@iflow-mcp/sinewaveai-agent-security-scanner-mcp 3.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1870) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +1293 -0
  3. package/analyzer.py +314 -0
  4. package/ast_parser.py +296 -0
  5. package/cross_file_analyzer.py +216 -0
  6. package/daemon.py +179 -0
  7. package/generic_ast.py +577 -0
  8. package/index.js +584 -0
  9. package/openclaw.plugin.json +41 -0
  10. package/package.json +1 -0
  11. package/packages/crates.txt +156488 -0
  12. package/packages/dart.txt +67353 -0
  13. package/packages/npm-bloom.json +1 -0
  14. package/packages/perl.txt +55924 -0
  15. package/packages/pypi-bloom.json +1 -0
  16. package/packages/raku.txt +2138 -0
  17. package/packages/rubygems-bloom.json +1 -0
  18. package/pattern_matcher.py +551 -0
  19. package/regex_fallback.py +732 -0
  20. package/requirements.txt +14 -0
  21. package/rules/__init__.py +261 -0
  22. package/rules/__pycache__/__init__.cpython-311.pyc +0 -0
  23. package/rules/agent-attacks.security.yaml +791 -0
  24. package/rules/c/lang/correctness/c-string-equality.yaml +18 -0
  25. package/rules/c/lang/correctness/goto-fail.yaml +13 -0
  26. package/rules/c/lang/correctness/incorrect-use-ato-fn.yaml +19 -0
  27. package/rules/c/lang/correctness/incorrect-use-sscanf-fn.yaml +21 -0
  28. package/rules/c/lang/security/double-free.yaml +45 -0
  29. package/rules/c/lang/security/function-use-after-free.yaml +44 -0
  30. package/rules/c/lang/security/info-leak-on-non-formatted-string.yaml +23 -0
  31. package/rules/c/lang/security/insecure-use-gets-fn.yaml +21 -0
  32. package/rules/c/lang/security/insecure-use-memset.yaml +36 -0
  33. package/rules/c/lang/security/insecure-use-printf-fn.yaml +44 -0
  34. package/rules/c/lang/security/insecure-use-scanf-fn.yaml +22 -0
  35. package/rules/c/lang/security/insecure-use-strcat-fn.yaml +25 -0
  36. package/rules/c/lang/security/insecure-use-string-copy-fn.yaml +29 -0
  37. package/rules/c/lang/security/insecure-use-strtok-fn.yaml +24 -0
  38. package/rules/c/lang/security/random-fd-exhaustion.yaml +39 -0
  39. package/rules/c/lang/security/use-after-free.yaml +39 -0
  40. package/rules/c.security.yaml +459 -0
  41. package/rules/clawhavoc.yaml +443 -0
  42. package/rules/csharp/dotnet/security/audit/ldap-injection.yaml +44 -0
  43. package/rules/csharp/dotnet/security/audit/mass-assignment.yaml +51 -0
  44. package/rules/csharp/dotnet/security/audit/misconfigured-lockout-option.yaml +36 -0
  45. package/rules/csharp/dotnet/security/audit/missing-or-broken-authorization.yaml +60 -0
  46. package/rules/csharp/dotnet/security/audit/open-directory-listing.yaml +36 -0
  47. package/rules/csharp/dotnet/security/audit/razor-use-of-htmlstring.yaml +36 -0
  48. package/rules/csharp/dotnet/security/audit/xpath-injection.yaml +37 -0
  49. package/rules/csharp/dotnet/security/mvc-missing-antiforgery.yaml +51 -0
  50. package/rules/csharp/dotnet/security/net-webconfig-debug.yaml +35 -0
  51. package/rules/csharp/dotnet/security/net-webconfig-trace-enabled.yaml +32 -0
  52. package/rules/csharp/dotnet/security/razor-template-injection.yaml +38 -0
  53. package/rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.yaml +32 -0
  54. package/rules/csharp/dotnet/security/use_ecb_mode.yaml +40 -0
  55. package/rules/csharp/dotnet/security/use_weak_rng_for_keygeneration.yaml +49 -0
  56. package/rules/csharp/dotnet/security/use_weak_rsa_encryption_padding.yaml +29 -0
  57. package/rules/csharp/dotnet/security/web-config-insecure-cookie-settings.yaml +43 -0
  58. package/rules/csharp/lang/best-practice/structured-logging.yaml +50 -0
  59. package/rules/csharp/lang/correctness/double/double-epsilon-equality.yaml +34 -0
  60. package/rules/csharp/lang/correctness/regioninfo/regioninfo-interop.yaml +37 -0
  61. package/rules/csharp/lang/correctness/sslcertificatetrust/sslcertificatetrust-handshake-no-trust.yaml +23 -0
  62. package/rules/csharp/lang/security/ad/jwt-tokenvalidationparameters-no-expiry-validation.yaml +45 -0
  63. package/rules/csharp/lang/security/cryptography/X509-subject-name-validation.yaml +74 -0
  64. package/rules/csharp/lang/security/cryptography/X509Certificate2-privkey.yaml +39 -0
  65. package/rules/csharp/lang/security/cryptography/unsigned-security-token.yaml +32 -0
  66. package/rules/csharp/lang/security/filesystem/unsafe-path-combine.yaml +61 -0
  67. package/rules/csharp/lang/security/http/http-listener-wildcard-bindings.yaml +35 -0
  68. package/rules/csharp/lang/security/injections/os-command.yaml +94 -0
  69. package/rules/csharp/lang/security/insecure-deserialization/binary-formatter.yaml +35 -0
  70. package/rules/csharp/lang/security/insecure-deserialization/data-contract-resolver.yaml +30 -0
  71. package/rules/csharp/lang/security/insecure-deserialization/fast-json.yaml +37 -0
  72. package/rules/csharp/lang/security/insecure-deserialization/fs-pickler.yaml +34 -0
  73. package/rules/csharp/lang/security/insecure-deserialization/insecure-typefilterlevel-full.yaml +49 -0
  74. package/rules/csharp/lang/security/insecure-deserialization/javascript-serializer.yaml +34 -0
  75. package/rules/csharp/lang/security/insecure-deserialization/los-formatter.yaml +36 -0
  76. package/rules/csharp/lang/security/insecure-deserialization/net-data-contract.yaml +36 -0
  77. package/rules/csharp/lang/security/insecure-deserialization/newtonsoft.yaml +46 -0
  78. package/rules/csharp/lang/security/insecure-deserialization/soap-formatter.yaml +36 -0
  79. package/rules/csharp/lang/security/memory/memory-marshal-create-span.yaml +30 -0
  80. package/rules/csharp/lang/security/missing-hsts-header.yaml +53 -0
  81. package/rules/csharp/lang/security/open-redirect.yaml +48 -0
  82. package/rules/csharp/lang/security/regular-expression-dos/regular-expression-dos-infinite-timeout.yaml +39 -0
  83. package/rules/csharp/lang/security/regular-expression-dos/regular-expression-dos.yaml +53 -0
  84. package/rules/csharp/lang/security/sqli/csharp-sqli.yaml +65 -0
  85. package/rules/csharp/lang/security/ssrf/http-client.yaml +67 -0
  86. package/rules/csharp/lang/security/ssrf/rest-client.yaml +45 -0
  87. package/rules/csharp/lang/security/ssrf/web-client.yaml +85 -0
  88. package/rules/csharp/lang/security/ssrf/web-request.yaml +60 -0
  89. package/rules/csharp/lang/security/stacktrace-disclosure.yaml +37 -0
  90. package/rules/csharp/lang/security/xxe/xmldocument-unsafe-parser-override.yaml +44 -0
  91. package/rules/csharp/lang/security/xxe/xmlreadersettings-unsafe-parser-override.yaml +44 -0
  92. package/rules/csharp/lang/security/xxe/xmltextreader-unsafe-defaults.yaml +45 -0
  93. package/rules/csharp/razor/security/html-raw-json.yaml +34 -0
  94. package/rules/dockerfile.security.yaml +291 -0
  95. package/rules/generic/bicep/security/secure-parameter-for-secrets.yaml +36 -0
  96. package/rules/generic/ci/audit/changed-semgrepignore.yaml +24 -0
  97. package/rules/generic/ci/security/bash-reverse-shell.yaml +32 -0
  98. package/rules/generic/dockerfile/best-practice/missing-yum-clean-all.yaml +22 -0
  99. package/rules/generic/dockerfile/best-practice/use-absolute-workdir.yaml +35 -0
  100. package/rules/generic/dockerfile/correctness/alias-must-be-unique.yaml +40 -0
  101. package/rules/generic/dockerfile/correctness/copy-from-own-alias.yaml +33 -0
  102. package/rules/generic/dockerfile/correctness/multiple-cmd-instructions.yaml +54 -0
  103. package/rules/generic/dockerfile/missing-zypper-no-confirm-switch.yaml +25 -0
  104. package/rules/generic/gradle/security/build-gradle-password-hardcoded.yaml +39 -0
  105. package/rules/generic/html-templates/security/unquoted-attribute-var.yaml +41 -0
  106. package/rules/generic/html-templates/security/var-in-href.yaml +53 -0
  107. package/rules/generic/html-templates/security/var-in-script-src.yaml +46 -0
  108. package/rules/generic/html-templates/security/var-in-script-tag.yaml +47 -0
  109. package/rules/generic/hugo/best-practice/invalid-base-url.yaml +16 -0
  110. package/rules/generic/hugo/best-practice/localhost-base-url.yaml +14 -0
  111. package/rules/generic/nginx/security/alias-path-traversal.yaml +51 -0
  112. package/rules/generic/nginx/security/dynamic-proxy-host.yaml +36 -0
  113. package/rules/generic/nginx/security/dynamic-proxy-scheme.yaml +34 -0
  114. package/rules/generic/nginx/security/header-injection.yaml +39 -0
  115. package/rules/generic/nginx/security/header-redefinition.yaml +47 -0
  116. package/rules/generic/nginx/security/insecure-redirect.yaml +39 -0
  117. package/rules/generic/nginx/security/insecure-ssl-version.yaml +39 -0
  118. package/rules/generic/nginx/security/missing-internal.yaml +53 -0
  119. package/rules/generic/nginx/security/missing-ssl-version.yaml +37 -0
  120. package/rules/generic/nginx/security/possible-h2c-smuggling.yaml +61 -0
  121. package/rules/generic/nginx/security/request-host-used.yaml +36 -0
  122. package/rules/generic/secrets/gitleaks/adafruit-api-key.yaml +27 -0
  123. package/rules/generic/secrets/gitleaks/adobe-client-id.yaml +27 -0
  124. package/rules/generic/secrets/gitleaks/adobe-client-secret.yaml +27 -0
  125. package/rules/generic/secrets/gitleaks/age-secret-key.yaml +27 -0
  126. package/rules/generic/secrets/gitleaks/airtable-api-key.yaml +27 -0
  127. package/rules/generic/secrets/gitleaks/algolia-api-key.yaml +27 -0
  128. package/rules/generic/secrets/gitleaks/alibaba-access-key-id.yaml +27 -0
  129. package/rules/generic/secrets/gitleaks/alibaba-secret-key.yaml +27 -0
  130. package/rules/generic/secrets/gitleaks/asana-client-id.yaml +27 -0
  131. package/rules/generic/secrets/gitleaks/asana-client-secret.yaml +27 -0
  132. package/rules/generic/secrets/gitleaks/atlassian-api-token.yaml +27 -0
  133. package/rules/generic/secrets/gitleaks/authress-service-client-access-key.yaml +27 -0
  134. package/rules/generic/secrets/gitleaks/aws-access-token.yaml +27 -0
  135. package/rules/generic/secrets/gitleaks/beamer-api-token.yaml +27 -0
  136. package/rules/generic/secrets/gitleaks/bitbucket-client-id.yaml +27 -0
  137. package/rules/generic/secrets/gitleaks/bitbucket-client-secret.yaml +27 -0
  138. package/rules/generic/secrets/gitleaks/bittrex-access-key.yaml +27 -0
  139. package/rules/generic/secrets/gitleaks/bittrex-secret-key.yaml +27 -0
  140. package/rules/generic/secrets/gitleaks/clojars-api-token.yaml +27 -0
  141. package/rules/generic/secrets/gitleaks/cloudflare-api-key.yaml +27 -0
  142. package/rules/generic/secrets/gitleaks/cloudflare-global-api-key.yaml +27 -0
  143. package/rules/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml +27 -0
  144. package/rules/generic/secrets/gitleaks/codecov-access-token.yaml +27 -0
  145. package/rules/generic/secrets/gitleaks/coinbase-access-token.yaml +27 -0
  146. package/rules/generic/secrets/gitleaks/confluent-access-token.yaml +27 -0
  147. package/rules/generic/secrets/gitleaks/confluent-secret-key.yaml +27 -0
  148. package/rules/generic/secrets/gitleaks/contentful-delivery-api-token.yaml +27 -0
  149. package/rules/generic/secrets/gitleaks/databricks-api-token.yaml +27 -0
  150. package/rules/generic/secrets/gitleaks/datadog-access-token.yaml +27 -0
  151. package/rules/generic/secrets/gitleaks/defined-networking-api-token.yaml +27 -0
  152. package/rules/generic/secrets/gitleaks/digitalocean-access-token.yaml +27 -0
  153. package/rules/generic/secrets/gitleaks/digitalocean-pat.yaml +27 -0
  154. package/rules/generic/secrets/gitleaks/digitalocean-refresh-token.yaml +27 -0
  155. package/rules/generic/secrets/gitleaks/discord-api-token.yaml +27 -0
  156. package/rules/generic/secrets/gitleaks/discord-client-id.yaml +27 -0
  157. package/rules/generic/secrets/gitleaks/discord-client-secret.yaml +27 -0
  158. package/rules/generic/secrets/gitleaks/doppler-api-token.yaml +27 -0
  159. package/rules/generic/secrets/gitleaks/droneci-access-token.yaml +27 -0
  160. package/rules/generic/secrets/gitleaks/dropbox-api-token.yaml +27 -0
  161. package/rules/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml +27 -0
  162. package/rules/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml +27 -0
  163. package/rules/generic/secrets/gitleaks/duffel-api-token.yaml +27 -0
  164. package/rules/generic/secrets/gitleaks/dynatrace-api-token.yaml +27 -0
  165. package/rules/generic/secrets/gitleaks/easypost-api-token.yaml +27 -0
  166. package/rules/generic/secrets/gitleaks/easypost-test-api-token.yaml +27 -0
  167. package/rules/generic/secrets/gitleaks/etsy-access-token.yaml +27 -0
  168. package/rules/generic/secrets/gitleaks/facebook-access-token.yaml +27 -0
  169. package/rules/generic/secrets/gitleaks/facebook-page-access-token.yaml +27 -0
  170. package/rules/generic/secrets/gitleaks/facebook-secret.yaml +27 -0
  171. package/rules/generic/secrets/gitleaks/facebook.yaml +27 -0
  172. package/rules/generic/secrets/gitleaks/fastly-api-token.yaml +27 -0
  173. package/rules/generic/secrets/gitleaks/finicity-api-token.yaml +27 -0
  174. package/rules/generic/secrets/gitleaks/finicity-client-secret.yaml +27 -0
  175. package/rules/generic/secrets/gitleaks/finnhub-access-token.yaml +27 -0
  176. package/rules/generic/secrets/gitleaks/flickr-access-token.yaml +27 -0
  177. package/rules/generic/secrets/gitleaks/flutterwave-encryption-key.yaml +27 -0
  178. package/rules/generic/secrets/gitleaks/flutterwave-public-key.yaml +27 -0
  179. package/rules/generic/secrets/gitleaks/flutterwave-secret-key.yaml +27 -0
  180. package/rules/generic/secrets/gitleaks/frameio-api-token.yaml +27 -0
  181. package/rules/generic/secrets/gitleaks/freshbooks-access-token.yaml +27 -0
  182. package/rules/generic/secrets/gitleaks/gcp-api-key.yaml +27 -0
  183. package/rules/generic/secrets/gitleaks/generic-api-key.yaml +76 -0
  184. package/rules/generic/secrets/gitleaks/github-app-token.yaml +27 -0
  185. package/rules/generic/secrets/gitleaks/github-fine-grained-pat.yaml +27 -0
  186. package/rules/generic/secrets/gitleaks/github-oauth.yaml +27 -0
  187. package/rules/generic/secrets/gitleaks/github-pat.yaml +27 -0
  188. package/rules/generic/secrets/gitleaks/github-refresh-token.yaml +27 -0
  189. package/rules/generic/secrets/gitleaks/gitlab-pat.yaml +27 -0
  190. package/rules/generic/secrets/gitleaks/gitlab-ptt.yaml +27 -0
  191. package/rules/generic/secrets/gitleaks/gitlab-rrt.yaml +27 -0
  192. package/rules/generic/secrets/gitleaks/gitter-access-token.yaml +27 -0
  193. package/rules/generic/secrets/gitleaks/gocardless-api-token.yaml +27 -0
  194. package/rules/generic/secrets/gitleaks/grafana-api-key.yaml +27 -0
  195. package/rules/generic/secrets/gitleaks/grafana-cloud-api-token.yaml +27 -0
  196. package/rules/generic/secrets/gitleaks/grafana-service-account-token.yaml +27 -0
  197. package/rules/generic/secrets/gitleaks/harness-api-key.yaml +27 -0
  198. package/rules/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml +27 -0
  199. package/rules/generic/secrets/gitleaks/hashicorp-tf-password.yaml +31 -0
  200. package/rules/generic/secrets/gitleaks/heroku-api-key.yaml +27 -0
  201. package/rules/generic/secrets/gitleaks/hubspot-api-key.yaml +27 -0
  202. package/rules/generic/secrets/gitleaks/huggingface-access-token.yaml +27 -0
  203. package/rules/generic/secrets/gitleaks/huggingface-organization-api-token.yaml +27 -0
  204. package/rules/generic/secrets/gitleaks/infracost-api-token.yaml +27 -0
  205. package/rules/generic/secrets/gitleaks/intercom-api-key.yaml +27 -0
  206. package/rules/generic/secrets/gitleaks/intra42-client-secret.yaml +27 -0
  207. package/rules/generic/secrets/gitleaks/jfrog-api-key.yaml +27 -0
  208. package/rules/generic/secrets/gitleaks/jfrog-identity-token.yaml +27 -0
  209. package/rules/generic/secrets/gitleaks/jwt-base64.yaml +27 -0
  210. package/rules/generic/secrets/gitleaks/jwt.yaml +27 -0
  211. package/rules/generic/secrets/gitleaks/kraken-access-token.yaml +27 -0
  212. package/rules/generic/secrets/gitleaks/kucoin-access-token.yaml +27 -0
  213. package/rules/generic/secrets/gitleaks/kucoin-secret-key.yaml +27 -0
  214. package/rules/generic/secrets/gitleaks/launchdarkly-access-token.yaml +27 -0
  215. package/rules/generic/secrets/gitleaks/linear-api-key.yaml +27 -0
  216. package/rules/generic/secrets/gitleaks/linear-client-secret.yaml +27 -0
  217. package/rules/generic/secrets/gitleaks/linkedin-client-id.yaml +27 -0
  218. package/rules/generic/secrets/gitleaks/linkedin-client-secret.yaml +27 -0
  219. package/rules/generic/secrets/gitleaks/lob-api-key.yaml +27 -0
  220. package/rules/generic/secrets/gitleaks/lob-pub-api-key.yaml +27 -0
  221. package/rules/generic/secrets/gitleaks/mailchimp-api-key.yaml +27 -0
  222. package/rules/generic/secrets/gitleaks/mailgun-private-api-token.yaml +27 -0
  223. package/rules/generic/secrets/gitleaks/mailgun-pub-key.yaml +27 -0
  224. package/rules/generic/secrets/gitleaks/mailgun-signing-key.yaml +27 -0
  225. package/rules/generic/secrets/gitleaks/mapbox-api-token.yaml +27 -0
  226. package/rules/generic/secrets/gitleaks/mattermost-access-token.yaml +27 -0
  227. package/rules/generic/secrets/gitleaks/messagebird-api-token.yaml +27 -0
  228. package/rules/generic/secrets/gitleaks/messagebird-client-id.yaml +27 -0
  229. package/rules/generic/secrets/gitleaks/microsoft-teams-webhook.yaml +27 -0
  230. package/rules/generic/secrets/gitleaks/netlify-access-token.yaml +27 -0
  231. package/rules/generic/secrets/gitleaks/new-relic-browser-api-token.yaml +27 -0
  232. package/rules/generic/secrets/gitleaks/new-relic-insert-key.yaml +27 -0
  233. package/rules/generic/secrets/gitleaks/new-relic-user-api-id.yaml +27 -0
  234. package/rules/generic/secrets/gitleaks/new-relic-user-api-key.yaml +27 -0
  235. package/rules/generic/secrets/gitleaks/npm-access-token.yaml +27 -0
  236. package/rules/generic/secrets/gitleaks/nytimes-access-token.yaml +27 -0
  237. package/rules/generic/secrets/gitleaks/okta-access-token.yaml +27 -0
  238. package/rules/generic/secrets/gitleaks/openai-api-key.yaml +27 -0
  239. package/rules/generic/secrets/gitleaks/plaid-api-token.yaml +27 -0
  240. package/rules/generic/secrets/gitleaks/plaid-client-id.yaml +27 -0
  241. package/rules/generic/secrets/gitleaks/plaid-secret-key.yaml +27 -0
  242. package/rules/generic/secrets/gitleaks/planetscale-api-token.yaml +27 -0
  243. package/rules/generic/secrets/gitleaks/planetscale-oauth-token.yaml +27 -0
  244. package/rules/generic/secrets/gitleaks/planetscale-password.yaml +27 -0
  245. package/rules/generic/secrets/gitleaks/postman-api-token.yaml +27 -0
  246. package/rules/generic/secrets/gitleaks/prefect-api-token.yaml +27 -0
  247. package/rules/generic/secrets/gitleaks/private-key.yaml +27 -0
  248. package/rules/generic/secrets/gitleaks/pulumi-api-token.yaml +27 -0
  249. package/rules/generic/secrets/gitleaks/pypi-upload-token.yaml +27 -0
  250. package/rules/generic/secrets/gitleaks/rapidapi-access-token.yaml +27 -0
  251. package/rules/generic/secrets/gitleaks/readme-api-token.yaml +27 -0
  252. package/rules/generic/secrets/gitleaks/rubygems-api-token.yaml +27 -0
  253. package/rules/generic/secrets/gitleaks/scalingo-api-token.yaml +27 -0
  254. package/rules/generic/secrets/gitleaks/sendbird-access-id.yaml +27 -0
  255. package/rules/generic/secrets/gitleaks/sendbird-access-token.yaml +27 -0
  256. package/rules/generic/secrets/gitleaks/sendgrid-api-token.yaml +27 -0
  257. package/rules/generic/secrets/gitleaks/sendinblue-api-token.yaml +27 -0
  258. package/rules/generic/secrets/gitleaks/sentry-access-token.yaml +27 -0
  259. package/rules/generic/secrets/gitleaks/shippo-api-token.yaml +27 -0
  260. package/rules/generic/secrets/gitleaks/shopify-access-token.yaml +27 -0
  261. package/rules/generic/secrets/gitleaks/shopify-custom-access-token.yaml +27 -0
  262. package/rules/generic/secrets/gitleaks/shopify-private-app-access-token.yaml +27 -0
  263. package/rules/generic/secrets/gitleaks/shopify-shared-secret.yaml +27 -0
  264. package/rules/generic/secrets/gitleaks/sidekiq-secret.yaml +27 -0
  265. package/rules/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml +27 -0
  266. package/rules/generic/secrets/gitleaks/slack-app-token.yaml +27 -0
  267. package/rules/generic/secrets/gitleaks/slack-bot-token.yaml +27 -0
