ddtrace 1.14.0 → 1.15.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (270) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +178 -2
  3. data/ext/ddtrace_profiling_native_extension/NativeExtensionDesign.md +3 -5
  4. data/ext/ddtrace_profiling_native_extension/clock_id.h +0 -3
  5. data/ext/ddtrace_profiling_native_extension/clock_id_from_pthread.c +0 -22
  6. data/ext/ddtrace_profiling_native_extension/clock_id_noop.c +0 -1
  7. data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +41 -6
  8. data/ext/ddtrace_profiling_native_extension/collectors_idle_sampling_helper.c +3 -0
  9. data/ext/ddtrace_profiling_native_extension/collectors_stack.c +76 -24
  10. data/ext/ddtrace_profiling_native_extension/collectors_stack.h +1 -1
  11. data/ext/ddtrace_profiling_native_extension/collectors_thread_context.c +207 -32
  12. data/ext/ddtrace_profiling_native_extension/collectors_thread_context.h +1 -1
  13. data/ext/ddtrace_profiling_native_extension/extconf.rb +8 -2
  14. data/ext/ddtrace_profiling_native_extension/http_transport.c +26 -10
  15. data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.c +42 -0
  16. data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +6 -0
  17. data/ext/ddtrace_profiling_native_extension/native_extension_helpers.rb +1 -16
  18. data/ext/ddtrace_profiling_native_extension/pid_controller.c +57 -0
  19. data/ext/ddtrace_profiling_native_extension/pid_controller.h +45 -0
  20. data/ext/ddtrace_profiling_native_extension/private_vm_api_access.c +17 -12
  21. data/ext/ddtrace_profiling_native_extension/profiling.c +0 -2
  22. data/ext/ddtrace_profiling_native_extension/stack_recorder.c +74 -37
  23. data/ext/ddtrace_profiling_native_extension/stack_recorder.h +13 -3
  24. data/lib/datadog/appsec/assets/waf_rules/processors.json +92 -0
  25. data/lib/datadog/appsec/assets/waf_rules/recommended.json +698 -75
  26. data/lib/datadog/appsec/assets/waf_rules/scanners.json +114 -0
  27. data/lib/datadog/appsec/assets/waf_rules/strict.json +98 -8
  28. data/lib/datadog/appsec/assets.rb +8 -0
  29. data/lib/datadog/appsec/component.rb +9 -2
  30. data/lib/datadog/appsec/configuration/settings.rb +61 -2
  31. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +8 -6
  32. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +2 -7
  33. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +2 -5
  34. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +2 -5
  35. data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +3 -2
  36. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +23 -9
  37. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +3 -2
  38. data/lib/datadog/appsec/contrib/rails/patcher.rb +9 -3
  39. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +2 -5
  40. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +6 -4
  41. data/lib/datadog/appsec/contrib/sinatra/patcher.rb +13 -7
  42. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +2 -5
  43. data/lib/datadog/appsec/event.rb +106 -50
  44. data/lib/datadog/appsec/monitor/gateway/watcher.rb +3 -3
  45. data/lib/datadog/appsec/monitor/reactive/set_user.rb +2 -5
  46. data/lib/datadog/appsec/processor/actions.rb +49 -0
  47. data/lib/datadog/appsec/processor/rule_merger.rb +22 -2
  48. data/lib/datadog/appsec/processor.rb +34 -6
  49. data/lib/datadog/appsec/remote.rb +4 -1
  50. data/lib/datadog/appsec/response.rb +82 -4
  51. data/lib/datadog/appsec/sample_rate.rb +21 -0
  52. data/lib/datadog/appsec.rb +2 -2
  53. data/lib/datadog/core/configuration/agent_settings_resolver.rb +29 -24
  54. data/lib/datadog/core/configuration/base.rb +1 -11
  55. data/lib/datadog/core/configuration/components.rb +7 -2
  56. data/lib/datadog/core/configuration/ext.rb +21 -0
  57. data/lib/datadog/core/configuration/option.rb +2 -4
  58. data/lib/datadog/core/configuration/option_definition.rb +17 -41
  59. data/lib/datadog/core/configuration/options.rb +5 -5
  60. data/lib/datadog/core/configuration/settings.rb +47 -45
  61. data/lib/datadog/core/environment/execution.rb +47 -9
  62. data/lib/datadog/core/environment/variable_helpers.rb +0 -69
  63. data/lib/datadog/core/error.rb +1 -0
  64. data/lib/datadog/core/git/ext.rb +2 -0
  65. data/lib/datadog/core/remote/client/capabilities.rb +1 -1
  66. data/lib/datadog/core/remote/component.rb +2 -2
  67. data/lib/datadog/core/remote/negotiation.rb +2 -2
  68. data/lib/datadog/core/remote/transport/config.rb +60 -0
  69. data/lib/datadog/core/remote/transport/http/api/instance.rb +39 -0
  70. data/lib/datadog/core/remote/transport/http/api/spec.rb +21 -0
  71. data/lib/datadog/core/remote/transport/http/api.rb +58 -0
  72. data/lib/datadog/core/remote/transport/http/builder.rb +219 -0
  73. data/lib/datadog/core/remote/transport/http/client.rb +48 -0
  74. data/lib/datadog/core/remote/transport/http/config.rb +280 -0
  75. data/lib/datadog/core/remote/transport/http/negotiation.rb +146 -0
  76. data/lib/datadog/core/remote/transport/http.rb +179 -0
  77. data/lib/datadog/core/{transport → remote/transport}/negotiation.rb +25 -23
  78. data/lib/datadog/core/telemetry/collector.rb +3 -2
  79. data/lib/datadog/core/telemetry/http/transport.rb +2 -1
  80. data/lib/datadog/core/transport/ext.rb +47 -0
  81. data/lib/datadog/core/transport/http/adapters/net.rb +168 -0
  82. data/lib/datadog/core/transport/http/adapters/registry.rb +29 -0
  83. data/lib/datadog/core/transport/http/adapters/test.rb +89 -0
  84. data/lib/datadog/core/transport/http/adapters/unix_socket.rb +83 -0
  85. data/lib/datadog/core/transport/http/api/endpoint.rb +31 -0
  86. data/lib/datadog/core/transport/http/api/fallbacks.rb +26 -0
  87. data/lib/datadog/core/transport/http/api/map.rb +18 -0
  88. data/lib/datadog/core/transport/http/env.rb +62 -0
  89. data/lib/datadog/core/transport/http/response.rb +60 -0
  90. data/lib/datadog/core/transport/parcel.rb +22 -0
  91. data/lib/datadog/core/transport/request.rb +17 -0
  92. data/lib/datadog/core/transport/response.rb +64 -0
  93. data/lib/datadog/core/workers/polling.rb +2 -2
  94. data/lib/datadog/opentelemetry/api/context.rb +10 -3
  95. data/lib/datadog/opentelemetry/sdk/propagator.rb +2 -1
  96. data/lib/datadog/opentelemetry/sdk/span_processor.rb +14 -2
  97. data/lib/datadog/opentelemetry/sdk/trace/span.rb +68 -0
  98. data/lib/datadog/opentelemetry/trace.rb +58 -0
  99. data/lib/datadog/opentelemetry.rb +1 -0
  100. data/lib/datadog/opentracer.rb +9 -0
  101. data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +12 -18
  102. data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +1 -1
  103. data/lib/datadog/profiling/collectors/thread_context.rb +9 -1
  104. data/lib/datadog/profiling/component.rb +24 -99
  105. data/lib/datadog/profiling/ext.rb +0 -12
  106. data/lib/datadog/profiling/flush.rb +0 -3
  107. data/lib/datadog/profiling/http_transport.rb +6 -3
  108. data/lib/datadog/profiling/native_extension.rb +0 -21
  109. data/lib/datadog/profiling/profiler.rb +11 -12
  110. data/lib/datadog/profiling.rb +8 -81
  111. data/lib/datadog/tracing/component.rb +10 -4
  112. data/lib/datadog/tracing/configuration/agent_settings_resolver.rb +13 -0
  113. data/lib/datadog/tracing/configuration/ext.rb +4 -2
  114. data/lib/datadog/tracing/configuration/settings.rb +14 -7
  115. data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +1 -1
  116. data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +1 -1
  117. data/lib/datadog/tracing/contrib/active_record/events/sql.rb +4 -0
