@runsec/mcp 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/dist/index.js +578 -0
  2. package/package.json +43 -0
  3. package/src/rules/data/rule-compliance-map.json +43563 -0
  4. package/src/rules/data/semgrep-rules/README-taint-overlays.md +21 -0
  5. package/src/rules/data/semgrep-rules/advanced-agent-cloud.yaml +802 -0
  6. package/src/rules/data/semgrep-rules/app-logic.yaml +445 -0
  7. package/src/rules/data/semgrep-rules/auth-keycloak.yaml +831 -0
  8. package/src/rules/data/semgrep-rules/browser-agent.yaml +260 -0
  9. package/src/rules/data/semgrep-rules/cloud-secrets.yaml +316 -0
  10. package/src/rules/data/semgrep-rules/csharp-dotnet.yaml +4864 -0
  11. package/src/rules/data/semgrep-rules/desktop-electron-pro.yaml +30 -0
  12. package/src/rules/data/semgrep-rules/desktop-vsto-suite.yaml +2759 -0
  13. package/src/rules/data/semgrep-rules/devops-security.yaml +393 -0
  14. package/src/rules/data/semgrep-rules/domain-access-management.yaml +1023 -0
  15. package/src/rules/data/semgrep-rules/domain-data-privacy.yaml +852 -0
  16. package/src/rules/data/semgrep-rules/domain-input-validation.yaml +2894 -0
  17. package/src/rules/data/semgrep-rules/domain-platform-hardening.yaml +1715 -0
  18. package/src/rules/data/semgrep-rules/ds-ml-security.yaml +2431 -0
  19. package/src/rules/data/semgrep-rules/fastapi-async.yaml +5953 -0
  20. package/src/rules/data/semgrep-rules/frontend-react.yaml +4035 -0
  21. package/src/rules/data/semgrep-rules/frontend-security.yaml +200 -0
  22. package/src/rules/data/semgrep-rules/go-core.yaml +4959 -0
  23. package/src/rules/data/semgrep-rules/hft-cpp-security.yaml +631 -0
  24. package/src/rules/data/semgrep-rules/infra-k8s-helm.yaml +4968 -0
  25. package/src/rules/data/semgrep-rules/integration-security.yaml +2362 -0
  26. package/src/rules/data/semgrep-rules/java-enterprise.yaml +14756 -0
  27. package/src/rules/data/semgrep-rules/java-spring.yaml +397 -0
  28. package/src/rules/data/semgrep-rules/license-compliance.yaml +186 -0
  29. package/src/rules/data/semgrep-rules/mobile-flutter.yaml +37 -0
  30. package/src/rules/data/semgrep-rules/mobile-security.yaml +721 -0
  31. package/src/rules/data/semgrep-rules/nodejs-nestjs.yaml +5164 -0
  32. package/src/rules/data/semgrep-rules/nodejs-security.yaml +326 -0
  33. package/src/rules/data/semgrep-rules/observability.yaml +381 -0
  34. package/src/rules/data/semgrep-rules/php-security.yaml +3601 -0
  35. package/src/rules/data/semgrep-rules/python-backend-pro.yaml +30 -0
  36. package/src/rules/data/semgrep-rules/python-django.yaml +181 -0
  37. package/src/rules/data/semgrep-rules/python-security.yaml +284 -0
  38. package/src/rules/data/semgrep-rules/ru-regulatory.yaml +496 -0
  39. package/src/rules/data/semgrep-rules/ruby-rails.yaml +3078 -0
  40. package/src/rules/data/semgrep-rules/rust-security.yaml +2701 -0
package/src/rules/data/semgrep-rules/frontend-react.yaml ADDED
@@ -0,0 +1,4035 @@
1
+ rules:
2
+ - id: runsec.frontend-react.fr-001
3
+ metadata:
4
+ runsec_version: v1.0
5
+ confidence: |-
6
+ 0.9
7
+ exploit_scenario: |-
8
+ N/A
9
+ fix_template: |-
10
+ User-controlled HTML executes script in browser context.
11
+ pattern-either:
12
+ - pattern: |-
13
+ <div dangerouslySetInnerHTML={{ __html: userHtml }} />
14
+ - pattern-regex: 'Vulnerable:\\s*FR\\-001\\b'
15
+ message: |-
16
+ RunSec Detection [FR-001]: ASVS V5.1, CWE-79
17
+ languages:
18
+ - generic
19
+ severity: WARNING
20
+ - id: runsec.frontend-react.fr-002
21
+ metadata:
22
+ runsec_version: v1.0
23
+ confidence: |-
24
+ 0.9
25
+ exploit_scenario: |-
26
+ N/A
27
+ fix_template: |-
28
+ DOM sink executes injected markup/script payloads.
29
+ pattern-either:
30
+ - pattern: |-
31
+ ref.current!.innerHTML = payload
32
+ - pattern-regex: 'Vulnerable:\\s*FR\\-002\\b'
33
+ message: |-
34
+ RunSec Detection [FR-002]: ASVS V5.1, CWE-79
35
+ languages:
36
+ - generic
37
+ severity: WARNING
38
+ - id: runsec.frontend-react.fr-003
39
+ metadata:
40
+ runsec_version: v1.0
41
+ confidence: |-
42
+ 0.9
43
+ exploit_scenario: |-
44
+ N/A
45
+ fix_template: |-
46
+ HTML injection into trusted component region.
47
+ pattern-either:
48
+ - pattern: |-
49
+ el.insertAdjacentHTML("beforeend", html)
50
+ - pattern-regex: 'Vulnerable:\\s*FR\\-003\\b'
51
+ message: |-
52
+ RunSec Detection [FR-003]: ASVS V5.1, CWE-79
53
+ languages:
54
+ - generic
55
+ severity: WARNING
56
+ - id: runsec.frontend-react.fr-004
57
+ metadata:
58
+ runsec_version: v1.0
59
+ confidence: |-
60
+ 0.9
61
+ exploit_scenario: |-
62
+ N/A
63
+ fix_template: |-
64
+ Malicious script runs inside iframe content.
65
+ pattern-either:
66
+ - pattern: |-
67
+ <iframe srcDoc={userProvided} />
68
+ - pattern-regex: 'Vulnerable:\\s*FR\\-004\\b'
69
+ message: |-
70
+ RunSec Detection [FR-004]: ASVS V5.1, CWE-79
71
+ languages:
72
+ - generic
73
+ severity: WARNING
74
+ - id: runsec.frontend-react.fr-005
75
+ metadata:
76
+ runsec_version: v1.0
77
+ confidence: |-
78
+ 0.9
79
+ exploit_scenario: |-
80
+ N/A
81
+ fix_template: |-
82
+ Arbitrary code execution in browser runtime.
83
+ pattern-either:
84
+ - pattern: |-
85
+ const out = eval(expr)
86
+ - pattern-regex: 'Vulnerable:\\s*FR\\-005\\b'
87
+ message: |-
88
+ RunSec Detection [FR-005]: ASVS V5.1, CWE-95
89
+ languages:
90
+ - generic
91
+ severity: WARNING
92
+ - id: runsec.frontend-react.fr-006
93
+ metadata:
94
+ runsec_version: v1.0
95
+ confidence: |-
96
+ 0.9
97
+ exploit_scenario: |-
98
+ N/A
99
+ fix_template: |-
100
+ Runtime code compilation enables injection paths.
101
+ pattern-either:
102
+ - pattern: |-
103
+ const fn = new Function("x", code)
104
+ - pattern-regex: 'Vulnerable:\\s*FR\\-006\\b'
105
+ message: |-
106
+ RunSec Detection [FR-006]: ASVS V5.1, CWE-95
107
+ languages:
108
+ - generic
109
+ severity: WARNING
110
+ - id: runsec.frontend-react.fr-007
111
+ metadata:
112
+ runsec_version: v1.0
113
+ confidence: |-
114
+ 0.9
115
+ exploit_scenario: |-
116
+ N/A
117
+ fix_template: |-
118
+ String-based timer evaluates attacker-influenced code.
119
+ pattern-either:
120
+ - pattern: |-
121
+ setTimeout("runUserAction()", 10)
122
+ - pattern-regex: 'Vulnerable:\\s*FR\\-007\\b'
123
+ message: |-
124
+ RunSec Detection [FR-007]: ASVS V5.1, CWE-95
125
+ languages:
126
+ - generic
127
+ severity: WARNING
128
+ - id: runsec.frontend-react.fr-008
129
+ metadata:
130
+ runsec_version: v1.0
131
+ confidence: |-
132
+ 0.9
133
+ exploit_scenario: |-
134
+ N/A
135
+ fix_template: |-
136
+ Repeated string evaluation expands injection impact.
137
+ pattern-either:
138
+ - pattern: |-
139
+ setInterval(userCode, 1000)
140
+ - pattern-regex: 'Vulnerable:\\s*FR\\-008\\b'
141
+ message: |-
142
+ RunSec Detection [FR-008]: ASVS V5.1, CWE-95
143
+ languages:
144
+ - generic
145
+ severity: WARNING
146
+ - id: runsec.frontend-react.fr-009
147
+ metadata:
148
+ runsec_version: v1.0
149
+ confidence: |-
150
+ 0.9
151
+ exploit_scenario: |-
152
+ N/A
153
+ fix_template: |-
154
+ javascript: URI executes script when clicked.
155
+ pattern-either:
156
+ - pattern: |-
157
+ <a href={userLink}>go</a>
158
+ - pattern-regex: 'Vulnerable:\\s*FR\\-009\\b'
159
+ message: |-
160
+ RunSec Detection [FR-009]: ASVS V5.1, CWE-79
161
+ languages:
162
+ - generic
163
+ severity: WARNING
164
+ - id: runsec.frontend-react.fr-010
165
+ metadata:
166
+ runsec_version: v1.0
167
+ confidence: |-
168
+ 0.9
169
+ exploit_scenario: |-
170
+ N/A
171
+ fix_template: |-
172
+ Crafted style values bypass UI trust boundaries.
173
+ pattern-either:
174
+ - pattern: |-
175
+ <div style={{ backgroundImage: "url(" + userUrl + ")" }} />
176
+ - pattern-regex: 'Vulnerable:\\s*FR\\-010\\b'
177
+ message: |-
178
+ RunSec Detection [FR-010]: ASVS V5.1, CWE-79
179
+ languages:
180
+ - generic
181
+ severity: WARNING
182
+ - id: runsec.frontend-react.fr-011
183
+ metadata:
184
+ runsec_version: v1.0
185
+ confidence: |-
186
+ 0.9
187
+ exploit_scenario: |-
188
+ ""
189
+ fix_template: |-
190
+ N/A
191
+ pattern-either:
192
+ - pattern: |-
193
+ contentRef.current!.innerHTML = searchParams.get("msg")
194
+ - pattern-regex: 'Vulnerable:\\s*FR\\-011\\b'
195
+ message: |-
196
+ RunSec Detection [FR-011]: contentRef.current!.textContent = searchParams.get("msg")
197
+ languages:
198
+ - generic
199
+ severity: WARNING
200
+ - id: runsec.frontend-react.fr-012
201
+ metadata:
202
+ runsec_version: v1.0
203
+ confidence: |-
204
+ 0.9
205
+ exploit_scenario: |-
206
+ N/A
207
+ fix_template: |-
208
+ Embedded HTML/script in markdown reaches DOM.
209
+ pattern-either:
210
+ - pattern: |-
211
+ <Markdown>{rawMd}</Markdown>
212
+ - pattern-regex: 'Vulnerable:\\s*FR\\-012\\b'
213
+ message: |-
214
+ RunSec Detection [FR-012]: ASVS V5.1, CWE-79
215
+ languages:
216
+ - generic
217
+ severity: WARNING
218
+ - id: runsec.frontend-react.fr-013
219
+ metadata:
220
+ runsec_version: v1.0
221
+ confidence: |-
222
+ 0.9
223
+ exploit_scenario: |-
224
+ N/A
225
+ fix_template: |-
226
+ Stolen runtime/state snapshot exposes bearer tokens.
227
+ pattern-either:
228
+ - pattern: |-
229
+ state.auth.accessToken = token
230
+ - pattern-regex: 'Vulnerable:\\s*FR\\-013\\b'
231
+ message: |-
232
+ RunSec Detection [FR-013]: ASVS V14.2, CWE-200
233
+ languages:
234
+ - generic
235
+ severity: WARNING
236
+ - id: runsec.frontend-react.fr-014
237
+ metadata:
238
+ runsec_version: v1.0
239
+ confidence: |-
240
+ 0.9
241
+ exploit_scenario: |-
242
+ N/A
243
+ fix_template: |-
244
+ Sensitive payment data leaks via devtools/logs.