  268. package/rules/generic/secrets/gitleaks/slack-config-access-token.yaml +27 -0
  269. package/rules/generic/secrets/gitleaks/slack-config-refresh-token.yaml +27 -0
  270. package/rules/generic/secrets/gitleaks/slack-legacy-bot-token.yaml +27 -0
  271. package/rules/generic/secrets/gitleaks/slack-legacy-token.yaml +27 -0
  272. package/rules/generic/secrets/gitleaks/slack-legacy-workspace-token.yaml +27 -0
  273. package/rules/generic/secrets/gitleaks/slack-user-token.yaml +27 -0
  274. package/rules/generic/secrets/gitleaks/slack-webhook-url.yaml +27 -0
  275. package/rules/generic/secrets/gitleaks/snyk-api-token.yaml +27 -0
  276. package/rules/generic/secrets/gitleaks/square-access-token.yaml +27 -0
  277. package/rules/generic/secrets/gitleaks/squarespace-access-token.yaml +27 -0
  278. package/rules/generic/secrets/gitleaks/stripe-access-token.yaml +27 -0
  279. package/rules/generic/secrets/gitleaks/sumologic-access-id.yaml +27 -0
  280. package/rules/generic/secrets/gitleaks/sumologic-access-token.yaml +27 -0
  281. package/rules/generic/secrets/gitleaks/telegram-bot-api-token.yaml +27 -0
  282. package/rules/generic/secrets/gitleaks/travisci-access-token.yaml +27 -0
  283. package/rules/generic/secrets/gitleaks/twilio-api-key.yaml +27 -0
  284. package/rules/generic/secrets/gitleaks/twitch-api-token.yaml +27 -0
  285. package/rules/generic/secrets/gitleaks/twitter-access-secret.yaml +27 -0
  286. package/rules/generic/secrets/gitleaks/twitter-access-token.yaml +27 -0
  287. package/rules/generic/secrets/gitleaks/twitter-api-key.yaml +27 -0
  288. package/rules/generic/secrets/gitleaks/twitter-api-secret.yaml +27 -0
  289. package/rules/generic/secrets/gitleaks/twitter-bearer-token.yaml +27 -0
  290. package/rules/generic/secrets/gitleaks/typeform-api-token.yaml +27 -0
  291. package/rules/generic/secrets/gitleaks/vault-batch-token.yaml +27 -0
  292. package/rules/generic/secrets/gitleaks/vault-service-token.yaml +27 -0
  293. package/rules/generic/secrets/gitleaks/yandex-access-token.yaml +27 -0
  294. package/rules/generic/secrets/gitleaks/yandex-api-key.yaml +27 -0
  295. package/rules/generic/secrets/gitleaks/yandex-aws-access-token.yaml +27 -0
  296. package/rules/generic/secrets/gitleaks/zendesk-secret-key.yaml +27 -0
  297. package/rules/generic/secrets/security/detected-amazon-mws-auth-token.yaml +26 -0
  298. package/rules/generic/secrets/security/detected-artifactory-password.yaml +47 -0
  299. package/rules/generic/secrets/security/detected-artifactory-token.yaml +44 -0
  300. package/rules/generic/secrets/security/detected-aws-access-key-id-value.yaml +29 -0
  301. package/rules/generic/secrets/security/detected-aws-account-id.yaml +58 -0
  302. package/rules/generic/secrets/security/detected-aws-appsync-graphql-key.yaml +27 -0
  303. package/rules/generic/secrets/security/detected-aws-secret-access-key.yaml +30 -0
  304. package/rules/generic/secrets/security/detected-aws-session-token.yaml +31 -0
  305. package/rules/generic/secrets/security/detected-bcrypt-hash.yaml +25 -0
  306. package/rules/generic/secrets/security/detected-codeclimate.yaml +27 -0
  307. package/rules/generic/secrets/security/detected-etc-shadow.yaml +27 -0
  308. package/rules/generic/secrets/security/detected-facebook-access-token.yaml +29 -0
  309. package/rules/generic/secrets/security/detected-facebook-oauth.yaml +27 -0
  310. package/rules/generic/secrets/security/detected-generic-api-key.yaml +29 -0
  311. package/rules/generic/secrets/security/detected-generic-secret.yaml +30 -0
  312. package/rules/generic/secrets/security/detected-github-token.yaml +47 -0
  313. package/rules/generic/secrets/security/detected-google-api-key.yaml +29 -0
  314. package/rules/generic/secrets/security/detected-google-cloud-api-key.yaml +27 -0
  315. package/rules/generic/secrets/security/detected-google-gcm-service-account.yaml +27 -0
  316. package/rules/generic/secrets/security/detected-google-oauth-access-token.yaml +26 -0
  317. package/rules/generic/secrets/security/detected-google-oauth.yaml +26 -0
  318. package/rules/generic/secrets/security/detected-heroku-api-key.yaml +27 -0
  319. package/rules/generic/secrets/security/detected-hockeyapp.yaml +27 -0
  320. package/rules/generic/secrets/security/detected-jwt-token.yaml +25 -0
  321. package/rules/generic/secrets/security/detected-kolide-api-key.yaml +25 -0
  322. package/rules/generic/secrets/security/detected-mailchimp-api-key.yaml +26 -0
  323. package/rules/generic/secrets/security/detected-mailgun-api-key.yaml +26 -0
  324. package/rules/generic/secrets/security/detected-npm-registry-auth-token.yaml +33 -0
  325. package/rules/generic/secrets/security/detected-onfido-live-api-token.yaml +20 -0
  326. package/rules/generic/secrets/security/detected-outlook-team.yaml +27 -0
  327. package/rules/generic/secrets/security/detected-paypal-braintree-access-token.yaml +27 -0
  328. package/rules/generic/secrets/security/detected-pgp-private-key-block.yaml +28 -0
  329. package/rules/generic/secrets/security/detected-picatic-api-key.yaml +26 -0
  330. package/rules/generic/secrets/security/detected-private-key.yaml +39 -0
  331. package/rules/generic/secrets/security/detected-sauce-token.yaml +27 -0
  332. package/rules/generic/secrets/security/detected-sendgrid-api-key.yaml +27 -0
  333. package/rules/generic/secrets/security/detected-slack-token.yaml +28 -0
  334. package/rules/generic/secrets/security/detected-slack-webhook.yaml +27 -0
  335. package/rules/generic/secrets/security/detected-snyk-api-key.yaml +26 -0
  336. package/rules/generic/secrets/security/detected-softlayer-api-key.yaml +27 -0
  337. package/rules/generic/secrets/security/detected-sonarqube-docs-api-key.yaml +40 -0
  338. package/rules/generic/secrets/security/detected-square-access-token.yaml +26 -0
  339. package/rules/generic/secrets/security/detected-square-oauth-secret.yaml +27 -0
  340. package/rules/generic/secrets/security/detected-ssh-password.yaml +27 -0
  341. package/rules/generic/secrets/security/detected-stripe-api-key.yaml +26 -0
  342. package/rules/generic/secrets/security/detected-stripe-restricted-api-key.yaml +26 -0
  343. package/rules/generic/secrets/security/detected-telegram-bot-api-key.yaml +30 -0
  344. package/rules/generic/secrets/security/detected-twilio-api-key.yaml +26 -0
  345. package/rules/generic/secrets/security/detected-username-and-password-in-uri.yaml +35 -0
  346. package/rules/generic/secrets/security/google-maps-apikeyleak.yaml +25 -0
  347. package/rules/generic/unicode/security/bidi.yml +58 -0
  348. package/rules/generic/visualforce/security/ncino/html/UseSRIForCDNs.yaml +50 -0
  349. package/rules/generic/visualforce/security/ncino/vf/XSSFromUnescapedURLParam.yaml +48 -0
  350. package/rules/generic/visualforce/security/ncino/xml/CSPHeaderAttribute.yaml +36 -0
  351. package/rules/generic/visualforce/security/ncino/xml/VisualForceAPIVersion.yaml +36 -0
  352. package/rules/generic.secrets.yaml +503 -0
  353. package/rules/go/aws-lambda/security/database-sqli.yaml +63 -0
  354. package/rules/go/aws-lambda/security/tainted-sql-string.yaml +69 -0
  355. package/rules/go/gorilla/security/audit/handler-assignment-from-multiple-sources.yaml +48 -0
  356. package/rules/go/gorilla/security/audit/session-cookie-missing-httponly.yaml +40 -0
  357. package/rules/go/gorilla/security/audit/session-cookie-missing-secure.yaml +39 -0
  358. package/rules/go/gorilla/security/audit/session-cookie-samesitenone.yaml +37 -0
  359. package/rules/go/gorilla/security/audit/websocket-missing-origin-check.yaml +40 -0
  360. package/rules/go/gorm/security/audit/gorm-dangerous-methods-usage.yaml +70 -0
  361. package/rules/go/grpc/security/grpc-client-insecure-connection.yaml +34 -0
  362. package/rules/go/grpc/security/grpc-server-insecure-connection.yaml +44 -0
  363. package/rules/go/jwt-go/security/audit/jwt-parse-unverified.yaml +33 -0
  364. package/rules/go/jwt-go/security/jwt-none-alg.yaml +40 -0
  365. package/rules/go/jwt-go/security/jwt.yaml +43 -0
  366. package/rules/go/lang/best-practice/channel-guarded-with-mutex.yaml +22 -0
  367. package/rules/go/lang/best-practice/hidden-goroutine.yaml +27 -0
  368. package/rules/go/lang/correctness/looppointer.yaml +29 -0
  369. package/rules/go/lang/correctness/overflow/overflow.yaml +39 -0
  370. package/rules/go/lang/correctness/permissions/file_permission.yaml +31 -0
  371. package/rules/go/lang/correctness/use-filepath-join.yaml +50 -0
  372. package/rules/go/lang/correctness/useless-eqeq.yaml +31 -0
  373. package/rules/go/lang/maintainability/useless-ifelse.yaml +33 -0
  374. package/rules/go/lang/security/audit/crypto/bad_imports.yaml +33 -0
  375. package/rules/go/lang/security/audit/crypto/insecure_ssh.yaml +30 -0
  376. package/rules/go/lang/security/audit/crypto/math_random.yaml +41 -0
  377. package/rules/go/lang/security/audit/crypto/missing-ssl-minversion.yaml +39 -0
  378. package/rules/go/lang/security/audit/crypto/sha224-hash.yaml +45 -0
  379. package/rules/go/lang/security/audit/crypto/ssl.yaml +31 -0
  380. package/rules/go/lang/security/audit/crypto/tls.yaml +61 -0
  381. package/rules/go/lang/security/audit/crypto/use_of_weak_crypto.yaml +132 -0
  382. package/rules/go/lang/security/audit/crypto/use_of_weak_rsa_key.yaml +36 -0
  383. package/rules/go/lang/security/audit/dangerous-command-write.yaml +49 -0
  384. package/rules/go/lang/security/audit/dangerous-exec-cmd.yaml +86 -0
  385. package/rules/go/lang/security/audit/dangerous-exec-command.yaml +62 -0
  386. package/rules/go/lang/security/audit/dangerous-syscall-exec.yaml +98 -0
  387. package/rules/go/lang/security/audit/database/string-formatted-query.yaml +108 -0
  388. package/rules/go/lang/security/audit/md5-used-as-password.yaml +44 -0
  389. package/rules/go/lang/security/audit/net/bind_all.yaml +31 -0
  390. package/rules/go/lang/security/audit/net/cookie-missing-httponly.yaml +41 -0
  391. package/rules/go/lang/security/audit/net/cookie-missing-secure.yaml +40 -0
  392. package/rules/go/lang/security/audit/net/dynamic-httptrace-clienttrace.yaml +39 -0
  393. package/rules/go/lang/security/audit/net/formatted-template-string.yaml +56 -0
  394. package/rules/go/lang/security/audit/net/fs-directory-listing.yaml +49 -0
  395. package/rules/go/lang/security/audit/net/pprof.yaml +40 -0
  396. package/rules/go/lang/security/audit/net/unescaped-data-in-htmlattr.yaml +54 -0
  397. package/rules/go/lang/security/audit/net/unescaped-data-in-js.yaml +54 -0
  398. package/rules/go/lang/security/audit/net/unescaped-data-in-url.yaml +55 -0
  399. package/rules/go/lang/security/audit/net/use-tls.yaml +26 -0
  400. package/rules/go/lang/security/audit/net/wip-xss-using-responsewriter-and-printf.yaml +73 -0
  401. package/rules/go/lang/security/audit/reflect-makefunc.yaml +27 -0
  402. package/rules/go/lang/security/audit/sqli/gosql-sqli.yaml +64 -0
  403. package/rules/go/lang/security/audit/sqli/pg-orm-sqli.yaml +88 -0
  404. package/rules/go/lang/security/audit/sqli/pg-sqli.yaml +67 -0
  405. package/rules/go/lang/security/audit/sqli/pgx-sqli.yaml +71 -0
  406. package/rules/go/lang/security/audit/unsafe-reflect-by-name.yaml +43 -0
  407. package/rules/go/lang/security/audit/unsafe.yaml +24 -0
  408. package/rules/go/lang/security/audit/xss/import-text-template.yaml +43 -0
  409. package/rules/go/lang/security/audit/xss/no-direct-write-to-responsewriter.yaml +47 -0
  410. package/rules/go/lang/security/audit/xss/no-fprintf-to-responsewriter.yaml +41 -0
  411. package/rules/go/lang/security/audit/xss/no-interpolation-in-tag.yaml +39 -0
  412. package/rules/go/lang/security/audit/xss/no-interpolation-js-template-string.yaml +43 -0
  413. package/rules/go/lang/security/audit/xss/no-io-writestring-to-responsewriter.yaml +42 -0
  414. package/rules/go/lang/security/audit/xss/no-printf-in-responsewriter.yaml +41 -0
  415. package/rules/go/lang/security/audit/xss/template-html-does-not-escape.yaml +42 -0
  416. package/rules/go/lang/security/audit/xxe/parsing-external-entities-enabled.yaml +34 -0
  417. package/rules/go/lang/security/bad_tmp.yaml +29 -0
  418. package/rules/go/lang/security/decompression_bomb.yaml +62 -0
  419. package/rules/go/lang/security/deserialization/unsafe-deserialization-interface.yaml +41 -0
  420. package/rules/go/lang/security/filepath-clean-misuse.yaml +59 -0
  421. package/rules/go/lang/security/injection/open-redirect.yaml +58 -0
  422. package/rules/go/lang/security/injection/raw-html-format.yaml +55 -0
  423. package/rules/go/lang/security/injection/tainted-sql-string.yaml +84 -0
  424. package/rules/go/lang/security/injection/tainted-url-host.yaml +81 -0
  425. package/rules/go/lang/security/reverseproxy-director.yaml +33 -0
  426. package/rules/go/lang/security/shared-url-struct-mutation.yaml +52 -0
  427. package/rules/go/lang/security/zip.yaml +33 -0
  428. package/rules/go/otto/security/audit/dangerous-execution.yaml +34 -0
  429. package/rules/go/template/security/insecure-types.yaml +38 -0
  430. package/rules/go/template/security/ssti.yaml +56 -0
  431. package/rules/go.security.yaml +380 -0
  432. package/rules/java/android/best-practice/manifest-security-features.yaml +52 -0
  433. package/rules/java/android/best-practice/network-security-config.yml +161 -0
  434. package/rules/java/android/security/exported_activity.yaml +38 -0
  435. package/rules/java/aws-lambda/security/tainted-sql-string.yaml +69 -0
  436. package/rules/java/aws-lambda/security/tainted-sqli.yaml +73 -0
  437. package/rules/java/java-jwt/security/audit/jwt-decode-without-verify.yaml +38 -0
  438. package/rules/java/java-jwt/security/jwt-hardcode.yaml +54 -0
  439. package/rules/java/java-jwt/security/jwt-none-alg.yaml +47 -0
  440. package/rules/java/jax-rs/security/insecure-resteasy.yaml +82 -0
  441. package/rules/java/jax-rs/security/jax-rs-path-traversal.yaml +45 -0
  442. package/rules/java/jboss/security/seam-log-injection.yaml +40 -0
  443. package/rules/java/jboss/security/session_sqli.yaml +50 -0
  444. package/rules/java/jjwt/security/jwt-none-alg.yaml +42 -0
  445. package/rules/java/lang/correctness/assignment-comparison.yaml +12 -0
  446. package/rules/java/lang/correctness/eqeq.yaml +20 -0
  447. package/rules/java/lang/correctness/hardcoded-conditional.yaml +19 -0
  448. package/rules/java/lang/correctness/no-string-eqeq.yaml +15 -0
  449. package/rules/java/lang/security/audit/anonymous-ldap-bind.yaml +34 -0
  450. package/rules/java/lang/security/audit/bad-hexa-conversion.yaml +32 -0
  451. package/rules/java/lang/security/audit/blowfish-insufficient-key-size.yaml +39 -0
  452. package/rules/java/lang/security/audit/cbc-padding-oracle.yaml +38 -0
  453. package/rules/java/lang/security/audit/command-injection-formatted-runtime-call.yaml +90 -0
  454. package/rules/java/lang/security/audit/command-injection-process-builder.yaml +148 -0
  455. package/rules/java/lang/security/audit/cookie-missing-httponly.yaml +38 -0
  456. package/rules/java/lang/security/audit/cookie-missing-secure-flag.yaml +38 -0
  457. package/rules/java/lang/security/audit/crlf-injection-logs.yaml +86 -0
  458. package/rules/java/lang/security/audit/crypto/des-is-deprecated.yaml +48 -0
  459. package/rules/java/lang/security/audit/crypto/desede-is-deprecated.yaml +35 -0
  460. package/rules/java/lang/security/audit/crypto/ecb-cipher.yaml +37 -0
  461. package/rules/java/lang/security/audit/crypto/gcm-detection.yaml +38 -0
  462. package/rules/java/lang/security/audit/crypto/gcm-nonce-reuse.yaml +29 -0
  463. package/rules/java/lang/security/audit/crypto/no-null-cipher.yaml +38 -0
  464. package/rules/java/lang/security/audit/crypto/no-static-initialization-vector.yaml +50 -0
  465. package/rules/java/lang/security/audit/crypto/rsa-no-padding.yaml +35 -0
  466. package/rules/java/lang/security/audit/crypto/ssl/avoid-implementing-custom-digests.yaml +36 -0
  467. package/rules/java/lang/security/audit/crypto/ssl/defaulthttpclient-is-deprecated.yaml +35 -0
  468. package/rules/java/lang/security/audit/crypto/ssl/insecure-hostname-verifier.yaml +44 -0
  469. package/rules/java/lang/security/audit/crypto/ssl/insecure-trust-manager.yaml +58 -0
  470. package/rules/java/lang/security/audit/crypto/unencrypted-socket.yaml +37 -0
  471. package/rules/java/lang/security/audit/crypto/use-of-aes-ecb.yaml +32 -0
  472. package/rules/java/lang/security/audit/crypto/use-of-blowfish.yaml +32 -0
  473. package/rules/java/lang/security/audit/crypto/use-of-default-aes.yaml +62 -0
  474. package/rules/java/lang/security/audit/crypto/use-of-md5-digest-utils.yaml +41 -0
  475. package/rules/java/lang/security/audit/crypto/use-of-md5.yaml +37 -0
  476. package/rules/java/lang/security/audit/crypto/use-of-rc2.yaml +32 -0
  477. package/rules/java/lang/security/audit/crypto/use-of-rc4.yaml +32 -0
  478. package/rules/java/lang/security/audit/crypto/use-of-sha1.yaml +43 -0
  479. package/rules/java/lang/security/audit/crypto/use-of-sha224.yaml +48 -0
  480. package/rules/java/lang/security/audit/crypto/weak-random.yaml +31 -0
  481. package/rules/java/lang/security/audit/crypto/weak-rsa.yaml +38 -0
  482. package/rules/java/lang/security/audit/dangerous-groovy-shell.yaml +46 -0
  483. package/rules/java/lang/security/audit/el-injection.yaml +137 -0
  484. package/rules/java/lang/security/audit/formatted-sql-string.yaml +95 -0
  485. package/rules/java/lang/security/audit/http-response-splitting.yaml +44 -0
  486. package/rules/java/lang/security/audit/insecure-smtp-connection.yaml +34 -0
  487. package/rules/java/lang/security/audit/java-reverse-shell.yaml +43 -0
  488. package/rules/java/lang/security/audit/jdbc-sql-formatted-string.yaml +120 -0
  489. package/rules/java/lang/security/audit/ldap-entry-poisoning.yaml +41 -0
  490. package/rules/java/lang/security/audit/ldap-injection.yaml +82 -0
  491. package/rules/java/lang/security/audit/md5-used-as-password.yaml +44 -0
  492. package/rules/java/lang/security/audit/object-deserialization.yaml +34 -0
  493. package/rules/java/lang/security/audit/ognl-injection.yaml +839 -0
  494. package/rules/java/lang/security/audit/overly-permissive-file-permission.yaml +49 -0
  495. package/rules/java/lang/security/audit/permissive-cors.yaml +77 -0
  496. package/rules/java/lang/security/audit/script-engine-injection.yaml +66 -0
  497. package/rules/java/lang/security/audit/sqli/hibernate-sqli.yaml +90 -0
  498. package/rules/java/lang/security/audit/sqli/jdbc-sqli.yaml +63 -0
  499. package/rules/java/lang/security/audit/sqli/jdo-sqli.yaml +96 -0
  500. package/rules/java/lang/security/audit/sqli/jpa-sqli.yaml +63 -0
  501. package/rules/java/lang/security/audit/sqli/tainted-sql-from-http-request.yaml +78 -0
  502. package/rules/java/lang/security/audit/sqli/turbine-sqli.yaml +95 -0
  503. package/rules/java/lang/security/audit/sqli/vertx-sqli.yaml +70 -0
  504. package/rules/java/lang/security/audit/tainted-cmd-from-http-request.yaml +74 -0
  505. package/rules/java/lang/security/audit/tainted-env-from-http-request.yaml +46 -0
  506. package/rules/java/lang/security/audit/tainted-ldapi-from-http-request.yaml +42 -0
  507. package/rules/java/lang/security/audit/tainted-session-from-http-request.yaml +70 -0
  508. package/rules/java/lang/security/audit/tainted-xpath-from-http-request.yaml +38 -0
  509. package/rules/java/lang/security/audit/unsafe-reflection.yaml +39 -0
  510. package/rules/java/lang/security/audit/unvalidated-redirect.yaml +127 -0
  511. package/rules/java/lang/security/audit/url-rewriting.yaml +82 -0
  512. package/rules/java/lang/security/audit/weak-ssl-context.yaml +34 -0
  513. package/rules/java/lang/security/audit/xml-decoder.yaml +53 -0
  514. package/rules/java/lang/security/audit/xss/jsf/autoescape-disabled.yaml +29 -0
  515. package/rules/java/lang/security/audit/xss/jsp/no-scriptlets.yaml +31 -0
  516. package/rules/java/lang/security/audit/xss/jsp/use-escapexml.yaml +33 -0
  517. package/rules/java/lang/security/audit/xss/jsp/use-jstl-escaping.yaml +34 -0
  518. package/rules/java/lang/security/audit/xss/no-direct-response-writer.yaml +74 -0
  519. package/rules/java/lang/security/audit/xssrequestwrapper-is-insecure.yaml +40 -0
  520. package/rules/java/lang/security/audit/xxe/documentbuilderfactory-disallow-doctype-decl-false.yaml +74 -0