  118. data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +104 -197
  119. data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +3 -0
  120. data/lib/datadog/tracing/contrib/aws/instrumentation.rb +7 -0
  121. data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
  122. data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +6 -0
  123. data/lib/datadog/tracing/contrib/dalli/ext.rb +7 -0
  124. data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +9 -2
  125. data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +1 -1
  126. data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +5 -0
  127. data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +5 -0
  128. data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +8 -0
  129. data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -0
  130. data/lib/datadog/tracing/contrib/ext.rb +3 -0
  131. data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +1 -1
  132. data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -0
  133. data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +21 -1
  134. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +11 -1
  135. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +18 -0
  136. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor.rb +0 -4
  137. data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +3 -3
  138. data/lib/datadog/tracing/contrib/http/instrumentation.rb +5 -0
  139. data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +5 -0
  140. data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +5 -0
  141. data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +7 -0
  142. data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +13 -3
  143. data/lib/datadog/tracing/contrib/opensearch/integration.rb +2 -2
  144. data/lib/datadog/tracing/contrib/opensearch/patcher.rb +7 -0
  145. data/lib/datadog/tracing/contrib/pg/instrumentation.rb +5 -0
  146. data/lib/datadog/tracing/contrib/presto/instrumentation.rb +5 -0
  147. data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
  148. data/lib/datadog/tracing/contrib/que/configuration/settings.rb +1 -1
  149. data/lib/datadog/tracing/contrib/racecar/event.rb +5 -0
  150. data/lib/datadog/tracing/contrib/rack/header_tagging.rb +14 -4
  151. data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +4 -4
  152. data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +1 -1
  153. data/lib/datadog/tracing/contrib/redis/tags.rb +5 -0
  154. data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +1 -1
  155. data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -0
  156. data/lib/datadog/tracing/contrib/sequel/utils.rb +5 -0
  157. data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +1 -1
  158. data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +1 -1
  159. data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +1 -1
  160. data/lib/datadog/tracing/contrib/utils/quantization/http.rb +2 -2
  161. data/lib/datadog/tracing/distributed/propagation.rb +13 -33
  162. data/lib/datadog/tracing/metadata/tagging.rb +3 -3
  163. data/lib/datadog/tracing/sync_writer.rb +3 -3
  164. data/lib/datadog/tracing/tracer.rb +2 -0
  165. data/lib/datadog/{core → tracing}/transport/http/api/instance.rb +1 -1
  166. data/lib/datadog/{core → tracing}/transport/http/api/spec.rb +1 -1
  167. data/lib/datadog/tracing/transport/http/api.rb +43 -0
  168. data/lib/datadog/{core → tracing}/transport/http/builder.rb +13 -68
  169. data/lib/datadog/tracing/transport/http/client.rb +57 -0
  170. data/lib/datadog/tracing/transport/http/statistics.rb +47 -0
  171. data/lib/datadog/tracing/transport/http/traces.rb +152 -0
  172. data/lib/datadog/tracing/transport/http.rb +124 -0
  173. data/lib/datadog/tracing/transport/io/client.rb +89 -0
  174. data/lib/datadog/tracing/transport/io/response.rb +27 -0
  175. data/lib/datadog/tracing/transport/io/traces.rb +101 -0
  176. data/lib/datadog/tracing/transport/io.rb +30 -0
  177. data/lib/datadog/tracing/transport/serializable_trace.rb +126 -0
  178. data/lib/datadog/tracing/transport/statistics.rb +77 -0
  179. data/lib/datadog/tracing/transport/trace_formatter.rb +209 -0
  180. data/lib/datadog/tracing/transport/traces.rb +224 -0
  181. data/lib/datadog/tracing/workers/trace_writer.rb +5 -3
  182. data/lib/datadog/tracing/workers.rb +3 -2
  183. data/lib/datadog/tracing/writer.rb +5 -2
  184. data/lib/ddtrace/transport/ext.rb +17 -15
  185. data/lib/ddtrace/version.rb +1 -1
  186. data/lib/ddtrace.rb +1 -1
  187. metadata +72 -96
  188. data/lib/datadog/ci/configuration/components.rb +0 -32
  189. data/lib/datadog/ci/configuration/settings.rb +0 -51
  190. data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +0 -35
  191. data/lib/datadog/ci/contrib/cucumber/ext.rb +0 -22
  192. data/lib/datadog/ci/contrib/cucumber/formatter.rb +0 -94
  193. data/lib/datadog/ci/contrib/cucumber/instrumentation.rb +0 -28
  194. data/lib/datadog/ci/contrib/cucumber/integration.rb +0 -47
  195. data/lib/datadog/ci/contrib/cucumber/patcher.rb +0 -27
  196. data/lib/datadog/ci/contrib/minitest/configuration/settings.rb +0 -35
  197. data/lib/datadog/ci/contrib/minitest/ext.rb +0 -21
  198. data/lib/datadog/ci/contrib/minitest/integration.rb +0 -49
  199. data/lib/datadog/ci/contrib/minitest/patcher.rb +0 -27
  200. data/lib/datadog/ci/contrib/minitest/test_helper.rb +0 -68
  201. data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +0 -35
  202. data/lib/datadog/ci/contrib/rspec/example.rb +0 -68
  203. data/lib/datadog/ci/contrib/rspec/ext.rb +0 -21
  204. data/lib/datadog/ci/contrib/rspec/integration.rb +0 -48
  205. data/lib/datadog/ci/contrib/rspec/patcher.rb +0 -27
  206. data/lib/datadog/ci/ext/app_types.rb +0 -9
  207. data/lib/datadog/ci/ext/environment.rb +0 -575
  208. data/lib/datadog/ci/ext/settings.rb +0 -10
  209. data/lib/datadog/ci/ext/test.rb +0 -35
  210. data/lib/datadog/ci/extensions.rb +0 -19
  211. data/lib/datadog/ci/flush.rb +0 -38
  212. data/lib/datadog/ci/test.rb +0 -81
  213. data/lib/datadog/ci.rb +0 -21
  214. data/lib/datadog/core/configuration/dependency_resolver.rb +0 -28
  215. data/lib/datadog/core/configuration/option_definition_set.rb +0 -22
  216. data/lib/datadog/core/configuration/option_set.rb +0 -10
  217. data/lib/datadog/core/transport/config.rb +0 -58
  218. data/lib/datadog/core/transport/http/api.rb +0 -57
  219. data/lib/datadog/core/transport/http/client.rb +0 -45
  220. data/lib/datadog/core/transport/http/config.rb +0 -278
  221. data/lib/datadog/core/transport/http/negotiation.rb +0 -144
  222. data/lib/datadog/core/transport/http.rb +0 -169
  223. data/lib/datadog/core/utils/object_set.rb +0 -43
  224. data/lib/datadog/core/utils/string_table.rb +0 -47
  225. data/lib/datadog/profiling/backtrace_location.rb +0 -34
  226. data/lib/datadog/profiling/buffer.rb +0 -43
  227. data/lib/datadog/profiling/collectors/old_stack.rb +0 -301
  228. data/lib/datadog/profiling/encoding/profile.rb +0 -41
  229. data/lib/datadog/profiling/event.rb +0 -15
  230. data/lib/datadog/profiling/events/stack.rb +0 -82
  231. data/lib/datadog/profiling/old_recorder.rb +0 -107
  232. data/lib/datadog/profiling/pprof/builder.rb +0 -125
  233. data/lib/datadog/profiling/pprof/converter.rb +0 -102
  234. data/lib/datadog/profiling/pprof/message_set.rb +0 -16
  235. data/lib/datadog/profiling/pprof/payload.rb +0 -20
