@mcp-shark/mcp-shark 1.5.13 → 1.7.2

package/core/cli/data/rule-packs/aauth-visibility.json

@@ -0,0 +1,117 @@
+{
+  "schema_version": "1.0",
+  "pack_id": "aauth-visibility",
+  "pack_name": "AAuth Visibility",
+  "version": "1.0.0",
+  "updated": "2026-04-26",
+  "source_url": "https://github.com/dickhardt/AAuth",
+  "rules": [
+    {
+      "id": "aauth-agent-identity-observed",
+      "name": "AAuth Agent Identity Observed",
+      "owasp_id": "INFO",
+      "severity": "low",
+      "type": "aauth-visibility",
+      "description": "An AAuth agent identifier (aauth:local@domain) was observed in metadata. This is informational only — mcp-shark does not verify cryptographic identity.",
+      "recommendation": "Confirm the agent identifier is expected for this server. See https://www.aauth.dev for background on AAuth agent identities.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "first",
+      "patterns": [
+        {
+          "regex": "aauth:[A-Za-z0-9._-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}",
+          "label": "AAuth agent ID",
+          "flags": ""
+        }
+      ]
+    },
+    {
+      "id": "aauth-jwks-discovery-url",
+      "name": "AAuth JWKS or Well-Known URL Observed",
+      "owasp_id": "INFO",
+      "severity": "low",
+      "type": "aauth-visibility",
+      "description": "A JWKS or .well-known/aauth URL was observed. This typically indicates the resource is AAuth-aware.",
+      "recommendation": "If this URL is unexpected, investigate which agent or resource is publishing it.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "first",
+      "patterns": [
+        { "regex": "/\\.well-known/aauth", "label": ".well-known/aauth path", "flags": "i" },
+        { "regex": "https?://[^\\s\"']+/jwks(?:\\.json)?", "label": "JWKS URL", "flags": "i" }
+      ]
+    },
+    {
+      "id": "aauth-http-message-signature-observed",
+      "name": "HTTP Message Signature Observed",
+      "owasp_id": "INFO",
+      "severity": "low",
+      "type": "aauth-visibility",
+      "description": "An RFC 9421 HTTP Message Signature appears in captured traffic. mcp-shark records this as observed only — it does not verify the signature.",
+      "recommendation": "Use an AAuth-capable verifier to confirm signature validity. mcp-shark's role here is observability.",
+      "scope": ["packet"],
+      "match_mode": "first",
+      "patterns": [
+        {
+          "regex": "\"signature-input\"\\s*:\\s*\"[^\"]+\"",
+          "label": "Signature-Input header",
+          "flags": "i"
+        },
+        {
+          "regex": "\"signature\"\\s*:\\s*\"[^\"]*=:[A-Za-z0-9+/=]+:\"",
+          "label": "Signature header (sf-binary)",
+          "flags": "i"
+        }
+      ]
+    },
+    {
+      "id": "aauth-mission-context-observed",
+      "name": "AAuth Mission Context Observed",
+      "owasp_id": "INFO",
+      "severity": "low",
+      "type": "aauth-visibility",
+      "description": "An AAuth-Mission header was observed in captured traffic. Missions group calls under a single user-consented scope.",
+      "recommendation": "Use the mission timeline view in the UI to inspect related calls under the same mission.",
+      "scope": ["packet"],
+      "match_mode": "first",
+      "patterns": [
+        { "regex": "\"aauth-mission\"\\s*:", "label": "AAuth-Mission header", "flags": "i" }
+      ]
+    },
+    {
+      "id": "aauth-requirement-challenge-observed",
+      "name": "AAuth Requirement Challenge Observed",
+      "owasp_id": "INFO",
+      "severity": "low",
+      "type": "aauth-visibility",
+      "description": "An AAuth-Requirement response header was observed. The resource is asking the client to upgrade to AAuth.",