  521. package/rules/java/lang/security/audit/xxe/documentbuilderfactory-disallow-doctype-decl-missing.yaml +162 -0
  522. package/rules/java/lang/security/audit/xxe/documentbuilderfactory-external-general-entities-true.yaml +38 -0
  523. package/rules/java/lang/security/audit/xxe/documentbuilderfactory-external-parameter-entities-true.yaml +38 -0
  524. package/rules/java/lang/security/audit/xxe/saxparserfactory-disallow-doctype-decl-missing.yaml +165 -0
  525. package/rules/java/lang/security/audit/xxe/transformerfactory-dtds-not-disabled.yaml +191 -0
  526. package/rules/java/lang/security/do-privileged-use.yaml +35 -0
  527. package/rules/java/lang/security/httpservlet-path-traversal.yaml +64 -0
  528. package/rules/java/lang/security/insecure-jms-deserialization.yaml +50 -0
  529. package/rules/java/lang/security/jackson-unsafe-deserialization.yaml +74 -0
  530. package/rules/java/lang/security/java-pattern-from-string-parameter.yaml +37 -0
  531. package/rules/java/lang/security/servletresponse-writer-xss.yaml +40 -0
  532. package/rules/java/lang/security/use-snakeyaml-constructor.yaml +34 -0
  533. package/rules/java/lang/security/xmlinputfactory-external-entities-enabled.yaml +44 -0
  534. package/rules/java/lang/security/xmlinputfactory-possible-xxe.yaml +65 -0
  535. package/rules/java/mongodb/security/injection/audit/mongodb-nosqli.yaml +70 -0
  536. package/rules/java/rmi/security/server-dangerous-class-deserialization.yaml +38 -0
  537. package/rules/java/rmi/security/server-dangerous-object-deserialization.yaml +72 -0
  538. package/rules/java/servlets/security/cookie-issecure-false.yaml +37 -0
  539. package/rules/java/servlets/security/cookie-setSecure.yaml +42 -0
  540. package/rules/java/servlets/security/security-constraint-http-method.yaml +31 -0
  541. package/rules/java/spring/security/audit/spel-injection.yaml +101 -0
  542. package/rules/java/spring/security/audit/spring-actuator-fully-enabled-yaml.test.yaml +10 -0
  543. package/rules/java/spring/security/audit/spring-actuator-fully-enabled-yaml.yaml +40 -0
  544. package/rules/java/spring/security/audit/spring-actuator-fully-enabled.yaml +32 -0
  545. package/rules/java/spring/security/audit/spring-actuator-non-health-enabled-yaml.test.yaml +13 -0
  546. package/rules/java/spring/security/audit/spring-actuator-non-health-enabled-yaml.yaml +43 -0
  547. package/rules/java/spring/security/audit/spring-actuator-non-health-enabled.yaml +34 -0
  548. package/rules/java/spring/security/audit/spring-csrf-disabled.yaml +31 -0
  549. package/rules/java/spring/security/audit/spring-jsp-eval.yaml +29 -0
  550. package/rules/java/spring/security/audit/spring-sqli.yaml +68 -0
  551. package/rules/java/spring/security/audit/spring-unvalidated-redirect.yaml +51 -0
  552. package/rules/java/spring/security/injection/tainted-file-path.yaml +77 -0
  553. package/rules/java/spring/security/injection/tainted-html-string.yaml +107 -0
  554. package/rules/java/spring/security/injection/tainted-sql-string.yaml +90 -0
  555. package/rules/java/spring/security/injection/tainted-system-command.yaml +105 -0
  556. package/rules/java/spring/security/injection/tainted-url-host.yaml +85 -0
  557. package/rules/java/spring/security/unrestricted-request-mapping.yaml +39 -0
  558. package/rules/java.security.yaml +453 -0
  559. package/rules/javascript/ajv/security/audit/ajv-allerrors-true.yaml +33 -0
  560. package/rules/javascript/angular/security/detect-angular-element-methods.yaml +64 -0
  561. package/rules/javascript/angular/security/detect-angular-element-taint.yaml +83 -0
  562. package/rules/javascript/angular/security/detect-angular-open-redirect.yaml +38 -0
  563. package/rules/javascript/angular/security/detect-angular-resource-loading.yaml +37 -0
  564. package/rules/javascript/angular/security/detect-angular-sce-disabled.yaml +31 -0
  565. package/rules/javascript/angular/security/detect-angular-trust-as-css.yaml +39 -0
  566. package/rules/javascript/angular/security/detect-angular-trust-as-html-method.yaml +39 -0
  567. package/rules/javascript/angular/security/detect-angular-trust-as-js-method.yaml +39 -0
  568. package/rules/javascript/angular/security/detect-angular-trust-as-method.yaml +39 -0
  569. package/rules/javascript/angular/security/detect-angular-trust-as-resourceurl-method.yaml +39 -0
  570. package/rules/javascript/angular/security/detect-angular-trust-as-url-method.yaml +39 -0
  571. package/rules/javascript/angular/security/detect-third-party-angular-translate.yaml +36 -0
  572. package/rules/javascript/apollo/security/apollo-axios-ssrf.yaml +47 -0
  573. package/rules/javascript/argon2/security/unsafe-argon2-config.yaml +47 -0
  574. package/rules/javascript/audit/detect-replaceall-sanitization.yaml +42 -0
  575. package/rules/javascript/aws-lambda/security/detect-child-process.yaml +67 -0
  576. package/rules/javascript/aws-lambda/security/dynamodb-request-object.yaml +70 -0
  577. package/rules/javascript/aws-lambda/security/knex-sqli.yaml +65 -0
  578. package/rules/javascript/aws-lambda/security/mysql-sqli.yaml +76 -0
  579. package/rules/javascript/aws-lambda/security/pg-sqli.yaml +63 -0
  580. package/rules/javascript/aws-lambda/security/sequelize-sqli.yaml +63 -0
  581. package/rules/javascript/aws-lambda/security/tainted-eval.yaml +52 -0
  582. package/rules/javascript/aws-lambda/security/tainted-html-response.yaml +52 -0
  583. package/rules/javascript/aws-lambda/security/tainted-html-string.yaml +72 -0
  584. package/rules/javascript/aws-lambda/security/tainted-sql-string.yaml +69 -0
  585. package/rules/javascript/aws-lambda/security/vm-runincontext-injection.yaml +68 -0
  586. package/rules/javascript/bluebird/security/audit/tofastproperties-code-execution.yaml +44 -0
  587. package/rules/javascript/browser/security/dom-based-xss.yaml +34 -0
  588. package/rules/javascript/browser/security/eval-detected.yaml +35 -0
  589. package/rules/javascript/browser/security/insecure-document-method.yaml +40 -0
  590. package/rules/javascript/browser/security/insecure-innerhtml.yaml +32 -0
  591. package/rules/javascript/browser/security/insufficient-postmessage-origin-validation.yaml +51 -0
  592. package/rules/javascript/browser/security/open-redirect-from-function.yaml +58 -0
  593. package/rules/javascript/browser/security/open-redirect.yaml +95 -0
  594. package/rules/javascript/browser/security/raw-html-concat.yaml +167 -0
  595. package/rules/javascript/browser/security/raw-html-join.yaml +43 -0
  596. package/rules/javascript/browser/security/wildcard-postmessage-configuration.yaml +26 -0
  597. package/rules/javascript/chrome-remote-interface/security/audit/chrome-remote-interface-compilescript-injection.yaml +55 -0
  598. package/rules/javascript/deno/security/audit/deno-dangerous-run.yaml +47 -0
  599. package/rules/javascript/express/security/audit/express-check-csurf-middleware-usage.yaml +50 -0
  600. package/rules/javascript/express/security/audit/express-check-directory-listing.yaml +54 -0
  601. package/rules/javascript/express/security/audit/express-cookie-settings.yaml +363 -0
  602. package/rules/javascript/express/security/audit/express-detect-notevil-usage.yaml +55 -0
  603. package/rules/javascript/express/security/audit/express-jwt-not-revoked.yaml +44 -0
  604. package/rules/javascript/express/security/audit/express-libxml-noent.yaml +91 -0
  605. package/rules/javascript/express/security/audit/express-libxml-vm-noent.yaml +53 -0
  606. package/rules/javascript/express/security/audit/express-open-redirect.yaml +114 -0
  607. package/rules/javascript/express/security/audit/express-path-join-resolve-traversal.yaml +97 -0
  608. package/rules/javascript/express/security/audit/express-res-sendfile.yaml +76 -0
  609. package/rules/javascript/express/security/audit/express-session-hardcoded-secret.yaml +57 -0
  610. package/rules/javascript/express/security/audit/express-ssrf.yaml +195 -0
  611. package/rules/javascript/express/security/audit/express-third-party-object-deserialization.yaml +90 -0
  612. package/rules/javascript/express/security/audit/express-xml2json-xxe-event.yaml +73 -0
  613. package/rules/javascript/express/security/audit/possible-user-input-redirect.yaml +42 -0
  614. package/rules/javascript/express/security/audit/remote-property-injection.yaml +75 -0
  615. package/rules/javascript/express/security/audit/res-render-injection.yaml +69 -0
  616. package/rules/javascript/express/security/audit/xss/direct-response-write.yaml +239 -0
  617. package/rules/javascript/express/security/audit/xss/ejs/explicit-unescape.yaml +38 -0
  618. package/rules/javascript/express/security/audit/xss/ejs/var-in-href.yaml +38 -0
  619. package/rules/javascript/express/security/audit/xss/ejs/var-in-script-src.yaml +43 -0
  620. package/rules/javascript/express/security/audit/xss/ejs/var-in-script-tag.yaml +43 -0
  621. package/rules/javascript/express/security/audit/xss/mustache/escape-function-overwrite.yaml +38 -0
  622. package/rules/javascript/express/security/audit/xss/mustache/explicit-unescape.yaml +40 -0
  623. package/rules/javascript/express/security/audit/xss/mustache/var-in-script-tag.yaml +42 -0
  624. package/rules/javascript/express/security/audit/xss/pug/and-attributes.yaml +34 -0
  625. package/rules/javascript/express/security/audit/xss/pug/explicit-unescape.yaml +37 -0
  626. package/rules/javascript/express/security/audit/xss/pug/var-in-href.yaml +37 -0
  627. package/rules/javascript/express/security/audit/xss/pug/var-in-script-tag.yaml +44 -0
  628. package/rules/javascript/express/security/cors-misconfiguration.yaml +73 -0
  629. package/rules/javascript/express/security/express-data-exfiltration.yaml +61 -0
  630. package/rules/javascript/express/security/express-expat-xxe.yaml +90 -0
  631. package/rules/javascript/express/security/express-insecure-template-usage.yaml +180 -0
  632. package/rules/javascript/express/security/express-jwt-hardcoded-secret.yaml +56 -0
  633. package/rules/javascript/express/security/express-phantom-injection.yaml +76 -0
  634. package/rules/javascript/express/security/express-puppeteer-injection.yaml +79 -0
  635. package/rules/javascript/express/security/express-sandbox-injection.yaml +74 -0
  636. package/rules/javascript/express/security/express-vm-injection.yaml +74 -0
  637. package/rules/javascript/express/security/express-vm2-injection.yaml +84 -0
  638. package/rules/javascript/express/security/express-wkhtml-injection.yaml +127 -0
  639. package/rules/javascript/express/security/express-xml2json-xxe.yaml +81 -0
  640. package/rules/javascript/express/security/injection/raw-html-format.yaml +93 -0
  641. package/rules/javascript/express/security/injection/tainted-sql-string.yaml +74 -0
  642. package/rules/javascript/express/security/require-request.yaml +66 -0
  643. package/rules/javascript/express/security/x-frame-options-misconfiguration.yaml +73 -0
  644. package/rules/javascript/fbjs/security/audit/insecure-createnodesfrommarkup.yaml +33 -0
  645. package/rules/javascript/grpc/security/grpc-nodejs-insecure-connection.yaml +49 -0
  646. package/rules/javascript/intercom/security/audit/intercom-settings-user-identifier-without-user-hash.yaml +49 -0
  647. package/rules/javascript/jose/security/audit/jose-exposed-data.yaml +49 -0
  648. package/rules/javascript/jose/security/jwt-hardcode.yaml +73 -0
  649. package/rules/javascript/jose/security/jwt-none-alg.yaml +55 -0
  650. package/rules/javascript/jquery/security/audit/jquery-insecure-method.yaml +53 -0
  651. package/rules/javascript/jquery/security/audit/jquery-insecure-selector.yaml +86 -0
  652. package/rules/javascript/jquery/security/audit/prohibit-jquery-html.yaml +45 -0
  653. package/rules/javascript/jsonwebtoken/security/audit/jwt-decode-without-verify.yaml +46 -0
  654. package/rules/javascript/jsonwebtoken/security/audit/jwt-exposed-data.yaml +41 -0
  655. package/rules/javascript/jsonwebtoken/security/jwt-hardcode.yaml +71 -0
  656. package/rules/javascript/jsonwebtoken/security/jwt-none-alg.yaml +40 -0
  657. package/rules/javascript/jwt-simple/security/jwt-simple-noverify.yaml +48 -0
  658. package/rules/javascript/lang/best-practice/assigned-undefined.yaml +18 -0
  659. package/rules/javascript/lang/best-practice/lazy-load-module.yaml +24 -0
  660. package/rules/javascript/lang/best-practice/leftover_debugging.yaml +50 -0
  661. package/rules/javascript/lang/best-practice/zlib-async-loop.yaml +41 -0
  662. package/rules/javascript/lang/correctness/missing-template-string-indicator.yaml +18 -0
  663. package/rules/javascript/lang/correctness/no-replaceall.yaml +18 -0
  664. package/rules/javascript/lang/correctness/no-stringify-keys.yaml +29 -0
  665. package/rules/javascript/lang/correctness/useless-assign.yaml +18 -0
  666. package/rules/javascript/lang/correctness/useless-eqeq.yaml +21 -0
  667. package/rules/javascript/lang/security/audit/code-string-concat.yaml +90 -0
  668. package/rules/javascript/lang/security/audit/dangerous-spawn-shell.yaml +67 -0
  669. package/rules/javascript/lang/security/audit/detect-non-literal-fs-filename.yaml +272 -0
  670. package/rules/javascript/lang/security/audit/detect-non-literal-regexp.yaml +45 -0
  671. package/rules/javascript/lang/security/audit/detect-non-literal-require.yaml +34 -0
  672. package/rules/javascript/lang/security/audit/detect-redos.yaml +43 -0
  673. package/rules/javascript/lang/security/audit/hardcoded-hmac-key.yaml +39 -0
  674. package/rules/javascript/lang/security/audit/incomplete-sanitization.yaml +32 -0
  675. package/rules/javascript/lang/security/audit/md5-used-as-password.yaml +40 -0
  676. package/rules/javascript/lang/security/audit/path-traversal/path-join-resolve-traversal.yaml +75 -0
  677. package/rules/javascript/lang/security/audit/prototype-pollution/prototype-pollution-assignment.yaml +74 -0
  678. package/rules/javascript/lang/security/audit/prototype-pollution/prototype-pollution-loop.yaml +71 -0
  679. package/rules/javascript/lang/security/audit/spawn-shell-true.yaml +50 -0
  680. package/rules/javascript/lang/security/audit/sqli/node-knex-sqli.yaml +90 -0
  681. package/rules/javascript/lang/security/audit/sqli/node-mssql-sqli.yaml +56 -0
  682. package/rules/javascript/lang/security/audit/sqli/node-mysql-sqli.yaml +72 -0
  683. package/rules/javascript/lang/security/audit/sqli/node-postgres-sqli.yaml +63 -0
  684. package/rules/javascript/lang/security/audit/unknown-value-with-script-tag.yaml +37 -0
  685. package/rules/javascript/lang/security/audit/unsafe-dynamic-method.yaml +55 -0
  686. package/rules/javascript/lang/security/audit/unsafe-formatstring.yaml +51 -0
  687. package/rules/javascript/lang/security/detect-buffer-noassert.yaml +32 -0
  688. package/rules/javascript/lang/security/detect-child-process.yaml +79 -0
  689. package/rules/javascript/lang/security/detect-disable-mustache-escape.yaml +27 -0
  690. package/rules/javascript/lang/security/detect-eval-with-expression.yaml +88 -0
  691. package/rules/javascript/lang/security/detect-insecure-websocket.yaml +32 -0
  692. package/rules/javascript/lang/security/detect-no-csrf-before-method-override.yaml +35 -0
  693. package/rules/javascript/lang/security/detect-pseudoRandomBytes.yaml +32 -0
  694. package/rules/javascript/lang/security/html-in-template-string.yaml +36 -0
  695. package/rules/javascript/lang/security/insecure-object-assign.yaml +33 -0
  696. package/rules/javascript/lang/security/spawn-git-clone.yaml +40 -0
  697. package/rules/javascript/monaco-editor/security/audit/monaco-hover-htmlsupport.yaml +47 -0
  698. package/rules/javascript/node-crypto/security/aead-no-final.yaml +38 -0
  699. package/rules/javascript/node-crypto/security/create-de-cipher-no-iv.yaml +31 -0
  700. package/rules/javascript/node-crypto/security/gcm-no-tag-length.yaml +34 -0
  701. package/rules/javascript/node-expat/security/audit/expat-xxe.yaml +86 -0
  702. package/rules/javascript/passport-jwt/security/passport-hardcode.yaml +107 -0
  703. package/rules/javascript/phantom/security/audit/phantom-injection.yaml +42 -0
  704. package/rules/javascript/playwright/security/audit/playwright-addinitscript-code-injection.yaml +37 -0
  705. package/rules/javascript/playwright/security/audit/playwright-evaluate-arg-injection.yaml +37 -0
  706. package/rules/javascript/playwright/security/audit/playwright-evaluate-code-injection.yaml +44 -0
  707. package/rules/javascript/playwright/security/audit/playwright-exposed-chrome-devtools.yaml +35 -0
  708. package/rules/javascript/playwright/security/audit/playwright-goto-injection.yaml +38 -0
  709. package/rules/javascript/playwright/security/audit/playwright-setcontent-injection.yaml +39 -0
  710. package/rules/javascript/puppeteer/security/audit/puppeteer-evaluate-arg-injection.yaml +38 -0
  711. package/rules/javascript/puppeteer/security/audit/puppeteer-evaluate-code-injection.yaml +44 -0
  712. package/rules/javascript/puppeteer/security/audit/puppeteer-exposed-chrome-devtools.yaml +35 -0
  713. package/rules/javascript/puppeteer/security/audit/puppeteer-goto-injection.yaml +38 -0
  714. package/rules/javascript/puppeteer/security/audit/puppeteer-setcontent-injection.yaml +38 -0
  715. package/rules/javascript/react/correctness/hooks/set-state-no-op.yaml +16 -0
  716. package/rules/javascript/sandbox/security/audit/sandbox-code-injection.yaml +46 -0
  717. package/rules/javascript/sax/security/audit/sax-xxe.yaml +41 -0
  718. package/rules/javascript/sequelize/security/audit/sequelize-enforce-tls.yaml +60 -0
  719. package/rules/javascript/sequelize/security/audit/sequelize-injection-express.yaml +82 -0
  720. package/rules/javascript/sequelize/security/audit/sequelize-raw-query.yaml +55 -0
  721. package/rules/javascript/sequelize/security/audit/sequelize-tls-disabled-cert-validation.yaml +52 -0
  722. package/rules/javascript/sequelize/security/audit/sequelize-weak-tls-version.yaml +56 -0
  723. package/rules/javascript/serialize-javascript/security/audit/unsafe-serialize-javascript.yaml +32 -0
  724. package/rules/javascript/shelljs/security/shelljs-exec-injection.yaml +38 -0
  725. package/rules/javascript/thenify/security/audit/multiargs-code-execution.yaml +46 -0
  726. package/rules/javascript/vm2/security/audit/vm2-code-injection.yaml +66 -0
  727. package/rules/javascript/vm2/security/audit/vm2-context-injection.yaml +350 -0
  728. package/rules/javascript/vue/security/audit/xss/templates/avoid-v-html.yaml +31 -0
  729. package/rules/javascript/wkhtmltoimage/security/audit/wkhtmltoimage-injection.yaml +36 -0
  730. package/rules/javascript/wkhtmltopdf/security/audit/wkhtmltopdf-injection.yaml +35 -0
  731. package/rules/javascript/xml2json/security/audit/xml2json-xxe.yaml +48 -0
  732. package/rules/javascript.security.yaml +504 -0
  733. package/rules/openclaw.security.yaml +283 -0
  734. package/rules/php/doctrine/security/audit/doctrine-dbal-dangerous-query.yaml +43 -0
  735. package/rules/php/doctrine/security/audit/doctrine-orm-dangerous-query.yaml +71 -0
  736. package/rules/php/lang/correctness/empty-with-boolean-expression.yaml +16 -0
  737. package/rules/php/lang/security/assert-use.yaml +42 -0
  738. package/rules/php/lang/security/audit/assert-use-audit.yaml +30 -0
  739. package/rules/php/lang/security/audit/openssl-decrypt-validate.yaml +75 -0
  740. package/rules/php/lang/security/audit/sha224-hash.yaml +33 -0
  741. package/rules/php/lang/security/backticks-use.yaml +25 -0
  742. package/rules/php/lang/security/base-convert-loses-precision.yaml +50 -0
  743. package/rules/php/lang/security/curl-ssl-verifypeer-off.yaml +34 -0
  744. package/rules/php/lang/security/deserialization.yaml +36 -0
  745. package/rules/php/lang/security/eval-use.yaml +29 -0
  746. package/rules/php/lang/security/exec-use.yaml +29 -0
  747. package/rules/php/lang/security/file-inclusion.yaml +52 -0
  748. package/rules/php/lang/security/ftp-use.yaml +29 -0
  749. package/rules/php/lang/security/injection/echoed-request.yaml +63 -0
  750. package/rules/php/lang/security/injection/printed-request.yaml +63 -0
  751. package/rules/php/lang/security/injection/tainted-callable.yaml +116 -0
  752. package/rules/php/lang/security/injection/tainted-exec.yaml +52 -0
  753. package/rules/php/lang/security/injection/tainted-filename.yaml +176 -0