245
+ pattern-either:
246
+ - pattern: |-
247
+ state.payment.pan = form.pan
248
+ - pattern-regex: 'Vulnerable:\\s*FR\\-014\\b'
249
+ message: |-
250
+ RunSec Detection [FR-014]: ASVS V14.2, CWE-200
251
+ languages:
252
+ - generic
253
+ severity: WARNING
254
+ - id: runsec.frontend-react.fr-015
255
+ metadata:
256
+ runsec_version: v1.0
257
+ confidence: |-
258
+ 0.9
259
+ exploit_scenario: |-
260
+ N/A
261
+ fix_template: |-
262
+ Secret leakage through memory dumps and extensions.
263
+ pattern-either:
264
+ - pattern: |-
265
+ set({ apiKey: "sk-live-..." })
266
+ - pattern-regex: 'Vulnerable:\\s*FR\\-015\\b'
267
+ message: |-
268
+ RunSec Detection [FR-015]: ASVS V14.2, CWE-200
269
+ languages:
270
+ - generic
271
+ severity: WARNING
272
+ - id: runsec.frontend-react.fr-016
273
+ metadata:
274
+ runsec_version: v1.0
275
+ confidence: |-
276
+ 0.9
277
+ exploit_scenario: |-
278
+ N/A
279
+ fix_template: |-
280
+ Child components can exfiltrate excessive user data.
281
+ pattern-either:
282
+ - pattern: |-
283
+ <AuthContext.Provider value={{ user }}>
284
+ - pattern-regex: 'Vulnerable:\\s*FR\\-016\\b'
285
+ message: |-
286
+ RunSec Detection [FR-016]: ASVS V14.2, CWE-200
287
+ languages:
288
+ - generic
289
+ severity: WARNING
290
+ - id: runsec.frontend-react.fr-017
291
+ metadata:
292
+ runsec_version: v1.0
293
+ confidence: |-
294
+ 0.9
295
+ exploit_scenario: |-
296
+ N/A
297
+ fix_template: |-
298
+ Tokens/PII remain on disk after logout/device theft.
299
+ pattern-either:
300
+ - pattern: |-
301
+ persistReducer({ key: "root", storage }, authReducer)
302
+ - pattern-regex: 'Vulnerable:\\s*FR\\-017\\b'
303
+ message: |-
304
+ RunSec Detection [FR-017]: ASVS V14.2, CWE-200
305
+ languages:
306
+ - generic
307
+ severity: WARNING
308
+ - id: runsec.frontend-react.fr-018
309
+ metadata:
310
+ runsec_version: v1.0
311
+ confidence: |-
312
+ 0.9
313
+ exploit_scenario: |-
314
+ N/A
315
+ fix_template: |-
316
+ Browser logs expose secrets to local observers.
317
+ pattern-either:
318
+ - pattern: |-
319
+ console.log(store.getState())
320
+ - pattern-regex: 'Vulnerable:\\s*FR\\-018\\b'
321
+ message: |-
322
+ RunSec Detection [FR-018]: ASVS V14.2, CWE-532
323
+ languages:
324
+ - generic
325
+ severity: WARNING
326
+ - id: runsec.frontend-react.fr-019
327
+ metadata:
328
+ runsec_version: v1.0
329
+ confidence: |-
330
+ 0.9
331
+ exploit_scenario: |-
332
+ N/A
333
+ fix_template: |-
334
+ Telemetry backend receives secret-bearing snapshots.
335
+ pattern-either:
336
+ - pattern: |-
337
+ capture("state_snapshot", store.getState())
338
+ - pattern-regex: 'Vulnerable:\\s*FR\\-019\\b'
339
+ message: |-
340
+ RunSec Detection [FR-019]: ASVS V14.2, CWE-200
341
+ languages:
342
+ - generic
343
+ severity: WARNING
344
+ - id: runsec.frontend-react.fr-020
345
+ metadata:
346
+ runsec_version: v1.0
347
+ confidence: |-
348
+ 0.9
349
+ exploit_scenario: |-
350
+ N/A
351
+ fix_template: |-
352
+ XSS attacker extracts long-lived session token.
353
+ pattern-either:
354
+ - pattern: |-
355
+ localStorage.setItem("access_token", token)
356
+ - pattern-regex: 'Vulnerable:\\s*FR\\-020\\b'
357
+ message: |-
358
+ RunSec Detection [FR-020]: ASVS V14.2, CWE-922
359
+ languages:
360
+ - generic
361
+ severity: WARNING
362
+ - id: runsec.frontend-react.fr-021
363
+ metadata:
364
+ runsec_version: v1.0
365
+ confidence: |-
366
+ 0.9
367
+ exploit_scenario: |-
368
+ N/A
369
+ fix_template: |-
370
+ Refresh token theft enables session replay.
371
+ pattern-either:
372
+ - pattern: |-
373
+ sessionStorage.setItem("refresh_token", rt)
374
+ - pattern-regex: 'Vulnerable:\\s*FR\\-021\\b'
375
+ message: |-
376
+ RunSec Detection [FR-021]: ASVS V14.2, CWE-922
377
+ languages:
378
+ - generic
379
+ severity: WARNING
380
+ - id: runsec.frontend-react.fr-022
381
+ metadata:
382
+ runsec_version: v1.0
383
+ confidence: |-
384
+ 0.9
385
+ exploit_scenario: |-
386
+ N/A
387
+ fix_template: |-
388
+ Central wrapper spreads insecure secret storage pattern.
389
+ pattern-either:
390
+ - pattern: |-
391
+ storage.save("jwt", token)
392
+ - pattern-regex: 'Vulnerable:\\s*FR\\-022\\b'
393
+ message: |-
394
+ RunSec Detection [FR-022]: ASVS V14.2, CWE-922
395
+ languages:
396
+ - generic
397
+ severity: WARNING
398
+ - id: runsec.frontend-react.fr-023
399
+ metadata:
400
+ runsec_version: v1.0
401
+ confidence: |-
402
+ 0.9
403
+ exploit_scenario: |-
404
+ N/A
405
+ fix_template: |-
406
+ Polluted prototype alters app-wide behavior and guards.
407
+ pattern-either:
408
+ - pattern: |-
409
+ deepMerge(config, userTheme)
410
+ - pattern-regex: 'Vulnerable:\\s*FR\\-023\\b'
411
+ message: |-
412
+ RunSec Detection [FR-023]: ASVS V14.3, CWE-1321
413
+ languages:
414
+ - generic
415
+ severity: WARNING
416
+ - id: runsec.frontend-react.fr-024
417
+ metadata:
418
+ runsec_version: v1.0
419
+ confidence: |-
420
+ 0.9
421
+ exploit_scenario: |-
422
+ N/A
423
+ fix_template: |-
424
+ Crafted keys mutate object prototypes transitively.
425
+ pattern-either:
426
+ - pattern: |-
427
+ merge(target, payload)
428
+ - pattern-regex: 'Vulnerable:\\s*FR\\-024\\b'
429
+ message: |-
430
+ RunSec Detection [FR-024]: ASVS V14.3, CWE-1321
431
+ languages:
432
+ - generic
433
+ severity: WARNING
434
+ - id: runsec.frontend-react.fr-025
435
+ metadata:
436
+ runsec_version: v1.0
437
+ confidence: |-
438
+ 0.9
439
+ exploit_scenario: |-
440
+ N/A
441
+ fix_template: |-
442
+ Recursive merge enables hidden key smuggling.
443
+ pattern-either:
444
+ - pattern: |-
445
+ for (const k in src) out[k] = merge(out[k], src[k])
446
+ - pattern-regex: 'Vulnerable:\\s*FR\\-025\\b'
447
+ message: |-
448
+ RunSec Detection [FR-025]: ASVS V14.3, CWE-1321
449
+ languages:
450
+ - generic
451
+ severity: WARNING
452
+ - id: runsec.frontend-react.fr-026
453
+ metadata:
454
+ runsec_version: v1.0
455
+ confidence: |-
456
+ 0.9
457
+ exploit_scenario: |-
458
+ N/A
459
+ fix_template: |-
460
+ Attacker controls dotted path into prototype chain.
461
+ pattern-either:
462
+ - pattern: |-
463
+ set(obj, reqPath, value)
464
+ - pattern-regex: 'Vulnerable:\\s*FR\\-026\\b'
465
+ message: |-
466
+ RunSec Detection [FR-026]: ASVS V14.3, CWE-1321
467
+ languages:
468
+ - generic
469
+ severity: WARNING
470
+ - id: runsec.frontend-react.fr-027
471
+ metadata:
472
+ runsec_version: v1.0
473
+ confidence: |-
474
+ 0.9
475
+ exploit_scenario: |-
476
+ N/A
477
+ fix_template: |-
478
+ New tab can hijack window.opener of origin tab.
479
+ pattern-either:
480
+ - pattern: |-
481
+ <a target="_blank" href={url}>
482
+ - pattern-regex: 'Vulnerable:\\s*FR\\-027\\b'
483
+ message: |-
484
+ RunSec Detection [FR-027]: ASVS V14.3, CWE-1022
485
+ languages:
486
+ - generic
487
+ severity: WARNING
488
+ - id: runsec.frontend-react.fr-028
489
+ metadata:
490
+ runsec_version: v1.0
491
+ confidence: |-
492
+ 0.9
493
+ exploit_scenario: |-
494
+ N/A
495
+ fix_template: |-
496
+ Dynamic external links leave opener channel exposed.
497
+ pattern-either:
498
+ - pattern: |-
499
+ <Link to={ext} target="_blank">
500
+ - pattern-regex: 'Vulnerable:\\s*FR\\-028\\b'
501
+ message: |-
502
+ RunSec Detection [FR-028]: ASVS V14.3, CWE-1022
503
+ languages:
504
+ - generic
505
+ severity: WARNING
506
+ - id: runsec.frontend-react.fr-029
507
+ metadata:
508
+ runsec_version: v1.0
509
+ confidence: |-
510
+ 0.9
511
+ exploit_scenario: |-
512
+ N/A
513
+ fix_template: |-
514
+ Invalid props disable client-side upload guardrails.
515
+ pattern-either:
516
+ - pattern: |-
517
+ <FileUpload onUpload={onUpload} maxSize={props.maxSize as any} />
518
+ - pattern-regex: 'Vulnerable:\\s*FR\\-029\\b'
519
+ message: |-
520
+ RunSec Detection [FR-029]: ASVS V5.1, CWE-20
521
+ languages:
522
+ - generic
523
+ severity: WARNING
524
+ - id: runsec.frontend-react.fr-030
525
+ metadata:
526
+ runsec_version: v1.0
527
+ confidence: |-
528
+ 0.9
529
+ exploit_scenario: |-
530
+ N/A
531
+ fix_template: |-
532
+ Crafted props alter sensitive payment workflow logic.
533
+ pattern-either:
534
+ - pattern: |-
535
+ <PaymentForm amount={query.amount as any} currency={query.currency as any} />
536
+ - pattern-regex: 'Vulnerable:\\s*FR\\-030\\b'
537
+ message: |-
538
+ RunSec Detection [FR-030]: ASVS V5.1, CWE-20
539
+ languages:
540
+ - generic
541
+ severity: WARNING
542
+ - id: runsec.frontend-react.fr-031
543
+ metadata:
544
+ runsec_version: v1.0
545
+ confidence: |-
546
+ 0.9
547
+ exploit_scenario: |-
548
+ N/A
549
+ fix_template: |-
550
+ Unvalidated callback path leads to redirect abuse.
551
+ pattern-either:
552
+ - pattern: |-
553
+ <ConsentDialog returnUrl={params.returnUrl} />
554
+ - pattern-regex: 'Vulnerable:\\s*FR\\-031\\b'
555
+ message: |-
556
+ RunSec Detection [FR-031]: ASVS V5.1, CWE-20
557
+ languages:
558
+ - generic
559
+ severity: WARNING
560
+ - id: runsec.frontend-react.fr-032
561
+ metadata:
562
+ runsec_version: v1.0
563
+ confidence: |-
564
+ 0.9
565
+ exploit_scenario: |-
566
+ N/A
567
+ fix_template: |-
568
+ any props bypass type and runtime security checks.
569
+ pattern-either:
570
+ - pattern: |-
571
+ function AdminPanel(props: any) { ... }
572
+ - pattern-regex: 'Vulnerable:\\s*FR\\-032\\b'
573
+ message: |-
574
+ RunSec Detection [FR-032]: ASVS V5.1, CWE-20
575
+ languages:
576
+ - generic
577
+ severity: WARNING
578
+ - id: runsec.frontend-react.fr-033
579
+ metadata:
580
+ runsec_version: v1.0
581
+ confidence: |-
582
+ 0.9
583
+ exploit_scenario: |-
584
+ N/A
585
+ fix_template: |-
586
+ Render loop causes client-side resource exhaustion.