+      "recommendation": "If you control the calling agent, consider upgrading to AAuth — see https://www.aauth.dev.",
+      "scope": ["packet"],
+      "match_mode": "first",
+      "patterns": [
+        { "regex": "\"aauth-requirement\"\\s*:", "label": "AAuth-Requirement header", "flags": "i" }
+      ]
+    },
+    {
+      "id": "aauth-bearer-token-coexists-with-aauth",
+      "name": "Bearer Token Coexists With AAuth Headers",
+      "owasp_id": "MCP01",
+      "severity": "medium",
+      "type": "aauth-visibility",
+      "description": "A request carries both a Bearer token and AAuth identity headers. AAuth replaces bearer credentials — coexisting both is the worst-of-both-worlds pattern called out by the AAuth project.",
+      "recommendation": "Migrate the calling agent fully to AAuth; remove the long-lived bearer token once signed identity is in place.",
+      "scope": ["packet"],
+      "match_mode": "all_matches",
+      "patterns": [
+        {
+          "regex": "\"authorization\"\\s*:\\s*\"Bearer\\s+[^\"]+\"[\\s\\S]*\"signature-input\"",
+          "label": "Bearer + Signature-Input",
+          "flags": "i"
+        },
+        {
+          "regex": "\"signature-input\"[\\s\\S]*\"authorization\"\\s*:\\s*\"Bearer",
+          "label": "Signature-Input + Bearer",
+          "flags": "i"
+        }
+      ]
+    }
+  ]
+}

package/core/cli/data/rule-packs/agentic-security-2026.json

@@ -0,0 +1,180 @@
+{
+  "schema_version": "1.0",
+  "pack_id": "agentic-security-2026",
+  "pack_name": "Agentic Security Initiative (2026)",
+  "version": "1.0.0",
+  "updated": "2026-03-15",
+  "source_url": "https://owasp.org/www-project-agentic-security/",
+  "rules": [
+    {
+      "id": "asi01-goal-hijack",
+      "name": "Agent Goal Hijack Detection",
+      "owasp_id": "ASI01",
+      "severity": "high",
+      "type": "agentic-security",
+      "description": "Detects attempts to hijack or modify agent goals.",
+      "recommendation": "Implement goal validation and verification. Monitor for unauthorized goal changes. Use goal isolation and protection mechanisms.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "critical" },
+      "patterns": [
+        "(?:hijack|override|replace|change|modify)\\s+(?:goal|objective|purpose|mission|task)",
+        "(?:ignore|forget|disregard)\\s+(?:original|initial|intended|primary)\\s+(?:goal|objective|purpose)",
+        "(?:new|different|alternative|malicious)\\s+(?:goal|objective|purpose|mission)",
+        "(?:steer|redirect|manipulate)\\s+(?:agent|system)\\s+(?:toward|to|into)",
+        "(?:unauthorized|malicious|harmful)\\s+(?:goal|objective|purpose|action)"
+      ]
+    },
+    {
+      "id": "asi02-tool-misuse",
+      "name": "Tool Misuse Detection",
+      "owasp_id": "ASI02",
+      "severity": "high",
+      "type": "agentic-security",
+      "description": "Detects tool misuse and exploitation patterns.",
+      "recommendation": "Implement tool usage monitoring and restrictions. Enforce scope boundaries for tool usage. Monitor for unauthorized tool combinations.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "resource": "medium" },
+      "patterns": [
+        "(?:misuse|abuse|exploit|manipulate)\\s+(?:tool|function|capability|feature)",
+        "(?:use|utilize|invoke)\\s+(?:tool|function)\\s+(?:outside|beyond|outside\\s+of)\\s+(?:intended|authorized|allowed)\\s+(?:scope|purpose|context)",
+        "(?:unauthorized|illegitimate|improper)\\s+(?:tool|function)\\s+(?:usage|use|invocation)",
+        "(?:combine|chain|sequence)\\s+(?:tools|functions)\\s+(?:to|for)\\s+(?:achieve|perform|execute)\\s+(?:unauthorized|malicious)"
+      ]
+    },
+    {
+      "id": "asi03-identity-abuse",