  236. data/lib/datadog/profiling/pprof/pprof.proto +0 -212
  237. data/lib/datadog/profiling/pprof/pprof_pb.rb +0 -81
  238. data/lib/datadog/profiling/pprof/stack_sample.rb +0 -139
  239. data/lib/datadog/profiling/pprof/string_table.rb +0 -12
  240. data/lib/datadog/profiling/pprof/template.rb +0 -118
  241. data/lib/datadog/profiling/trace_identifiers/ddtrace.rb +0 -43
  242. data/lib/datadog/profiling/trace_identifiers/helper.rb +0 -45
  243. data/lib/ddtrace/transport/http/adapters/net.rb +0 -168
  244. data/lib/ddtrace/transport/http/adapters/registry.rb +0 -27
  245. data/lib/ddtrace/transport/http/adapters/test.rb +0 -85
  246. data/lib/ddtrace/transport/http/adapters/unix_socket.rb +0 -77
  247. data/lib/ddtrace/transport/http/api/endpoint.rb +0 -29
  248. data/lib/ddtrace/transport/http/api/fallbacks.rb +0 -24
  249. data/lib/ddtrace/transport/http/api/instance.rb +0 -35
  250. data/lib/ddtrace/transport/http/api/map.rb +0 -16
  251. data/lib/ddtrace/transport/http/api/spec.rb +0 -17
  252. data/lib/ddtrace/transport/http/api.rb +0 -39
  253. data/lib/ddtrace/transport/http/builder.rb +0 -176
  254. data/lib/ddtrace/transport/http/client.rb +0 -52
  255. data/lib/ddtrace/transport/http/env.rb +0 -58
  256. data/lib/ddtrace/transport/http/response.rb +0 -58
  257. data/lib/ddtrace/transport/http/statistics.rb +0 -43
  258. data/lib/ddtrace/transport/http/traces.rb +0 -144
  259. data/lib/ddtrace/transport/http.rb +0 -117
  260. data/lib/ddtrace/transport/io/client.rb +0 -85
  261. data/lib/ddtrace/transport/io/response.rb +0 -25
  262. data/lib/ddtrace/transport/io/traces.rb +0 -99
  263. data/lib/ddtrace/transport/io.rb +0 -28
  264. data/lib/ddtrace/transport/parcel.rb +0 -20
  265. data/lib/ddtrace/transport/request.rb +0 -15
  266. data/lib/ddtrace/transport/response.rb +0 -60
  267. data/lib/ddtrace/transport/serializable_trace.rb +0 -122
  268. data/lib/ddtrace/transport/statistics.rb +0 -75
  269. data/lib/ddtrace/transport/trace_formatter.rb +0 -207
  270. data/lib/ddtrace/transport/traces.rb +0 -216
@@ -0,0 +1,114 @@
1
+ [
2
+ {
3
+ "id": "d962f7ddb3f55041e39195a60ff79d4814a7c331",
4
+ "name": "US Passport Scanner",
5
+ "key": {
6
+ "operator": "match_regex",
7
+ "parameters": {
8
+ "regex": "passport",
9
+ "options": {
10
+ "case_sensitive": false,
11
+ "min_length": 8
12
+ }
13
+ }
14
+ },
15
+ "value": {
16
+ "operator": "match_regex",
17
+ "parameters": {
18
+ "regex": "\\b[0-9A-Z]{9}\\b|\\b[0-9]{6}[A-Z][0-9]{2}\\b",
19
+ "options": {
20
+ "case_sensitive": false,
21
+ "min_length": 8
22
+ }
23
+ }
24
+ },
25
+ "tags": {
26
+ "type": "passport_number",
27
+ "category": "pii"
28
+ }
29
+ },
30
+ {
31
+ "id": "ac6d683cbac77f6e399a14990793dd8fd0fca333",
32
+ "name": "US Vehicle Identification Number Scanner",
33
+ "key": {
34
+ "operator": "match_regex",
35
+ "parameters": {
36
+ "regex": "vehicle[_\\s-]*identification[_\\s-]*number|vin",
37
+ "options": {
38
+ "case_sensitive": false,
39
+ "min_length": 3
40
+ }
41
+ }
42
+ },
43
+ "value": {
44
+ "operator": "match_regex",
45
+ "parameters": {
46
+ "regex": "\\b[A-HJ-NPR-Z0-9]{17}\\b",
47
+ "options": {
48
+ "case_sensitive": false,
49
+ "min_length": 17
50
+ }
51
+ }
52
+ },
53
+ "tags": {
54
+ "type": "vin",
55
+ "category": "pii"
56
+ }
57
+ },
58
+ {
59
+ "id": "de0899e0cbaaa812bb624cf04c912071012f616d",
60
+ "name": "UK National Insurance Number Scanner",
61
+ "key": {
62
+ "operator": "match_regex",
63
+ "parameters": {
64
+ "regex": "national[\\s_]?(?:insurance(?:\\s+number)?)?|NIN|NI[\\s_]?number|insurance[\\s_]?number",
65
+ "options": {
66
+ "case_sensitive": false,
67
+ "min_length": 3
68
+ }
69
+ }
70
+ },
71
+ "value": {
72
+ "operator": "match_regex",
73
+ "parameters": {
74
+ "regex": "\\b[A-Z]{2}\\d{6}[A-Z]?\\b",
75
+ "options": {
76
+ "case_sensitive": false,
77
+ "min_length": 8
78
+ }
79
+ }
80
+ },
81
+ "tags": {
82
+ "type": "uk_nin",
83
+ "category": "pii"
84
+ }
85
+ },
86
+ {
87
+ "id": "450239afc250a19799b6c03dc0e16fd6a4b2a1af",
88
+ "name": "Canadian Social Insurance Number Scanner",
89
+ "key": {
90
+ "operator": "match_regex",
91
+ "parameters": {
92
+ "regex": "social[\\s_]?(?:insurance(?:\\s+number)?)?|SIN|Canadian[\\s_]?(?:social[\\s_]?(?:insurance)?|insurance[\\s_]?number)?",
93
+ "options": {
94
+ "case_sensitive": false,
95
+ "min_length": 3
96
+ }
97
+ }
98
+ },
99
+ "value": {
100
+ "operator": "match_regex",
101
+ "parameters": {
102
+ "regex": "\\b\\d{3}-\\d{3}-\\d{3}\\b",
103
+ "options": {
104
+ "case_sensitive": false,
105
+ "min_length": 11
106
+ }
107
+ }
108
+ },
109
+ "tags": {
110
+ "type": "canadian_sin",
111
+ "category": "pii"
112
+ }
113
+ }
114
+ ]
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": "2.2",
3
3
  "metadata": {
4
- "rules_version": "1.7.0"
4
+ "rules_version": "1.8.0"
5
5
  },
6
6
  "rules": [
7
7
  {
@@ -98,6 +98,9 @@
98
98
  },
99
99
  {
100
100
  "address": "server.request.path_params"
101
+ },
102
+ {
103
+ "address": "graphql.server.all_resolvers"
101
104
  }
102
105
  ],
103
106
  "regex": "[\\r\\n]\\W*?(?:content-(?:type|length)|set-cookie|location):\\s*\\w",
@@ -119,7 +122,9 @@
119
122
  "tags": {
120
123
  "type": "http_protocol_violation",
121
124
  "crs_id": "921140",
122
- "category": "attack_attempt"
125
+ "category": "attack_attempt",
126
+ "capec": "1000/210/272/220/273",
127
+ "cwe": "113"
123
128
  },
124
129
  "conditions": [
125
130
  {
@@ -160,6 +165,9 @@
160
165
  },
161
166
  {
162
167
  "address": "server.request.path_params"
168
+ },
169
+ {
170
+ "address": "graphql.server.all_resolvers"
163
171
  }
164
172
  ],
165
173
  "regex": "(?:[;\\n\\r`]|\\$(?:\\(?\\(|{)|(?:\\|)?\\||\\(\\s*\\)|[<>]\\(|&?&|\\{)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:['\\\"])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:w[\\x5c'\\\"]*p[\\x5c'\\\"]*-[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*w[\\x5c'\\\"]*n[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*m[\\x5c'\\\"]*p)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*q[\\x5c'\\\"]*u[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|m[\\x5c'\\\"]*i[\\x5c'\\\"]*r[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*r)|s(?:[\\x5c'\\\"]*(?:b[\\x5c'\\\"]*_[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*e|c[\\x5c'\\\"]*p[\\x5c'\\\"]*u|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d|p[\\x5c'\\\"]*c[\\x5c'\\\"]*i|u[\\x5c'\\\"]*s[\\x5c'\\\"]*b|-[\\x5c'\\\"]*F|h[\\x5c'\\\"]*w|o[\\x5c'\\\"]*f))?|z[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|m[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|a)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s)|o[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*(?:(?:n[\\x5c'\\\"]*a[\\x5c'\\\"]*m|s[\\x5c'\\\"]*a[\\x5c'\\\"]*v)[\\x5c'\\\"]*e|i[\\x5c'\\\"]*n[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l)|c[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*e|l)[\\x5c'\\\"]*(?:\\s|<|>).*)|e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:(?:f[\\x5c'\\\"]*i[\\x5c'\\\"]*l|p[\\x5c'\\\"]*i[\\x5c'\\\"]*p)[\\x5c'\\\"]*e|e[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|(?:\\s|<|>).*)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*g(?:[\\x5c'\\\"]*i[\\x5c'\\\"]*n)?|c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*m|(?:\\s|<|>).*)|d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g|d[\\x5c'\\\"]*(?:\\s|<|>).*)|(?:[np]|i[\\x5c'\\\"]*n[\\x5c'\\\"]*k[\\x5c'\\\"]*s|y[\\x5c'\\\"]*n[\\x5c'\\\"]*x)[\\x5c'\\\"]*(?:\\s|<|>).