587
+ pattern-either:
588
+ - pattern: |-
589
+ useEffect(() => { setState(calc()); }, [{ id }])
590
+ - pattern-regex: 'Vulnerable:\\s*FR\\-033\\b'
591
+ message: |-
592
+ RunSec Detection [FR-033]: ASVS V14.3, CWE-400
593
+ languages:
594
+ - generic
595
+ severity: WARNING
596
+ - id: runsec.frontend-react.fr-034
597
+ metadata:
598
+ runsec_version: v1.0
599
+ confidence: |-
600
+ 0.9
601
+ exploit_scenario: |-
602
+ N/A
603
+ fix_template: |-
604
+ Slow response overwrites state for newer context.
605
+ pattern-either:
606
+ - pattern: |-
607
+ useEffect(() => { fetchData(id).then(setData); }, [id])
608
+ - pattern-regex: 'Vulnerable:\\s*FR\\-034\\b'
609
+ message: |-
610
+ RunSec Detection [FR-034]: ASVS V14.3, CWE-362
611
+ languages:
612
+ - generic
613
+ severity: WARNING
614
+ - id: runsec.frontend-react.fr-035
615
+ metadata:
616
+ runsec_version: v1.0
617
+ confidence: |-
618
+ 0.9
619
+ exploit_scenario: |-
620
+ N/A
621
+ fix_template: |-
622
+ Hanging requests accumulate and degrade availability.
623
+ pattern-either:
624
+ - pattern: |-
625
+ useEffect(() => { api.get(url).then(setItems); }, [url])
626
+ - pattern-regex: 'Vulnerable:\\s*FR\\-035\\b'
627
+ message: |-
628
+ RunSec Detection [FR-035]: ASVS V14.3, CWE-400
629
+ languages:
630
+ - generic
631
+ severity: WARNING
632
+ - id: runsec.frontend-react.fr-036
633
+ metadata:
634
+ runsec_version: v1.0
635
+ confidence: |-
636
+ 0.9
637
+ exploit_scenario: |-
638
+ N/A
639
+ fix_template: |-
640
+ Unmounted updates create inconsistent component state.
641
+ pattern-either:
642
+ - pattern: |-
643
+ promise.then(() => setLoading(false))
644
+ - pattern-regex: 'Vulnerable:\\s*FR\\-036\\b'
645
+ message: |-
646
+ RunSec Detection [FR-036]: ASVS V14.3, CWE-362
647
+ languages:
648
+ - generic
649
+ severity: WARNING
650
+ - id: runsec.frontend-react.fr-037
651
+ metadata:
652
+ runsec_version: v1.0
653
+ confidence: |-
654
+ 0.9
655
+ exploit_scenario: |-
656
+ ASVS V14.2, CWE-601
657
+ fix_template: |-
658
+ TypeScript/React Router
659
+ pattern-either:
660
+ - pattern: |-
661
+ navigate(searchParams.get("next")
662
+ - pattern-regex: 'Vulnerable:\\s*FR\\-037\\b'
663
+ message: |-
664
+ RunSec Detection [FR-037]: navigate(safeInternalPath(searchParams.get("next")))
665
+ languages:
666
+ - generic
667
+ severity: WARNING
668
+ - id: runsec.frontend-react.fr-038
669
+ metadata:
670
+ runsec_version: v1.0
671
+ confidence: |-
672
+ 0.9
673
+ exploit_scenario: |-
674
+ N/A
675
+ fix_template: |-
676
+ Untrusted URL causes off-domain redirection.
677
+ pattern-either:
678
+ - pattern: |-
679
+ window.location.href = returnUrl
680
+ - pattern-regex: 'Vulnerable:\\s*FR\\-038\\b'
681
+ message: |-
682
+ RunSec Detection [FR-038]: ASVS V14.2, CWE-601
683
+ languages:
684
+ - generic
685
+ severity: WARNING
686
+ - id: runsec.frontend-react.fr-039
687
+ metadata:
688
+ runsec_version: v1.0
689
+ confidence: |-
690
+ 0.9
691
+ exploit_scenario: |-
692
+ N/A
693
+ fix_template: |-
694
+ OAuth callback abused to redirect to attacker endpoint.
695
+ pattern-either:
696
+ - pattern: |-
697
+ const to = qs.get("redirect_uri"); navigate(to!)
698
+ - pattern-regex: 'Vulnerable:\\s*FR\\-039\\b'
699
+ message: |-
700
+ RunSec Detection [FR-039]: ASVS V14.2, CWE-601
701
+ languages:
702
+ - generic
703
+ severity: WARNING
704
+ - id: runsec.frontend-react.fr-040
705
+ metadata:
706
+ runsec_version: v1.0
707
+ confidence: |-
708
+ 0.9
709
+ exploit_scenario: |-
710
+ N/A
711
+ fix_template: |-
712
+ Sensitive message leaks to untrusted origins.
713
+ pattern-either:
714
+ - pattern: |-
715
+ window.opener?.postMessage(token, "*")
716
+ - pattern-regex: 'Vulnerable:\\s*FR\\-040\\b'
717
+ message: |-
718
+ RunSec Detection [FR-040]: ASVS V14.3, CWE-346
719
+ languages:
720
+ - generic
721
+ severity: WARNING
722
+ - id: runsec.frontend-react.fr-041
723
+ metadata:
724
+ runsec_version: v1.0
725
+ confidence: |-
726
+ 0.9
727
+ exploit_scenario: |-
728
+ N/A
729
+ fix_template: |-
730
+ Malicious frame injects control messages.
731
+ pattern-either:
732
+ - pattern: |-
733
+ window.addEventListener("message", e => handle(e.data))
734
+ - pattern-regex: 'Vulnerable:\\s*FR\\-041\\b'
735
+ message: |-
736
+ RunSec Detection [FR-041]: ASVS V14.3, CWE-346
737
+ languages:
738
+ - generic
739
+ severity: WARNING
740
+ - id: runsec.frontend-react.fr-042
741
+ metadata:
742
+ runsec_version: v1.0
743
+ confidence: |-
744
+ 0.9
745
+ exploit_scenario: |-
746
+ N/A
747
+ fix_template: |-
748
+ Untrusted script source leads to supply-chain injection.
749
+ pattern-either:
750
+ - pattern: |-
751
+ const s = document.createElement("script"); s.src = userUrl; document.body.appendChild(s)
752
+ - pattern-regex: 'Vulnerable:\\s*FR\\-042\\b'
753
+ message: |-
754
+ RunSec Detection [FR-042]: ASVS V5.1, CWE-829
755
+ languages:
756
+ - generic
757
+ severity: WARNING
758
+ - id: runsec.frontend-react.fr-043
759
+ metadata:
760
+ runsec_version: v1.0
761
+ confidence: |-
762
+ 0.9
763
+ exploit_scenario: |-
764
+ ASVS V14.3, CWE-829
765
+ fix_template: |-
766
+ TypeScript/React
767
+ pattern-either:
768
+ - pattern: |-
769
+ <iframe src={params.get("url")
770
+ - pattern-regex: 'Vulnerable:\\s*FR\\-043\\b'
771
+ message: |-
772
+ RunSec Detection [FR-043]: <iframe src={allowlistedFrameUrl(params.get("url"))} sandbox="allow-scripts allow-same-origin" />
773
+ languages:
774
+ - generic
775
+ severity: WARNING
776
+ - id: runsec.frontend-react.fr-044
777
+ metadata:
778
+ runsec_version: v1.0
779
+ confidence: |-
780
+ 0.9
781
+ exploit_scenario: |-
782
+ N/A
783
+ fix_template: |-
784
+ Inline script execution bypasses expected CSP posture.
785
+ pattern-either:
786
+ - pattern: |-
787
+ <script dangerouslySetInnerHTML={{ __html: inlineJs }} />
788
+ - pattern-regex: 'Vulnerable:\\s*FR\\-044\\b'
789
+ message: |-
790
+ RunSec Detection [FR-044]: ASVS V14.3, CWE-693
791
+ languages:
792
+ - generic
793
+ severity: WARNING
794
+ - id: runsec.frontend-react.fr-045
795
+ metadata:
796
+ runsec_version: v1.0
797
+ confidence: |-
798
+ 0.9
799
+ exploit_scenario: |-
800
+ N/A
801
+ fix_template: |-
802
+ Client trusts forged claims for privileged UI paths.
803
+ pattern-either:
804
+ - pattern: |-
805
+ const claims = JSON.parse(atob(token.split(".")[1]))
806
+ - pattern-regex: 'Vulnerable:\\s*FR\\-045\\b'
807
+ message: |-
808
+ RunSec Detection [FR-045]: ASVS V14.2, CWE-345
809
+ languages:
810
+ - generic
811
+ severity: WARNING
812
+ - id: runsec.frontend-react.fr-046
813
+ metadata:
814
+ runsec_version: v1.0
815
+ confidence: |-
816
+ 0.9
817
+ exploit_scenario: |-
818
+ N/A
819
+ fix_template: |-
820
+ Client-only role checks are bypassable and misleading.
821
+ pattern-either:
822
+ - pattern: |-
823
+ if (user.role === "admin") return <Admin />
824
+ - pattern-regex: 'Vulnerable:\\s*FR\\-046\\b'
825
+ message: |-
826
+ RunSec Detection [FR-046]: ASVS V14.2, CWE-285
827
+ languages:
828
+ - generic
829
+ severity: WARNING
830
+ - id: runsec.frontend-react.fr-047
831
+ metadata:
832
+ runsec_version: v1.0
833
+ confidence: |-
834
+ 0.9
835
+ exploit_scenario: |-
836
+ N/A
837
+ fix_template: |-
838
+ URL leaks token to logs, history, and referrers.
839
+ pattern-either:
840
+ - pattern: |-
841
+ navigate("/done?token=" + token)
842
+ - pattern-regex: 'Vulnerable:\\s*FR\\-047\\b'
843
+ message: |-
844
+ RunSec Detection [FR-047]: ASVS V14.2, CWE-598
845
+ languages:
846
+ - generic
847
+ severity: WARNING
848
+ - id: runsec.frontend-react.fr-048
849
+ metadata:
850
+ runsec_version: v1.0
851
+ confidence: |-
852
+ 0.9
853
+ exploit_scenario: |-
854
+ N/A
855
+ fix_template: |-
856
+ File metadata can deliver stored XSS payload.
857
+ pattern-either:
858
+ - pattern: |-
859
+ <div>{dangerouslyRender(fileName)}</div>
860
+ - pattern-regex: 'Vulnerable:\\s*FR\\-048\\b'
861
+ message: |-
862
+ RunSec Detection [FR-048]: ASVS V5.1, CWE-79
863
+ languages:
864
+ - generic
865
+ severity: WARNING
866
+ - id: runsec.frontend-react.fr-049
867
+ metadata:
868
+ runsec_version: v1.0
869
+ confidence: |-
870
+ 0.9
871
+ exploit_scenario: |-
872
+ N/A
873
+ fix_template: |-
874
+ Misconfigured sanitizer allows dangerous payload through.
875
+ pattern-either:
876
+ - pattern: |-
877
+ sanitize(html, { ALLOWED_TAGS: false })
878
+ - pattern-regex: 'Vulnerable:\\s*FR\\-049\\b'
879
+ message: |-
880
+ RunSec Detection [FR-049]: ASVS V5.1, CWE-79
881
+ languages:
882
+ - generic
883
+ severity: WARNING
884
+ - id: runsec.frontend-react.fr-050
885
+ metadata:
886
+ runsec_version: v1.0
887
+ confidence: |-
888
+ 0.9
889
+ exploit_scenario: |-
890
+ N/A
891
+ fix_template: |-
892
+ Prototype key injection mutates component behavior globally.
893
+ pattern-either:
894
+ - pattern: |-
895
+ const data = JSON.parse(raw); setForm({ ...form, ...data })
896
+ - pattern-regex: 'Vulnerable:\\s*FR\\-050\\b'
897
+ message: |-
898
+ RunSec Detection [FR-050]: ASVS V14.3, CWE-1321
899
+ languages:
900
+ - generic
901
+ severity: WARNING
902
+ - id: runsec.frontend-react.fr-051
903
+ metadata:
904
+ runsec_version: v1.0
905
+ confidence: |-
906
+ 0.9
907
+ exploit_scenario: |-
908
+ N/A
909
+ fix_template: |-
910
+ Untrusted parent iframe overlays/controls sensitive UI.
911
+ pattern-either:
912
+ - pattern: |-
913
+ <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
914
+ - pattern-regex: 'Vulnerable:\\s*FR\\-051\\b'
915
+ message: |-
916
+ RunSec Detection [FR-051]: ASVS V14.3, CWE-1021
917
+ languages:
918
+ - generic
919
+ severity: WARNING
920
+ - id: runsec.frontend-react.fr-052
921
+ metadata:
922
+ runsec_version: v1.0
923
+ confidence: |-
924
+ 0.9
925
+ exploit_scenario: |-
926
+ N/A
927
+ fix_template: |-
928
+ Embedded contexts trick users into approving hidden actions.
