[client] feat(SCV): fix Url Filtering keywords (#4266)

gabriel-peze · gabriel-peze · commit d4c1b607f227 · 2025-12-03T09:45:49.000+01:00
diff --git a/pyoaev/security_domain/types.py b/pyoaev/security_domain/types.py
@@ -6,7 +6,7 @@ class SecurityDomainsKeyWords(Enum):
     WEB_APP = ["sql injection", "cross-site script", "web shell", "csrf", "file upload vulnerability", "apache", "nginx", "iis", "php", "javascript", "rest api", "cookie", "server-side request forgery", "ssrf", "xml external entity", "xxe", "deserialization", "path traversal", "local file inclusion", "remote file inclusion", "template injection", "ssti", "api abuse", "drive-by compromise", "browser exploit", "forge web credential", "web service", "defacement", "server software component", "reverse proxy", "webdav", "session hijack"]
     EMAIL_INFILTRATION = ["spearphishing attachment", "spearphishing link", "phishing", "malicious attachment", "email account", "outlook", "exchange", "smtp", "mail server", "social engineering", "inbox rule", "dkim", "business email compromise", "bec", "email forwarding rule", "email delegation", "oauth consent", "reply-to manipulation", "email thread hijack", "internal spearphishing", "email collection", "zimbra", "mapi", "email template", "spoof sender", "dmarc", "spf", "email gateway", "link shortener"]
     DATA_EXFILTRATION = ["exfiltrat", "data staging", "data compressed", "steganography", "covert channel", "database dump", "automated collection", "intellectual property", "cloud storage exfil", "ftp exfil", "physical medium", "air gap", "scheduled transfer", "alternate protocol", "icmp tunnel", "dns exfiltration", "automated exfiltration", "web service exfil", "pastebin", "code repository", "cloud account transfer", "email exfil", "data destruction", "data encrypted", "image steganography"]
-    URL_FILTERING = ["domain fronting", "url shorten", "typosquatting", "typosquatting", "homograph", "punycode", "url reputation", "content filter", "web gateway", "safe browsing", "url categorization", "blacklist bypass", "whitelist", "redirect", "proxy bypass", "dns over https", "doh", "dns over tls", "dot", "unicode domain", "url encode", "double encode", "open redirect", "captive portal", "proxy pac", "socks proxy", "tor", "vpn bypass", "domain generation", "fast flux", "url confusion", "subdomain takeover"]
+    URL_FILTERING = ["domain fronting", "url shorten", "typosquatting", "typosquatting", "homograph", "punycode", "url reputation", "content filter", "web gateway", "safe browsing", "url categorization", "blacklist bypass", "whitelist", "redirect", "proxy bypass", "dns over https", "doh", "dns over tls", "dot", "unicode domain", "url encode", "double encode", "open redirect", "captive portal", "proxy pac", "socks proxy", "vpn bypass", "domain generation", "fast flux", "url confusion", "subdomain takeover"]
     CLOUD = ["aws", "azure", "gcp", "lambda", "s3 bucket", "blob storage", "kubernetes", "docker", "serverless", "cloud instance", "iam role", "iam role", "saas", "tenant", "subscription", "api gateway", "microservice", "cloud trail", "cloudtrail", "cloud formation", "terraform", "cloud init", "metadata service", "instance metadata", "cloud api", "resource policy", "cloud dashboard", "unused region", "snapshot", "cloud backup", "object storage", "cloud function", "service principal", "managed identity", "cloud key", "sas token", "assume role"]
 
 class SecurityDomains(Enum):