*|u[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:5[\\x5c'\\\"]*\\.[\\x5c'\\\"]*[1234]|(?:\\s|<|>).*)|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t)?|t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e)|c[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:r[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*|o[\\x5c'\\\"]*s[\\x5c'\\\"]*e[\\x5c'\\\"]*r)|m[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:\\s|<|>).*)|p[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*c)|h[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:\\s|<|>).*|f[\\x5c'\\\"]*l[\\x5c'\\\"]*a[\\x5c'\\\"]*g[\\x5c'\\\"]*s|a[\\x5c'\\\"]*t[\\x5c'\\\"]*t[\\x5c'\\\"]*r|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d)|p[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*m[\\x5c'\\\"]*i[\\x5c'\\\"]*t|(?:\\s|<|>).*|a[\\x5c'\\\"]*n|i[\\x5c'\\\"]*o)|(?:a[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*s[\\x5c'\\\"]*h|t)|c)[\\x5c'\\\"]*(?:\\s|<|>).*|e[\\x5c'\\\"]*r[\\x5c'\\\"]*t[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*t|r[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*b|u[\\x5c'\\\"]*r[\\x5c'\\\"]*l|[89][\\x5c'\\\"]*9|s[\\x5c'\\\"]*h)|b[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*p[\\x5c'\\\"]*2)|u[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*(?:y[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*x|c[\\x5c'\\\"]*t[\\x5c'\\\"]*l)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:\\s|<|>).*|i[\\x5c'\\\"]*l[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*n)|s[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|t[\\x5c'\\\"]*a[\\x5c'\\\"]*r)|a[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*(?:\\s|<|>).*|s[\\x5c'\\\"]*h)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*k[\\x5c'\\\"]*s[\\x5c'\\\"]*w)|e[\\x5c'\\\"]*(?:x[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:\\s|<|>).*|a[\\x5c'\\\"]*n[\\x5c'\\\"]*d|o[\\x5c'\\\"]*r[\\x5c'\\\"]*t|r)|(?:e[\\x5c'\\\"]*c[\\x5c'\\\"]*)?(?:\\s|<|>).*)|n[\\x5c'\\\"]*(?:v(?:[\\x5c'\\\"]*-[\\x5c'\\\"]*u[\\x5c'\\\"]*p[\\x5c'\\\"]*d[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*e)?|d[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*f|s[\\x5c'\\\"]*w))|(?:a[\\x5c'\\\"]*s[\\x5c'\\\"]*y[\\x5c'\\\"]*_[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*l|v[\\x5c'\\\"]*a)[\\x5c'\\\"]*l|(?:c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|d)[\\x5c'\\\"]*(?:\\s|<|>).*|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|m[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*s|s[\\x5c'\\\"]*a[\\x5c'\\\"]*c)|f[\\x5c'\\\"]*(?:i(?:[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|(?:\\s|<|>).*)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:\\s|<|>).*|s[\\x5c'\\\"]*h))?|t[\\x5c'\\\"]*p[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*s|w[\\x5c'\\\"]*h[\\x5c'\\\"]*o|(?:\\s|<|>).*)|(?:e[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*h|l[\\x5c'\\\"]*o[\\x5c'\\\"]*c[\\x5c'\\\"]*k|c)[\\x5c'\\\"]*(?:\\s|<|>).*|u[\\x5c'\\\"]*n[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*o[\\x5c'\\\"]*n|o[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*h|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p)|i[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:(?:6[\\x5c'\\\"]*)?t[\\x5c'\\\"]*a[\\x5c'\\\"]*b[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*s|c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g)|r[\\x5c'\\\"]*b(?:[\\x5c'\\\"]*(?:2[\\x5c'\\\"]*[01234567]|1(?:[\\x5c'\\\"]*[89])?|3[\\x5c'\\\"]*0))?|f[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g|o[\\x5c'\\\"]*n[\\x5c'\\\"]*i[\\x5c'\\\"]*c[\\x5c'\\\"]*e|d[\\x5c'\\\"]*(?:\\s|<|>).*)|h[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|p[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*w[\\x5c'\\\"]*d)|o[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:n[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*e|i[\\x5c'\\\"]*d)|(?:e[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*p)[\\x5c'\\\"]*(?:\\s|<|>).*|i[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*y)|a[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*|p[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*e)|p[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:-[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t|(?:\\s|<|>).*)|d[\\x5c'\\\"]*d[\\x5c'\\\"]*u[\\x5c'\\\"]*s[\\x5c'\\\"]*e[\\x5c'\\\"]*r|r[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*h[\\x5c'\\\"]*(?:\\s|<|>).*|p)|(?:w[\\x5c'\\\"]*[ks]|t)[\\x5c'\\\"]*(?:\\s|<|>).*)|g[\\x5c'\\\"]*(?:(?:e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*f[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*l|m)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|o)[\\x5c'\\\"]*(?:\\s|<|>).*|z[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*p)|u[\\x5c'\\\"]*n[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p|c[\\x5c'\\\"]*c(?:[\\x5c'\\\"]*(?:\\s|<|>).*)?|i[\\x5c'\\\"]*t(?:[\\x5c'\\\"]*(?:\\s|<|>).*)?|d[\\x5c'\\\"]*b)|d[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*c[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*e[\\x5c'\\\"]*n[\\x5c'\\\"]*t|(?:i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|u)[\\x5c'\\\"]*(?:\\s|<|>).*|(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*s|p[\\x5c'\\\"]*k)[\\x5c'\\\"]*g|o[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*s|n[\\x5c'\\\"]*e)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*h)|j[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*r[\\x5c'\\\"]*n[\\x5c'\\\"]*a[\\x5c'\\\"]*l[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l|b[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*)|a[\\x5c'\\\"]*v[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:\\s|<|>).*|e[\\x5c'\\\"]*x[\\x5c'\\\"]*e[\\x5c'\\\"]*c)|k[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l[\\x5c'\\\"]*l[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*l[\\x5c'\\\"]*l|(?:\\s|<|>).*)|s[\\x5c'\\\"]*h)|G[\\x5c'\\\"]*E[\\x5c'\\\"]*T[\\x5c'\\\"]*(?:\\s|<|>).*|7[\\x5c'\\\"]*z(?:[\\x5c'\\\"]*[ar])?)\\b",
@@ -193,6 +201,9 @@
193
201
  },
194
202
  {
195
203
  "address": "server.request.path_params"
204
+ },
205
+ {
206
+ "address": "graphql.server.all_resolvers"
196
207
  }
197
208
  ],
198
209
  "regex": "(?:[;\\n\\r`]|(?:$\\(|<)\\(|(?:\\|)?\\||\\(\\s*\\)|\\$[(?:{]|&?&|>\\|\\{)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:['\\\"])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:s[\\\"\\^]*(?:y[\\\"\\^]*s[\\\"\\^]*(?:t[\\\"\\^]*e[\\\"\\^]*m[\\\"\\^]*(?:p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*(?:d[\\\"\\^]*a[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*p[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n|(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r[\\\"\\^]*m[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c|h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*d[\\\"\\^]*w[\\\"\\^]*a[\\\"\\^]*r)[\\\"\\^]*e|a[\\\"\\^]*d[\\\"\\^]*v[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*d)|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o)|k[\\\"\\^]*e[\\\"\\^]*y|d[\\\"\\^]*m)|h[\\\"\\^]*(?:o[\\\"\\^]*(?:w[\\\"\\^]*(?:g[\\\"\\^]*r[\\\"\\^]*p|m[\\\"\\^]*b[\\\"\\^]*r)[\\\"\\^]*s|r[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t)|e[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*s|u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|r[\\\"\\^]*p[\\\"\\^]*u[\\\"\\^]*b[\\\"\\^]*w|a[\\\"\\^]*r[\\\"\\^]*e