  754. package/rules/php/lang/security/injection/tainted-object-instantiation.yaml +37 -0
  755. package/rules/php/lang/security/injection/tainted-session.yaml +76 -0
  756. package/rules/php/lang/security/injection/tainted-sql-string.yaml +62 -0
  757. package/rules/php/lang/security/injection/tainted-url-host.yaml +65 -0
  758. package/rules/php/lang/security/ldap-bind-without-password.yaml +34 -0
  759. package/rules/php/lang/security/mb-ereg-replace-eval.yaml +29 -0
  760. package/rules/php/lang/security/mcrypt-use.yaml +26 -0
  761. package/rules/php/lang/security/md5-loose-equality.yaml +48 -0
  762. package/rules/php/lang/security/md5-used-as-password.yaml +42 -0
  763. package/rules/php/lang/security/openssl-cbc-static-iv.yaml +31 -0
  764. package/rules/php/lang/security/php-permissive-cors.yaml +33 -0
  765. package/rules/php/lang/security/php-ssrf.yaml +50 -0
  766. package/rules/php/lang/security/phpinfo-use.yaml +25 -0
  767. package/rules/php/lang/security/redirect-to-request-uri.yaml +36 -0
  768. package/rules/php/lang/security/tainted-exec.yaml +42 -0
  769. package/rules/php/lang/security/unlink-use.yaml +31 -0
  770. package/rules/php/lang/security/unserialize-use.yaml +31 -0
  771. package/rules/php/lang/security/weak-crypto.yaml +34 -0
  772. package/rules/php/laravel/security/laravel-active-debug-code.yaml +36 -0
  773. package/rules/php/laravel/security/laravel-api-route-sql-injection.yaml +41 -0
  774. package/rules/php/laravel/security/laravel-blade-form-missing-csrf.yaml +68 -0
  775. package/rules/php/laravel/security/laravel-cookie-http-only.yaml +51 -0
  776. package/rules/php/laravel/security/laravel-cookie-long-timeout.yaml +45 -0
  777. package/rules/php/laravel/security/laravel-cookie-null-domain.yaml +51 -0
  778. package/rules/php/laravel/security/laravel-cookie-same-site.yaml +56 -0
  779. package/rules/php/laravel/security/laravel-cookie-secure-set.yaml +51 -0
  780. package/rules/php/laravel/security/laravel-dangerous-model-construction.yaml +33 -0
  781. package/rules/php/laravel/security/laravel-sql-injection.yaml +132 -0
  782. package/rules/php/laravel/security/laravel-unsafe-validator.yaml +65 -0
  783. package/rules/php/symfony/security/audit/symfony-csrf-protection-disabled.yaml +40 -0
  784. package/rules/php/symfony/security/audit/symfony-non-literal-redirect.yaml +30 -0
  785. package/rules/php/symfony/security/audit/symfony-permissive-cors.yaml +46 -0
  786. package/rules/php/wordpress-plugins/security/audit/wp-ajax-no-auth-and-auth-hooks-audit.yaml +34 -0
  787. package/rules/php/wordpress-plugins/security/audit/wp-authorisation-checks-audit.yaml +32 -0
  788. package/rules/php/wordpress-plugins/security/audit/wp-code-execution-audit.yaml +33 -0
  789. package/rules/php/wordpress-plugins/security/audit/wp-command-execution-audit.yaml +34 -0
  790. package/rules/php/wordpress-plugins/security/audit/wp-csrf-audit.yaml +29 -0
  791. package/rules/php/wordpress-plugins/security/audit/wp-file-download-audit.yaml +33 -0
  792. package/rules/php/wordpress-plugins/security/audit/wp-file-inclusion-audit.yaml +39 -0
  793. package/rules/php/wordpress-plugins/security/audit/wp-file-manipulation-audit.yaml +35 -0
  794. package/rules/php/wordpress-plugins/security/audit/wp-open-redirect-audit.yaml +30 -0
  795. package/rules/php/wordpress-plugins/security/audit/wp-php-object-injection-audit.yaml +33 -0
  796. package/rules/php/wordpress-plugins/security/audit/wp-sql-injection-audit.yaml +43 -0
  797. package/rules/php/wordpress-plugins/security/audit/wp-ssrf-audit.yaml +48 -0
  798. package/rules/php.security.yaml +461 -0
  799. package/rules/prompt-injection.security.yaml +1075 -0
  800. package/rules/python/airflow/security/audit/formatted-string-bashoperator.yaml +59 -0
  801. package/rules/python/attr/correctness/mutable-initializer.yaml +36 -0
  802. package/rules/python/aws-lambda/security/dangerous-asyncio-create-exec.yaml +59 -0
  803. package/rules/python/aws-lambda/security/dangerous-asyncio-exec.yaml +54 -0
  804. package/rules/python/aws-lambda/security/dangerous-asyncio-shell.yaml +51 -0
  805. package/rules/python/aws-lambda/security/dangerous-spawn-process.yaml +67 -0
  806. package/rules/python/aws-lambda/security/dangerous-subprocess-use.yaml +52 -0
  807. package/rules/python/aws-lambda/security/dangerous-system-call.yaml +52 -0
  808. package/rules/python/aws-lambda/security/dynamodb-filter-injection.yaml +56 -0
  809. package/rules/python/aws-lambda/security/mysql-sqli.yaml +53 -0
  810. package/rules/python/aws-lambda/security/psycopg-sqli.yaml +52 -0
  811. package/rules/python/aws-lambda/security/pymssql-sqli.yaml +46 -0
  812. package/rules/python/aws-lambda/security/pymysql-sqli.yaml +50 -0
  813. package/rules/python/aws-lambda/security/sqlalchemy-sqli.yaml +46 -0
  814. package/rules/python/aws-lambda/security/tainted-code-exec.yaml +43 -0
  815. package/rules/python/aws-lambda/security/tainted-html-response.yaml +41 -0
  816. package/rules/python/aws-lambda/security/tainted-html-string.yaml +62 -0
  817. package/rules/python/aws-lambda/security/tainted-pickle-deserialization.yaml +51 -0
  818. package/rules/python/aws-lambda/security/tainted-sql-string.yaml +54 -0
  819. package/rules/python/bokeh/maintainability/deprecated/deprecated_apis.yaml +15 -0
  820. package/rules/python/boto3/security/hardcoded-token.yaml +53 -0
  821. package/rules/python/click/best-practice/echo-style.yaml +10 -0
  822. package/rules/python/correctness/check-is-none-explicitly.yaml +19 -0
  823. package/rules/python/correctness/socket-shutdown-close.yaml +32 -0
  824. package/rules/python/correctness/suppressed-exception-handling-finally-break.yaml +46 -0
  825. package/rules/python/cryptography/security/empty-aes-key.yaml +32 -0
  826. package/rules/python/cryptography/security/insecure-cipher-algorithms-arc4.yaml +41 -0
  827. package/rules/python/cryptography/security/insecure-cipher-algorithms-blowfish.yaml +40 -0
  828. package/rules/python/cryptography/security/insecure-cipher-algorithms.yaml +42 -0
  829. package/rules/python/cryptography/security/insecure-cipher-mode-ecb.yaml +34 -0
  830. package/rules/python/cryptography/security/insecure-hash-algorithms-md5.yaml +41 -0
  831. package/rules/python/cryptography/security/insecure-hash-algorithms.yaml +43 -0
  832. package/rules/python/cryptography/security/insufficient-dsa-key-size.yaml +40 -0
  833. package/rules/python/cryptography/security/insufficient-ec-key-size.yaml +40 -0
  834. package/rules/python/cryptography/security/insufficient-rsa-key-size.yaml +39 -0
  835. package/rules/python/cryptography/security/mode-without-authentication.yaml +47 -0
  836. package/rules/python/distributed/security.yaml +35 -0
  837. package/rules/python/django/best-practice/json_response.yaml +17 -0
  838. package/rules/python/django/best-practice/upsell_django_environ.yaml +26 -0
  839. package/rules/python/django/best-practice/use-onetoonefield.yaml +16 -0
  840. package/rules/python/django/compatibility/django-2_0-compat.yaml +58 -0
  841. package/rules/python/django/correctness/model-save.yaml +24 -0
  842. package/rules/python/django/correctness/nontext-field-must-set-null-true.yaml +31 -0
  843. package/rules/python/django/correctness/string-field-null-checks.yaml +41 -0
  844. package/rules/python/django/correctness/use-decimalfield-for-money.yaml +17 -0
  845. package/rules/python/django/maintainability/duplicate-path-assignment.yaml +71 -0
  846. package/rules/python/django/performance/access-foreign-keys.yaml +22 -0
  847. package/rules/python/django/performance/upsell-count.yaml +15 -0
  848. package/rules/python/django/performance/upsell_earliest_latest.yaml +15 -0
  849. package/rules/python/django/security/audit/avoid-insecure-deserialization.yaml +66 -0
  850. package/rules/python/django/security/audit/avoid-mark-safe.yaml +34 -0
  851. package/rules/python/django/security/audit/csrf-exempt.yaml +29 -0
  852. package/rules/python/django/security/audit/custom-expression-as-sql.yaml +29 -0
  853. package/rules/python/django/security/audit/django-rest-framework/missing-throttle-config.yaml +37 -0
  854. package/rules/python/django/security/audit/extends-custom-expression.yaml +145 -0
  855. package/rules/python/django/security/audit/query-set-extra.yaml +34 -0
  856. package/rules/python/django/security/audit/raw-query.yaml +35 -0
  857. package/rules/python/django/security/audit/secure-cookies.yaml +59 -0
  858. package/rules/python/django/security/audit/templates/debug-template-tag.yaml +30 -0
  859. package/rules/python/django/security/audit/unvalidated-password.yaml +54 -0
  860. package/rules/python/django/security/audit/xss/class-extends-safestring.yaml +41 -0
  861. package/rules/python/django/security/audit/xss/context-autoescape-off.yaml +43 -0
  862. package/rules/python/django/security/audit/xss/direct-use-of-httpresponse.yaml +59 -0
  863. package/rules/python/django/security/audit/xss/filter-with-is-safe.yaml +38 -0
  864. package/rules/python/django/security/audit/xss/formathtml-fstring-parameter.yaml +35 -0
  865. package/rules/python/django/security/audit/xss/global-autoescape-off.yaml +40 -0
  866. package/rules/python/django/security/audit/xss/html-magic-method.yaml +39 -0
  867. package/rules/python/django/security/audit/xss/html-safe.yaml +39 -0
  868. package/rules/python/django/security/audit/xss/template-autoescape-off.yaml +33 -0
  869. package/rules/python/django/security/audit/xss/template-blocktranslate-no-escape.yaml +47 -0
  870. package/rules/python/django/security/audit/xss/template-translate-as-no-escape.yaml +130 -0
  871. package/rules/python/django/security/audit/xss/template-var-unescaped-with-safeseq.yaml +34 -0
  872. package/rules/python/django/security/django-no-csrf-token.yaml +34 -0
  873. package/rules/python/django/security/django-using-request-post-after-is-valid.yaml +27 -0
  874. package/rules/python/django/security/globals-as-template-context.yaml +40 -0
  875. package/rules/python/django/security/hashids-with-django-secret.yaml +28 -0
  876. package/rules/python/django/security/injection/code/globals-misuse-code-execution.yaml +221 -0
  877. package/rules/python/django/security/injection/code/user-eval-format-string.yaml +125 -0
  878. package/rules/python/django/security/injection/code/user-eval.yaml +46 -0
  879. package/rules/python/django/security/injection/code/user-exec-format-string.yaml +215 -0
  880. package/rules/python/django/security/injection/code/user-exec.yaml +65 -0
  881. package/rules/python/django/security/injection/command/command-injection-os-system.yaml +279 -0
  882. package/rules/python/django/security/injection/command/subprocess-injection.yaml +70 -0
  883. package/rules/python/django/security/injection/csv-writer-injection.yaml +55 -0
  884. package/rules/python/django/security/injection/email/xss-html-email-body.yaml +203 -0
  885. package/rules/python/django/security/injection/email/xss-send-mail-html-message.yaml +241 -0
  886. package/rules/python/django/security/injection/mass-assignment.yaml +32 -0
  887. package/rules/python/django/security/injection/open-redirect.yaml +550 -0
  888. package/rules/python/django/security/injection/path-traversal/path-traversal-file-name.yaml +79 -0
  889. package/rules/python/django/security/injection/path-traversal/path-traversal-join.yaml +102 -0
  890. package/rules/python/django/security/injection/path-traversal/path-traversal-open.yaml +441 -0
  891. package/rules/python/django/security/injection/raw-html-format.yaml +58 -0
  892. package/rules/python/django/security/injection/reflected-data-httpresponse.yaml +261 -0
  893. package/rules/python/django/security/injection/reflected-data-httpresponsebadrequest.yaml +255 -0
  894. package/rules/python/django/security/injection/request-data-fileresponse.yaml +84 -0
  895. package/rules/python/django/security/injection/request-data-write.yaml +199 -0
  896. package/rules/python/django/security/injection/sql/sql-injection-extra.yaml +295 -0
  897. package/rules/python/django/security/injection/sql/sql-injection-rawsql.yaml +295 -0
  898. package/rules/python/django/security/injection/sql/sql-injection-using-db-cursor-execute.yaml +296 -0
  899. package/rules/python/django/security/injection/sql/sql-injection-using-raw.yaml +296 -0
  900. package/rules/python/django/security/injection/ssrf/ssrf-injection-requests.yaml +259 -0
  901. package/rules/python/django/security/injection/ssrf/ssrf-injection-urllib.yaml +257 -0
  902. package/rules/python/django/security/injection/tainted-sql-string.yaml +47 -0
  903. package/rules/python/django/security/injection/tainted-url-host.yaml +70 -0
  904. package/rules/python/django/security/locals-as-template-context.yaml +40 -0
  905. package/rules/python/django/security/nan-injection.yaml +45 -0
  906. package/rules/python/django/security/passwords/password-empty-string.yaml +39 -0
  907. package/rules/python/django/security/passwords/use-none-for-password-default.yaml +42 -0
  908. package/rules/python/docker/security/audit/docker-arbitrary-container-run.yaml +38 -0
  909. package/rules/python/fastapi/security/wildcard-cors.yaml +38 -0
  910. package/rules/python/flask/best-practice/get-class-method-with-side-effects.yaml +23 -0
  911. package/rules/python/flask/best-practice/use-jsonify.yaml +32 -0
  912. package/rules/python/flask/caching/query-string.yaml +45 -0
  913. package/rules/python/flask/correctness/access-request-in-wrong-handler.yaml +21 -0
  914. package/rules/python/flask/correctness/same-handler-name.yaml +19 -0
  915. package/rules/python/flask/maintainability/deprecated/deprecated-apis.yaml +44 -0
  916. package/rules/python/flask/security/audit/app-run-param-config.yaml +24 -0
  917. package/rules/python/flask/security/audit/app-run-security-config.yaml +30 -0
  918. package/rules/python/flask/security/audit/debug-enabled.yaml +28 -0
  919. package/rules/python/flask/security/audit/directly-returned-format-string.yaml +73 -0
  920. package/rules/python/flask/security/audit/flask-cors-misconfiguration.yaml +39 -0
  921. package/rules/python/flask/security/audit/flask-url-for-external-true.yaml +34 -0
  922. package/rules/python/flask/security/audit/hardcoded-config.yaml +105 -0
  923. package/rules/python/flask/security/audit/host-header-injection-python.yaml +45 -0
  924. package/rules/python/flask/security/audit/render-template-string.yaml +23 -0
  925. package/rules/python/flask/security/audit/secure-set-cookie.yaml +43 -0
  926. package/rules/python/flask/security/audit/wtf-csrf-disabled.yaml +75 -0
  927. package/rules/python/flask/security/audit/xss/make-response-with-unknown-content.yaml +54 -0
  928. package/rules/python/flask/security/dangerous-template-string.yaml +62 -0
  929. package/rules/python/flask/security/flask-api-method-string-format.yaml +36 -0
  930. package/rules/python/flask/security/hashids-with-flask-secret.yaml +35 -0
  931. package/rules/python/flask/security/injection/csv-writer-injection.yaml +73 -0
  932. package/rules/python/flask/security/injection/flask-injection-sinks.yaml +352 -0
  933. package/rules/python/flask/security/injection/nan-injection.yaml +42 -0
  934. package/rules/python/flask/security/injection/os-system-injection.yaml +72 -0
  935. package/rules/python/flask/security/injection/path-traversal-open.yaml +106 -0
  936. package/rules/python/flask/security/injection/raw-html-concat.yaml +72 -0
  937. package/rules/python/flask/security/injection/ssrf-requests.yaml +76 -0
  938. package/rules/python/flask/security/injection/subprocess-injection.yaml +87 -0
  939. package/rules/python/flask/security/injection/tainted-sql-string.yaml +57 -0
  940. package/rules/python/flask/security/injection/tainted-url-host.yaml +78 -0
  941. package/rules/python/flask/security/injection/user-eval.yaml +66 -0
  942. package/rules/python/flask/security/injection/user-exec.yaml +66 -0
  943. package/rules/python/flask/security/insecure-deserialization.yaml +43 -0
  944. package/rules/python/flask/security/open-redirect.yaml +64 -0
  945. package/rules/python/flask/security/secure-static-file-serve.yaml +29 -0
  946. package/rules/python/flask/security/unescaped-template-extension.yaml +55 -0
  947. package/rules/python/flask/security/unsanitized-input.yaml +47 -0
  948. package/rules/python/flask/security/xss/audit/direct-use-of-jinja2.yaml +43 -0
  949. package/rules/python/flask/security/xss/audit/explicit-unescape-with-markup.yaml +40 -0
  950. package/rules/python/flask/security/xss/audit/template-autoescape-off.yaml +34 -0
  951. package/rules/python/flask/security/xss/audit/template-unescaped-with-safe.yaml +33 -0
  952. package/rules/python/flask/security/xss/audit/template-unquoted-attribute-var.yaml +54 -0
  953. package/rules/python/jinja2/security/audit/autoescape-disabled-false.yaml +34 -0
  954. package/rules/python/jinja2/security/audit/missing-autoescape-disabled.yaml +33 -0
  955. package/rules/python/jwt/security/audit/jwt-exposed-data.yaml +32 -0
  956. package/rules/python/jwt/security/jwt-exposed-credentials.yaml +34 -0
  957. package/rules/python/jwt/security/jwt-hardcode.yaml +30 -0
  958. package/rules/python/jwt/security/jwt-none-alg.yaml +33 -0
  959. package/rules/python/jwt/security/unverified-jwt-decode.yaml +50 -0
  960. package/rules/python/lang/best-practice/hardcoded-tmp-path.yaml +14 -0
  961. package/rules/python/lang/best-practice/logging-error-without-handling.yaml +33 -0
  962. package/rules/python/lang/best-practice/manual-collections-create.yaml +94 -0
  963. package/rules/python/lang/best-practice/missing-hash-with-eq.yaml +23 -0
  964. package/rules/python/lang/best-practice/open-never-closed.yaml +95 -0
  965. package/rules/python/lang/best-practice/pass-body.yaml +30 -0
  966. package/rules/python/lang/best-practice/pdb.yaml +13 -0
  967. package/rules/python/lang/best-practice/sleep.yaml +16 -0
  968. package/rules/python/lang/best-practice/unspecified-open-encoding.yaml +36 -0
  969. package/rules/python/lang/compatibility/python36.yaml +28 -0
  970. package/rules/python/lang/compatibility/python37.yaml +192 -0
  971. package/rules/python/lang/correctness/baseclass-attribute-override.yaml +34 -0
  972. package/rules/python/lang/correctness/cannot-cache-generators.yaml +17 -0
  973. package/rules/python/lang/correctness/common-mistakes/default-mutable-dict.yaml +64 -0
  974. package/rules/python/lang/correctness/common-mistakes/default-mutable-list.yaml +66 -0
  975. package/rules/python/lang/correctness/common-mistakes/is-comparison-string.yaml +32 -0
  976. package/rules/python/lang/correctness/common-mistakes/is-not-is-not.yaml +12 -0
  977. package/rules/python/lang/correctness/common-mistakes/string-concat-in-list.yaml +20 -0
  978. package/rules/python/lang/correctness/concurrent.yaml +33 -0
  979. package/rules/python/lang/correctness/dict-modify-iterating.yaml +22 -0
  980. package/rules/python/lang/correctness/exceptions/exceptions.yaml +21 -0
  981. package/rules/python/lang/correctness/exit.yaml +19 -0
  982. package/rules/python/lang/correctness/file-object-redefined-before-close.yaml +22 -0
  983. package/rules/python/lang/correctness/list-modify-iterating.yaml +34 -0
  984. package/rules/python/lang/correctness/pdb.yaml +14 -0
  985. package/rules/python/lang/correctness/pytest-assert_match-after-path-patch.yaml +26 -0
  986. package/rules/python/lang/correctness/return-in-init.yaml +48 -0
  987. package/rules/python/lang/correctness/sync-sleep-in-async-code.yaml +18 -0
  988. package/rules/python/lang/correctness/tempfile/flush.yaml +79 -0
  989. package/rules/python/lang/correctness/tempfile/mktemp.yaml +13 -0
  990. package/rules/python/lang/correctness/test-is-missing-assert.yaml +41 -0
  991. package/rules/python/lang/correctness/unchecked-returns.yaml +23 -0
  992. package/rules/python/lang/correctness/useless-comparison.yaml +28 -0
  993. package/rules/python/lang/correctness/useless-eqeq.yaml +27 -0
  994. package/rules/python/lang/correctness/writing-to-file-in-read-mode.yaml +27 -0
  995. package/rules/python/lang/maintainability/improper-list-concat.yaml +18 -0
  996. package/rules/python/lang/maintainability/is-function-without-parentheses.yaml +18 -0