929
+ pattern-either:
930
+ - pattern: |-
931
+ <PaymentApproveModal open={open} />
932
+ - pattern-regex: 'Vulnerable:\\s*FR\\-052\\b'
933
+ message: |-
934
+ RunSec Detection [FR-052]: ASVS V14.3, CWE-1021
935
+ languages:
936
+ - generic
937
+ severity: WARNING
938
+ - id: runsec.frontend-react.fr-053
939
+ metadata:
940
+ runsec_version: v1.0
941
+ confidence: |-
942
+ 0.9
943
+ exploit_scenario: |-
944
+ N/A
945
+ fix_template: |-
946
+ Host page spoofs UI state and captures interactions.
947
+ pattern-either:
948
+ - pattern: |-
949
+ window.addEventListener("message", e => applyOverlayState(e.data))
950
+ - pattern-regex: 'Vulnerable:\\s*FR\\-053\\b'
951
+ message: |-
952
+ RunSec Detection [FR-053]: ASVS V14.3, CWE-1021
953
+ languages:
954
+ - generic
955
+ severity: WARNING
956
+ - id: runsec.frontend-react.fr-054
957
+ metadata:
958
+ runsec_version: v1.0
959
+ confidence: |-
960
+ 0.9
961
+ exploit_scenario: |-
962
+ N/A
963
+ fix_template: |-
964
+ Attacker links user to spoofed UI confirmation screen.
965
+ pattern-either:
966
+ - pattern: |-
967
+ const mask = search.get("mask") === "1"
968
+ - pattern-regex: 'Vulnerable:\\s*FR\\-054\\b'
969
+ message: |-
970
+ RunSec Detection [FR-054]: ASVS V14.3, CWE-1021
971
+ languages:
972
+ - generic
973
+ severity: WARNING
974
+ - id: runsec.frontend-react.fr-055
975
+ metadata:
976
+ runsec_version: v1.0
977
+ confidence: |-
978
+ 0.9
979
+ exploit_scenario: |-
980
+ N/A
981
+ fix_template: |-
982
+ Browser auto-sends cookies on cross-site state-changing requests.
983
+ pattern-either:
984
+ - pattern: |-
985
+ axios.create({ withCredentials: true })
986
+ - pattern-regex: 'Vulnerable:\\s*FR\\-055\\b'
987
+ message: |-
988
+ RunSec Detection [FR-055]: ASVS V14.2, CWE-352
989
+ languages:
990
+ - generic
991
+ severity: WARNING
992
+ - id: runsec.frontend-react.fr-056
993
+ metadata:
994
+ runsec_version: v1.0
995
+ confidence: |-
996
+ 0.9
997
+ exploit_scenario: |-
998
+ N/A
999
+ fix_template: |-
1000
+ Forged cross-site POST succeeds via ambient cookies.
1001
+ pattern-either:
1002
+ - pattern: |-
1003
+ fetch("/api/transfer", { method: "POST", credentials: "include", body: payload })
1004
+ - pattern-regex: 'Vulnerable:\\s*FR\\-056\\b'
1005
+ message: |-
1006
+ RunSec Detection [FR-056]: ASVS V14.2, CWE-352
1007
+ languages:
1008
+ - generic
1009
+ severity: WARNING
1010
+ - id: runsec.frontend-react.fr-057
1011
+ metadata:
1012
+ runsec_version: v1.0
1013
+ confidence: |-
1014
+ 0.9
1015
+ exploit_scenario: |-
1016
+ N/A
1017
+ fix_template: |-
1018
+ Broad credential forwarding expands CSRF attack surface.
1019
+ pattern-either:
1020
+ - pattern: |-
1021
+ axios.defaults.withCredentials = true
1022
+ - pattern-regex: 'Vulnerable:\\s*FR\\-057\\b'
1023
+ message: |-
1024
+ RunSec Detection [FR-057]: ASVS V14.2, CWE-352
1025
+ languages:
1026
+ - generic
1027
+ severity: WARNING
1028
+ - id: runsec.frontend-react.fr-058
1029
+ metadata:
1030
+ runsec_version: v1.0
1031
+ confidence: |-
1032
+ 0.9
1033
+ exploit_scenario: |-
1034
+ N/A
1035
+ fix_template: |-
1036
+ Cross-origin endpoints receive authenticated cookie traffic.
1037
+ pattern-either:
1038
+ - pattern: |-
1039
+ fetch(url, { credentials: "include", method })
1040
+ - pattern-regex: 'Vulnerable:\\s*FR\\-058\\b'
1041
+ message: |-
1042
+ RunSec Detection [FR-058]: ASVS V14.2, CWE-352
1043
+ languages:
1044
+ - generic
1045
+ severity: WARNING
1046
+ - id: runsec.frontend-react.fr-059
1047
+ metadata:
1048
+ runsec_version: v1.0
1049
+ confidence: |-
1050
+ 0.9
1051
+ exploit_scenario: |-
1052
+ N/A
1053
+ fix_template: |-
1054
+ Mutation endpoint vulnerable to cross-site request forgery.
1055
+ pattern-either:
1056
+ - pattern: |-
1057
+ client.mutate({ mutation, context: { credentials: "include" } })
1058
+ - pattern-regex: 'Vulnerable:\\s*FR\\-059\\b'
1059
+ message: |-
1060
+ RunSec Detection [FR-059]: ASVS V14.2, CWE-352
1061
+ languages:
1062
+ - generic
1063
+ severity: WARNING
1064
+ - id: runsec.frontend-react.fr-060
1065
+ metadata:
1066
+ runsec_version: v1.0
1067
+ confidence: |-
1068
+ 0.9
1069
+ exploit_scenario: |-
1070
+ N/A
1071
+ fix_template: |-
1072
+ XML meta-characters break structure and inject attacker nodes.
1073
+ pattern-either:
1074
+ - pattern: |-
1075
+ "const xml = "<user><name>" + name + "</name></user>";"
1076
+ - pattern-regex: 'Vulnerable:\\s*FR\\-060\\b'
1077
+ message: |-
1078
+ RunSec Detection [FR-060]: ASVS V5.1, CWE-91
1079
+ languages:
1080
+ - generic
1081
+ severity: WARNING
1082
+ - id: runsec.frontend-react.fr-061
1083
+ metadata:
1084
+ runsec_version: v1.0
1085
+ confidence: |-
1086
+ 0.9
1087
+ exploit_scenario: |-
1088
+ N/A
1089
+ fix_template: |-
1090
+ XXE-style payload retrieves local/remote sensitive resources.
1091
+ pattern-either:
1092
+ - pattern: |-
1093
+ const doc = parser.parse(xml, { processExternalEntities: true })
1094
+ - pattern-regex: 'Vulnerable:\\s*FR\\-061\\b'
1095
+ message: |-
1096
+ RunSec Detection [FR-061]: ASVS V5.1, CWE-611
1097
+ languages:
1098
+ - generic
1099
+ severity: WARNING
1100
+ - id: runsec.frontend-react.fr-062
1101
+ metadata:
1102
+ runsec_version: v1.0
1103
+ confidence: |-
1104
+ 0.9
1105
+ exploit_scenario: |-
1106
+ N/A
1107
+ fix_template: |-
1108
+ Injected XML tags alter requested operation semantics.
1109
+ pattern-either:
1110
+ - pattern: |-
1111
+ "const body = <soap:Body><id>${id}</id></soap:Body>;"
1112
+ - pattern-regex: 'Vulnerable:\\s*FR\\-062\\b'
1113
+ message: |-
1114
+ RunSec Detection [FR-062]: ASVS V5.1, CWE-91
1115
+ languages:
1116
+ - generic
1117
+ severity: WARNING
1118
+ - id: runsec.frontend-react.fr-063
1119
+ metadata:
1120
+ runsec_version: v1.0
1121
+ confidence: |-
1122
+ 0.9
1123
+ exploit_scenario: |-
1124
+ N/A
1125
+ fix_template: |-
1126
+ Malformed XML bypasses expected control flow and trust checks.
1127
+ pattern-either:
1128
+ - pattern: |-
1129
+ const doc = new DOMParser().parseFromString(xml, "text/xml")
1130
+ - pattern-regex: 'Vulnerable:\\s*FR\\-063\\b'
1131
+ message: |-
1132
+ RunSec Detection [FR-063]: ASVS V5.1, CWE-611
1133
+ languages:
1134
+ - generic
1135
+ severity: WARNING
1136
+ - id: runsec.frontend-react.fr-064
1137
+ metadata:
1138
+ runsec_version: v1.0
1139
+ confidence: |-
1140
+ 0.9
1141
+ exploit_scenario: |-
1142
+ N/A
1143
+ fix_template: |-
1144
+ Unsanitized fragment injection subverts integrity assumptions.
1145
+ pattern-either:
1146
+ - pattern: |-
1147
+ payload = signedPrefix + userFragment + signedSuffix
1148
+ - pattern-regex: 'Vulnerable:\\s*FR\\-064\\b'
1149
+ message: |-
1150
+ RunSec Detection [FR-064]: ASVS V5.1, CWE-91
1151
+ languages:
1152
+ - generic
1153
+ severity: WARNING
1154
+ - id: runsec.frontend-react.fr-065
1155
+ metadata:
1156
+ runsec_version: v1.0
1157
+ confidence: |-
1158
+ 0.9
1159
+ exploit_scenario: |-
1160
+ ASVS V14.3, CWE-451
1161
+ fix_template: |-
1162
+ TypeScript/React
1163
+ pattern-either:
1164
+ - pattern: |-
1165
+ const z = Number(search.get("z")
1166
+ - pattern-regex: 'Vulnerable:\\s*FR\\-065\\b'
1167
+ message: |-
1168
+ RunSec Detection [FR-065]: const z = 10;
1169
+ // use fixed design token values, never user input
1170
+ languages:
1171
+ - generic
1172
+ severity: WARNING
1173
+ - id: runsec.frontend-react.fr-066
1174
+ metadata:
1175
+ runsec_version: v1.0
1176
+ confidence: |-
1177
+ 0.9
1178
+ exploit_scenario: |-
1179
+ N/A
1180
+ fix_template: |-
1181
+ UI can be visually hidden/replaced to trick user actions.
1182
+ pattern-either:
1183
+ - pattern: |-
1184
+ setOpacity(Number(event.data.opacity))
1185
+ - pattern-regex: 'Vulnerable:\\s*FR\\-066\\b'
1186
+ message: |-
1187
+ RunSec Detection [FR-066]: ASVS V14.3, CWE-451
1188
+ languages:
1189
+ - generic
1190
+ severity: WARNING
1191
+ - id: runsec.frontend-react.fr-067
1192
+ metadata:
1193
+ runsec_version: v1.0
1194
+ confidence: |-
1195
+ 0.9
1196
+ exploit_scenario: |-
1197
+ ASVS V14.3, CWE-451
1198
+ fix_template: |-
1199
+ TypeScript/React
1200
+ pattern-either:
1201
+ - pattern: |-
1202
+ style={{ pointerEvents: search.get("pe")
1203
+ - pattern-regex: 'Vulnerable:\\s*FR\\-067\\b'
1204
+ message: |-
1205
+ RunSec Detection [FR-067]: style={{ pointerEvents: "none" }}
1206
+ // interactive overlays require signed trusted config
1207
+ languages:
1208
+ - generic
1209
+ severity: WARNING
1210
+ - id: runsec.frontend-react.fr-068
1211
+ metadata:
1212
+ runsec_version: v1.0
1213
+ confidence: |-
1214
+ 0.9
1215
+ exploit_scenario: |-
1216
+ N/A
1217
+ fix_template: |-
1218
+ URL tokens leak to history, logs, and referrers.
1219
+ pattern-either:
1220
+ - pattern: |-
1221
+ setSearchParams({ token })
1222
+ - pattern-regex: 'Vulnerable:\\s*FR\\-068\\b'
1223
+ message: |-
1224
+ RunSec Detection [FR-068]: ASVS V14.2, CWE-522
1225
+ languages:
1226
+ - generic
1227
+ severity: WARNING
1228
+ - id: runsec.frontend-react.fr-069
1229
+ metadata:
1230
+ runsec_version: v1.0
1231
+ confidence: |-
1232
+ 0.9
1233
+ exploit_scenario: |-
1234
+ N/A
1235
+ fix_template: |-
1236
+ Credentials exposed in browser/session artifacts.
1237
+ pattern-either:
1238
+ - pattern: |-
1239
+ history.push("/callback?access_token=" + token)
1240
+ - pattern-regex: 'Vulnerable:\\s*FR\\-069\\b'
1241
+ message: |-
1242
+ RunSec Detection [FR-069]: ASVS V14.2, CWE-312
1243
+ languages:
1244
+ - generic
1245
+ severity: WARNING
1246
+ - id: runsec.frontend-react.fr-070
1247
+ metadata:
1248
+ runsec_version: v1.0
1249
+ confidence: |-
1250
+ 0.9
1251
+ exploit_scenario: |-
1252
+ N/A
1253
+ fix_template: |-
1254
+ Secret in URL path appears in telemetry and reverse proxies.