|i[\\\"\\^]*f[\\\"\\^]*t)|e[\\\"\\^]*(?:t[\\\"\\^]*(?:(?:x[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|l[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*a[\\\"\\^]*l)|c[\\\"\\^]*p[\\\"\\^]*o[\\\"\\^]*l|l[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*t)|c[\\\"\\^]*(?:h[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*s[\\\"\\^]*k[\\\"\\^]*s|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|u[\\\"\\^]*b[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*l|s[\\\"\\^]*t)|(?:t[\\\"\\^]*a|o)[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*g[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f|l[\\\"\\^]*(?:e[\\\"\\^]*e[\\\"\\^]*p|m[\\\"\\^]*g[\\\"\\^]*r)|f[\\\"\\^]*c|v[\\\"\\^]*n)|p[\\\"\\^]*(?:s[\\\"\\^]*(?:s[\\\"\\^]*(?:h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|e[\\\"\\^]*r[\\\"\\^]*v[\\\"\\^]*i[\\\"\\^]*c[\\\"\\^]*e|u[\\\"\\^]*s[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*d)|l[\\\"\\^]*(?:o[\\\"\\^]*g[\\\"\\^]*(?:g[\\\"\\^]*e[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*n|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|i[\\\"\\^]*s[\\\"\\^]*t)|p[\\\"\\^]*(?:a[\\\"\\^]*s[\\\"\\^]*s[\\\"\\^]*w[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|g[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*s[\\\"\\^]*i[\\\"\\^]*d|e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c|f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o|k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l)|o[\\\"\\^]*(?:w[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*(?:s[\\\"\\^]*h[\\\"\\^]*e[\\\"\\^]*l[\\\"\\^]*l(?:[\\\"\\^]*_[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*e)?|c[\\\"\\^]*f[\\\"\\^]*g)|r[\\\"\\^]*t[\\\"\\^]*q[\\\"\\^]*r[\\\"\\^]*y|p[\\\"\\^]*d)|r[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*(?:(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*r[\\\"\\^]*m)|n[\\\"\\^]*(?:c[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*g|m[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*r)|o[\\\"\\^]*m[\\\"\\^]*p[\\\"\\^]*t)|a[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*(?:p[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g|(?:[\\s,;]|\\.|/|<|>).*)|e[\\\"\\^]*r[\\\"\\^]*(?:l(?:[\\\"\\^]*(?:s[\\\"\\^]*h|5))?|f[\\\"\\^]*m[\\\"\\^]*o[\\\"\\^]*n)|y[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n(?:[\\\"\\^]*(?:3(?:[\\\"\\^]*m)?|2))?|k[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*g[\\\"\\^]*r|h[\\\"\\^]*p(?:[\\\"\\^]*[57])?|u[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|r[\\\"\\^]*(?:e[\\\"\\^]*(?:(?:p[\\\"\\^]*l[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*e|n(?:[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*e)?|s[\\\"\\^]*e[\\\"\\^]*t)[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|g[\\\"\\^]*(?:s[\\\"\\^]*v[\\\"\\^]*r[\\\"\\^]*3[\\\"\\^]*2|e[\\\"\\^]*d[\\\"\\^]*i[\\\"\\^]*t|(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*n[\\\"\\^]*i)|c[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c|o[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*y[\\\"\\^]*w[\\\"\\^]*i[\\\"\\^]*z)|u[\\\"\\^]*(?:n[\\\"\\^]*(?:d[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*3[\\\"\\^]*2|a[\\\"\\^]*s)|b[\\\"\\^]*y[\\\"\\^]*(?:1(?:[\\\"\\^]*[89])?|2[\\\"\\^]*[012]))|a[\\\"\\^]*(?:s[\\\"\\^]*(?:p[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*e|d[\\\"\\^]*i[\\\"\\^]*a[\\\"\\^]*l)|r[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|m[\\\"\\^]*(?:(?:d[\\\"\\^]*i[\\\"\\^]*r[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|t[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*e)|o[\\\"\\^]*(?:u[\\\"\\^]*t[\\\"\\^]*e[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*y)|s[\\\"\\^]*(?:t[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*i|y[\\\"\\^]*n[\\\"\\^]*c)|d[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|t[\\\"\\^]*(?:a[\\\"\\^]*(?:s[\\\"\\^]*k[\\\"\\^]*(?:k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t|s[\\\"\\^]*c[\\\"\\^]*h[\\\"\\^]*d|m[\\\"\\^]*g[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n)|(?:i[\\\"\\^]*m[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*u|p[\\\"\\^]*m[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*i|e[\\\"\\^]*l[\\\"\\^]*n[\\\"\\^]*e|l[\\\"\\^]*i[\\\"\\^]*s)[\\\"\\^]*t|s[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c[\\\"\\^]*o|s[\\\"\\^]*h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d)[\\\"\\^]*n|y[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f|(?:[\\s,;]|\\.|/|<|>).*)|r[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t|e[\\\"\\^]*e))|w[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*f|m[\\\"\\^]*s[\\\"\\^]*d[\\\"\\^]*p|v[\\\"\\^]*a[\\\"\\^]*r|r[\\\"\\^]*[ms])|u[\\\"\\^]*(?:a[\\\"\\^]*(?:u[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*t|p[\\\"\\^]*p)|s[\\\"\\^]*a)|s[\\\"\\^]*c[\\\"\\^]*(?:r[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*t|u[\\\"\\^]*i)|e[\\\"\\^]*v[\\\"\\^]*t[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*l|m[\\\"\\^]*i[\\\"\\^]*(?:m[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*t|c)|a[\\\"\\^]*i[\\\"\\^]*t[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r|h[\\\"\\^]*o[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*i|g[\\\"\\^]*e[\\\"\\^]*t)|u[\\\"\\^]*(?:s[\\\"\\^]*(?:e[\\\"\\^]*r[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*l[\\\"\\^]*s[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*s|r[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*t)|n[\\\"\\^]*(?:r[\\\"\\^]*a[\\\"\\^]*r|z[\\\"\\^]*i[\\\"\\^]*p))|q[\\\"\\^]*(?:u[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*y[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*s|w[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a|g[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*p)|o[\\\"\\^]*(?:d[\\\"\\^]*b[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*d[\\\"\\^]*3[\\\"\\^]*2|c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*f)|p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e[\\\"\\^]*s)|v[\\\"\\^]*(?:o[\\\"\\^]*l[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*y)|x[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*s|o[\\\"\\^]*p[\\\"\\^]*y)|z[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)",
@@ -225,6 +236,9 @@
225
236
  },
226
237
  {
227
238
  "address": "server.request.path_params"
239
+ },
240
+ {
241
+ "address": "graphql.server.all_resolvers"
228
242
  }
229
243
  ],
230
244
  "list": [
@@ -675,6 +689,9 @@
675
689
  },
676
690
  {
677
691
  "address": "server.request.path_params"
692
+ },
693
+ {
694
+ "address": "graphql.server.all_resolvers"
678
695
  }
679
696
  ],
680
697
  "regex": "(?:\\$(?:\\((?:\\(.*\\)|.*)\\)|\\{.*})|\\/\\w*\\[!?.+\\]|[<>]\\(.*\\))",
@@ -708,6 +725,9 @@
708
725
  },
709
726
  {
710
727
  "address": "server.request.path_params"
728
+ },
729
+ {
730
+ "address": "graphql.server.all_resolvers"
711
731
  }
712
732
  ],
713
733