  997. package/rules/python/lang/maintainability/return.yaml +29 -0
  998. package/rules/python/lang/maintainability/useless-assign-keyed.yaml +16 -0
  999. package/rules/python/lang/maintainability/useless-ifelse.yaml +31 -0
  1000. package/rules/python/lang/maintainability/useless-innerfunction.yaml +36 -0
  1001. package/rules/python/lang/maintainability/useless-literal-set.yaml +15 -0
  1002. package/rules/python/lang/maintainability/useless-literal.yaml +18 -0
  1003. package/rules/python/lang/security/audit/conn_recv.yaml +35 -0
  1004. package/rules/python/lang/security/audit/dangerous-annotations-usage.yaml +34 -0
  1005. package/rules/python/lang/security/audit/dangerous-asyncio-create-exec-audit.yaml +62 -0
  1006. package/rules/python/lang/security/audit/dangerous-asyncio-create-exec-tainted-env-args.yaml +110 -0
  1007. package/rules/python/lang/security/audit/dangerous-asyncio-exec-audit.yaml +48 -0
  1008. package/rules/python/lang/security/audit/dangerous-asyncio-exec-tainted-env-args.yaml +95 -0
  1009. package/rules/python/lang/security/audit/dangerous-asyncio-shell-audit.yaml +48 -0
  1010. package/rules/python/lang/security/audit/dangerous-asyncio-shell-tainted-env-args.yaml +96 -0
  1011. package/rules/python/lang/security/audit/dangerous-code-run-audit.yaml +55 -0
  1012. package/rules/python/lang/security/audit/dangerous-code-run-tainted-env-args.yaml +105 -0
  1013. package/rules/python/lang/security/audit/dangerous-os-exec-audit.yaml +57 -0
  1014. package/rules/python/lang/security/audit/dangerous-os-exec-tainted-env-args.yaml +109 -0
  1015. package/rules/python/lang/security/audit/dangerous-spawn-process-audit.yaml +58 -0
  1016. package/rules/python/lang/security/audit/dangerous-spawn-process-tainted-env-args.yaml +112 -0
  1017. package/rules/python/lang/security/audit/dangerous-subinterpreters-run-string-audit.yaml +32 -0
  1018. package/rules/python/lang/security/audit/dangerous-subinterpreters-run-string-tainted-env-args.yaml +81 -0
  1019. package/rules/python/lang/security/audit/dangerous-subprocess-use-audit.yaml +75 -0
  1020. package/rules/python/lang/security/audit/dangerous-subprocess-use-tainted-env-args.yaml +115 -0
  1021. package/rules/python/lang/security/audit/dangerous-system-call-audit.yaml +63 -0
  1022. package/rules/python/lang/security/audit/dangerous-system-call-tainted-env-args.yaml +110 -0
  1023. package/rules/python/lang/security/audit/dangerous-testcapi-run-in-subinterp-audit.yaml +36 -0
  1024. package/rules/python/lang/security/audit/dangerous-testcapi-run-in-subinterp-tainted-env-args.yaml +85 -0
  1025. package/rules/python/lang/security/audit/dynamic-urllib-use-detected.yaml +57 -0
  1026. package/rules/python/lang/security/audit/eval-detected.yaml +35 -0
  1027. package/rules/python/lang/security/audit/exec-detected.yaml +34 -0
  1028. package/rules/python/lang/security/audit/formatted-sql-query.yaml +42 -0
  1029. package/rules/python/lang/security/audit/hardcoded-password-default-argument.yaml +33 -0
  1030. package/rules/python/lang/security/audit/httpsconnection-detected.yaml +33 -0
  1031. package/rules/python/lang/security/audit/insecure-file-permissions.yaml +63 -0
  1032. package/rules/python/lang/security/audit/insecure-transport/ftplib/use-ftp-tls.yaml +40 -0
  1033. package/rules/python/lang/security/audit/insecure-transport/requests/request-session-http-in-with-context.yaml +58 -0
  1034. package/rules/python/lang/security/audit/insecure-transport/requests/request-session-with-http.yaml +56 -0
  1035. package/rules/python/lang/security/audit/insecure-transport/requests/request-with-http.yaml +57 -0
  1036. package/rules/python/lang/security/audit/insecure-transport/ssl/no-set-ciphers.yaml +32 -0
  1037. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-openerdirector-open-ftp.yaml +56 -0
  1038. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-openerdirector-open.yaml +58 -0
  1039. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-request-object-ftp.yaml +36 -0
  1040. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-request-object.yaml +39 -0
  1041. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlopen-ftp.yaml +35 -0
  1042. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlopen.yaml +37 -0
  1043. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-open-ftp.yaml +55 -0
  1044. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-open.yaml +58 -0
  1045. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-retrieve-ftp.yaml +55 -0
  1046. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-retrieve.yaml +58 -0
  1047. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlretrieve-ftp.yaml +35 -0
  1048. package/rules/python/lang/security/audit/insecure-transport/urllib/insecure-urlretrieve.yaml +37 -0
  1049. package/rules/python/lang/security/audit/logging/listeneval.yaml +31 -0
  1050. package/rules/python/lang/security/audit/logging/logger-credential-leak.yaml +37 -0
  1051. package/rules/python/lang/security/audit/mako-templates-detected.yaml +32 -0
  1052. package/rules/python/lang/security/audit/marshal.yaml +34 -0
  1053. package/rules/python/lang/security/audit/md5-used-as-password.yaml +48 -0
  1054. package/rules/python/lang/security/audit/network/bind.yaml +39 -0
  1055. package/rules/python/lang/security/audit/network/disabled-cert-validation.yaml +35 -0
  1056. package/rules/python/lang/security/audit/network/http-not-https-connection.yaml +28 -0
  1057. package/rules/python/lang/security/audit/non-literal-import.yaml +30 -0
  1058. package/rules/python/lang/security/audit/paramiko/paramiko-exec-command.yaml +36 -0
  1059. package/rules/python/lang/security/audit/paramiko-implicit-trust-host-key.yaml +34 -0
  1060. package/rules/python/lang/security/audit/python-reverse-shell.yaml +32 -0
  1061. package/rules/python/lang/security/audit/regex-dos.yaml +34 -0
  1062. package/rules/python/lang/security/audit/sha224-hash.yaml +30 -0
  1063. package/rules/python/lang/security/audit/sqli/aiopg-sqli.yaml +103 -0
  1064. package/rules/python/lang/security/audit/sqli/asyncpg-sqli.yaml +96 -0
  1065. package/rules/python/lang/security/audit/sqli/pg8000-sqli.yaml +90 -0
  1066. package/rules/python/lang/security/audit/sqli/psycopg-sqli.yaml +86 -0
  1067. package/rules/python/lang/security/audit/ssl-wrap-socket-is-deprecated.yaml +27 -0
  1068. package/rules/python/lang/security/audit/subprocess-list-passed-as-string.yaml +43 -0
  1069. package/rules/python/lang/security/audit/subprocess-shell-true.yaml +42 -0
  1070. package/rules/python/lang/security/audit/system-wildcard-detected.yaml +37 -0
  1071. package/rules/python/lang/security/audit/telnetlib.yaml +27 -0
  1072. package/rules/python/lang/security/audit/weak-ssl-version.yaml +43 -0
  1073. package/rules/python/lang/security/dangerous-code-run.yaml +156 -0
  1074. package/rules/python/lang/security/dangerous-globals-use.yaml +54 -0
  1075. package/rules/python/lang/security/dangerous-os-exec.yaml +160 -0
  1076. package/rules/python/lang/security/dangerous-spawn-process.yaml +206 -0
  1077. package/rules/python/lang/security/dangerous-subinterpreters-run-string.yaml +132 -0
  1078. package/rules/python/lang/security/dangerous-subprocess-use.yaml +164 -0
  1079. package/rules/python/lang/security/dangerous-system-call.yaml +164 -0
  1080. package/rules/python/lang/security/dangerous-testcapi-run-in-subinterp.yaml +136 -0
  1081. package/rules/python/lang/security/deserialization/avoid-jsonpickle.yaml +33 -0
  1082. package/rules/python/lang/security/deserialization/avoid-pyyaml-load.yaml +50 -0
  1083. package/rules/python/lang/security/deserialization/avoid-unsafe-ruamel.yaml +32 -0
  1084. package/rules/python/lang/security/deserialization/pickle.yaml +128 -0
  1085. package/rules/python/lang/security/insecure-hash-algorithms-md5.yaml +39 -0
  1086. package/rules/python/lang/security/insecure-hash-algorithms.yaml +40 -0
  1087. package/rules/python/lang/security/insecure-hash-function.yaml +36 -0
  1088. package/rules/python/lang/security/insecure-uuid-version.yaml +34 -0
  1089. package/rules/python/lang/security/unverified-ssl-context.yaml +34 -0
  1090. package/rules/python/lang/security/use-defused-xml-parse.yaml +34 -0
  1091. package/rules/python/lang/security/use-defused-xml.yaml +30 -0
  1092. package/rules/python/lang/security/use-defused-xmlrpc.yaml +31 -0
  1093. package/rules/python/lang/security/use-defusedcsv.yaml +37 -0
  1094. package/rules/python/pycryptodome/security/insecure-cipher-algorithm-blowfish.yaml +38 -0
  1095. package/rules/python/pycryptodome/security/insecure-cipher-algorithm-des.yaml +40 -0
  1096. package/rules/python/pycryptodome/security/insecure-cipher-algorithm-rc2.yaml +38 -0
  1097. package/rules/python/pycryptodome/security/insecure-cipher-algorithm-rc4.yaml +36 -0
  1098. package/rules/python/pycryptodome/security/insecure-cipher-algorithm.yaml +30 -0
  1099. package/rules/python/pycryptodome/security/insecure-hash-algorithm-md2.yaml +40 -0
  1100. package/rules/python/pycryptodome/security/insecure-hash-algorithm-md4.yaml +40 -0
  1101. package/rules/python/pycryptodome/security/insecure-hash-algorithm-md5.yaml +40 -0
  1102. package/rules/python/pycryptodome/security/insecure-hash-algorithm.yaml +33 -0
  1103. package/rules/python/pycryptodome/security/insufficient-dsa-key-size.yaml +40 -0
  1104. package/rules/python/pycryptodome/security/insufficient-rsa-key-size.yaml +40 -0
  1105. package/rules/python/pycryptodome/security/mode-without-authentication.yaml +44 -0
  1106. package/rules/python/pymongo/security/mongodb.yaml +26 -0
  1107. package/rules/python/pyramid/audit/authtkt-cookie-httponly-unsafe-default.yaml +37 -0
  1108. package/rules/python/pyramid/audit/authtkt-cookie-httponly-unsafe-value.yaml +40 -0
  1109. package/rules/python/pyramid/audit/authtkt-cookie-samesite.yaml +35 -0
  1110. package/rules/python/pyramid/audit/authtkt-cookie-secure-unsafe-default.yaml +38 -0
  1111. package/rules/python/pyramid/audit/authtkt-cookie-secure-unsafe-value.yaml +40 -0
  1112. package/rules/python/pyramid/audit/csrf-check-disabled.yaml +42 -0
  1113. package/rules/python/pyramid/audit/csrf-origin-check-disabled-globally.yaml +37 -0
  1114. package/rules/python/pyramid/audit/csrf-origin-check-disabled.yaml +44 -0
  1115. package/rules/python/pyramid/audit/set-cookie-httponly-unsafe-default.yaml +44 -0
  1116. package/rules/python/pyramid/audit/set-cookie-httponly-unsafe-value.yaml +49 -0
  1117. package/rules/python/pyramid/audit/set-cookie-samesite-unsafe-default.yaml +44 -0
  1118. package/rules/python/pyramid/audit/set-cookie-samesite-unsafe-value.yaml +46 -0
  1119. package/rules/python/pyramid/audit/set-cookie-secure-unsafe-default.yaml +44 -0
  1120. package/rules/python/pyramid/audit/set-cookie-secure-unsafe-value.yaml +47 -0
  1121. package/rules/python/pyramid/security/csrf-check-disabled-globally.yaml +36 -0
  1122. package/rules/python/pyramid/security/direct-use-of-response.yaml +54 -0
  1123. package/rules/python/pyramid/security/sqlalchemy-sql-injection.yaml +62 -0
  1124. package/rules/python/requests/best-practice/use-raise-for-status.yaml +62 -0
  1125. package/rules/python/requests/best-practice/use-request-json-shortcut.yaml +19 -0
  1126. package/rules/python/requests/best-practice/use-response-json-shortcut.yaml +20 -0
  1127. package/rules/python/requests/best-practice/use-timeout.yaml +46 -0
  1128. package/rules/python/requests/security/disabled-cert-validation.yaml +37 -0
  1129. package/rules/python/requests/security/no-auth-over-http.yaml +38 -0
  1130. package/rules/python/sh/security/string-concat.yaml +31 -0
  1131. package/rules/python/sqlalchemy/correctness/bad-operator-in-filter.yaml +29 -0
  1132. package/rules/python/sqlalchemy/correctness/delete-where.yaml +15 -0
  1133. package/rules/python/sqlalchemy/performance/performance-improvements.yaml +23 -0
  1134. package/rules/python/sqlalchemy/security/audit/avoid-sqlalchemy-text.yaml +60 -0
  1135. package/rules/python/sqlalchemy/security/sqlalchemy-execute-raw-query.yaml +67 -0
  1136. package/rules/python/sqlalchemy/security/sqlalchemy-sql-injection.yaml +59 -0
  1137. package/rules/python/twilio/security/twiml-injection.yaml +50 -0
  1138. package/rules/python.security.yaml +602 -0
  1139. package/rules/ruby/aws-lambda/security/activerecord-sqli.yaml +50 -0
  1140. package/rules/ruby/aws-lambda/security/mysql2-sqli.yaml +50 -0
  1141. package/rules/ruby/aws-lambda/security/pg-sqli.yaml +54 -0
  1142. package/rules/ruby/aws-lambda/security/sequel-sqli.yaml +49 -0
  1143. package/rules/ruby/aws-lambda/security/tainted-deserialization.yaml +54 -0
  1144. package/rules/ruby/aws-lambda/security/tainted-sql-string.yaml +57 -0
  1145. package/rules/ruby/jwt/security/audit/jwt-decode-without-verify.yaml +32 -0
  1146. package/rules/ruby/jwt/security/audit/jwt-exposed-data.yaml +36 -0
  1147. package/rules/ruby/jwt/security/jwt-exposed-credentials.yaml +35 -0
  1148. package/rules/ruby/jwt/security/jwt-hardcode.yaml +53 -0
  1149. package/rules/ruby/jwt/security/jwt-none-alg.yaml +34 -0
  1150. package/rules/ruby/lang/security/audit/sha224-hash.yaml +41 -0
  1151. package/rules/ruby/lang/security/bad-deserialization-env.yaml +46 -0
  1152. package/rules/ruby/lang/security/bad-deserialization-yaml.yaml +63 -0
  1153. package/rules/ruby/lang/security/bad-deserialization.yaml +47 -0
  1154. package/rules/ruby/lang/security/cookie-serialization.yaml +33 -0
  1155. package/rules/ruby/lang/security/create-with.yaml +33 -0
  1156. package/rules/ruby/lang/security/dangerous-exec.yaml +53 -0
  1157. package/rules/ruby/lang/security/dangerous-open.yaml +34 -0
  1158. package/rules/ruby/lang/security/dangerous-open3-pipeline.yaml +34 -0
  1159. package/rules/ruby/lang/security/dangerous-subshell.yaml +34 -0
  1160. package/rules/ruby/lang/security/dangerous-syscall.yaml +26 -0
  1161. package/rules/ruby/lang/security/divide-by-zero.yaml +31 -0
  1162. package/rules/ruby/lang/security/file-disclosure.yaml +33 -0
  1163. package/rules/ruby/lang/security/filter-skipping.yaml +33 -0
  1164. package/rules/ruby/lang/security/force-ssl-false.yaml +31 -0
  1165. package/rules/ruby/lang/security/hardcoded-http-auth-in-controller.yaml +37 -0
  1166. package/rules/ruby/lang/security/hardcoded-secret-rsa-passphrase.yaml +103 -0
  1167. package/rules/ruby/lang/security/insufficient-rsa-key-size.yaml +51 -0
  1168. package/rules/ruby/lang/security/json-entity-escape.yaml +33 -0
  1169. package/rules/ruby/lang/security/mass-assignment-protection-disabled.yaml +29 -0
  1170. package/rules/ruby/lang/security/md5-used-as-password.yaml +37 -0
  1171. package/rules/ruby/lang/security/missing-csrf-protection.yaml +43 -0
  1172. package/rules/ruby/lang/security/model-attr-accessible.yaml +47 -0
  1173. package/rules/ruby/lang/security/model-attributes-attr-accessible.yaml +47 -0
  1174. package/rules/ruby/lang/security/no-eval.yaml +56 -0
  1175. package/rules/ruby/lang/security/no-send.yaml +46 -0
  1176. package/rules/ruby/lang/security/ssl-mode-no-verify.yaml +30 -0
  1177. package/rules/ruby/lang/security/unprotected-mass-assign.yaml +39 -0
  1178. package/rules/ruby/lang/security/weak-hashes-md5.yaml +36 -0
  1179. package/rules/ruby/lang/security/weak-hashes-sha1.yaml +31 -0
  1180. package/rules/ruby/rails/correctness/rails-no-render-after-save.yaml +29 -0
  1181. package/rules/ruby/rails/performance/ruby-rails-performance-indexes-are-really-beneficial.yaml +27 -0
  1182. package/rules/ruby/rails/security/audit/avoid-logging-everything.yaml +52 -0
  1183. package/rules/ruby/rails/security/audit/avoid-session-manipulation.yaml +41 -0
  1184. package/rules/ruby/rails/security/audit/avoid-tainted-file-access.yaml +71 -0
  1185. package/rules/ruby/rails/security/audit/avoid-tainted-ftp-call.yaml +41 -0
  1186. package/rules/ruby/rails/security/audit/avoid-tainted-http-request.yaml +79 -0
  1187. package/rules/ruby/rails/security/audit/avoid-tainted-shell-call.yaml +80 -0
  1188. package/rules/ruby/rails/security/audit/detailed-exceptions.yaml +47 -0
  1189. package/rules/ruby/rails/security/audit/rails-skip-forgery-protection.yaml +25 -0
  1190. package/rules/ruby/rails/security/audit/sqli/ruby-pg-sqli.yaml +64 -0
  1191. package/rules/ruby/rails/security/audit/xss/avoid-content-tag.yaml +32 -0
  1192. package/rules/ruby/rails/security/audit/xss/avoid-default-routes.yaml +34 -0
  1193. package/rules/ruby/rails/security/audit/xss/avoid-html-safe.yaml +32 -0
  1194. package/rules/ruby/rails/security/audit/xss/avoid-link-to.yaml +49 -0
  1195. package/rules/ruby/rails/security/audit/xss/avoid-raw.yaml +30 -0
  1196. package/rules/ruby/rails/security/audit/xss/avoid-redirect.yaml +60 -0
  1197. package/rules/ruby/rails/security/audit/xss/avoid-render-dynamic-path.yaml +44 -0
  1198. package/rules/ruby/rails/security/audit/xss/avoid-render-inline.yaml +30 -0
  1199. package/rules/ruby/rails/security/audit/xss/avoid-render-text.yaml +33 -0
  1200. package/rules/ruby/rails/security/audit/xss/manual-template-creation.yaml +30 -0
  1201. package/rules/ruby/rails/security/audit/xss/templates/alias-for-html-safe.yaml +36 -0
  1202. package/rules/ruby/rails/security/audit/xss/templates/avoid-content-tag.yaml +36 -0
  1203. package/rules/ruby/rails/security/audit/xss/templates/avoid-html-safe.yaml +37 -0
  1204. package/rules/ruby/rails/security/audit/xss/templates/avoid-raw.yaml +37 -0
  1205. package/rules/ruby/rails/security/audit/xss/templates/dangerous-link-to.yaml +43 -0
  1206. package/rules/ruby/rails/security/audit/xss/templates/unquoted-attribute.yaml +41 -0
  1207. package/rules/ruby/rails/security/audit/xss/templates/var-in-href.yaml +39 -0
  1208. package/rules/ruby/rails/security/audit/xss/templates/var-in-script-tag.yaml +43 -0
  1209. package/rules/ruby/rails/security/audit/xxe/libxml-backend.yaml +30 -0
  1210. package/rules/ruby/rails/security/audit/xxe/xml-external-entities-enabled.yaml +42 -0
  1211. package/rules/ruby/rails/security/brakeman/check-before-filter.yaml +35 -0
  1212. package/rules/ruby/rails/security/brakeman/check-cookie-store-session-security-attributes.yaml +39 -0
  1213. package/rules/ruby/rails/security/brakeman/check-dynamic-render-local-file-include.yaml +38 -0
  1214. package/rules/ruby/rails/security/brakeman/check-http-verb-confusion.yaml +39 -0
  1215. package/rules/ruby/rails/security/brakeman/check-permit-attributes-high.yaml +30 -0
  1216. package/rules/ruby/rails/security/brakeman/check-permit-attributes-medium.yaml +30 -0
  1217. package/rules/ruby/rails/security/brakeman/check-rails-secret-yaml.secrets.test.yml +26 -0
  1218. package/rules/ruby/rails/security/brakeman/check-rails-secret-yaml.yaml +43 -0
  1219. package/rules/ruby/rails/security/brakeman/check-rails-session-secret-handling.yaml +43 -0
  1220. package/rules/ruby/rails/security/brakeman/check-redirect-to.yaml +80 -0
  1221. package/rules/ruby/rails/security/brakeman/check-regex-dos.yaml +66 -0
  1222. package/rules/ruby/rails/security/brakeman/check-render-local-file-include.yaml +63 -0
  1223. package/rules/ruby/rails/security/brakeman/check-reverse-tabnabbing.yaml +63 -0
  1224. package/rules/ruby/rails/security/brakeman/check-secrets.yaml +36 -0
  1225. package/rules/ruby/rails/security/brakeman/check-send-file.yaml +45 -0
  1226. package/rules/ruby/rails/security/brakeman/check-sql.yaml +90 -0
  1227. package/rules/ruby/rails/security/brakeman/check-unsafe-reflection-methods.yaml +60 -0
  1228. package/rules/ruby/rails/security/brakeman/check-unsafe-reflection.yaml +55 -0
  1229. package/rules/ruby/rails/security/brakeman/check-unscoped-find.yaml +52 -0
  1230. package/rules/ruby/rails/security/brakeman/check-validation-regex.yaml +39 -0
  1231. package/rules/ruby/rails/security/injection/raw-html-format.yaml +60 -0
  1232. package/rules/ruby/rails/security/injection/tainted-sql-string.yaml +70 -0
  1233. package/rules/ruby/rails/security/injection/tainted-url-host.yaml +59 -0
  1234. package/rules/ruby.security.yaml +400 -0
  1235. package/rules/rust/lang/security/args-os.yml +21 -0
  1236. package/rules/rust/lang/security/args.yml +21 -0
  1237. package/rules/rust/lang/security/current-exe.yml +21 -0
  1238. package/rules/rust/lang/security/insecure-hashes.yml +25 -0