+      "name": "Identity Abuse Detection",
+      "owasp_id": "ASI03",
+      "severity": "high",
+      "type": "agentic-security",
+      "description": "Detects identity and privilege abuse patterns.",
+      "recommendation": "Implement strict identity and privilege management. Monitor for privilege escalation. Enforce least privilege principles.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        "(?:abuse|misuse|exploit|impersonate|spoof)\\s+(?:identity|privilege|permission|access|role)",
+        "(?:escalate|elevate|raise|upgrade)\\s+(?:privilege|permission|access|authority)",
+        "(?:assume|take|steal|hijack)\\s+(?:identity|role|privilege|permission)",
+        "(?:unauthorized|illegitimate|improper)\\s+(?:privilege|permission|access|authority)\\s+(?:use|usage|exercise)",
+        "(?:bypass|circumvent|override)\\s+(?:identity|authentication|authorization|access\\s+control)"
+      ]
+    },
+    {
+      "id": "asi04-supply-chain",
+      "name": "Agentic Supply Chain Detection",
+      "owasp_id": "ASI04",
+      "severity": "high",
+      "type": "agentic-security",
+      "description": "Detects agentic supply chain vulnerabilities.",
+      "recommendation": "Verify agent framework and model integrity. Use signed and verified dependencies. Monitor for supply chain attacks.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        "(?:compromised|vulnerable|malicious)\\s+(?:agent|framework|model|dependency|package)",
+        "(?:supply\\s+chain|dependency)\\s+(?:attack|vulnerability|compromise|tampering)",
+        "(?:unsigned|unverified|untrusted)\\s+(?:agent|framework|model|dependency)",
+        "(?:tampered|modified|altered)\\s+(?:agent|framework|model|dependency)",
+        "(?:typosquatting|brandjacking|namespace)\\s+(?:agent|framework|model|package)"
+      ]
+    },
+    {
+      "id": "asi06-memory-poisoning",
+      "name": "Memory Poisoning Detection",
+      "owasp_id": "ASI06",
+      "severity": "high",
+      "type": "agentic-security",
+      "description": "Detects memory and context poisoning patterns.",
+      "recommendation": "Implement memory and context validation. Monitor for data poisoning. Use memory isolation and sanitization.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "critical" },
+      "patterns": [
+        "(?:poison|corrupt|taint|contaminate|manipulate)\\s+(?:memory|context|data|information)",
+        "(?:inject|insert)\\s+(?:malicious|harmful|poisoned|corrupted)\\s+(?:data|information|memory|context)",
+        "(?:memory|context|data)\\s+(?:poisoning|corruption|manipulation|tampering)",
+        "(?:compromise|compromised)\\s+(?:memory|context|data|information)",
+        "(?:tainted|poisoned|corrupted)\\s+(?:memory|context|data|information)"
+      ]
+    },
+    {
+      "id": "asi07-insecure-communication",
+      "name": "Insecure Communication Detection",
+      "owasp_id": "ASI07",
+      "severity": "high",
+      "type": "agentic-security",
+      "description": "Detects insecure inter-agent communication patterns.",
+      "recommendation": "Implement encrypted communication channels. Use TLS/SSL for all inter-agent communications. Authenticate all agent interactions.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        "(?:unencrypted|plaintext|cleartext|unsecured)\\s+(?:communication|channel|connection|transmission)",
+        "(?:http:\\/\\/|ftp:\\/\\/|ws:\\/\\/)\\s+(?:instead\\s+of|without|missing)",
+        "(?:no|missing|lack|without)\\s+(?:encryption|tls|ssl|https|authentication|auth)",
+        "(?:insecure|vulnerable|weak)\\s+(?:communication|channel|protocol|connection)",
+        "(?:intercept|eavesdrop|man-in-the-middle|mitm)\\s+(?:communication|channel|message)"