  "regex": "(?:(?:^|=)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:[\\\"'])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:z(?:[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*(?:a(?:[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*o|d[\\x5c'\\\"]*e[\\x5c'\\\"]*c))?|o[\\x5c'\\\"]*r[\\x5c'\\\"]*e)|(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|4(?:[\\x5c'\\\"]*c(?:[\\x5c'\\\"]*a[\\x5c'\\\"]*t)?)?|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s))?|s(?:[\\x5c'\\\"]*(?:b[\\x5c'\\\"]*_[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*e|c[\\x5c'\\\"]*p[\\x5c'\\\"]*u|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d|p[\\x5c'\\\"]*c[\\x5c'\\\"]*i|u[\\x5c'\\\"]*s[\\x5c'\\\"]*b|-[\\x5c'\\\"]*F|o[\\x5c'\\\"]*f))?|e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:(?:f[\\x5c'\\\"]*i[\\x5c'\\\"]*l|p[\\x5c'\\\"]*i[\\x5c'\\\"]*p)[\\x5c'\\\"]*e|e[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*o)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*g(?:[\\x5c'\\\"]*i[\\x5c'\\\"]*n)?|c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*m)|w[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*-[\\x5c'\\\"]*d[\\x5c'\\\"]*o[\\x5c'\\\"]*w[\\x5c'\\\"]*n[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*d)?|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t)?|y[\\x5c'\\\"]*n[\\x5c'\\\"]*x)|z[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*(?:(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*g|n[\\x5c'\\\"]*o[\\x5c'\\\"]*t)[\\x5c'\\\"]*e|d[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*s|c[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*k|m[\\x5c'\\\"]*p)|s[\\x5c'\\\"]*p[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*t|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|i[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*o|t[\\x5c'\\\"]*o[\\x5c'\\\"]*o[\\x5c'\\\"]*l))?|s[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*d(?:[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|(?:c[\\x5c'\\\"]*a|m)[\\x5c'\\\"]*t))?|h)|(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|r[\\x5c'\\\"]*u[\\x5c'\\\"]*n)|b[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*p[\\x5c'\\\"]*2(?:[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*v[\\x5c'\\\"]*e[\\x5c'\\\"]*r)?|e[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|x[\\x5c'\\\"]*e)|(?:f[\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|z)|u[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*n|n[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p[\\x5c'\\\"]*2|s[\\x5c'\\\"]*y[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*x)|s[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|t[\\x5c'\\\"]*a[\\x5c'\\\"]*r)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:3[\\x5c'\\\"]*2|6[\\x5c'\\\"]*4|n[\\x5c'\\\"]*c)|h))|s[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*n[\\x5c'\\\"]*v|s[\\x5c'\\\"]*i[\\x5c'\\\"]*d)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*m[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l|d)|h(?:[\\x5c'\\\"]*\\.[\\x5c'\\\"]*d[\\x5c'\\\"]*i[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*r[\\x5c'\\\"]*i[\\x5c'\\\"]*b)?|o[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*r[\\x5c'\\\"]*c[\\x5c'\\\"]*e|c[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|t[\\x5c'\\\"]*r[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*g[\\x5c'\\\"]*s|y[\\x5c'\\\"]*s[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l|c[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*e[\\x5c'\\\"]*d|p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p|u[\\x5c'\\\"]*d[\\x5c'\\\"]*o|s[\\x5c'\\\"]*h|v[\\x5c'\\\"]*n)|p[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*a[\\x5c'\\\"]*r(?:[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p))?|y[\\x5c'\\\"]*t[\\x5c'\\\"]*h[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*[23]?[\\x5c'\\\"]*(?:\\.[0-9.\\x5c'\\\"]+)?(?:[dmu]+)?|k[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*x[\\x5c'\\\"]*e[\\x5c'\\\"]*c|i[\\x5c'\\\"]*l[\\x5c'\\\"]*l)|r[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*n[\\x5c'\\\"]*v|f)|(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e|f[\\x5c'\\\"]*t)[\\x5c'\\\"]*p|e[\\x5c'\\\"]*r[\\x5c'\\\"]*l(?:[\\x5c'\\\"]*5)?|h[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*[57])?|(?:i[\\x5c'\\\"]*g|x)[\\x5c'\\\"]*z|o[\\x5c'\\\"]*p[\\x5c'\\\"]*d)|n[\\x5c'\\\"]*(?:c(?:[\\x5c'\\\"]*(?:\\.[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*d[\\x5c'\\\"]*i[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*a[\\x5c'\\\"]*l|o[\\x5c'\\\"]*p[\\x5c'\\\"]*e[\\x5c'\\\"]*n[\\x5c'\\\"]*b[\\x5c'\\\"]*s[\\x5c'\\\"]*d)|a[\\x5c'\\\"]*t))?|e[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:k[\\x5c'\\\"]*i[\\x5c'\\\"]*t[\\x5c'\\\"]*-[\\x5c'\\\"]*f[\\x5c'\\\"]*t[\\x5c'\\\"]*p|(?:s[\\x5c'\\\"]*t|c)[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|o[\\x5c'\\\"]*h[\\x5c'\\\"]*u[\\x5c'\\\"]*p|p[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*g|s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|t[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*u[\\x5c'\\\"]*t[\\x5c'\\\"]*e|i[\\x5c'\\\"]*n[\\x5c'\\\"]*g)|s[\\x5c'\\\"]*h)|r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*u[\\x5c'\\\"]*t[\\x5c'\\\"]*e(?:[\\x5c'\\\"]*6)?|(?:i[\\x5c'\\\"]*m[\\x5c'\\\"]*e[\\x5c'\\\"]*o[\\x5c'\\\"]*u|e[\\x5c'\\\"]*l[\\x5c'\\\"]*n[\\x5c'\\\"]*e)[\\x5c'\\\"]*t|a[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l(?:[\\x5c'\\\"]*f)?|r))|r[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e|e[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|a[\\x5c'\\\"]*l[\\x5c'\\\"]*p[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*h|n[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*e)|u[\\x5c'\\\"]*b[\\x5c'\\\"]*y(?:[\\x5c'\\\"]*(?:1(?:[\\x5c'\\\"]*[89])?|2[\\x5c'\\\"]*[012]))?|m[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*s[\\x5c'\\\"]*e|d[\\x5c'\\\"]*i)[\\x5c'\\\"]*r|n[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*o|s[\\x5c'\\\"]*y[\\x5c'\\\"]*n[\\x5c'\\\"]*c|c[\\x5c'\\\"]*p)|u[\\x5c'\\\"]*(?:n[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*p[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|z[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*d|i[\\x5c'\\\"]*p)|(?:p[\\x5c'\\\"]*i[\\x5c'\\\"]*g|x)[\\x5c'\\\"]*z|l[\\x5c'\\\"]*z[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*a|4)|a[\\x5c'\\\"]*m[\\x5c'\\\"]*e|r[\\x5c'\\\"]*a[\\x5c'\\\"]*r|s[\\x5c'\\\"]*e[\\x5c'\\\"]*t)|s[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:(?:a[\\x5c'\\\"]*d|m[\\x5c'\\\"]*o)[\\x5c'\\\"]*d|d[\\x5c'\\\"]*e[\\x5c'\\\"]*l))|m[\\x5c'\\\"]*(?:y[\\x5c'\\\"]*s[\\x5c'\\\"]*q[\\x5c'\\\"]*l[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*u[\\x5c'\\\"]*m[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*s[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*w)?|h[\\x5c'\\\"]*o[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*p[\\x5c'\\\"]*y|a[\\x5c'\\\"]*d[\\x5c'\\\"]*m[\\x5c'\\\"]*i[\\x5c'\\\"]*n|s[\\x5c'\\\"]*h[\\x5c'\\\"]*o[\\x5c'\\\"]*w)|l[\\x5c'\\\"]*o[\\x5c'\\\"]*c[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*e|a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*q)|c[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:r[\\x5c'\\\"]*e[\\x5c'\\\"]*_[\\x5c'\\\"]*p[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*l[\\x5c'\\\"]*\\/[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p[\\x5c'\\\"]*d[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*s|m[\\x5c'\\\"]*m[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*d|p[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*c)|u[\\x5c'\\\"]*r[\\x5c'\\\"]*l|9[\\x5c'\\\"]*9|s[\\x5c'\\\"]*h|c)|x[\\x5c'\\\"]*(?:z(?:[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|d[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|e[\\x5c'\\\"]*c)|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e))?