1255
+ pattern-either:
1256
+ - pattern: |-
1257
+ navigate("/reset/" + resetToken)
1258
+ - pattern-regex: 'Vulnerable:\\s*FR\\-070\\b'
1259
+ message: |-
1260
+ RunSec Detection [FR-070]: ASVS V14.2, CWE-522
1261
+ languages:
1262
+ - generic
1263
+ severity: WARNING
1264
+ - id: runsec.frontend-react.fr-071
1265
+ metadata:
1266
+ runsec_version: v1.0
1267
+ confidence: |-
1268
+ 0.9
1269
+ exploit_scenario: |-
1270
+ N/A
1271
+ fix_template: |-
1272
+ Internal stack/details disclosed to untrusted clients.
1273
+ pattern-either:
1274
+ - pattern: |-
1275
+ <pre>{JSON.stringify(error)}</pre>
1276
+ - pattern-regex: 'Vulnerable:\\s*FR\\-071\\b'
1277
+ message: |-
1278
+ RunSec Detection [FR-071]: ASVS V14.3, CWE-209
1279
+ languages:
1280
+ - generic
1281
+ severity: WARNING
1282
+ - id: runsec.frontend-react.fr-072
1283
+ metadata:
1284
+ runsec_version: v1.0
1285
+ confidence: |-
1286
+ 0.9
1287
+ exploit_scenario: |-
1288
+ N/A
1289
+ fix_template: |-
1290
+ Backend exception content may contain sensitive internals/XSS payload.
1291
+ pattern-either:
1292
+ - pattern: |-
1293
+ <div dangerouslySetInnerHTML={{ __html: err.message }} />
1294
+ - pattern-regex: 'Vulnerable:\\s*FR\\-072\\b'
1295
+ message: |-
1296
+ RunSec Detection [FR-072]: ASVS V14.3, CWE-209
1297
+ languages:
1298
+ - generic
1299
+ severity: WARNING
1300
+ - id: runsec.frontend-react.fr-073
1301
+ metadata:
1302
+ runsec_version: v1.0
1303
+ confidence: |-
1304
+ 0.9
1305
+ exploit_scenario: |-
1306
+ N/A
1307
+ fix_template: |-
1308
+ Response diagnostics reveal internal service topology/data.
1309
+ pattern-either:
1310
+ - pattern: |-
1311
+ toast.error(JSON.stringify(error.response?.data))
1312
+ - pattern-regex: 'Vulnerable:\\s*FR\\-073\\b'
1313
+ message: |-
1314
+ RunSec Detection [FR-073]: ASVS V14.3, CWE-209
1315
+ languages:
1316
+ - generic
1317
+ severity: WARNING
1318
+ - id: runsec.frontend-react.fr-074
1319
+ metadata:
1320
+ runsec_version: v1.0
1321
+ confidence: |-
1322
+ 0.9
1323
+ exploit_scenario: |-
1324
+ N/A
1325
+ fix_template: |-
1326
+ Client-visible stack traces expose implementation details.
1327
+ pattern-either:
1328
+ - pattern: |-
1329
+ return <code>{error.stack}</code>
1330
+ - pattern-regex: 'Vulnerable:\\s*FR\\-074\\b'
1331
+ message: |-
1332
+ RunSec Detection [FR-074]: ASVS V14.3, CWE-209
1333
+ languages:
1334
+ - generic
1335
+ severity: WARNING
1336
+ - id: runsec.frontend-react.fr-075
1337
+ metadata:
1338
+ runsec_version: v1.0
1339
+ confidence: |-
1340
+ 0.9
1341
+ exploit_scenario: |-
1342
+ CWE-441
1343
+ fix_template: |-
1344
+ TypeScript/React
1345
+ pattern-either:
1346
+ - pattern: |-
1347
+ const api = axios.create({ baseURL: searchParams.get("api")
1348
+ - pattern-regex: 'Vulnerable:\\s*FR\\-075\\b'
1349
+ message: |-
1350
+ RunSec Detection [FR-075]: const api = axios.create({ baseURL: allowlistedApiBase(searchParams.get("api")) })
1351
+ languages:
1352
+ - generic
1353
+ severity: WARNING
1354
+ - id: runsec.frontend-react.fr-076
1355
+ metadata:
1356
+ runsec_version: v1.0
1357
+ confidence: |-
1358
+ 0.9
1359
+ exploit_scenario: |-
1360
+ N/A
1361
+ fix_template: |-
1362
+ Browser context makes authenticated calls to attacker-influenced origin.
1363
+ pattern-either:
1364
+ - pattern: |-
1365
+ fetch(new URL("/v1/pay", location.href).toString())
1366
+ - pattern-regex: 'Vulnerable:\\s*FR\\-076\\b'
1367
+ message: |-
1368
+ RunSec Detection [FR-076]: CWE-441
1369
+ languages:
1370
+ - generic
1371
+ severity: WARNING
1372
+ - id: runsec.frontend-react.fr-077
1373
+ metadata:
1374
+ runsec_version: v1.0
1375
+ confidence: |-
1376
+ 0.9
1377
+ exploit_scenario: |-
1378
+ N/A
1379
+ fix_template: |-
1380
+ Frontend proxy utility becomes SSRF-like confused deputy.
1381
+ pattern-either:
1382
+ - pattern: |-
1383
+ const u = search.get("url"); return fetch(u!)
1384
+ - pattern-regex: 'Vulnerable:\\s*FR\\-077\\b'
1385
+ message: |-
1386
+ RunSec Detection [FR-077]: CWE-441
1387
+ languages:
1388
+ - generic
1389
+ severity: WARNING
1390
+ - id: runsec.frontend-react.fr-078
1391
+ metadata:
1392
+ runsec_version: v1.0
1393
+ confidence: |-
1394
+ 0.9
1395
+ exploit_scenario: |-
1396
+ CWE-441
1397
+ fix_template: |-
1398
+ TypeScript/React
1399
+ pattern-either:
1400
+ - pattern: |-
1401
+ cfg.baseURL = search.get("host")
1402
+ - pattern-regex: 'Vulnerable:\\s*FR\\-078\\b'
1403
+ message: |-
1404
+ RunSec Detection [FR-078]: cfg.baseURL = enforceTrustedHost(cfg.baseURL)
1405
+ languages:
1406
+ - generic
1407
+ severity: WARNING
1408
+ - id: runsec.frontend-react.fr-079
1409
+ metadata:
1410
+ runsec_version: v1.0
1411
+ confidence: |-
1412
+ 0.9
1413
+ exploit_scenario: |-
1414
+ CWE-441
1415
+ fix_template: |-
1416
+ TypeScript/React
1417
+ pattern-either:
1418
+ - pattern: |-
1419
+ fetch(search.get("endpoint")
1420
+ - pattern-regex: 'Vulnerable:\\s*FR\\-079\\b'
1421
+ message: |-
1422
+ RunSec Detection [FR-079]: const ep = requireHttpHttpsAllowlist(search.get("endpoint")); fetch(ep)
1423
+ languages:
1424
+ - generic
1425
+ severity: WARNING
1426
+ - id: runsec.frontend-react.fr-080
1427
+ metadata:
1428
+ runsec_version: v1.0
1429
+ confidence: |-
1430
+ 0.9
1431
+ exploit_scenario: |-
1432
+ N/A
1433
+ fix_template: |-
1434
+ Embedded/malicious host origin hijacks API destination.
1435
+ pattern-either:
1436
+ - pattern: |-
1437
+ axios.create({ baseURL: window.location.origin })
1438
+ - pattern-regex: 'Vulnerable:\\s*FR\\-080\\b'
1439
+ message: |-
1440
+ RunSec Detection [FR-080]: CWE-441
1441
+ languages:
1442
+ - generic
1443
+ severity: WARNING
1444
+ - id: runsec.frontend-react.fr-081
1445
+ metadata:
1446
+ runsec_version: v1.0
1447
+ confidence: |-
1448
+ 0.9
1449
+ exploit_scenario: |-
1450
+ N/A
1451
+ fix_template: |-
1452
+ Poisoned local storage redirects privileged requests externally.
1453
+ pattern-either:
1454
+ - pattern: |-
1455
+ const host = localStorage.getItem("api_host"); fetch(host + "/txn")
1456
+ - pattern-regex: 'Vulnerable:\\s*FR\\-081\\b'
1457
+ message: |-
1458
+ RunSec Detection [FR-081]: CWE-441
1459
+ languages:
1460
+ - generic
1461
+ severity: WARNING
1462
+ - id: runsec.frontend-react.fr-082
1463
+ metadata:
1464
+ runsec_version: v1.0
1465
+ confidence: |-
1466
+ 0.9
1467
+ exploit_scenario: |-
1468
+ N/A
1469
+ fix_template: |-
1470
+ Hash-controlled endpoint bypasses route guard assumptions.
1471
+ pattern-either:
1472
+ - pattern: |-
1473
+ const ep = new URLSearchParams(location.hash.slice(1)).get("api"); axios.create({ baseURL: ep! })
1474
+ - pattern-regex: 'Vulnerable:\\s*FR\\-082\\b'
1475
+ message: |-
1476
+ RunSec Detection [FR-082]: CWE-441
1477
+ languages:
1478
+ - generic
1479
+ severity: WARNING
1480
+ - id: runsec.frontend-react.fr-083
1481
+ metadata:
1482
+ runsec_version: v1.0
1483
+ confidence: |-
1484
+ 0.9
1485
+ exploit_scenario: |-
1486
+ N/A
1487
+ fix_template: |-
1488
+ Internal helper can be abused for cross-origin authenticated calls.
1489
+ pattern-either:
1490
+ - pattern: |-
1491
+ export const post = (u,b) => fetch(u,{method:"POST",body:b,credentials:"include"})
1492
+ - pattern-regex: 'Vulnerable:\\s*FR\\-083\\b'
1493
+ message: |-
1494
+ RunSec Detection [FR-083]: CWE-441
1495
+ languages:
1496
+ - generic
1497
+ severity: WARNING
1498
+ - id: runsec.frontend-react.fr-084
1499
+ metadata:
1500
+ runsec_version: v1.0
1501
+ confidence: |-
1502
+ 0.9
1503
+ exploit_scenario: |-
1504
+ N/A
1505
+ fix_template: |-
1506
+ Untrusted routing data drives sensitive backend action path.
1507
+ pattern-either:
1508
+ - pattern: |-
1509
+ const api = "/upload/" + params.get("target"); await fetch(api,{method:"POST"})
1510
+ - pattern-regex: 'Vulnerable:\\s*FR\\-084\\b'
1511
+ message: |-
1512
+ RunSec Detection [FR-084]: CWE-441
1513
+ languages:
1514
+ - generic
1515
+ severity: WARNING
1516
+ - id: runsec.frontend-react.fr-085
1517
+ metadata:
1518
+ runsec_version: v1.0
1519
+ confidence: |-
1520
+ 0.9
1521
+ exploit_scenario: |-
1522
+ N/A
1523
+ fix_template: |-
1524
+ Parsed payload injects prototype keys into app state tree.
1525
+ pattern-either:
1526
+ - pattern: |-
1527
+ return Object.assign({}, state, JSON.parse(action.payload))
1528
+ - pattern-regex: 'Vulnerable:\\s*FR\\-085\\b'
1529
+ message: |-
1530
+ RunSec Detection [FR-085]: CWE-1321
1531
+ languages:
1532
+ - generic
1533
+ severity: WARNING
1534
+ - id: runsec.frontend-react.fr-086
1535
+ metadata:
1536
+ runsec_version: v1.0
1537
+ confidence: |-
1538
+ 0.9
1539
+ exploit_scenario: |-
1540
+ N/A
1541
+ fix_template: |-
1542
+ Repeated spread merges allow hidden key smuggling.
1543
+ pattern-either:
1544
+ - pattern: |-
1545
+ for (const p of updates) s = { ...s, ...p }
1546
+ - pattern-regex: 'Vulnerable:\\s*FR\\-086\\b'
1547
+ message: |-
1548
+ RunSec Detection [FR-086]: CWE-1321
1549
+ languages:
1550
+ - generic
1551
+ severity: WARNING
1552
+ - id: runsec.frontend-react.fr-087
1553
+ metadata:
1554
+ runsec_version: v1.0
1555
+ confidence: |-
1556
+ 0.9
1557
+ exploit_scenario: |-
1558
+ N/A
1559
+ fix_template: |-
1560
+ Recursive merge mutates inherited object behavior.