+      ]
+    },
+    {
+      "id": "asi08-cascading-failures",
+      "name": "Cascading Failures Detection",
+      "owasp_id": "ASI08",
+      "severity": "medium",
+      "type": "agentic-security",
+      "description": "Detects cascading failure vulnerabilities.",
+      "recommendation": "Implement failure isolation and containment. Use circuit breakers and failover mechanisms. Design for graceful degradation.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "low" },
+      "patterns": [
+        "(?:cascade|cascading|chain|domino)\\s+(?:failure|error|exception|outage|breakdown)",
+        "(?:propagate|spread|ripple|amplify)\\s+(?:failure|error|exception|outage)",
+        "(?:single\\s+point\\s+of\\s+failure|spof)",
+        "(?:no|missing|lack|without)\\s+(?:isolation|containment|circuit\\s+breaker|failover|redundancy)",
+        "(?:unhandled|uncaught|unrecoverable)\\s+(?:failure|error|exception)"
+      ]
+    },
+    {
+      "id": "asi09-trust-exploitation",
+      "name": "Trust Exploitation Detection",
+      "owasp_id": "ASI09",
+      "severity": "high",
+      "type": "agentic-security",
+      "description": "Detects human-agent trust exploitation patterns.",
+      "recommendation": "Implement trust verification mechanisms. Educate users about agent limitations. Monitor for trust exploitation patterns.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "critical" },
+      "patterns": [
+        "(?:exploit|abuse|manipulate|misuse)\\s+(?:trust|confidence|reliance|relationship)",
+        "(?:social\\s+engineering|phishing|deception|manipulation)\\s+(?:to|for|in\\s+order\\s+to)",
+        "(?:impersonate|spoof|pretend|masquerade)\\s+(?:as|to\\s+be)",
+        "(?:exploit|abuse)\\s+(?:human|user|operator)\\s+(?:trust|confidence|reliance)",
+        "(?:mislead|deceive|trick|fool)\\s+(?:human|user|operator|agent)"
+      ]
+    },
+    {
+      "id": "asi10-rogue-agent",
+      "name": "Rogue Agent Detection",
+      "owasp_id": "ASI10",
+      "severity": "critical",
+      "type": "agentic-security",
+      "description": "Detects rogue agent vulnerabilities.",
+      "recommendation": "Implement agent registration and approval processes. Monitor for unauthorized agent creation. Enforce agent lifecycle management.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "high" },
+      "patterns": [
+        "(?:rogue|unauthorized|unapproved|malicious|harmful)\\s+(?:agent|bot|automation|system)",
+        "(?:unauthorized|unapproved|unmanaged)\\s+(?:agent|bot)\\s+(?:creation|deployment|execution|activation)",
+        "(?:bypass|circumvent|avoid)\\s+(?:approval|authorization|review|governance)\\s+(?:for|to\\s+create|to\\s+deploy)",
+        "(?:hidden|concealed|undocumented|unregistered)\\s+(?:agent|bot|automation)",
+        "(?:self-replicating|self-propagating|autonomous)\\s+(?:agent|bot)\\s+(?:without|lacking)"
+      ]
+    }
+  ]
+}

package/core/cli/data/rule-packs/general-security.json

@@ -0,0 +1,173 @@
+{
+  "schema_version": "1.0",
+  "pack_id": "general-security",
+  "pack_name": "General Security Rules",
+  "version": "1.0.0",
+  "updated": "2026-03-15",
+  "source_url": "https://github.com/mcp-shark/rule-packs",
+  "rules": [
+    {
+      "id": "hardcoded-secrets",
+      "name": "Hardcoded Secrets Detection",
+      "owasp_id": "SECRET",
+      "severity": "high",
+      "type": "general-security",
+      "description": "Detects hardcoded secrets and API tokens in metadata.",
+      "recommendation": "Move secrets or API tokens to secure storage; never embed them directly in tool or resource metadata.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "first",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        { "regex": "sk-[A-Za-z0-9]{20}T3BlbkFJ[A-Za-z0-9]{20}", "label": "OpenAI", "flags": "" },