|a[\\x5c'\\\"]*r[\\x5c'\\\"]*g[\\x5c'\\\"]*s)|f[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*p[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*s|w[\\x5c'\\\"]*h[\\x5c'\\\"]*o)|i[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|e[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*h|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p)|g[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|e[\\x5c'\\\"]*x[\\x5c'\\\"]*e|i[\\x5c'\\\"]*p)|(?:u[\\x5c'\\\"]*n[\\x5c'\\\"]*z[\\x5c'\\\"]*i|r[\\x5c'\\\"]*e)[\\x5c'\\\"]*p|c[\\x5c'\\\"]*c)|e[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|v[\\x5c'\\\"]*a[\\x5c'\\\"]*l|x[\\x5c'\\\"]*e[\\x5c'\\\"]*c|n[\\x5c'\\\"]*v)|d[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*g|a[\\x5c'\\\"]*s[\\x5c'\\\"]*h|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|o[\\x5c'\\\"]*a[\\x5c'\\\"]*s)|j[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*b[\\x5c'\\\"]*s[\\x5c'\\\"]*\\s+[\\x5c'\\\"]*-[\\x5c'\\\"]*x|a[\\x5c'\\\"]*v[\\x5c'\\\"]*a)|w[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*i|g[\\x5c'\\\"]*e[\\x5c'\\\"]*t|3[\\x5c'\\\"]*m)|i[\\x5c'\\\"]*r[\\x5c'\\\"]*b(?:[\\x5c'\\\"]*(?:1(?:[\\x5c'\\\"]*[89])?|2[\\x5c'\\\"]*[012]))?|o[\\x5c'\\\"]*n[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*r|h[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*p)|v[\\x5c'\\\"]*i[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r|p[\\x5c'\\\"]*w)|7[\\x5c'\\\"]*z(?:[\\x5c'\\\"]*[ar])?|G[\\x5c'\\\"]*E[\\x5c'\\\"]*T|k[\\x5c'\\\"]*s[\\x5c'\\\"]*h)|\\$[\\x5c'\\\"]*(?:\\{[\\x5c'\\\"]*S[\\x5c'\\\"]*H[\\x5c'\\\"]*E[\\x5c'\\\"]*L[\\x5c'\\\"]*L[\\x5c'\\\"]*}|S[\\x5c'\\\"]*H[\\x5c'\\\"]*E[\\x5c'\\\"]*L[\\x5c'\\\"]*L))[\\x5c'\\\"]*(?:\\s|;|\\||&|<|>)",
@@ -791,6 +811,9 @@
791
811
  },
792
812
  {
793
813
  "address": "server.request.path_params"
814
+ },
815
+ {
816
+ "address": "graphql.server.all_resolvers"
794
817
  }
795
818
  ],
796
819
  "regex": "\\$+(?:[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*|\\s*{.+})(?:\\s|\\[.+\\]|{.+}|/\\*.*\\*/|//.*|#.*)*\\(.*\\)",
@@ -824,6 +847,9 @@
824
847
  },
825
848
  {
826
849
  "address": "server.request.path_params"
850
+ },
851
+ {
852
+ "address": "graphql.server.all_resolvers"
827
853
  }
828
854
  ],
829
855
  "regex": "(?:\\(.+\\)\\(.+\\)|\\(.+\\)['\\\"][a-zA-Z-_0-9]+['\\\"]\\(.+\\)|\\[\\d+\\]\\(.+\\)|\\{\\d+\\}\\(.+\\)|\\$[^(?:\\),.;\\x5c/]+\\(.+\\)|[\\\"'][a-zA-Z0-9-_\\x5c]+[\\\"']\\(.+\\)|\\([^\\)]*string[^\\)]*\\)[a-zA-Z-_0-9\\\"'.{}\\[\\]\\s]+\\([^\\)]*\\));",
@@ -843,7 +869,8 @@
843
869
  "tags": {
844
870
  "type": "xss",
845
871
  "crs_id": "941100",
846
- "category": "attack_attempt"
872
+ "category": "attack_attempt",
873
+ "cwe": "79"
847
874
  },
848
875
  "conditions": [
849
876
  {
@@ -872,6 +899,9 @@
872
899
  },
873
900
  {
874
901
  "address": "grpc.server.request.message"
902
+ },
903
+ {
904
+ "address": "graphql.server.all_resolvers"
875
905
  }
876
906
  ]
877
907
  },
@@ -908,6 +938,9 @@
908
938
  },
909
939
  {
910
940
  "address": "server.request.path_params"
941
+ },
942
+ {
943
+ "address": "graphql.server.all_resolvers"
911
944
  }
912
945
  ],
913
946
  "regex": "[\\s\\S](?:\\b(?:x(?:link:href|html|mlns)|data:text\\/html|pattern\\b.*?=|formaction)|!ENTITY\\s+(?:\\S+|%\\s+\\S+)\\s+(?:PUBLIC|SYSTEM)|;base64|@import)\\b",
@@ -948,6 +981,9 @@
948
981
  },
949
982
  {
950
983
  "address": "server.request.path_params"
984
+ },
985
+ {
986
+ "address": "graphql.server.all_resolvers"
951
987
  }
952
988
  ],
953
989
  "regex": "\\b(?:s(?:tyle|rc)|href)\\b\\s*?=",
@@ -995,6 +1031,9 @@
995
1031
  },
996
1032
  {
997
1033
  "address": "server.request.path_params"
1034
+ },
1035
+ {
1036
+ "address": "graphql.server.all_resolvers"
998
1037
  }
999
1038
  ],
1000
1039
  "regex": "(?:(?:<\\w[\\s\\S]*[\\s/]|['\\\"](?:[\\s\\S]*[\\s/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|(?:peech|ound)(?:start|end)|u(?:ccess|spend|bmit)|croll|how)|m(?:o(?:z(?:(?:pointerlock|fullscreen)(?:change|error)|(?:orientation|time)change|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|b(?:e(?:fore(?:(?:(?:de)?activa|scriptexecu)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ransition(?:cancel|end|run)|ime(?:update|out)|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom)|s(?:tyle|rc)|background|formaction|lowsrc|ping)[\\s\\x08]*?=|<[^\\w<>]*(?:[^<>\\\"'\\s]*:)?[^\\w<>]*\\W*?(?:(?:a\\W*?(?:n\\W*?i\\W*?m\\W*?a\\W*?t\\W*?e|p\\W*?p\\W*?l\\W*?e\\W*?t|u\\W*?d\\W*?i\\W*?o)|b\\W*?(?:i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g\\W*?s|a\\W*?s\\W*?e|o\\W*?d\\W*?y)|i?\\W*?f\\W*?r\\W*?a\\W*?m\\W*?e|o\\W*?b\\W*?j\\W*?e\\W*?c\\W*?t|i\\W*?m\\W*?a?\\W*?g\\W*?e?|e\\W*?m\\W*?b\\W*?e\\W*?d|p\\W*?a\\W*?r\\W*?a\\W*?m|v\\W*?i\\W*?d\\W*?e\\W*?o|l\\W*?i\\W*?n\\W*?k)[^>\\w]|s\\W*?(?:c\\W*?r\\W*?i\\W*?p\\W*?t|t\\W*?y\\W*?l\\W*?e|e\\W*?t[^>\\w]|v\\W*?g)|m\\W*?(?:a\\W*?r\\W*?q\\W*?u\\W*?e\\W*?e|e\\W*?t\\W*?a[^>\\w])|f\\W*?o\\W*?r\\W*?m))",
@@ -1029,6 +1068,9 @@
1029
1068
  },
1030
1069
  {
1031
1070
  "address": "server.request.path_params"
1071
+ },
1072
+ {
1073
+ "address": "graphql.server.all_resolvers"
1032
1074
  }
1033
1075
  ],
1034
1076
  "regex": "(?i:<style.*?>.*?(?:@[i\\x5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(?:\\x5c]|&#x?0*(?:40|28|92|5C);?)))",
@@ -1064,6 +1106,9 @@
1064
1106
  },
1065
1107
  {
1066
1108
  "address": "server.request.path_params"
1109
+ },
1110
+ {
1111
+ "address": "graphql.server.all_resolvers"
1067
1112
  }
1068
1113
  ],
1069
1114
  "regex": "(?i:<META[\\s/+].*?http-equiv[\\s/+]*=[\\s/+]*[\\\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))",
@@ -1099,6 +1144,9 @@
1099
1144
  },
1100
1145
  {
1101
1146
  "address": "server.request.path_params"
1147
+ },
1148
+ {
1149
+ "address": "graphql.server.all_resolvers"
1102
1150
  }
1103
1151
  ],
1104
1152
  "regex": "(?i:<META[\\s/+].*?charset[\\s/+]*=)",
@@ -1134,6 +1182,9 @@
1134
1182
  },
1135
1183
  {
1136
1184
  "address": "server.request.path_params"
1185
+ },
1186
+ {
1187
+ "address": "graphql.server.all_resolvers"
1137
1188
  }
1138
1189
  ],
1139
1190
  "regex": "(?:self|document|this|top|window)\\s*(?:/\\*|[\\[)]).+?(?:\\]|\\*/)",
@@ -1167,6 +1218,9 @@
1167
1218
  },
1168
1219
  {
1169
1220
  "address": "server.request.path_params"
1221
+ },
1222
+ {
1223
+ "address": "graphql.server.all_resolvers"
1170
1224
  }
1171
1225
  ],
1172
1226
  "regex": "^{{[\\w\\s\\.]*[^\\w\\.\\s}][^}]*}}$",
@@ -1200,6 +1254,9 @@
1200
1254
  },
1201
1255
  {
1202
1256
  "address": "server.request.path_params"
1257
+ },
1258
+ {
1259
+ "address": "graphql.server.all_resolvers"
1203
1260
  }
1204
1261
  ],
1205
1262
  "regex": "\\b(?:s(?:q(?:lite_(?:compileoption_(?:used|get)|source_id)|rt)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|ub(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|e(?:ssion_user|c_to_time)|ys(?:tem_user|date)|ha[12]?|oundex|chema|pace|in)|c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|llation|alesce|t)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|ha(?:racte)?r_length|iel(?:ing)?|r32)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)|fnull)|l(?:o(?:ca(?:ltimestamp|te)|g(?:10|2)|ad_file|wer)|i(?:kel(?:ihood|y)|nestring)|ast_(?:inser_id|day)|e(?:as|f)t|case|trim|pad)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)|abase)|y(?:of(?:month|week|year)|name))|e(?:s_(?:de|en)crypt|grees|code)|count|ump)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|likely|hex)|tc_(?:time(?:stamp)?|date)|uid(?:_short)?|pdatexml|case)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im))|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|ulti(?:po(?:lygon|int)|linestring)|i(?:crosecon)?d|onthname|d5)|g(?:e(?:t_(?:format|lock)|ometrycollection)|(?:r(?:oup_conca|eates)|tid_subse)t)|p(?:o(?:(?:siti|lyg)on|w)|eriod_(?:diff|add)|rocedure_analyse|g_sleep)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|tan2?)|f(?:rom_(?:unixtime|base64|days)|i(?:el|n)d_in_set|ound_rows)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|b(?:i(?:t_(?:length|count|x?or|and)|n_to_num)|enchmark)|r(?:a(?:wtohex|dians|nd)|elease_lock|ow_count|trim|pad)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)|ight_string)|json(?:_(?:object|array))?|n(?:ame_const|ot_in|ullif)|var(?:_(?:sam|po)p|iance)|qu(?:arter|ote)|hex(?:toraw)?|yearweek|xmltype)\\W*\\(",