  1239. package/rules/rust/lang/security/reqwest-accept-invalid.yml +20 -0
  1240. package/rules/rust/lang/security/reqwest-set-sensitive.yml +44 -0
  1241. package/rules/rust/lang/security/rustls-dangerous.yml +24 -0
  1242. package/rules/rust/lang/security/ssl-verify-none.yml +17 -0
  1243. package/rules/rust/lang/security/temp-dir.yml +23 -0
  1244. package/rules/rust/lang/security/unsafe-usage.yml +17 -0
  1245. package/rules/semantic-security.yaml +679 -0
  1246. package/rules/terraform.security.yaml +505 -0
  1247. package/rules/third-party/go-extra/anon-struct-args.yml +12 -0
  1248. package/rules/third-party/go-extra/badexponentiation.yml +9 -0
  1249. package/rules/third-party/go-extra/badnilguard.yml +15 -0
  1250. package/rules/third-party/go-extra/close-sql-query-rows.yml +57 -0
  1251. package/rules/third-party/go-extra/contextCancelable.yml +22 -0
  1252. package/rules/third-party/go-extra/contextTODO.yml +9 -0
  1253. package/rules/third-party/go-extra/ctx-time.yml +24 -0
  1254. package/rules/third-party/go-extra/errclosed.yml +10 -0
  1255. package/rules/third-party/go-extra/errnilcheck.yml +18 -0
  1256. package/rules/third-party/go-extra/errtodo.yml +22 -0
  1257. package/rules/third-party/go-extra/gofuzz.yml +18 -0
  1258. package/rules/third-party/go-extra/hashsum.yml +25 -0
  1259. package/rules/third-party/go-extra/hmac-bytes.yml +19 -0
  1260. package/rules/third-party/go-extra/hmac-hash.yml +21 -0
  1261. package/rules/third-party/go-extra/hostport.yml +28 -0
  1262. package/rules/third-party/go-extra/http-ctx-goroutine.yml +14 -0
  1263. package/rules/third-party/go-extra/ioutil.yml +48 -0
  1264. package/rules/third-party/go-extra/joinpath.yml +11 -0
  1265. package/rules/third-party/go-extra/json-writer.yml +35 -0
  1266. package/rules/third-party/go-extra/mail-address.yml +13 -0
  1267. package/rules/third-party/go-extra/marshaljson.yml +31 -0
  1268. package/rules/third-party/go-extra/marshalyaml.yml +22 -0
  1269. package/rules/third-party/go-extra/mathbits.yml +23 -0
  1270. package/rules/third-party/go-extra/netip.yml +9 -0
  1271. package/rules/third-party/go-extra/nilerr.yml +15 -0
  1272. package/rules/third-party/go-extra/nrtxn.yml +16 -0
  1273. package/rules/third-party/go-extra/oddbitwise.yml +14 -0
  1274. package/rules/third-party/go-extra/oddcompare.yml +59 -0
  1275. package/rules/third-party/go-extra/oddcompound.yml +11 -0
  1276. package/rules/third-party/go-extra/oddifsequence.yml +134 -0
  1277. package/rules/third-party/go-extra/oddmathbits.yml +11 -0
  1278. package/rules/third-party/go-extra/oserrors.yml +28 -0
  1279. package/rules/third-party/go-extra/parseint-downcast.yml +31 -0
  1280. package/rules/third-party/go-extra/readeof.yml +16 -0
  1281. package/rules/third-party/go-extra/readfull.yml +17 -0
  1282. package/rules/third-party/go-extra/returnnil.yml +16 -0
  1283. package/rules/third-party/go-extra/sortslice.yml +40 -0
  1284. package/rules/third-party/go-extra/sprinterr.yml +54 -0
  1285. package/rules/third-party/go-extra/timeafter.yml +16 -0
  1286. package/rules/third-party/go-extra/unixnano.yml +15 -0
  1287. package/rules/third-party/go-extra/writestring.yml +19 -0
  1288. package/rules/third-party/go-extra/wrongerrcall.yml +16 -0
  1289. package/rules/third-party/go-extra/wronglock.yml +19 -0
  1290. package/rules/third-party/shopify/go/gorilla/security/audit/handler-assignment-from-multiple-sources.yaml +54 -0
  1291. package/rules/third-party/shopify/go/gorilla/security/audit/session-cookie-missing-httponly.yaml +32 -0
  1292. package/rules/third-party/shopify/go/gorilla/security/audit/session-cookie-missing-secure.yaml +31 -0
  1293. package/rules/third-party/shopify/go/grpc/security/grpc-client-insecure-connection.yaml +22 -0
  1294. package/rules/third-party/shopify/go/grpc/security/grpc-server-insecure-connection.yaml +37 -0
  1295. package/rules/third-party/shopify/go/jwt-go/security/audit/jwt-parse-unverified.yaml +21 -0
  1296. package/rules/third-party/shopify/go/jwt-go/security/jwt-none-alg.yaml +25 -0
  1297. package/rules/third-party/shopify/go/jwt-go/security/jwt.yaml +18 -0
  1298. package/rules/third-party/shopify/go/lang/best-practice/channel-guarded-with-mutex.yaml +22 -0
  1299. package/rules/third-party/shopify/go/lang/best-practice/hidden-goroutine.yaml +27 -0
  1300. package/rules/third-party/shopify/go/lang/correctness/looppointer.yaml +29 -0
  1301. package/rules/third-party/shopify/go/lang/correctness/overflow/overflow.yaml +35 -0
  1302. package/rules/third-party/shopify/go/lang/correctness/permissions/file_permission.yaml +22 -0
  1303. package/rules/third-party/shopify/go/lang/correctness/useless-eqeq.yaml +26 -0
  1304. package/rules/third-party/shopify/go/lang/maintainability/useless-ifelse.yaml +31 -0
  1305. package/rules/third-party/shopify/go/lang/security/audit/crypto/bad_imports.yaml +47 -0
  1306. package/rules/third-party/shopify/go/lang/security/audit/crypto/insecure_ssh.yaml +22 -0
  1307. package/rules/third-party/shopify/go/lang/security/audit/crypto/math_random.yaml +31 -0
  1308. package/rules/third-party/shopify/go/lang/security/audit/crypto/missing-ssl-minversion.yaml +27 -0
  1309. package/rules/third-party/shopify/go/lang/security/audit/crypto/ssl.yaml +22 -0
  1310. package/rules/third-party/shopify/go/lang/security/audit/crypto/tls.yaml +44 -0
  1311. package/rules/third-party/shopify/go/lang/security/audit/crypto/use_of_weak_crypto.yaml +72 -0
  1312. package/rules/third-party/shopify/go/lang/security/audit/crypto/use_of_weak_rsa_key.yaml +23 -0
  1313. package/rules/third-party/shopify/go/lang/security/audit/dangerous-command-write.yaml +34 -0
  1314. package/rules/third-party/shopify/go/lang/security/audit/dangerous-exec-cmd.yaml +75 -0
  1315. package/rules/third-party/shopify/go/lang/security/audit/dangerous-exec-command.yaml +46 -0
  1316. package/rules/third-party/shopify/go/lang/security/audit/dangerous-syscall-exec.yaml +87 -0
  1317. package/rules/third-party/shopify/go/lang/security/audit/database/string-formatted-query.yaml +154 -0
  1318. package/rules/third-party/shopify/go/lang/security/audit/net/bind_all.yaml +18 -0
  1319. package/rules/third-party/shopify/go/lang/security/audit/net/cookie-missing-httponly.yaml +33 -0
  1320. package/rules/third-party/shopify/go/lang/security/audit/net/cookie-missing-secure.yaml +32 -0
  1321. package/rules/third-party/shopify/go/lang/security/audit/net/dynamic-httptrace-clienttrace.yaml +31 -0
  1322. package/rules/third-party/shopify/go/lang/security/audit/net/formatted-template-string.yaml +46 -0
  1323. package/rules/third-party/shopify/go/lang/security/audit/net/pprof.yaml +30 -0
  1324. package/rules/third-party/shopify/go/lang/security/audit/net/unescaped-data-in-htmlattr.yaml +43 -0
  1325. package/rules/third-party/shopify/go/lang/security/audit/net/unescaped-data-in-js.yaml +43 -0
  1326. package/rules/third-party/shopify/go/lang/security/audit/net/unescaped-data-in-url.yaml +43 -0
  1327. package/rules/third-party/shopify/go/lang/security/audit/net/use-tls.yaml +17 -0
  1328. package/rules/third-party/shopify/go/lang/security/audit/net/wip-xss-using-responsewriter-and-printf.yaml +60 -0
  1329. package/rules/third-party/shopify/go/lang/security/audit/reflect-makefunc.yaml +17 -0
  1330. package/rules/third-party/shopify/go/lang/security/audit/sqli/gosql-sqli.yaml +51 -0
  1331. package/rules/third-party/shopify/go/lang/security/audit/sqli/pg-orm-sqli.yaml +53 -0
  1332. package/rules/third-party/shopify/go/lang/security/audit/sqli/pg-sqli.yaml +54 -0
  1333. package/rules/third-party/shopify/go/lang/security/audit/sqli/pgx-sqli.yaml +58 -0
  1334. package/rules/third-party/shopify/go/lang/security/audit/unsafe-reflect-by-name.yaml +33 -0
  1335. package/rules/third-party/shopify/go/lang/security/audit/unsafe.yaml +15 -0
  1336. package/rules/third-party/shopify/go/lang/security/audit/xss/import-text-template.yaml +18 -0
  1337. package/rules/third-party/shopify/go/lang/security/audit/xss/no-direct-write-to-responsewriter.yaml +37 -0
  1338. package/rules/third-party/shopify/go/lang/security/audit/xss/no-fprintf-to-responsewriter.yaml +30 -0
  1339. package/rules/third-party/shopify/go/lang/security/audit/xss/no-interpolation-in-tag.yaml +21 -0
  1340. package/rules/third-party/shopify/go/lang/security/audit/xss/no-interpolation-js-template-string.yaml +25 -0
  1341. package/rules/third-party/shopify/go/lang/security/audit/xss/no-io-writestring-to-responsewriter.yaml +31 -0
  1342. package/rules/third-party/shopify/go/lang/security/audit/xss/no-printf-in-responsewriter.yaml +30 -0
  1343. package/rules/third-party/shopify/go/lang/security/audit/xss/template-html-does-not-escape.yaml +31 -0
  1344. package/rules/third-party/shopify/go/lang/security/bad_tmp.yaml +14 -0
  1345. package/rules/third-party/shopify/go/lang/security/decompression_bomb.yaml +58 -0
  1346. package/rules/third-party/shopify/go/lang/security/injection/raw-html-format.yaml +41 -0
  1347. package/rules/third-party/shopify/go/lang/security/injection/tainted-url-host.yaml +38 -0
  1348. package/rules/third-party/shopify/go/lang/security/zip.yaml +19 -0
  1349. package/rules/third-party/shopify/go/otto/security/audit/dangerous-execution.yaml +23 -0
  1350. package/rules/third-party/shopify/go/template/security/insecure-types.yaml +25 -0
  1351. package/rules/third-party/shopify/javascript/ajv/security/audit/ajv-allerrors-true.yaml +22 -0
  1352. package/rules/third-party/shopify/javascript/angular/security/detect-angular-element-methods.yaml +31 -0
  1353. package/rules/third-party/shopify/javascript/angular/security/detect-angular-open-redirect.yaml +25 -0
  1354. package/rules/third-party/shopify/javascript/angular/security/detect-angular-resource-loading.yaml +24 -0
  1355. package/rules/third-party/shopify/javascript/angular/security/detect-angular-sce-disabled.yaml +17 -0
  1356. package/rules/third-party/shopify/javascript/angular/security/detect-angular-trust-as-css.yaml +27 -0
  1357. package/rules/third-party/shopify/javascript/angular/security/detect-angular-trust-as-html-method.yaml +27 -0
  1358. package/rules/third-party/shopify/javascript/angular/security/detect-angular-trust-as-js-method.yaml +27 -0
  1359. package/rules/third-party/shopify/javascript/angular/security/detect-angular-trust-as-method.yaml +26 -0
  1360. package/rules/third-party/shopify/javascript/angular/security/detect-angular-trust-as-resourceurl-method.yaml +27 -0
  1361. package/rules/third-party/shopify/javascript/angular/security/detect-angular-trust-as-url-method.yaml +27 -0
  1362. package/rules/third-party/shopify/javascript/angular/security/detect-third-party-angular-translate.yaml +43 -0
  1363. package/rules/third-party/shopify/javascript/apollo/security/apollo-axios-ssrf.yaml +37 -0
  1364. package/rules/third-party/shopify/javascript/bluebird/security/audit/tofastproperties-code-execution.yaml +29 -0
  1365. package/rules/third-party/shopify/javascript/browser/security/dom-based-xss.yaml +23 -0
  1366. package/rules/third-party/shopify/javascript/browser/security/eval-detected.yaml +25 -0
  1367. package/rules/third-party/shopify/javascript/browser/security/insecure-document-method.yaml +26 -0
  1368. package/rules/third-party/shopify/javascript/browser/security/insecure-innerhtml.yaml +19 -0
  1369. package/rules/third-party/shopify/javascript/browser/security/insufficient-postmessage-origin-validation.yaml +40 -0
  1370. package/rules/third-party/shopify/javascript/browser/security/new-function-detected.yaml +24 -0
  1371. package/rules/third-party/shopify/javascript/browser/security/open-redirect.yaml +37 -0
  1372. package/rules/third-party/shopify/javascript/browser/security/raw-html-concat.yaml +62 -0
  1373. package/rules/third-party/shopify/javascript/browser/security/raw-html-join.yaml +32 -0
  1374. package/rules/third-party/shopify/javascript/browser/security/wildcard-postmessage-configuration.yaml +15 -0
  1375. package/rules/third-party/shopify/javascript/chrome-remote-interface/security/audit/chrome-remote-interface-compilescript-injection.yaml +23 -0
  1376. package/rules/third-party/shopify/javascript/chrome-remote-interface/security/audit/chrome-remote-interface-evaluate-injection.yaml +23 -0
  1377. package/rules/third-party/shopify/javascript/chrome-remote-interface/security/audit/chrome-remote-interface-navigate-injection.yaml +23 -0
  1378. package/rules/third-party/shopify/javascript/chrome-remote-interface/security/audit/chrome-remote-interface-printtopdf-injection.yaml +28 -0
  1379. package/rules/third-party/shopify/javascript/chrome-remote-interface/security/audit/chrome-remote-interface-setdocumentcontent-injection.yaml +23 -0
  1380. package/rules/third-party/shopify/javascript/deno/security/audit/deno-dangerous-run.yaml +36 -0
  1381. package/rules/third-party/shopify/javascript/express/security/audit/express-cookie-settings.yaml +291 -0
  1382. package/rules/third-party/shopify/javascript/express/security/audit/express-jwt-not-revoked.yaml +29 -0
  1383. package/rules/third-party/shopify/javascript/express/security/audit/express-path-join-resolve-traversal.yaml +47 -0
  1384. package/rules/third-party/shopify/javascript/express/security/audit/express-xml2json-xxe-event.yaml +28 -0
  1385. package/rules/third-party/shopify/javascript/express/security/audit/possible-user-input-redirect.yaml +32 -0
  1386. package/rules/third-party/shopify/javascript/express/security/audit/remote-property-injection.yaml +35 -0
  1387. package/rules/third-party/shopify/javascript/express/security/audit/res-render-injection.yaml +25 -0
  1388. package/rules/third-party/shopify/javascript/express/security/audit/xss/direct-response-write.yaml +38 -0
  1389. package/rules/third-party/shopify/javascript/express/security/audit/xss/ejs/explicit-unescape.yaml +27 -0
  1390. package/rules/third-party/shopify/javascript/express/security/audit/xss/ejs/var-in-href.yaml +27 -0
  1391. package/rules/third-party/shopify/javascript/express/security/audit/xss/ejs/var-in-script-src.yaml +32 -0
  1392. package/rules/third-party/shopify/javascript/express/security/audit/xss/ejs/var-in-script-tag.yaml +32 -0
  1393. package/rules/third-party/shopify/javascript/express/security/audit/xss/mustache/escape-function-overwrite.yaml +25 -0
  1394. package/rules/third-party/shopify/javascript/express/security/audit/xss/mustache/explicit-unescape.yaml +28 -0
  1395. package/rules/third-party/shopify/javascript/express/security/audit/xss/mustache/var-in-href.yaml +28 -0
  1396. package/rules/third-party/shopify/javascript/express/security/audit/xss/mustache/var-in-script-tag.yaml +31 -0
  1397. package/rules/third-party/shopify/javascript/express/security/audit/xss/pug/and-attributes.yaml +23 -0
  1398. package/rules/third-party/shopify/javascript/express/security/audit/xss/pug/explicit-unescape.yaml +26 -0
  1399. package/rules/third-party/shopify/javascript/express/security/audit/xss/pug/var-in-href.yaml +26 -0
  1400. package/rules/third-party/shopify/javascript/express/security/audit/xss/pug/var-in-script-tag.yaml +33 -0
  1401. package/rules/third-party/shopify/javascript/express/security/cors-misconfiguration.yaml +43 -0
  1402. package/rules/third-party/shopify/javascript/express/security/express-data-exfiltration.yaml +34 -0
  1403. package/rules/third-party/shopify/javascript/express/security/express-expat-xxe.yaml +48 -0
  1404. package/rules/third-party/shopify/javascript/express/security/express-jwt-hardcoded-secret.yaml +31 -0
  1405. package/rules/third-party/shopify/javascript/express/security/express-phantom-injection.yaml +79 -0
  1406. package/rules/third-party/shopify/javascript/express/security/express-puppeteer-injection.yaml +109 -0
  1407. package/rules/third-party/shopify/javascript/express/security/express-sandbox-injection.yaml +43 -0
  1408. package/rules/third-party/shopify/javascript/express/security/express-vm-injection.yaml +43 -0
  1409. package/rules/third-party/shopify/javascript/express/security/express-vm2-injection.yaml +53 -0
  1410. package/rules/third-party/shopify/javascript/express/security/express-wkhtml-injection.yaml +77 -0
  1411. package/rules/third-party/shopify/javascript/express/security/express-xml2json-xxe.yaml +42 -0
  1412. package/rules/third-party/shopify/javascript/express/security/require-request.yaml +26 -0
  1413. package/rules/third-party/shopify/javascript/express/security/x-frame-options-misconfiguration.yaml +44 -0
  1414. package/rules/third-party/shopify/javascript/fbjs/security/audit/insecure-createnodesfrommarkup.yaml +20 -0
  1415. package/rules/third-party/shopify/javascript/grpc/security/grpc-nodejs-insecure-connection.yaml +24 -0
  1416. package/rules/third-party/shopify/javascript/jose/security/audit/jose-exposed-data.yaml +35 -0
  1417. package/rules/third-party/shopify/javascript/jose/security/jwt-exposed-credentials.yaml +233 -0
  1418. package/rules/third-party/shopify/javascript/jose/security/jwt-hardcode.yaml +160 -0
  1419. package/rules/third-party/shopify/javascript/jose/security/jwt-none-alg.yaml +42 -0
  1420. package/rules/third-party/shopify/javascript/jquery/security/audit/jquery-insecure-method.yaml +40 -0
  1421. package/rules/third-party/shopify/javascript/jquery/security/audit/jquery-insecure-selector.yaml +70 -0
  1422. package/rules/third-party/shopify/javascript/jquery/security/audit/prohibit-jquery-html.yaml +23 -0
  1423. package/rules/third-party/shopify/javascript/jsonwebtoken/security/audit/jwt-decode-without-verify.yaml +34 -0
  1424. package/rules/third-party/shopify/javascript/jsonwebtoken/security/audit/jwt-exposed-data.yaml +27 -0
  1425. package/rules/third-party/shopify/javascript/jsonwebtoken/security/jwt-exposed-credentials.yaml +60 -0
  1426. package/rules/third-party/shopify/javascript/jsonwebtoken/security/jwt-hardcode.yaml +36 -0
  1427. package/rules/third-party/shopify/javascript/jsonwebtoken/security/jwt-none-alg.yaml +27 -0
  1428. package/rules/third-party/shopify/javascript/lang/best-practice/assigned-undefined.yaml +17 -0
  1429. package/rules/third-party/shopify/javascript/lang/best-practice/lazy-load-module.yaml +24 -0
  1430. package/rules/third-party/shopify/javascript/lang/best-practice/leftover_debugging.yaml +50 -0
  1431. package/rules/third-party/shopify/javascript/lang/best-practice/zlib-async-loop.yaml +41 -0
  1432. package/rules/third-party/shopify/javascript/lang/correctness/missing-template-string-indicator.yaml +18 -0
  1433. package/rules/third-party/shopify/javascript/lang/correctness/no-replaceall.yaml +16 -0
  1434. package/rules/third-party/shopify/javascript/lang/correctness/useless-assign.yaml +18 -0
  1435. package/rules/third-party/shopify/javascript/lang/correctness/useless-eqeq.yaml +21 -0
  1436. package/rules/third-party/shopify/javascript/lang/security/audit/code-string-concat.yaml +34 -0
  1437. package/rules/third-party/shopify/javascript/lang/security/audit/dangerous-spawn-shell.yaml +55 -0
  1438. package/rules/third-party/shopify/javascript/lang/security/audit/detect-bracket-object-injection.yaml +22 -0
  1439. package/rules/third-party/shopify/javascript/lang/security/audit/detect-non-literal-fs-filename.yaml +70 -0
  1440. package/rules/third-party/shopify/javascript/lang/security/audit/detect-non-literal-regexp.yaml +23 -0
  1441. package/rules/third-party/shopify/javascript/lang/security/audit/incomplete-sanitization.yaml +19 -0
  1442. package/rules/third-party/shopify/javascript/lang/security/audit/non-constant-sql-query.yaml +18 -0
  1443. package/rules/third-party/shopify/javascript/lang/security/audit/path-traversal/path-join-resolve-traversal.yaml +53 -0
  1444. package/rules/third-party/shopify/javascript/lang/security/audit/prototype-pollution/prototype-pollution-assignment.yaml +61 -0
  1445. package/rules/third-party/shopify/javascript/lang/security/audit/prototype-pollution/prototype-pollution-function.yaml +82 -0
  1446. package/rules/third-party/shopify/javascript/lang/security/audit/prototype-pollution/prototype-pollution-loop.yaml +62 -0
  1447. package/rules/third-party/shopify/javascript/lang/security/audit/spawn-shell-true.yaml +37 -0
  1448. package/rules/third-party/shopify/javascript/lang/security/audit/sqli/node-mssql-sqli.yaml +62 -0