+        { "regex": "github_pat_[0-9A-Za-z_]{40,90}", "label": "GitHub PAT", "flags": "" },
+        { "regex": "(ghp|gho|ghs|ghu)_[A-Za-z0-9]{36}", "label": "GitHub Token", "flags": "" },
+        { "regex": "glpat-[0-9A-Za-z\\-_]{20}", "label": "GitLab Token", "flags": "" },
+        { "regex": "xox[baprs]-[A-Za-z0-9-]{10,120}", "label": "Slack Token", "flags": "" },
+        {
+          "regex": "https:\\/\\/hooks\\.slack\\.com\\/services\\/[A-Za-z0-9+/]{30,}",
+          "label": "Slack Webhook",
+          "flags": ""
+        },
+        {
+          "regex": "[A-Za-z0-9]{24}\\.[A-Za-z0-9]{6}\\.[A-Za-z0-9_-]{27}",
+          "label": "Discord Token",
+          "flags": ""
+        },
+        { "regex": "AKIA[0-9A-Z]{16}", "label": "AWS Access Key", "flags": "" },
+        {
+          "regex": "(?<![A-Za-z0-9])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9])",
+          "label": "AWS Secret Key",
+          "flags": ""
+        },
+        { "regex": "AIza[0-9A-Za-z\\-_]{35}", "label": "Google API Key", "flags": "" },
+        { "regex": "sk_live_[0-9a-zA-Z]{24}", "label": "Stripe Secret", "flags": "" },
+        { "regex": "rk_live_[0-9a-zA-Z]{24}", "label": "Stripe Restricted", "flags": "" },
+        { "regex": "SK[0-9a-fA-F]{32}", "label": "Twilio API Key", "flags": "" },
+        {
+          "regex": "SG\\.[0-9A-Za-z\\-_]{22}\\.[0-9A-Za-z\\-_]{43}",
+          "label": "SendGrid",
+          "flags": ""
+        },
+        { "regex": "key-[0-9a-fA-F]{32}", "label": "Mailgun", "flags": "" },
+        { "regex": "[A-Z0-9]{32}-[A-Z0-9]{10}", "label": "Algolia", "flags": "" },
+        {
+          "regex": "heroku[_a-z]*[:=]\\s*['\\\"]?[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}",
+          "label": "Heroku API token",
+          "flags": "i"
+        },
+        {
+          "regex": "pscale_(?:tkn|pw|oauth)_[A-Za-z0-9._=-]{30,60}",
+          "label": "PlanetScale",
+          "flags": ""
+        },
+        { "regex": "PMAK-[0-9a-f]{24}-[0-9a-f]{34}", "label": "Postman", "flags": "" },
+        { "regex": "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}", "label": "Firebase", "flags": "" }
+      ]
+    },
+    {
+      "id": "ansi-escape-sequences",
+      "name": "ANSI Escape Sequence Detection",
+      "owasp_id": "MCP03",
+      "severity": "medium",
+      "type": "general-security",
+      "description": "Detects ANSI escape codes in tool descriptions that could hide malicious content.",
+      "recommendation": "Strip ANSI escape sequences from tool descriptions. Run: npx mcp-shark scan --fix",
+      "scope": ["tool"],
+      "match_mode": "first",
+      "text_field": "description",
+      "patterns": [
+        { "regex": "\u001b\\[[0-9;]*[a-zA-Z]", "label": "ANSI escape sequence", "flags": "" }
+      ],
+      "severity_escalation_patterns": [
+        { "regex": "\u001b\\[\\d*[ABCDHJ]", "label": "ANSI cursor movement", "severity": "high" }
+      ]
+    },
+    {
+      "id": "dns-rebinding",
+      "name": "DNS Rebinding Detection",
+      "owasp_id": "MCP07",
+      "severity": "high",
+      "type": "network-security",
+      "description": "Detects servers bound to 0.0.0.0 vulnerable to DNS rebinding attacks.",
+      "recommendation": "Bind MCP servers to 127.0.0.1 or localhost instead of 0.0.0.0. Use --host 127.0.0.1 flag.",
+      "scope": ["tool"],
+      "match_mode": "first",
+      "patterns": [
+        { "regex": "0\\.0\\.0\\.0", "flags": "" },
+        { "regex": "--host\\s+0\\.0\\.0\\.0", "flags": "i" },
+        { "regex": "HOST[=:]\\s*0\\.0\\.0\\.0", "flags": "" },