@@ -1233,6 +1290,9 @@
1233
1290
  },
1234
1291
  {
1235
1292
  "address": "server.request.path_params"
1293
+ },
1294
+ {
1295
+ "address": "graphql.server.all_resolvers"
1236
1296
  }
1237
1297
  ],
1238
1298
  "regex": "(?:select|;)\\s+(?:benchmark|sleep|if)\\s*?\\(\\s*?\\(?\\s*?\\w+",
@@ -1251,7 +1311,8 @@
1251
1311
  "tags": {
1252
1312
  "type": "sql_injection",
1253
1313
  "crs_id": "942190",
1254
- "category": "attack_attempt"
1314
+ "category": "attack_attempt",
1315
+ "cwe": "89"
1255
1316
  },
1256
1317
  "conditions": [
1257
1318
  {
@@ -1268,6 +1329,9 @@
1268
1329
  },
1269
1330
  {
1270
1331
  "address": "grpc.server.request.message"
1332
+ },
1333
+ {
1334
+ "address": "graphql.server.all_resolvers"
1271
1335
  }
1272
1336
  ],
1273
1337
  "regex": "(?:\\b(?:u(?:nion(?:[\\w(?:\\s]*?select|\\sselect\\s@)|ser\\s*?\\([^\\)]*?)|(?:c(?:onnection_id|urrent_user)|database)\\s*?\\([^\\)]*?|s(?:chema\\s*?\\([^\\)]*?|elect.*?\\w?user\\()|into[\\s+]+(?:dump|out)file\\s*?[\\\"'`]|from\\W+information_schema\\W|exec(?:ute)?\\s+master\\.)|[\\\"'`](?:;?\\s*?(?:union\\b\\s*?(?:(?:distin|sele)ct|all)|having|select)\\b\\s*?[^\\s]|\\s*?!\\s*?[\\\"'`\\w])|\\s*?exec(?:ute)?.*?\\Wxp_cmdshell|\\Wiif\\s*?\\()",
@@ -1300,6 +1364,9 @@
1300
1364
  },
1301
1365
  {
1302
1366
  "address": "server.request.path_params"
1367
+ },
1368
+ {
1369
+ "address": "graphql.server.all_resolvers"
1303
1370
  }
1304
1371
  ],
1305
1372
  "regex": "(?:select.*?having\\s*?[^\\s]+\\s*?[^\\w\\s]|[\\s(?:)]case\\s+when.*?then|\\)\\s*?like\\s*?\\()",
@@ -1333,6 +1400,9 @@
1333
1400
  },
1334
1401
  {
1335
1402
  "address": "server.request.path_params"
1403
+ },
1404
+ {
1405
+ "address": "graphql.server.all_resolvers"
1336
1406
  }
1337
1407
  ],
1338
1408
  "regex": "(?:create\\s+(?:procedure|function)\\s*?\\w+\\s*?\\(\\s*?\\)\\s*?-|;\\s*?(?:declare|open)\\s+[\\w-]+|procedure\\s+analyse\\s*?\\(|declare[^\\w]+[@#]\\s*?\\w+|exec\\s*?\\(\\s*?@)",
@@ -1365,6 +1435,9 @@
1365
1435
  },
1366
1436
  {
1367
1437
  "address": "server.request.path_params"
1438
+ },
1439
+ {
1440
+ "address": "graphql.server.all_resolvers"
1368
1441
  }
1369
1442
  ],
1370
1443
  "regex": "(?:;\\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|alter|load)\\b\\s*?[\\[(?:]?\\w{2,}|create\\s+function\\s.+\\sreturns)",
@@ -1398,6 +1471,9 @@
1398
1471
  {
1399
1472
  "address": "server.request.path_params"
1400
1473
  },
1474
+ {
1475
+ "address": "graphql.server.all_resolvers"
1476
+ },
1401
1477
  {
1402
1478
  "address": "server.request.headers.no_cookies"
1403
1479
  }
@@ -1420,7 +1496,9 @@
1420
1496
  "name": "Obfuscated Path Traversal Attack (/../) on any parameter",
1421
1497
  "tags": {
1422
1498
  "type": "lfi",
1423
- "category": "attack_attempt"
1499
+ "category": "attack_attempt",
1500
+ "cwe": "22",
1501
+ "capec": "1000/255/153/126"
1424
1502
  },
1425
1503
  "conditions": [
1426
1504
  {
@@ -1434,6 +1512,9 @@
1434
1512
  },
1435
1513
  {
1436
1514
  "address": "server.request.path_params"
1515
+ },
1516
+ {
1517
+ "address": "graphql.server.all_resolvers"
1437
1518
  }
1438
1519
  ],
1439
1520
  "regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01]|\\?)?|\\?\\.?|0x2e){2,3}(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)",
@@ -1451,7 +1532,9 @@
1451
1532
  "name": "Obfuscated Path Traversal Attack (/../) on any parameter",
1452
1533
  "tags": {
1453
1534
  "type": "lfi",
1454
- "category": "attack_attempt"
1535
+ "category": "attack_attempt",
1536
+ "cwe": "22",
1537
+ "capec": "1000/255/153/126"
1455
1538
  },
1456
1539
  "conditions": [
1457
1540
  {
@@ -1465,6 +1548,9 @@
1465
1548
  },
1466
1549
  {
1467
1550
  "address": "server.request.path_params"
1551
+ },
1552
+ {
1553
+ "address": "graphql.server.all_resolvers"
1468
1554
  }
1469
1555
  ],
1470
1556
  "regex": "(?:(?:^|[\\x5c/])\\.{2,3}[\\x5c/]|[\\x5c/]\\.{2,3}(?:[\\x5c/]|$))",
@@ -1485,7 +1571,8 @@
1485
1571
  "name": "NoSQL: Detect common exploitation strategy",
1486
1572
  "tags": {
1487
1573
  "type": "nosql_injection",
1488
- "category": "attack_attempt"
1574
+ "category": "attack_attempt",
1575
+ "cwe": "943"
1489
1576
  },
1490
1577
  "conditions": [
1491
1578
  {
@@ -1499,6 +1586,9 @@
1499
1586
  },
1500
1587
  {
1501
1588
  "address": "server.request.path_params"
1589
+ },
1590
+ {
1591
+ "address": "graphql.server.all_resolvers"
1502
1592
  }
1503
1593
  ],
1504
1594
  "regex": "^\\$(eq|ne|(l|g)te?|n?in|not|(n|x|)or|and|regex|where|expr|exists)$"
@@ -1542,4 +1632,4 @@
1542
1632
  "transformers": []
1543
1633
  }
1544
1634
  ]
1545
- }
1635
+ }
@@ -10,6 +10,14 @@ module Datadog
10
10
  read("waf_rules/#{kind}.json")
11
11
  end
12
12
 
13
+ def waf_processors
14
+ read('waf_rules/processors.json')
15
+ end
16
+
17
+ def waf_scanners
18
+ read('waf_rules/scanners.json')
19
+ end
20
+
13
21
  def blocked(format: :html)
14
22
  (@blocked ||= {})[format] ||= read("blocked.#{format}")
15
23
  end
@@ -3,6 +3,7 @@
3
3
  require_relative 'processor'
4
4
  require_relative 'processor/rule_merger'
5
5
  require_relative 'processor/rule_loader'
6
+ require_relative 'processor/actions'
6
7
 
7
8
  module Datadog
8
9
  module AppSec
@@ -13,12 +14,12 @@ module Datadog
13
14
  return unless settings.respond_to?(:appsec) && settings.appsec.enabled
14
15
 
15
16
  processor = create_processor(settings)
17
+
16
18
  # We want to always instrument user events when AppSec is enabled.
17
19
  # There could be cases in which users use the DD_APPSEC_ENABLED Env variable to
18
20
  # enable AppSec, in that case, Devise is already instrumented.
19
21
  # In the case that users do not use DD_APPSEC_ENABLED, we have to instrument it,
20
22
  # hence the lines above.
21
-
22
23
  devise_integration = Datadog::AppSec::Contrib::Devise::Integration.new
23
24
  settings.appsec.instrument(:devise) unless devise_integration.patcher.patched?
24
25
 
@@ -31,6 +32,10 @@ module Datadog
31
32
  rules = AppSec::Processor::RuleLoader.load_rules(ruleset: settings.appsec.ruleset)
32
33
  return nil unless rules
33
34
 
35
+ actions = rules['actions']
36
+
37
+ AppSec::Processor::Actions.merge(actions) if actions
38
+
34
39
  data = AppSec::Processor::RuleLoader.load_data(
35
40
  ip_denylist: settings.appsec.ip_denylist,
36
41
  user_id_denylist: settings.appsec.user_id_denylist
@@ -55,8 +60,10 @@ module Datadog
55
60
  @mutex = Mutex.new
56
61
  end
57
62
 
58
- def reconfigure(ruleset:)
63
+ def reconfigure(ruleset:, actions:)
59
64
  @mutex.synchronize do
65
+ AppSec::Processor::Actions.merge(actions)
66
+
60
67
  new = Processor.new(ruleset: ruleset)
61
68
 
62
69
  if new && new.ready?