  1449. package/rules/third-party/shopify/javascript/lang/security/audit/sqli/node-postgres-sqli.yaml +64 -0
  1450. package/rules/third-party/shopify/javascript/lang/security/audit/unknown-value-with-script-tag.yaml +25 -0
  1451. package/rules/third-party/shopify/javascript/lang/security/audit/unsafe-dynamic-method.yaml +42 -0
  1452. package/rules/third-party/shopify/javascript/lang/security/audit/unsafe-formatstring.yaml +39 -0
  1453. package/rules/third-party/shopify/javascript/lang/security/audit/vm-injection.yaml +495 -0
  1454. package/rules/third-party/shopify/javascript/lang/security/detect-buffer-noassert.yaml +22 -0
  1455. package/rules/third-party/shopify/javascript/lang/security/detect-child-process.yaml +30 -0
  1456. package/rules/third-party/shopify/javascript/lang/security/detect-disable-mustache-escape.yaml +17 -0
  1457. package/rules/third-party/shopify/javascript/lang/security/detect-eval-with-expression.yaml +30 -0
  1458. package/rules/third-party/shopify/javascript/lang/security/detect-insecure-websocket.yaml +15 -0
  1459. package/rules/third-party/shopify/javascript/lang/security/detect-no-csrf-before-method-override.yaml +23 -0
  1460. package/rules/third-party/shopify/javascript/lang/security/detect-non-literal-require.yaml +20 -0
  1461. package/rules/third-party/shopify/javascript/lang/security/detect-pseudoRandomBytes.yaml +22 -0
  1462. package/rules/third-party/shopify/javascript/lang/security/insecure-object-assign.yaml +25 -0
  1463. package/rules/third-party/shopify/javascript/lang/security/spawn-git-clone.yaml +27 -0
  1464. package/rules/third-party/shopify/javascript/monaco-editor/security/audit/monaco-hover-htmlsupport.yaml +33 -0
  1465. package/rules/third-party/shopify/javascript/node-expat/security/audit/expat-xxe.yaml +71 -0
  1466. package/rules/third-party/shopify/javascript/passport-jwt/security/passport-hardcode.yaml +805 -0
  1467. package/rules/third-party/shopify/javascript/phantom/security/audit/phantom-injection.yaml +27 -0
  1468. package/rules/third-party/shopify/javascript/playwright/security/audit/playwright-addinitscript-code-injection.yaml +22 -0
  1469. package/rules/third-party/shopify/javascript/playwright/security/audit/playwright-evaluate-arg-injection.yaml +22 -0
  1470. package/rules/third-party/shopify/javascript/playwright/security/audit/playwright-evaluate-code-injection.yaml +29 -0
  1471. package/rules/third-party/shopify/javascript/playwright/security/audit/playwright-exposed-chrome-devtools.yaml +21 -0
  1472. package/rules/third-party/shopify/javascript/playwright/security/audit/playwright-goto-injection.yaml +24 -0
  1473. package/rules/third-party/shopify/javascript/playwright/security/audit/playwright-setcontent-injection.yaml +24 -0
  1474. package/rules/third-party/shopify/javascript/puppeteer/security/audit/puppeteer-evaluate-arg-injection.yaml +23 -0
  1475. package/rules/third-party/shopify/javascript/puppeteer/security/audit/puppeteer-evaluate-code-injection.yaml +29 -0
  1476. package/rules/third-party/shopify/javascript/puppeteer/security/audit/puppeteer-exposed-chrome-devtools.yaml +21 -0
  1477. package/rules/third-party/shopify/javascript/puppeteer/security/audit/puppeteer-goto-injection.yaml +24 -0
  1478. package/rules/third-party/shopify/javascript/puppeteer/security/audit/puppeteer-setcontent-injection.yaml +23 -0
  1479. package/rules/third-party/shopify/javascript/react/correctness/hooks/set-state-no-op.yaml +16 -0
  1480. package/rules/third-party/shopify/javascript/sandbox/security/audit/sandbox-code-injection.yaml +33 -0
  1481. package/rules/third-party/shopify/javascript/sax/security/audit/sax-xxe.yaml +28 -0
  1482. package/rules/third-party/shopify/javascript/sequelize/security/audit/sequelize-enforce-tls.yaml +50 -0
  1483. package/rules/third-party/shopify/javascript/sequelize/security/audit/sequelize-raw-query.yaml +32 -0
  1484. package/rules/third-party/shopify/javascript/sequelize/security/audit/sequelize-tls-disabled-cert-validation.yaml +44 -0
  1485. package/rules/third-party/shopify/javascript/sequelize/security/audit/sequelize-weak-tls-version.yaml +46 -0
  1486. package/rules/third-party/shopify/javascript/serialize-javascript/security/audit/unsafe-serialize-javascript.yaml +20 -0
  1487. package/rules/third-party/shopify/javascript/shelljs/security/shelljs-exec-injection.yaml +23 -0
  1488. package/rules/third-party/shopify/javascript/thenify/security/audit/multiargs-code-execution.yaml +35 -0
  1489. package/rules/third-party/shopify/javascript/vm2/security/audit/vm2-code-injection.yaml +53 -0
  1490. package/rules/third-party/shopify/javascript/vm2/security/audit/vm2-context-injection.yaml +337 -0
  1491. package/rules/third-party/shopify/javascript/vue/security/audit/xss/templates/avoid-v-html.yaml +16 -0
  1492. package/rules/third-party/shopify/javascript/wkhtmltoimage/security/audit/wkhtmltoimage-injection.yaml +21 -0
  1493. package/rules/third-party/shopify/javascript/wkhtmltopdf/security/audit/wkhtmltopdf-injection.yaml +21 -0
  1494. package/rules/third-party/shopify/javascript/xml2json/security/audit/xml2json-xxe.yaml +33 -0
  1495. package/rules/third-party/shopify/python/airflow/security/audit/formatted-string-bashoperator.yaml +46 -0
  1496. package/rules/third-party/shopify/python/attr/correctness/mutable-initializer.yaml +31 -0
  1497. package/rules/third-party/shopify/python/bokeh/maintainability/deprecated/deprecated_apis.yaml +15 -0
  1498. package/rules/third-party/shopify/python/boto3/security/hardcoded-token.yaml +22 -0
  1499. package/rules/third-party/shopify/python/click/best-practice/echo-style.yaml +10 -0
  1500. package/rules/third-party/shopify/python/cryptography/security/insecure-cipher-algorithms.yaml +56 -0
  1501. package/rules/third-party/shopify/python/cryptography/security/insecure-cipher-mode-ecb.yaml +19 -0
  1502. package/rules/third-party/shopify/python/cryptography/security/insecure-hash-algorithms.yaml +44 -0
  1503. package/rules/third-party/shopify/python/cryptography/security/insufficient-dsa-key-size.yaml +23 -0
  1504. package/rules/third-party/shopify/python/cryptography/security/insufficient-ec-key-size.yaml +23 -0
  1505. package/rules/third-party/shopify/python/cryptography/security/insufficient-rsa-key-size.yaml +23 -0
  1506. package/rules/third-party/shopify/python/distributed/security.yaml +17 -0
  1507. package/rules/third-party/shopify/python/django/best-practice/json_response.yaml +17 -0
  1508. package/rules/third-party/shopify/python/django/best-practice/upsell_django_environ.yaml +26 -0
  1509. package/rules/third-party/shopify/python/django/best-practice/use-onetoonefield.yaml +16 -0
  1510. package/rules/third-party/shopify/python/django/compatibility/django-2_0-compat.yaml +58 -0
  1511. package/rules/third-party/shopify/python/django/correctness/model-save.yaml +24 -0
  1512. package/rules/third-party/shopify/python/django/correctness/nontext-field-must-set-null-true.yaml +25 -0
  1513. package/rules/third-party/shopify/python/django/correctness/string-field-null-checks.yaml +40 -0
  1514. package/rules/third-party/shopify/python/django/correctness/use-decimalfield-for-money.yaml +17 -0
  1515. package/rules/third-party/shopify/python/django/maintainability/duplicate-path-assignment.yaml +69 -0
  1516. package/rules/third-party/shopify/python/django/performance/access-foreign-keys.yaml +10 -0
  1517. package/rules/third-party/shopify/python/django/performance/upsell-count.yaml +14 -0
  1518. package/rules/third-party/shopify/python/django/performance/upsell_earliest_latest.yaml +14 -0
  1519. package/rules/third-party/shopify/python/django/security/audit/avoid-insecure-deserialization.yaml +50 -0
  1520. package/rules/third-party/shopify/python/django/security/audit/avoid-mark-safe.yaml +22 -0
  1521. package/rules/third-party/shopify/python/django/security/audit/csrf-exempt.yaml +15 -0
  1522. package/rules/third-party/shopify/python/django/security/audit/custom-expression-as-sql.yaml +18 -0
  1523. package/rules/third-party/shopify/python/django/security/audit/django-ratelimit/missing-ratelimit.yaml +25 -0
  1524. package/rules/third-party/shopify/python/django/security/audit/django-rest-framework/missing-throttle-config.yaml +26 -0
  1525. package/rules/third-party/shopify/python/django/security/audit/extends-custom-expression.yaml +134 -0
  1526. package/rules/third-party/shopify/python/django/security/audit/query-set-extra.yaml +18 -0
  1527. package/rules/third-party/shopify/python/django/security/audit/raw-query.yaml +20 -0
  1528. package/rules/third-party/shopify/python/django/security/audit/secure-cookies.yaml +51 -0
  1529. package/rules/third-party/shopify/python/django/security/audit/templates/debug-template-tag.yaml +20 -0
  1530. package/rules/third-party/shopify/python/django/security/audit/unvalidated-password.yaml +46 -0
  1531. package/rules/third-party/shopify/python/django/security/audit/xss/class-extends-safestring.yaml +30 -0
  1532. package/rules/third-party/shopify/python/django/security/audit/xss/context-autoescape-off.yaml +25 -0
  1533. package/rules/third-party/shopify/python/django/security/audit/xss/direct-use-of-httpresponse.yaml +33 -0
  1534. package/rules/third-party/shopify/python/django/security/audit/xss/filter-with-is-safe.yaml +27 -0
  1535. package/rules/third-party/shopify/python/django/security/audit/xss/formathtml-fstring-parameter.yaml +24 -0
  1536. package/rules/third-party/shopify/python/django/security/audit/xss/global-autoescape-off.yaml +24 -0
  1537. package/rules/third-party/shopify/python/django/security/audit/xss/html-magic-method.yaml +28 -0
  1538. package/rules/third-party/shopify/python/django/security/audit/xss/html-safe.yaml +28 -0
  1539. package/rules/third-party/shopify/python/django/security/audit/xss/template-autoescape-off.yaml +22 -0
  1540. package/rules/third-party/shopify/python/django/security/audit/xss/template-blocktranslate-no-escape.yaml +36 -0
  1541. package/rules/third-party/shopify/python/django/security/audit/xss/template-href-var.yaml +27 -0
  1542. package/rules/third-party/shopify/python/django/security/audit/xss/template-translate-as-no-escape.yaml +119 -0
  1543. package/rules/third-party/shopify/python/django/security/audit/xss/template-translate-no-escape.yaml +40 -0
  1544. package/rules/third-party/shopify/python/django/security/audit/xss/template-var-unescaped-with-safeseq.yaml +23 -0
  1545. package/rules/third-party/shopify/python/django/security/audit/xss/var-in-script-tag.yaml +28 -0
  1546. package/rules/third-party/shopify/python/django/security/globals-as-template-context.yaml +32 -0
  1547. package/rules/third-party/shopify/python/django/security/injection/code/globals-misuse-code-execution.yaml +213 -0
  1548. package/rules/third-party/shopify/python/django/security/injection/code/user-eval-format-string.yaml +117 -0
  1549. package/rules/third-party/shopify/python/django/security/injection/code/user-eval.yaml +36 -0
  1550. package/rules/third-party/shopify/python/django/security/injection/code/user-exec-format-string.yaml +203 -0
  1551. package/rules/third-party/shopify/python/django/security/injection/code/user-exec.yaml +34 -0
  1552. package/rules/third-party/shopify/python/django/security/injection/command/command-injection-os-system.yaml +268 -0
  1553. package/rules/third-party/shopify/python/django/security/injection/email/xss-html-email-body.yaml +195 -0
  1554. package/rules/third-party/shopify/python/django/security/injection/email/xss-send-mail-html-message.yaml +233 -0
  1555. package/rules/third-party/shopify/python/django/security/injection/mass-assignment.yaml +26 -0
  1556. package/rules/third-party/shopify/python/django/security/injection/open-redirect.yaml +531 -0
  1557. package/rules/third-party/shopify/python/django/security/injection/path-traversal/path-traversal-file-name.yaml +68 -0
  1558. package/rules/third-party/shopify/python/django/security/injection/path-traversal/path-traversal-join.yaml +91 -0
  1559. package/rules/third-party/shopify/python/django/security/injection/path-traversal/path-traversal-open.yaml +427 -0
  1560. package/rules/third-party/shopify/python/django/security/injection/raw-html-format.yaml +49 -0
  1561. package/rules/third-party/shopify/python/django/security/injection/reflected-data-httpresponse.yaml +249 -0
  1562. package/rules/third-party/shopify/python/django/security/injection/reflected-data-httpresponsebadrequest.yaml +243 -0
  1563. package/rules/third-party/shopify/python/django/security/injection/request-data-fileresponse.yaml +71 -0
  1564. package/rules/third-party/shopify/python/django/security/injection/request-data-write.yaml +188 -0
  1565. package/rules/third-party/shopify/python/django/security/injection/sql/sql-injection-extra.yaml +283 -0
  1566. package/rules/third-party/shopify/python/django/security/injection/sql/sql-injection-rawsql.yaml +283 -0
  1567. package/rules/third-party/shopify/python/django/security/injection/sql/sql-injection-using-db-cursor-execute.yaml +283 -0
  1568. package/rules/third-party/shopify/python/django/security/injection/sql/sql-injection-using-raw.yaml +283 -0
  1569. package/rules/third-party/shopify/python/django/security/injection/ssrf/ssrf-injection-requests.yaml +249 -0
  1570. package/rules/third-party/shopify/python/django/security/injection/ssrf/ssrf-injection-urllib.yaml +249 -0
  1571. package/rules/third-party/shopify/python/django/security/locals-as-template-context.yaml +32 -0
  1572. package/rules/third-party/shopify/python/django/security/passwords/password-empty-string.yaml +31 -0
  1573. package/rules/third-party/shopify/python/django/security/passwords/use-none-for-password-default.yaml +30 -0
  1574. package/rules/third-party/shopify/python/docker/security/audit/docker-arbitrary-container-run.yaml +28 -0
  1575. package/rules/third-party/shopify/python/flask/best-practice/get-class-method-with-side-effects.yaml +23 -0
  1576. package/rules/third-party/shopify/python/flask/best-practice/use-jsonify.yaml +24 -0
  1577. package/rules/third-party/shopify/python/flask/caching/query-string.yaml +45 -0
  1578. package/rules/third-party/shopify/python/flask/correctness/access-request-in-wrong-handler.yaml +21 -0
  1579. package/rules/third-party/shopify/python/flask/correctness/same-handler-name.yaml +18 -0
  1580. package/rules/third-party/shopify/python/flask/maintainability/deprecated/deprecated-apis.yaml +44 -0
  1581. package/rules/third-party/shopify/python/flask/security/audit/app-run-param-config.yaml +16 -0
  1582. package/rules/third-party/shopify/python/flask/security/audit/app-run-security-config.yaml +20 -0
  1583. package/rules/third-party/shopify/python/flask/security/audit/debug-enabled.yaml +22 -0
  1584. package/rules/third-party/shopify/python/flask/security/audit/directly-returned-format-string.yaml +46 -0
  1585. package/rules/third-party/shopify/python/flask/security/audit/hardcoded-config.yaml +74 -0
  1586. package/rules/third-party/shopify/python/flask/security/audit/render-template-string.yaml +15 -0
  1587. package/rules/third-party/shopify/python/flask/security/audit/secure-set-cookie.yaml +31 -0
  1588. package/rules/third-party/shopify/python/flask/security/audit/wtf-csrf-disabled.yaml +16 -0
  1589. package/rules/third-party/shopify/python/flask/security/audit/xss/make-response-with-unknown-content.yaml +41 -0
  1590. package/rules/third-party/shopify/python/flask/security/dangerous-template-string.yaml +54 -0
  1591. package/rules/third-party/shopify/python/flask/security/flask-api-method-string-format.yaml +27 -0
  1592. package/rules/third-party/shopify/python/flask/security/injection/os-system-injection.yaml +60 -0
  1593. package/rules/third-party/shopify/python/flask/security/injection/path-traversal-open.yaml +94 -0
  1594. package/rules/third-party/shopify/python/flask/security/injection/raw-html-concat.yaml +55 -0
  1595. package/rules/third-party/shopify/python/flask/security/injection/ssrf-requests.yaml +62 -0
  1596. package/rules/third-party/shopify/python/flask/security/injection/user-eval.yaml +58 -0
  1597. package/rules/third-party/shopify/python/flask/security/injection/user-exec.yaml +58 -0
  1598. package/rules/third-party/shopify/python/flask/security/insecure-deserialization.yaml +32 -0
  1599. package/rules/third-party/shopify/python/flask/security/open-redirect.yaml +53 -0
  1600. package/rules/third-party/shopify/python/flask/security/secure-static-file-serve.yaml +21 -0
  1601. package/rules/third-party/shopify/python/flask/security/unescaped-template-extension.yaml +44 -0
  1602. package/rules/third-party/shopify/python/flask/security/unsanitized-input.yaml +36 -0
  1603. package/rules/third-party/shopify/python/flask/security/xss/audit/direct-use-of-jinja2.yaml +32 -0
  1604. package/rules/third-party/shopify/python/flask/security/xss/audit/explicit-unescape-with-markup.yaml +23 -0
  1605. package/rules/third-party/shopify/python/flask/security/xss/audit/template-autoescape-off.yaml +23 -0
  1606. package/rules/third-party/shopify/python/flask/security/xss/audit/template-href-var.yaml +33 -0
  1607. package/rules/third-party/shopify/python/flask/security/xss/audit/template-unescaped-with-safe.yaml +22 -0
  1608. package/rules/third-party/shopify/python/flask/security/xss/audit/template-unquoted-attribute-var.yaml +28 -0
  1609. package/rules/third-party/shopify/python/jinja2/security/audit/autoescape-disabled.yaml +25 -0
  1610. package/rules/third-party/shopify/python/jwt/security/audit/jwt-exposed-data.yaml +20 -0
  1611. package/rules/third-party/shopify/python/jwt/security/jwt-exposed-credentials.yaml +24 -0
  1612. package/rules/third-party/shopify/python/jwt/security/jwt-hardcode.yaml +22 -0
  1613. package/rules/third-party/shopify/python/jwt/security/jwt-none-alg.yaml +22 -0
  1614. package/rules/third-party/shopify/python/jwt/security/unverified-jwt-decode.yaml +22 -0
  1615. package/rules/third-party/shopify/python/lang/best-practice/hardcoded-tmp-path.yaml +14 -0
  1616. package/rules/third-party/shopify/python/lang/best-practice/manual-collections-create.yaml +94 -0
  1617. package/rules/third-party/shopify/python/lang/best-practice/missing-hash-with-eq.yaml +23 -0
  1618. package/rules/third-party/shopify/python/lang/best-practice/open-never-closed.yaml +95 -0
  1619. package/rules/third-party/shopify/python/lang/best-practice/pass-body.yaml +30 -0
  1620. package/rules/third-party/shopify/python/lang/best-practice/pdb.yaml +13 -0
  1621. package/rules/third-party/shopify/python/lang/best-practice/sleep.yaml +16 -0
  1622. package/rules/third-party/shopify/python/lang/compatibility/python36.yaml +28 -0
  1623. package/rules/third-party/shopify/python/lang/compatibility/python37.yaml +171 -0
  1624. package/rules/third-party/shopify/python/lang/correctness/baseclass-attribute-override.yaml +22 -0
  1625. package/rules/third-party/shopify/python/lang/correctness/common-mistakes/default-mutable-dict.yaml +198 -0
  1626. package/rules/third-party/shopify/python/lang/correctness/common-mistakes/default-mutable-list.yaml +215 -0
  1627. package/rules/third-party/shopify/python/lang/correctness/common-mistakes/is-comparison-string.yaml +32 -0
  1628. package/rules/third-party/shopify/python/lang/correctness/common-mistakes/is-not-is-not.yaml +12 -0
  1629. package/rules/third-party/shopify/python/lang/correctness/common-mistakes/string-concat-in-list.yaml +20 -0
  1630. package/rules/third-party/shopify/python/lang/correctness/concurrent.yaml +33 -0
  1631. package/rules/third-party/shopify/python/lang/correctness/dict-modify-iterating.yaml +21 -0
  1632. package/rules/third-party/shopify/python/lang/correctness/exceptions/exceptions.yaml +20 -0
  1633. package/rules/third-party/shopify/python/lang/correctness/exit.yaml +15 -0
  1634. package/rules/third-party/shopify/python/lang/correctness/file-object-redefined-before-close.yaml +22 -0
  1635. package/rules/third-party/shopify/python/lang/correctness/list-modify-iterating.yaml +28 -0
  1636. package/rules/third-party/shopify/python/lang/correctness/pdb.yaml +14 -0
  1637. package/rules/third-party/shopify/python/lang/correctness/return-in-init.yaml +48 -0