+        { "regex": "listen\\(['\"]0\\.0\\.0\\.0['\"]\\)", "flags": "" },
+        { "regex": "INADDR_ANY", "flags": "" }
+      ]
+    },
+    {
+      "id": "sensitive-data-exposure",
+      "name": "Sensitive Data Exposure",
+      "owasp_id": "MCP08",
+      "severity": "high",
+      "type": "general-security",
+      "description": "Detects tools that may expose PII, credentials, or secrets without redaction.",
+      "recommendation": "Tools that access sensitive data should redact PII, credentials, and secrets from responses. Apply output filtering.",
+      "scope": ["tool"],
+      "match_mode": "first",
+      "exclude_patterns": ["redact", "mask", "filter", "sanitize", "censor", "strip", "scrub"],
+      "patterns": [
+        { "regex": "password", "label": "password field" },
+        { "regex": "credit[_\\s]?card", "label": "credit card data" },
+        { "regex": "social[_\\s]?security", "label": "social security number" },
+        { "regex": "ssn\\b", "label": "SSN field" },
+        { "regex": "private[_\\s]?key", "label": "private key" },
+        { "regex": "secret[_\\s]?key", "label": "secret key" },
+        { "regex": "bearer[_\\s]?token", "label": "bearer token" },
+        { "regex": "access[_\\s]?token", "label": "access token" },
+        { "regex": "refresh[_\\s]?token", "label": "refresh token" },
+        { "regex": "database[_\\s]?url", "label": "database URL" },
+        { "regex": "connection[_\\s]?string", "label": "connection string" }
+      ]
+    },
+    {
+      "id": "excessive-permissions",
+      "name": "Excessive Permissions",
+      "owasp_id": "MCP02",
+      "severity": "high",
+      "type": "general-security",
+      "description": "Detects servers or tools with overly broad permission scopes.",
+      "recommendation": "Apply the principle of least privilege. Restrict server permissions to only what is needed for its function.",
+      "scope": ["tool"],
+      "match_mode": "first",
+      "patterns": [
+        { "regex": "\\*:\\*", "label": "wildcard scope (*:*)", "flags": "" },
+        { "regex": "admin[_:]?access", "label": "admin access" },
+        { "regex": "full[_-]?access", "label": "full access" },
+        { "regex": "root[_:]?access", "label": "root access" },
+        { "regex": "sudo\\s", "label": "sudo usage" },
+        { "regex": "--privileged", "label": "privileged flag" },
+        { "regex": "--no-sandbox", "label": "no-sandbox flag" },
+        { "regex": "chmod\\s+777", "label": "chmod 777" },
+        { "regex": "allowAll|allow_all", "label": "allow-all policy" },
+        { "regex": "unrestricted", "label": "unrestricted mode" }
+      ]
+    },
+    {
+      "id": "path-traversal",
+      "name": "Path Traversal Detection",
+      "owasp_id": "MCP05",
+      "severity": "high",
+      "type": "general-security",
+      "description": "Detects tools that accept file paths without sanitization, enabling directory traversal.",
+      "recommendation": "Validate and sanitize all file paths. Reject paths containing \"..\" or absolute paths outside allowed directories.",
+      "scope": ["tool"],
+      "match_mode": "first",
+      "patterns": [
+        { "regex": "\\.\\.[\\/\\\\]", "label": "literal path traversal (../)", "flags": "" },
+        { "regex": "path[_\\s]*traversal", "label": "path traversal mention" },
+        { "regex": "any\\s+file\\s+path", "label": "unrestricted file path" },
+        { "regex": "arbitrary\\s+(file|path)", "label": "arbitrary file access" },
+        { "regex": "absolute[_\\s]*path", "label": "absolute path accepted" }
+      ],
+      "param_patterns": [
+        { "regex": "^(file_?path|filepath|path|filename|file)$", "label": "file path parameter" }
+      ]
+    }
+  ]
+}