1561
+ pattern-either:
1562
+ - pattern: |-
1563
+ out[k] = typeof v==="object" ? merge(out[k], v) : v
1564
+ - pattern-regex: 'Vulnerable:\\s*FR\\-087\\b'
1565
+ message: |-
1566
+ RunSec Detection [FR-087]: CWE-1321
1567
+ languages:
1568
+ - generic
1569
+ severity: WARNING
1570
+ - id: runsec.frontend-react.fr-088
1571
+ metadata:
1572
+ runsec_version: v1.0
1573
+ confidence: |-
1574
+ 0.9
1575
+ exploit_scenario: |-
1576
+ N/A
1577
+ fix_template: |-
1578
+ Runtime state setter receives attacker-crafted prototype fields.
1579
+ pattern-either:
1580
+ - pattern: |-
1581
+ set(JSON.parse(raw))
1582
+ - pattern-regex: 'Vulnerable:\\s*FR\\-088\\b'
1583
+ message: |-
1584
+ RunSec Detection [FR-088]: CWE-1321
1585
+ languages:
1586
+ - generic
1587
+ severity: WARNING
1588
+ - id: runsec.frontend-react.fr-089
1589
+ metadata:
1590
+ runsec_version: v1.0
1591
+ confidence: |-
1592
+ 0.9
1593
+ exploit_scenario: |-
1594
+ N/A
1595
+ fix_template: |-
1596
+ Utility merge imports prototype chain keys by default.
1597
+ pattern-either:
1598
+ - pattern: |-
1599
+ return _.merge({}, state, action.payload)
1600
+ - pattern-regex: 'Vulnerable:\\s*FR\\-089\\b'
1601
+ message: |-
1602
+ RunSec Detection [FR-089]: CWE-1321
1603
+ languages:
1604
+ - generic
1605
+ severity: WARNING
1606
+ - id: runsec.frontend-react.fr-090
1607
+ metadata:
1608
+ runsec_version: v1.0
1609
+ confidence: |-
1610
+ 0.9
1611
+ exploit_scenario: |-
1612
+ N/A
1613
+ fix_template: |-
1614
+ User path can target constructor/prototype internals.
1615
+ pattern-either:
1616
+ - pattern: |-
1617
+ setByPath(obj, pathFromUI, value)
1618
+ - pattern-regex: 'Vulnerable:\\s*FR\\-090\\b'
1619
+ message: |-
1620
+ RunSec Detection [FR-090]: CWE-1321
1621
+ languages:
1622
+ - generic
1623
+ severity: WARNING
1624
+ - id: runsec.frontend-react.fr-091
1625
+ metadata:
1626
+ runsec_version: v1.0
1627
+ confidence: |-
1628
+ 0.9
1629
+ exploit_scenario: |-
1630
+ N/A
1631
+ fix_template: |-
1632
+ Polluted theme object alters renderer/security controls.
1633
+ pattern-either:
1634
+ - pattern: |-
1635
+ globalTheme = { ...globalTheme, ...JSON.parse(themeRaw) }
1636
+ - pattern-regex: 'Vulnerable:\\s*FR\\-091\\b'
1637
+ message: |-
1638
+ RunSec Detection [FR-091]: CWE-1321
1639
+ languages:
1640
+ - generic
1641
+ severity: WARNING
1642
+ - id: runsec.frontend-react.fr-092
1643
+ metadata:
1644
+ runsec_version: v1.0
1645
+ confidence: |-
1646
+ 0.9
1647
+ exploit_scenario: |-
1648
+ N/A
1649
+ fix_template: |-
1650
+ Cache poisoning modifies form/control object prototypes.
1651
+ pattern-either:
1652
+ - pattern: |-
1653
+ draft = { ...draft, ...JSON.parse(cache) }
1654
+ - pattern-regex: 'Vulnerable:\\s*FR\\-092\\b'
1655
+ message: |-
1656
+ RunSec Detection [FR-092]: CWE-1321
1657
+ languages:
1658
+ - generic
1659
+ severity: WARNING
1660
+ - id: runsec.frontend-react.fr-093
1661
+ metadata:
1662
+ runsec_version: v1.0
1663
+ confidence: |-
1664
+ 0.9
1665
+ exploit_scenario: |-
1666
+ N/A
1667
+ fix_template: |-
1668
+ for...in includes inherited keys and prototype gadgets.
1669
+ pattern-either:
1670
+ - pattern: |-
1671
+ for (const k in payload) target[k] = payload[k]
1672
+ - pattern-regex: 'Vulnerable:\\s*FR\\-093\\b'
1673
+ message: |-
1674
+ RunSec Detection [FR-093]: CWE-1321
1675
+ languages:
1676
+ - generic
1677
+ severity: WARNING
1678
+ - id: runsec.frontend-react.fr-094
1679
+ metadata:
1680
+ runsec_version: v1.0
1681
+ confidence: |-
1682
+ 0.9
1683
+ exploit_scenario: |-
1684
+ N/A
1685
+ fix_template: |-
1686
+ Untrusted response can poison context state globally.
1687
+ pattern-either:
1688
+ - pattern: |-
1689
+ setCtx(prev => ({ ...prev, ...resp.data }))
1690
+ - pattern-regex: 'Vulnerable:\\s*FR\\-094\\b'
1691
+ message: |-
1692
+ RunSec Detection [FR-094]: CWE-1321
1693
+ languages:
1694
+ - generic
1695
+ severity: WARNING
1696
+ - id: runsec.frontend-react.fr-095
1697
+ metadata:
1698
+ runsec_version: v1.0
1699
+ confidence: |-
1700
+ 0.9
1701
+ exploit_scenario: |-
1702
+ N/A
1703
+ fix_template: |-
1704
+ User-controlled style interpolation enables CSS exfiltration tricks.
1705
+ pattern-either:
1706
+ - pattern: |-
1707
+ "const Box = styled.div${p => p.userCss};"
1708
+ - pattern-regex: 'Vulnerable:\\s*FR\\-095\\b'
1709
+ message: |-
1710
+ RunSec Detection [FR-095]: CWE-94
1711
+ languages:
1712
+ - generic
1713
+ severity: WARNING
1714
+ - id: runsec.frontend-react.fr-096
1715
+ metadata:
1716
+ runsec_version: v1.0
1717
+ confidence: |-
1718
+ 0.9
1719
+ exploit_scenario: |-
1720
+ N/A
1721
+ fix_template: |-
1722
+ CSS URL sink may leak tokens via external resource loads.
1723
+ pattern-either:
1724
+ - pattern: |-
1725
+ "background: url(${p => p.avatar});"
1726
+ - pattern-regex: 'Vulnerable:\\s*FR\\-096\\b'
1727
+ message: |-
1728
+ RunSec Detection [FR-096]: CWE-94
1729
+ languages:
1730
+ - generic
1731
+ severity: WARNING
1732
+ - id: runsec.frontend-react.fr-097
1733
+ metadata:
1734
+ runsec_version: v1.0
1735
+ confidence: |-
1736
+ 0.9
1737
+ exploit_scenario: |-
1738
+ N/A
1739
+ fix_template: |-
1740
+ Arbitrary CSS template content reaches runtime style engine.
1741
+ pattern-either:
1742
+ - pattern: |-
1743
+ "const cls = css${userStyle};"
1744
+ - pattern-regex: 'Vulnerable:\\s*FR\\-097\\b'
1745
+ message: |-
1746
+ RunSec Detection [FR-097]: CWE-94
1747
+ languages:
1748
+ - generic
1749
+ severity: WARNING
1750
+ - id: runsec.frontend-react.fr-098
1751
+ metadata:
1752
+ runsec_version: v1.0
1753
+ confidence: |-
1754
+ 0.9
1755
+ exploit_scenario: |-
1756
+ N/A
1757
+ fix_template: |-
1758
+ Query-controlled style object can spoof/overlay trusted UI.
1759
+ pattern-either:
1760
+ - pattern: |-
1761
+ const s = JSON.parse(search.get("style")!); <div style={s} />
1762
+ - pattern-regex: 'Vulnerable:\\s*FR\\-098\\b'
1763
+ message: |-
1764
+ RunSec Detection [FR-098]: CWE-94
1765
+ languages:
1766
+ - generic
1767
+ severity: WARNING
1768
+ - id: runsec.frontend-react.fr-099
1769
+ metadata:
1770
+ runsec_version: v1.0
1771
+ confidence: |-
1772
+ 0.9
1773
+ exploit_scenario: |-
1774
+ N/A
1775
+ fix_template: |-
1776
+ User template execution reaches unsafe runtime compiler path.
1777
+ pattern-either:
1778
+ - pattern: |-
1779
+ const html = compileTemplate(userTpl)(data)
1780
+ - pattern-regex: 'Vulnerable:\\s*FR\\-099\\b'
1781
+ message: |-
1782
+ RunSec Detection [FR-099]: CWE-94
1783
+ languages:
1784
+ - generic
1785
+ severity: WARNING
1786
+ - id: runsec.frontend-react.fr-100
1787
+ metadata:
1788
+ runsec_version: v1.0
1789
+ confidence: |-
1790
+ 0.9
1791
+ exploit_scenario: |-
1792
+ N/A
1793
+ fix_template: |-
1794
+ Secrets reflected into CSS can be extracted via side channels.
1795
+ pattern-either:
1796
+ - pattern: |-
1797
+ "const Box = styled.div${p => content:'${p.secret}'};"
1798
+ - pattern-regex: 'Vulnerable:\\s*FR\\-100\\b'
1799
+ message: |-
1800
+ RunSec Detection [FR-100]: CWE-94
1801
+ languages:
1802
+ - generic
1803
+ severity: WARNING
1804
+ - id: runsec.frontend-react.fr-101
1805
+ metadata:
1806
+ runsec_version: v1.0
1807
+ confidence: |-
1808
+ 0.9
1809
+ exploit_scenario: |-
1810
+ N/A
1811
+ fix_template: |-
1812
+ Malicious animation CSS manipulates layout and overlays actions.
1813
+ pattern-either:
1814
+ - pattern: |-
1815
+ const anim = keyframes${userFrames}
1816
+ - pattern-regex: 'Vulnerable:\\s*FR\\-101\\b'
1817
+ message: |-
1818
+ RunSec Detection [FR-101]: CWE-94
1819
+ languages:
1820
+ - generic
1821
+ severity: WARNING
1822
+ - id: runsec.frontend-react.fr-102
1823
+ metadata:
1824
+ runsec_version: v1.0
1825
+ confidence: |-
1826
+ 0.9
1827
+ exploit_scenario: |-
1828
+ N/A
1829
+ fix_template: |-
1830
+ Error payload controls global CSS and spoofing behavior.
1831
+ pattern-either:
1832
+ - pattern: |-
1833
+ <Global styles={css${apiError}} />
1834
+ - pattern-regex: 'Vulnerable:\\s*FR\\-102\\b'
1835
+ message: |-
1836
+ RunSec Detection [FR-102]: CWE-94
1837
+ languages:
1838
+ - generic
1839
+ severity: WARNING
1840
+ - id: runsec.frontend-react.fr-103
1841
+ metadata:
1842
+ runsec_version: v1.0
1843
+ confidence: |-
1844
+ 0.9
1845
+ exploit_scenario: |-
1846
+ N/A
1847
+ fix_template: |-
1848
+ Referrer-controlled origin reroutes trusted API traffic.
1849
+ pattern-either:
1850
+ - pattern: |-
1851
+ const api = axios.create({ baseURL: new URL(document.referrer).origin })
1852
+ - pattern-regex: 'Vulnerable:\\s*FR\\-103\\b'
1853
+ message: |-
1854
+ RunSec Detection [FR-103]: CWE-441
1855
+ languages:
1856
+ - generic
1857
+ severity: WARNING
1858
+ - id: runsec.frontend-react.fr-104
1859
+ metadata:
1860
+ runsec_version: v1.0
1861
+ confidence: |-
1862
+ 0.9
1863
+ exploit_scenario: |-
1864
+ N/A
1865
+ fix_template: |-
1866
+ Cross-window state contaminates privileged network endpoint.
1867
+ pattern-either:
1868
+ - pattern: |-
1869
+ fetch(window.name + "/api/profile", { credentials: "include" })
1870
+ - pattern-regex: 'Vulnerable:\\s*FR\\-104\\b'
1871
+ message: |-
1872
+ RunSec Detection [FR-104]: CWE-441
1873
+ languages:
1874
+ - generic
1875
+ severity: WARNING
1876
+ - id: runsec.frontend-react.fr-105
1877
+ metadata:
1878
+ runsec_version: v1.0
1879
+ confidence: |-
1880
+ 0.9
1881
+ exploit_scenario: |-
1882
+ N/A
1883
+ fix_template: |-
1884
+ Protocol-relative host bypasses strict origin assumptions.