  1638. package/rules/third-party/shopify/python/lang/correctness/tempfile/flush.yaml +78 -0
  1639. package/rules/third-party/shopify/python/lang/correctness/tempfile/mktemp.yaml +12 -0
  1640. package/rules/third-party/shopify/python/lang/correctness/unchecked-returns.yaml +16 -0
  1641. package/rules/third-party/shopify/python/lang/correctness/useless-comparison.yaml +28 -0
  1642. package/rules/third-party/shopify/python/lang/correctness/useless-eqeq.yaml +27 -0
  1643. package/rules/third-party/shopify/python/lang/correctness/writing-to-file-in-read-mode.yaml +27 -0
  1644. package/rules/third-party/shopify/python/lang/maintainability/improper-list-concat.yaml +18 -0
  1645. package/rules/third-party/shopify/python/lang/maintainability/is-function-without-parentheses.yaml +17 -0
  1646. package/rules/third-party/shopify/python/lang/maintainability/return.yaml +29 -0
  1647. package/rules/third-party/shopify/python/lang/maintainability/useless-assign-keyed.yaml +16 -0
  1648. package/rules/third-party/shopify/python/lang/maintainability/useless-ifelse.yaml +27 -0
  1649. package/rules/third-party/shopify/python/lang/maintainability/useless-innerfunction.yaml +37 -0
  1650. package/rules/third-party/shopify/python/lang/maintainability/useless-literal.yaml +24 -0
  1651. package/rules/third-party/shopify/python/lang/security/audit/conn_recv.yaml +23 -0
  1652. package/rules/third-party/shopify/python/lang/security/audit/dangerous-annotations-usage.yaml +25 -0
  1653. package/rules/third-party/shopify/python/lang/security/audit/dangerous-asyncio-create-exec.yaml +46 -0
  1654. package/rules/third-party/shopify/python/lang/security/audit/dangerous-asyncio-exec.yaml +35 -0
  1655. package/rules/third-party/shopify/python/lang/security/audit/dangerous-asyncio-shell.yaml +36 -0
  1656. package/rules/third-party/shopify/python/lang/security/audit/dangerous-code-run.yaml +45 -0
  1657. package/rules/third-party/shopify/python/lang/security/audit/dangerous-os-exec.yaml +44 -0
  1658. package/rules/third-party/shopify/python/lang/security/audit/dangerous-spawn-process.yaml +44 -0
  1659. package/rules/third-party/shopify/python/lang/security/audit/dangerous-subinterpreters-run-string.yaml +23 -0
  1660. package/rules/third-party/shopify/python/lang/security/audit/dangerous-subprocess-use.yaml +44 -0
  1661. package/rules/third-party/shopify/python/lang/security/audit/dangerous-system-call.yaml +28 -0
  1662. package/rules/third-party/shopify/python/lang/security/audit/dangerous-testcapi-run-in-subinterp.yaml +26 -0
  1663. package/rules/third-party/shopify/python/lang/security/audit/dynamic-urllib-use-detected.yaml +49 -0
  1664. package/rules/third-party/shopify/python/lang/security/audit/eval-detected.yaml +23 -0
  1665. package/rules/third-party/shopify/python/lang/security/audit/exec-detected.yaml +23 -0
  1666. package/rules/third-party/shopify/python/lang/security/audit/formatted-sql-query.yaml +31 -0
  1667. package/rules/third-party/shopify/python/lang/security/audit/ftplib.yaml +19 -0
  1668. package/rules/third-party/shopify/python/lang/security/audit/hardcoded-password-default-argument.yaml +15 -0
  1669. package/rules/third-party/shopify/python/lang/security/audit/httpsconnection-detected.yaml +24 -0
  1670. package/rules/third-party/shopify/python/lang/security/audit/insecure-file-permissions.yaml +53 -0
  1671. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/ftplib/use-ftp-tls.yaml +19 -0
  1672. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/requests/request-session-http-in-with-context.yaml +36 -0
  1673. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/requests/request-session-with-http.yaml +50 -0
  1674. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/requests/request-with-http.yaml +50 -0
  1675. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/ssl/no-set-ciphers.yaml +23 -0
  1676. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-openerdirector-open-ftp.yaml +47 -0
  1677. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-openerdirector-open.yaml +49 -0
  1678. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-request-object-ftp.yaml +27 -0
  1679. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-request-object.yaml +30 -0
  1680. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlopen-ftp.yaml +26 -0
  1681. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlopen.yaml +28 -0
  1682. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-open-ftp.yaml +46 -0
  1683. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-open.yaml +49 -0
  1684. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-retrieve-ftp.yaml +46 -0
  1685. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlopener-retrieve.yaml +49 -0
  1686. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlretrieve-ftp.yaml +26 -0
  1687. package/rules/third-party/shopify/python/lang/security/audit/insecure-transport/urllib/insecure-urlretrieve.yaml +28 -0
  1688. package/rules/third-party/shopify/python/lang/security/audit/logging/listeneval.yaml +21 -0
  1689. package/rules/third-party/shopify/python/lang/security/audit/logging/logger-credential-leak.yaml +19 -0
  1690. package/rules/third-party/shopify/python/lang/security/audit/mako-templates-detected.yaml +21 -0
  1691. package/rules/third-party/shopify/python/lang/security/audit/marshal.yaml +23 -0
  1692. package/rules/third-party/shopify/python/lang/security/audit/network/bind.yaml +28 -0
  1693. package/rules/third-party/shopify/python/lang/security/audit/network/disabled-cert-validation.yaml +24 -0
  1694. package/rules/third-party/shopify/python/lang/security/audit/network/http-not-https-connection.yaml +19 -0
  1695. package/rules/third-party/shopify/python/lang/security/audit/non-literal-import.yaml +20 -0
  1696. package/rules/third-party/shopify/python/lang/security/audit/paramiko/paramiko-exec-command.yaml +25 -0
  1697. package/rules/third-party/shopify/python/lang/security/audit/paramiko-implicit-trust-host-key.yaml +26 -0
  1698. package/rules/third-party/shopify/python/lang/security/audit/sqli/aiopg-sqli.yaml +91 -0
  1699. package/rules/third-party/shopify/python/lang/security/audit/sqli/asyncpg-sqli.yaml +79 -0
  1700. package/rules/third-party/shopify/python/lang/security/audit/sqli/pg8000-sqli.yaml +77 -0
  1701. package/rules/third-party/shopify/python/lang/security/audit/sqli/psycopg-sqli.yaml +73 -0
  1702. package/rules/third-party/shopify/python/lang/security/audit/ssl-wrap-socket-is-deprecated.yaml +18 -0
  1703. package/rules/third-party/shopify/python/lang/security/audit/subprocess-shell-true.yaml +26 -0
  1704. package/rules/third-party/shopify/python/lang/security/audit/system-wildcard-detected.yaml +31 -0
  1705. package/rules/third-party/shopify/python/lang/security/audit/telnetlib.yaml +18 -0
  1706. package/rules/third-party/shopify/python/lang/security/audit/weak-ssl-version.yaml +34 -0
  1707. package/rules/third-party/shopify/python/lang/security/dangerous-globals-use.yaml +46 -0
  1708. package/rules/third-party/shopify/python/lang/security/deserialization/avoid-jsonpickle.yaml +22 -0
  1709. package/rules/third-party/shopify/python/lang/security/deserialization/avoid-pyyaml-load.yaml +36 -0
  1710. package/rules/third-party/shopify/python/lang/security/deserialization/avoid-unsafe-ruamel.yaml +21 -0
  1711. package/rules/third-party/shopify/python/lang/security/deserialization/pickle.yaml +78 -0
  1712. package/rules/third-party/shopify/python/lang/security/insecure-hash-algorithms.yaml +54 -0
  1713. package/rules/third-party/shopify/python/lang/security/insecure-hash-function.yaml +27 -0
  1714. package/rules/third-party/shopify/python/lang/security/unquoted-csv-writer.yaml +19 -0
  1715. package/rules/third-party/shopify/python/lang/security/unverified-ssl-context.yaml +19 -0
  1716. package/rules/third-party/shopify/python/lang/security/use-defused-xml.yaml +23 -0
  1717. package/rules/third-party/shopify/python/lang/security/use-defused-xmlrpc.yaml +23 -0
  1718. package/rules/third-party/shopify/python/pycryptodome/security/insecure-cipher-algorithm.yaml +102 -0
  1719. package/rules/third-party/shopify/python/pycryptodome/security/insecure-hash-algorithm.yaml +87 -0
  1720. package/rules/third-party/shopify/python/pycryptodome/security/insufficient-dsa-key-size.yaml +25 -0
  1721. package/rules/third-party/shopify/python/pycryptodome/security/insufficient-rsa-key-size.yaml +25 -0
  1722. package/rules/third-party/shopify/python/pymongo/security/mongodb.yaml +16 -0
  1723. package/rules/third-party/shopify/python/requests/best-practice/use-raise-for-status.yaml +50 -0
  1724. package/rules/third-party/shopify/python/requests/best-practice/use-request-json-shortcut.yaml +19 -0
  1725. package/rules/third-party/shopify/python/requests/best-practice/use-response-json-shortcut.yaml +20 -0
  1726. package/rules/third-party/shopify/python/requests/best-practice/use-timeout.yaml +59 -0
  1727. package/rules/third-party/shopify/python/requests/security/disabled-cert-validation.yaml +25 -0
  1728. package/rules/third-party/shopify/python/requests/security/no-auth-over-http.yaml +29 -0
  1729. package/rules/third-party/shopify/python/sh/security/string-concat.yaml +18 -0
  1730. package/rules/third-party/shopify/python/sqlalchemy/correctness/bad-operator-in-filter.yaml +29 -0
  1731. package/rules/third-party/shopify/python/sqlalchemy/correctness/delete-where.yaml +14 -0
  1732. package/rules/third-party/shopify/python/sqlalchemy/performance/performance-improvements.yaml +22 -0
  1733. package/rules/third-party/shopify/python/sqlalchemy/security/sqlalchemy-execute-raw-query.yaml +53 -0
  1734. package/rules/third-party/shopify/python/sqlalchemy/security/sqlalchemy-sql-injection.yaml +42 -0
  1735. package/rules/third-party/shopify/ruby/jwt/security/audit/jwt-decode-without-verify.yaml +22 -0
  1736. package/rules/third-party/shopify/ruby/jwt/security/audit/jwt-exposed-data.yaml +24 -0
  1737. package/rules/third-party/shopify/ruby/jwt/security/jwt-exposed-credentials.yaml +25 -0
  1738. package/rules/third-party/shopify/ruby/jwt/security/jwt-hardcode.yaml +36 -0
  1739. package/rules/third-party/shopify/ruby/jwt/security/jwt-none-alg.yaml +23 -0
  1740. package/rules/third-party/shopify/ruby/lang/security/bad-deserialization.yaml +45 -0
  1741. package/rules/third-party/shopify/ruby/lang/security/cookie-serialization.yaml +22 -0
  1742. package/rules/third-party/shopify/ruby/lang/security/create-with.yaml +23 -0
  1743. package/rules/third-party/shopify/ruby/lang/security/dangerous-exec.yaml +72 -0
  1744. package/rules/third-party/shopify/ruby/lang/security/dangerous-open.yaml +23 -0
  1745. package/rules/third-party/shopify/ruby/lang/security/dangerous-open3-pipeline.yaml +23 -0
  1746. package/rules/third-party/shopify/ruby/lang/security/dangerous-subshell.yaml +23 -0
  1747. package/rules/third-party/shopify/ruby/lang/security/dangerous-syscall.yaml +15 -0
  1748. package/rules/third-party/shopify/ruby/lang/security/divide-by-zero.yaml +22 -0
  1749. package/rules/third-party/shopify/ruby/lang/security/file-disclosure.yaml +17 -0
  1750. package/rules/third-party/shopify/ruby/lang/security/filter-skipping.yaml +23 -0
  1751. package/rules/third-party/shopify/ruby/lang/security/force-ssl-false.yaml +17 -0
  1752. package/rules/third-party/shopify/ruby/lang/security/hardcoded-http-auth-in-controller.yaml +22 -0
  1753. package/rules/third-party/shopify/ruby/lang/security/jruby-xml.yaml +22 -0
  1754. package/rules/third-party/shopify/ruby/lang/security/json-encoding.yaml +23 -0
  1755. package/rules/third-party/shopify/ruby/lang/security/json-entity-escape.yaml +19 -0
  1756. package/rules/third-party/shopify/ruby/lang/security/mass-assignment-protection-disabled.yaml +19 -0
  1757. package/rules/third-party/shopify/ruby/lang/security/missing-csrf-protection.yaml +31 -0
  1758. package/rules/third-party/shopify/ruby/lang/security/model-attr-accessible.yaml +37 -0
  1759. package/rules/third-party/shopify/ruby/lang/security/model-attributes-attr-accessible.yaml +32 -0
  1760. package/rules/third-party/shopify/ruby/lang/security/model-attributes-attr-protected.yaml +19 -0
  1761. package/rules/third-party/shopify/ruby/lang/security/nested-attributes-bypass.yaml +22 -0
  1762. package/rules/third-party/shopify/ruby/lang/security/nested-attributes.yaml +19 -0
  1763. package/rules/third-party/shopify/ruby/lang/security/no-eval.yaml +41 -0
  1764. package/rules/third-party/shopify/ruby/lang/security/no-send.yaml +35 -0
  1765. package/rules/third-party/shopify/ruby/lang/security/ssl-mode-no-verify.yaml +17 -0
  1766. package/rules/third-party/shopify/ruby/lang/security/timing-attack.yaml +19 -0
  1767. package/rules/third-party/shopify/ruby/lang/security/unprotected-mass-assign.yaml +31 -0
  1768. package/rules/third-party/shopify/ruby/lang/security/weak-hashes-md5.yaml +25 -0
  1769. package/rules/third-party/shopify/ruby/lang/security/weak-hashes-sha1.yaml +22 -0
  1770. package/rules/third-party/shopify/ruby/lang/security/yaml-parsing.yaml +17 -0
  1771. package/rules/third-party/shopify/ruby/rails/security/audit/avoid-session-manipulation.yaml +23 -0
  1772. package/rules/third-party/shopify/ruby/rails/security/audit/avoid-tainted-file-access.yaml +59 -0
  1773. package/rules/third-party/shopify/ruby/rails/security/audit/avoid-tainted-ftp-call.yaml +29 -0
  1774. package/rules/third-party/shopify/ruby/rails/security/audit/avoid-tainted-http-request.yaml +68 -0
  1775. package/rules/third-party/shopify/ruby/rails/security/audit/avoid-tainted-shell-call.yaml +69 -0
  1776. package/rules/third-party/shopify/ruby/rails/security/audit/sqli/ruby-pg-sqli.yaml +66 -0
  1777. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-content-tag.yaml +20 -0
  1778. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-default-routes.yaml +24 -0
  1779. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-html-safe.yaml +20 -0
  1780. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-link-to.yaml +37 -0
  1781. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-raw.yaml +18 -0
  1782. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-redirect.yaml +51 -0
  1783. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-render-dynamic-path.yaml +31 -0
  1784. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-render-inline.yaml +18 -0
  1785. package/rules/third-party/shopify/ruby/rails/security/audit/xss/avoid-render-text.yaml +21 -0
  1786. package/rules/third-party/shopify/ruby/rails/security/audit/xss/manual-template-creation.yaml +18 -0
  1787. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/alias-for-html-safe.yaml +23 -0
  1788. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/avoid-content-tag.yaml +23 -0
  1789. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/avoid-html-safe.yaml +23 -0
  1790. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/avoid-raw.yaml +23 -0
  1791. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/dangerous-link-to.yaml +31 -0
  1792. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/unquoted-attribute.yaml +29 -0
  1793. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/var-in-href.yaml +28 -0
  1794. package/rules/third-party/shopify/ruby/rails/security/audit/xss/templates/var-in-script-tag.yaml +30 -0
  1795. package/rules/third-party/shopify/ruby/rails/security/injection/raw-html-format.yaml +48 -0
  1796. package/rules/typescript/angular/security/audit/angular-domsanitizer.yaml +133 -0
  1797. package/rules/typescript/aws-cdk/security/audit/awscdk-bucket-encryption.yml +49 -0
  1798. package/rules/typescript/aws-cdk/security/audit/awscdk-bucket-enforcessl.yml +39 -0
  1799. package/rules/typescript/aws-cdk/security/audit/awscdk-sqs-unencryptedqueue.yml +44 -0
  1800. package/rules/typescript/aws-cdk/security/awscdk-bucket-grantpublicaccessmethod.yml +42 -0
  1801. package/rules/typescript/aws-cdk/security/awscdk-codebuild-project-public.yml +39 -0
  1802. package/rules/typescript/lang/best-practice/moment-deprecated.yaml +17 -0
  1803. package/rules/typescript/lang/correctness/useless-ternary.yaml +15 -0
  1804. package/rules/typescript/lang/security/audit/cors-regex-wildcard.yaml +33 -0
  1805. package/rules/typescript/nestjs/security/audit/nestjs-header-cors-any.yaml +45 -0
  1806. package/rules/typescript/nestjs/security/audit/nestjs-header-xss-disabled.yaml +35 -0
  1807. package/rules/typescript/nestjs/security/audit/nestjs-open-redirect.yaml +35 -0
  1808. package/rules/typescript/react/best-practice/define-styled-components-on-module-level.yaml +32 -0
  1809. package/rules/typescript/react/best-practice/react-find-dom.yaml +20 -0
  1810. package/rules/typescript/react/best-practice/react-legacy-component.yaml +20 -0
  1811. package/rules/typescript/react/best-practice/react-props-in-state.yaml +58 -0
  1812. package/rules/typescript/react/best-practice/react-props-spreading.yaml +22 -0
  1813. package/rules/typescript/react/portability/i18next/i18next-key-format.yaml +57 -0
  1814. package/rules/typescript/react/portability/i18next/jsx-label-not-i18n.yaml +26 -0
  1815. package/rules/typescript/react/portability/i18next/jsx-not-internationalized.yaml +26 -0
  1816. package/rules/typescript/react/portability/i18next/mui-snackbar-message.yaml +20 -0
  1817. package/rules/typescript/react/portability/i18next/useselect-label-not-i18n.yaml +25 -0
  1818. package/rules/typescript/react/security/audit/react-dangerouslysetinnerhtml.yaml +147 -0
  1819. package/rules/typescript/react/security/audit/react-href-var.yaml +90 -0
  1820. package/rules/typescript/react/security/audit/react-jwt-decoded-property.yaml +32 -0
  1821. package/rules/typescript/react/security/audit/react-jwt-in-localstorage.yaml +38 -0
  1822. package/rules/typescript/react/security/audit/react-unsanitized-method.yaml +148 -0
  1823. package/rules/typescript/react/security/audit/react-unsanitized-property.yaml +162 -0
  1824. package/rules/typescript/react/security/react-insecure-request.yaml +62 -0
  1825. package/rules/typescript/react/security/react-markdown-insecure-html.yaml +51 -0
  1826. package/scripts/postinstall.js +60 -0
  1827. package/semgrep_loader.py +575 -0
  1828. package/server.json +8 -0
  1829. package/skills/openclaw/SKILL.md +102 -0
  1830. package/skills/security-review.md +139 -0
  1831. package/skills/security-scan-batch.md +107 -0
  1832. package/skills/security-scanner.md +76 -0
  1833. package/src/analyzer.py +119 -0
  1834. package/src/cli/audit.js +25 -0
  1835. package/src/cli/demo.js +228 -0
  1836. package/src/cli/doctor.js +316 -0
  1837. package/src/cli/harden.js +22 -0
  1838. package/src/cli/init-hooks.js +164 -0
  1839. package/src/cli/init.js +443 -0
  1840. package/src/cli/report.js +444 -0
  1841. package/src/cli/scan-clawhub-full.js +518 -0
  1842. package/src/cli/scan-clawhub-safe.js +393 -0
  1843. package/src/cli/scan-clawhub.js +308 -0
  1844. package/src/config.js +250 -0
  1845. package/src/context.js +293 -0
  1846. package/src/daemon-client.js +292 -0
  1847. package/src/dedup.js +129 -0
  1848. package/src/fix-patterns.js +755 -0
  1849. package/src/history.js +159 -0
  1850. package/src/plugin-config.js +77 -0
  1851. package/src/plugin-health.js +49 -0
  1852. package/src/python.js +54 -0
  1853. package/src/tools/check-package.js +193 -0
  1854. package/src/tools/fix-security.js +142 -0
  1855. package/src/tools/import-resolver.js +249 -0
  1856. package/src/tools/project-context.js +365 -0
  1857. package/src/tools/scan-action.js +709 -0
  1858. package/src/tools/scan-diff.js +151 -0
  1859. package/src/tools/scan-mcp.js +1108 -0
  1860. package/src/tools/scan-packages.js +154 -0
  1861. package/src/tools/scan-project.js +320 -0
  1862. package/src/tools/scan-prompt.js +891 -0
  1863. package/src/tools/scan-security.js +226 -0
  1864. package/src/tools/scan-skill-prompt.js +547 -0
  1865. package/src/tools/scan-skill.js +1115 -0
  1866. package/src/typosquat.js +210 -0
  1867. package/src/utils.js +477 -0
  1868. package/taint_analyzer.py +856 -0
  1869. package/templates/gitlab-ci-security.yml +225 -0
  1870. package/templates/pre-commit-hook.sh +233 -0
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Sinewave AI
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.