/mitre-cwe/rules.yaml b/rules-realm/boostsecurityio/mitre-cwe/rules.yaml
index efed17a3..54a7c52a 100644
--- a/rules-realm/boostsecurityio/mitre-cwe/rules.yaml
+++ b/rules-realm/boostsecurityio/mitre-cwe/rules.yaml
@@ -5693,6 +5693,16 @@ rules:
     name: CWE-40
     pretty_name: 'CWE-40: Path Traversal: ''\\UNC\share\name\'' (Windows UNC Share)'
     ref: https://cwe.mitre.org/data/definitions/40.html
+  CWE-399:
+    categories:
+    - ALL
+    - cwe-399
+    description: Weaknesses in this category are related to improper management of
+      system resources.
+    group: top10-insecure-design
+    name: CWE-399
+    pretty_name: 'CWE-399: Resource Management Errors'
+    ref: https://cwe.mitre.org/data/definitions/399.html
   CWE-400:
     categories:
     - ALL