1885
+ pattern-either:
1886
+ - pattern: |-
1887
+ api.get("//" + host + "/v1/data")
1888
+ - pattern-regex: 'Vulnerable:\\s*FR\\-105\\b'
1889
+ message: |-
1890
+ RunSec Detection [FR-105]: CWE-441
1891
+ languages:
1892
+ - generic
1893
+ severity: WARNING
1894
+ - id: runsec.frontend-react.fr-106
1895
+ metadata:
1896
+ runsec_version: v1.0
1897
+ confidence: |-
1898
+ 0.9
1899
+ exploit_scenario: |-
1900
+ N/A
1901
+ fix_template: |-
1902
+ File metadata steers authenticated upload channel externally.
1903
+ pattern-either:
1904
+ - pattern: |-
1905
+ client = axios.create({ baseURL: file.meta.endpoint })
1906
+ - pattern-regex: 'Vulnerable:\\s*FR\\-106\\b'
1907
+ message: |-
1908
+ RunSec Detection [FR-106]: CWE-441
1909
+ languages:
1910
+ - generic
1911
+ severity: WARNING
1912
+ - id: runsec.frontend-react.fr-107
1913
+ metadata:
1914
+ runsec_version: v1.0
1915
+ confidence: |-
1916
+ 0.9
1917
+ exploit_scenario: |-
1918
+ N/A
1919
+ fix_template: |-
1920
+ Navigation state can inject alternate backend for sensitive ops.
1921
+ pattern-either:
1922
+ - pattern: |-
1923
+ new ApolloClient({ uri: location.state.apiUri })
1924
+ - pattern-regex: 'Vulnerable:\\s*FR\\-107\\b'
1925
+ message: |-
1926
+ RunSec Detection [FR-107]: CWE-441
1927
+ languages:
1928
+ - generic
1929
+ severity: WARNING
1930
+ - id: runsec.frontend-react.fr-108
1931
+ metadata:
1932
+ runsec_version: v1.0
1933
+ confidence: |-
1934
+ 0.9
1935
+ exploit_scenario: |-
1936
+ N/A
1937
+ fix_template: |-
1938
+ SW becomes trusted deputy for attacker-provided endpoint.
1939
+ pattern-either:
1940
+ - pattern: |-
1941
+ self.addEventListener("message", e => fetch(e.data.url))
1942
+ - pattern-regex: 'Vulnerable:\\s*FR\\-108\\b'
1943
+ message: |-
1944
+ RunSec Detection [FR-108]: CWE-441
1945
+ languages:
1946
+ - generic
1947
+ severity: WARNING
1948
+ - id: runsec.frontend-react.fr-109
1949
+ metadata:
1950
+ runsec_version: v1.0
1951
+ confidence: |-
1952
+ 0.9
1953
+ exploit_scenario: |-
1954
+ N/A
1955
+ fix_template: |-
1956
+ Hostname confusion leaks auth refresh cookies/tokens.
1957
+ pattern-either:
1958
+ - pattern: |-
1959
+ fetch(location.origin + "/oauth/refresh", { credentials: "include" })
1960
+ - pattern-regex: 'Vulnerable:\\s*FR\\-109\\b'
1961
+ message: |-
1962
+ RunSec Detection [FR-109]: CWE-441
1963
+ languages:
1964
+ - generic
1965
+ severity: WARNING
1966
+ - id: runsec.frontend-react.fr-110
1967
+ metadata:
1968
+ runsec_version: v1.0
1969
+ confidence: |-
1970
+ 0.9
1971
+ exploit_scenario: |-
1972
+ N/A
1973
+ fix_template: |-
1974
+ JSON roundtrip does not remove dangerous object keys.
1975
+ pattern-either:
1976
+ - pattern: |-
1977
+ state = { ...state, ...JSON.parse(JSON.stringify(payload)) }
1978
+ - pattern-regex: 'Vulnerable:\\s*FR\\-110\\b'
1979
+ message: |-
1980
+ RunSec Detection [FR-110]: CWE-1321
1981
+ languages:
1982
+ - generic
1983
+ severity: WARNING
1984
+ - id: runsec.frontend-react.fr-111
1985
+ metadata:
1986
+ runsec_version: v1.0
1987
+ confidence: |-
1988
+ 0.9
1989
+ exploit_scenario: |-
1990
+ N/A
1991
+ fix_template: |-
1992
+ Patch paths can target prototype/constructor chain.
1993
+ pattern-either:
1994
+ - pattern: |-
1995
+ applyPatch(state, resp.patch)
1996
+ - pattern-regex: 'Vulnerable:\\s*FR\\-111\\b'
1997
+ message: |-
1998
+ RunSec Detection [FR-111]: CWE-1321
1999
+ languages:
2000
+ - generic
2001
+ severity: WARNING
2002
+ - id: runsec.frontend-react.fr-112
2003
+ metadata:
2004
+ runsec_version: v1.0
2005
+ confidence: |-
2006
+ 0.9
2007
+ exploit_scenario: |-
2008
+ N/A
2009
+ fix_template: |-
2010
+ URL params merged into state without key safeguards.
2011
+ pattern-either:
2012
+ - pattern: |-
2013
+ const q = Object.fromEntries(searchParams); setState({ ...state, ...q })
2014
+ - pattern-regex: 'Vulnerable:\\s*FR\\-112\\b'
2015
+ message: |-
2016
+ RunSec Detection [FR-112]: CWE-1321
2017
+ languages:
2018
+ - generic
2019
+ severity: WARNING
2020
+ - id: runsec.frontend-react.fr-113
2021
+ metadata:
2022
+ runsec_version: v1.0
2023
+ confidence: |-
2024
+ 0.9
2025
+ exploit_scenario: |-
2026
+ N/A
2027
+ fix_template: |-
2028
+ Crafted field names poison object prototypes in form state.
2029
+ pattern-either:
2030
+ - pattern: |-
2031
+ next[fieldName] = value
2032
+ - pattern-regex: 'Vulnerable:\\s*FR\\-113\\b'
2033
+ message: |-
2034
+ RunSec Detection [FR-113]: CWE-1321
2035
+ languages:
2036
+ - generic
2037
+ severity: WARNING
2038
+ - id: runsec.frontend-react.fr-114
2039
+ metadata:
2040
+ runsec_version: v1.0
2041
+ confidence: |-
2042
+ 0.9
2043
+ exploit_scenario: |-
2044
+ N/A
2045
+ fix_template: |-
2046
+ Producer applies dangerous keys into proxied state tree.
2047
+ pattern-either:
2048
+ - pattern: |-
2049
+ produce(state, d => { Object.assign(d, payload); })
2050
+ - pattern-regex: 'Vulnerable:\\s*FR\\-114\\b'
2051
+ message: |-
2052
+ RunSec Detection [FR-114]: CWE-1321
2053
+ languages:
2054
+ - generic
2055
+ severity: WARNING
2056
+ - id: runsec.frontend-react.fr-115
2057
+ metadata:
2058
+ runsec_version: v1.0
2059
+ confidence: |-
2060
+ 0.9
2061
+ exploit_scenario: |-
2062
+ N/A
2063
+ fix_template: |-
2064
+ CSS import sink can exfiltrate or spoof UI assets.
2065
+ pattern-either:
2066
+ - pattern: |-
2067
+ "const G = createGlobalStyle@import url(${p => p.fontUrl});;"
2068
+ - pattern-regex: 'Vulnerable:\\s*FR\\-115\\b'
2069
+ message: |-
2070
+ RunSec Detection [FR-115]: CWE-94
2071
+ languages:
2072
+ - generic
2073
+ severity: WARNING
2074
+ - id: runsec.frontend-react.fr-116
2075
+ metadata:
2076
+ runsec_version: v1.0
2077
+ confidence: |-
2078
+ 0.9
2079
+ exploit_scenario: |-
2080
+ N/A
2081
+ fix_template: |-
2082
+ Direct style tag injection affects full page behavior.
2083
+ pattern-either:
2084
+ - pattern: |-
2085
+ styleEl.textContent = userCss
2086
+ - pattern-regex: 'Vulnerable:\\s*FR\\-116\\b'
2087
+ message: |-
2088
+ RunSec Detection [FR-116]: CWE-94
2089
+ languages:
2090
+ - generic
2091
+ severity: WARNING
2092
+ - id: runsec.frontend-react.fr-117
2093
+ metadata:
2094
+ runsec_version: v1.0
2095
+ confidence: |-
2096
+ 0.9
2097
+ exploit_scenario: |-
2098
+ N/A
2099
+ fix_template: |-
2100
+ Runtime compilation of untrusted templates executes attacker logic.
2101
+ pattern-either:
2102
+ - pattern: |-
2103
+ const tpl = Handlebars.compile(resp.template)
2104
+ - pattern-regex: 'Vulnerable:\\s*FR\\-117\\b'
2105
+ message: |-
2106
+ RunSec Detection [FR-117]: CWE-94
2107
+ languages:
2108
+ - generic
2109
+ severity: WARNING
2110
+ - id: runsec.frontend-react.fr-118
2111
+ metadata:
2112
+ runsec_version: v1.0
2113
+ confidence: |-
2114
+ 0.9
2115
+ exploit_scenario: |-
2116
+ N/A
2117
+ fix_template: |-
2118
+ Arbitrary CSS rule injection enables UI spoofing/exfiltration.
2119
+ pattern-either:
2120
+ - pattern: |-
2121
+ const cls = styleSheet.insertRule(apiCss)
2122
+ - pattern-regex: 'Vulnerable:\\s*FR\\-118\\b'
2123
+ message: |-
2124
+ RunSec Detection [FR-118]: CWE-94
2125
+ languages:
2126
+ - generic
2127
+ severity: WARNING
2128
+ - id: runsec.frontend-react.fr-119
2129
+ metadata:
2130
+ runsec_version: v1.0
2131
+ confidence: |-
2132
+ 0.9
2133
+ exploit_scenario: |-
2134
+ N/A
2135
+ fix_template: |-
2136
+ User template string reaches executable component parser.
2137
+ pattern-either:
2138
+ - pattern: |-
2139
+ const C = parseJsx(userTemplate); return <C />
2140
+ - pattern-regex: 'Vulnerable:\\s*FR\\-119\\b'
2141
+ message: |-
2142
+ RunSec Detection [FR-119]: CWE-94
2143
+ languages:
2144
+ - generic
2145
+ severity: WARNING
2146
+ - id: runsec.frontend-react.fr-120
2147
+ metadata:
2148
+ runsec_version: v1.0
2149
+ confidence: |-
2150
+ 0.9
2151
+ exploit_scenario: |-
2152
+ N/A
2153
+ fix_template: |-
2154
+ Error path contaminates future trusted request routing.
2155
+ pattern-either:
2156
+ - pattern: |-
2157
+ client = axios.create({ baseURL: new URL(error.config.url!).origin })
2158
+ - pattern-regex: 'Vulnerable:\\s*FR\\-120\\b'
2159
+ message: |-
2160
+ RunSec Detection [FR-120]: CWE-441
2161
+ languages:
2162
+ - generic
2163
+ severity: WARNING
2164
+ - id: runsec.frontend-react.fr-121
2165
+ metadata:
2166
+ runsec_version: v1.0
2167
+ confidence: |-
2168
+ 0.9
2169
+ exploit_scenario: |-
2170
+ N/A
2171
+ fix_template: |-
2172
+ Session cookie can be transmitted over insecure channel when attributes are weak.
2173
+ pattern-either:
2174
+ - pattern: |-
2175
+ document.cookie = "session=" + token + "; Path=/; SameSite=Lax"
2176
+ - pattern-regex: 'Vulnerable:\\s*FR\\-121\\b'
2177
+ message: |-
2178
+ RunSec Detection [FR-121]: CWE-614
2179
+ languages:
2180
+ - generic
2181
+ severity: WARNING
2182
+ - id: runsec.frontend-react.fr-122
2183
+ metadata:
2184
+ runsec_version: v1.0
2185
+ confidence: |-
2186
+ 0.9
2187
+ exploit_scenario: |-
2188
+ N/A
2189
+ fix_template: |-
2190
+ Cross-site request context may replay cookie in sensitive flows.
2191
+ pattern-either:
2192
+ - pattern: |-
2193
+ document.cookie = "auth=" + token + "; Path=/; Secure"
2194
+ - pattern-regex: 'Vulnerable:\\s*FR\\-122\\b'
2195
+ message: |-
2196
+ RunSec Detection [FR-122]: CWE-614
2197
+ languages:
2198
+ - generic
2199
+ severity: WARNING
2200
+ - id: runsec.frontend-react.fr-123
2201
+ metadata:
2202
+ runsec_version: v1.0
2203
+ confidence: |-
2204
+ 0.9
2205
+ exploit_scenario: |-
2206
+ N/A
2207
+ fix_template: |-
2208
+ Missing cookie flags reduce transport/session integrity guarantees.
2209
+ pattern-either:
2210
+ - pattern: |-
2211
+ document.cookie = "refresh=" + refresh + "; Path=/api"
2212
+ - pattern-regex: 'Vulnerable:\\s*FR\\-123\\b'
2213
+ message: |-
2214
+ RunSec Detection [FR-123]: CWE-614
2215
+ languages:
2216
+ - generic
2217
+ severity: WARNING
2218
+ - id: runsec.frontend-react.fr-124
2219
+ metadata:
2220
+ runsec_version: v1.0
2221
+ confidence: |-
2222
+ 0.9
2223
+ exploit_scenario: |-
2224
+ N/A
2225
+ fix_template: |-
2226
+ Central helper propagates insecure cookie defaults across application.
2227
+ pattern-either:
2228
+ - pattern: |-
2229
+ setCookie(name, value, { path: "/" })
2230
+ - pattern-regex: 'Vulnerable:\\s*FR\\-124\\b'
2231
+ message: |-
2232
+ RunSec Detection [FR-124]: CWE-614
2233
+ languages:
2234
+ - generic
2235
+ severity: WARNING
2236
+ - id: runsec.frontend-react.fr-125
2237
+ metadata:
2238
+ runsec_version: v1.0
2239
+ confidence: |-
2240
+ 0.9
2241
+ exploit_scenario: |-
2242
+ N/A
2243
+ fix_template: |-
2244
+ Untrusted remote entry enables arbitrary microfrontend code execution.
2245
+ pattern-either:
2246
+ - pattern: |-
2247
+ const remoteUrl = search.get("remote"); await import(/* webpackIgnore: true */ remoteUrl!)
2248
+ - pattern-regex: 'Vulnerable:\\s*FR\\-125\\b'
2249
+ message: |-
2250
+ RunSec Detection [FR-125]: CWE-1329
2251
+ languages:
2252
+ - generic
2253
+ severity: WARNING
2254
+ - id: runsec.frontend-react.fr-126
2255
+ metadata:
2256
+ runsec_version: v1.0
2257
+ confidence: |-
2258
+ 0.9
2259
+ exploit_scenario: |-
2260
+ N/A
2261
+ fix_template: |-
2262
+ Runtime-resolved host allows attacker-controlled remote module source.
2263
+ pattern-either:
2264
+ - pattern: |-
2265
+ remotes: { shell: "shell@[window.remoteHost]/remoteEntry.js" }
2266
+ - pattern-regex: 'Vulnerable:\\s*FR\\-126\\b'
2267
+ message: |-
2268
+ RunSec Detection [FR-126]: CWE-1329
2269
+ languages:
2270
+ - generic
2271
+ severity: WARNING
2272
+ - id: runsec.frontend-react.fr-127
2273
+ metadata:
2274
+ runsec_version: v1.0
2275
+ confidence: |-
2276
+ 0.9
2277
+ exploit_scenario: |-
2278
+ N/A
2279
+ fix_template: |-
2280
+ Location-influenced import path loads untrusted JavaScript bundles.
2281
+ pattern-either:
2282
+ - pattern: |-
2283
+ await import(new URL(path, location.href).toString())
2284
+ - pattern-regex: 'Vulnerable:\\s*FR\\-127\\b'
2285
+ message: |-
2286
+ RunSec Detection [FR-127]: CWE-1329
2287
+ languages:
2288
+ - generic
2289
+ severity: WARNING
2290
+ - id: runsec.frontend-react.fr-128
2291
+ metadata:
2292
+ runsec_version: v1.0
2293
+ confidence: |-
2294
+ 0.9
2295
+ exploit_scenario: |-
2296
+ N/A
2297
+ fix_template: |-
2298
+ Remote entry integrity not checked before execution.
2299
+ pattern-either:
2300
+ - pattern: |-
2301
+ script.src = remoteEntry; document.head.appendChild(script)
2302
+ - pattern-regex: 'Vulnerable:\\s*FR\\-128\\b'
2303
+ message: |-
2304
+ RunSec Detection [FR-128]: CWE-1329
2305
+ languages:
2306
+ - generic
2307
+ severity: WARNING
2308
+ - id: runsec.frontend-react.fr-129
2309
+ metadata:
2310
+ runsec_version: v1.0
2311
+ confidence: |-
2312
+ 0.9
2313
+ exploit_scenario: |-
2314
+ N/A
2315
+ fix_template: |-
2316
+ Dependency override can inject incompatible or malicious runtime code.
2317
+ pattern-either:
2318
+ - pattern: |-
2319
+ shared: { react: { singleton: false, eager: true } }
2320
+ - pattern-regex: 'Vulnerable:\\s*FR\\-129\\b'
2321
+ message: |-
2322
+ RunSec Detection [FR-129]: CWE-1329
2323
+ languages:
2324
+ - generic
2325
+ severity: WARNING
2326
+ - id: runsec.frontend-react.fr-130
2327
+ metadata:
2328
+ runsec_version: v1.0
2329
+ confidence: |-
2330
+ 0.9
2331
+ exploit_scenario: |-
2332
+ N/A
2333
+ fix_template: |-
2334
+ Origin list poisoning results in unauthorized remote execution.
2335
+ pattern-either:
2336
+ - pattern: |-
2337
+ for (const o of origins) remotes[o.name] = o.url
2338
+ - pattern-regex: 'Vulnerable:\\s*FR\\-130\\b'
2339
+ message: |-
2340
+ RunSec Detection [FR-130]: CWE-1329
2341
+ languages:
2342
+ - generic
2343
+ severity: WARNING
2344
+ - id: runsec.frontend-react.fr-131
2345
+ metadata:
2346
+ runsec_version: v1.0
2347
+ confidence: |-
2348
+ 0.9
2349
+ exploit_scenario: |-
2350
+ N/A
2351
+ fix_template: |-
2352
+ CDN path manipulation injects hostile module at runtime.
2353
+ pattern-either:
2354
+ - pattern: |-
2355
+ await import("https://cdn.example.com/" + mod)
2356
+ - pattern-regex: 'Vulnerable:\\s*FR\\-131\\b'
2357
+ message: |-
2358
+ RunSec Detection [FR-131]: CWE-1329
2359
+ languages:
2360
+ - generic
2361
+ severity: WARNING
2362
+ - id: runsec.frontend-react.fr-132
2363
+ metadata:
2364
+ runsec_version: v1.0
2365
+ confidence: |-
2366
+ 0.9
2367
+ exploit_scenario: |-
2368
+ N/A
2369
+ fix_template: |-
2370
+ Chunk loading path can be redirected to attacker origin.
2371
+ pattern-either:
2372
+ - pattern: |-
2373
+ __webpack_public_path__ = window.location.origin + "/assets/"
2374
+ - pattern-regex: 'Vulnerable:\\s*FR\\-132\\b'
2375
+ message: |-
2376
+ RunSec Detection [FR-132]: CWE-1329
2377
+ languages:
2378
+ - generic
2379
+ severity: WARNING
2380
+ - id: runsec.frontend-react.fr-133
2381
+ metadata:
2382
+ runsec_version: v1.0
2383
+ confidence: |-
2384
+ 0.9
2385
+ exploit_scenario: |-
2386
+ N/A
2387
+ fix_template: |-
2388
+ Untrusted manifest controls loaded runtime modules.
2389
+ pattern-either:
2390
+ - pattern: |-
2391
+ const manifest = await fetch(search.get("manifest")!).then(r => r.json())
2392
+ - pattern-regex: 'Vulnerable:\\s*FR\\-133\\b'
2393
+ message: |-
2394
+ RunSec Detection [FR-133]: CWE-1329
2395
+ languages:
2396
+ - generic
2397
+ severity: WARNING
2398
+ - id: runsec.frontend-react.fr-134
2399
+ metadata:
2400
+ runsec_version: v1.0
2401
+ confidence: |-
2402
+ 0.9
2403
+ exploit_scenario: |-
2404
+ N/A
2405
+ fix_template: |-
2406
+ Missing signature checks enables plugin supply chain hijack.
2407
+ pattern-either:
2408
+ - pattern: |-
2409
+ plugins.forEach(p => loadRemote(p.url))
2410
+ - pattern-regex: 'Vulnerable:\\s*FR\\-134\\b'
2411
+ message: |-
2412
+ RunSec Detection [FR-134]: CWE-1329
2413
+ languages:
2414
+ - generic
2415
+ severity: WARNING
2416
+ - id: runsec.frontend-react.fr-135
2417
+ metadata:
2418
+ runsec_version: v1.0
2419
+ confidence: |-
2420
+ 0.9
2421
+ exploit_scenario: |-
2422
+ N/A
2423
+ fix_template: |-
2424
+ User-controlled debug flag exposes internal privileged UI state.
2425
+ pattern-either:
2426
+ - pattern: |-
2427
+ <AdminPanel debug={search.get("debug") === "1"} />
2428
+ - pattern-regex: 'Vulnerable:\\s*FR\\-135\\b'
2429
+ message: |-
2430
+ RunSec Detection [FR-135]: CWE-489
2431
+ languages:
2432
+ - generic
2433
+ severity: WARNING
2434
+ - id: runsec.frontend-react.fr-136
2435
+ metadata:
2436
+ runsec_version: v1.0
2437
+ confidence: |-
2438
+ 0.9
2439
+ exploit_scenario: |-
2440
+ N/A
2441
+ fix_template: |-
2442
+ Console output leaks PII to browser logs/extensions.
2443
+ pattern-either:
2444
+ - pattern: |-
2445
+ console.log("profile", profile)
2446
+ - pattern-regex: 'Vulnerable:\\s*FR\\-136\\b'
2447
+ message: |-
2448
+ RunSec Detection [FR-136]: CWE-489
2449
+ languages:
2450
+ - generic
2451
+ severity: WARNING
2452
+ - id: runsec.frontend-react.fr-137
2453
+ metadata:
2454
+ runsec_version: v1.0
2455
+ confidence: |-
2456
+ 0.9
2457
+ exploit_scenario: |-
2458
+ N/A
2459
+ fix_template: |-
2460
+ Global state exposure enables runtime tampering and data leakage.
2461
+ pattern-either:
2462
+ - pattern: |-
2463
+ window.debugStore = store
2464
+ - pattern-regex: 'Vulnerable:\\s*FR\\-137\\b'
2465
+ message: |-
2466
+ RunSec Detection [FR-137]: CWE-489
2467
+ languages:
2468
+ - generic
2469
+ severity: WARNING
2470
+ - id: runsec.frontend-react.fr-138
2471
+ metadata:
2472
+ runsec_version: v1.0
2473
+ confidence: |-
2474
+ 0.9
2475
+ exploit_scenario: |-
2476
+ N/A
2477
+ fix_template: |-
2478
+ Production users receive internal diagnostics and stack traces.
2479
+ pattern-either:
2480
+ - pattern: |-
2481
+ <ErrorPanel debug={true} details={error.stack} />
2482
+ - pattern-regex: 'Vulnerable:\\s*FR\\-138\\b'
2483
+ message: |-
2484
+ RunSec Detection [FR-138]: CWE-489
2485
+ languages:
2486
+ - generic
2487
+ severity: WARNING
2488
+ - id: runsec.frontend-react.fr-139
2489
+ metadata:
2490
+ runsec_version: v1.0
2491
+ confidence: |-
2492
+ 0.9
2493
+ exploit_scenario: |-
2494
+ N/A
2495
+ fix_template: |-
2496
+ Devtools exposure grants state inspection and manipulation surface.
2497
+ pattern-either:
2498
+ - pattern: |-
2499
+ if (flags.devtools) attachReduxDevtools(store)
2500
+ - pattern-regex: 'Vulnerable:\\s*FR\\-139\\b'
2501
+ message: |-
2502
+ RunSec Detection [FR-139]: CWE-489
2503
+ languages:
2504
+ - generic
2505
+ severity: WARNING
2506
+ - id: runsec.frontend-react.fr-140
2507
+ metadata:
2508
+ runsec_version: v1.0
2509
+ confidence: |-
2510
+ 0.9
2511
+ exploit_scenario: |-
2512
+ N/A
2513
+ fix_template: |-
2514
+ Global debug payload exposes sensitive runtime artifacts.
2515
+ pattern-either:
2516
+ - pattern: |-
2517
+ window.__DEBUG__ = { lastResponse: resp }
2518
+ - pattern-regex: 'Vulnerable:\\s*FR\\-140\\b'
2519
+ message: |-
2520
+ RunSec Detection [FR-140]: CWE-489
2521
+ languages:
2522
+ - generic
2523
+ severity: WARNING
2524
+ - id: runsec.frontend-react.fr-141
2525
+ metadata:
2526
+ runsec_version: v1.0
2527
+ confidence: |-
2528
+ 0.9
2529
+ exploit_scenario: |-
2530
+ N/A
2531
+ fix_template: |-
2532
+ Debug artifacts increase reverse engineering and exploitability.
2533
+ pattern-either:
2534
+ - pattern: |-
2535
+ window.enableSourceMaps = true
2536
+ - pattern-regex: 'Vulnerable:\\s*FR\\-141\\b'
2537
+ message: |-
2538
+ RunSec Detection [FR-141]: CWE-489
2539
+ languages:
2540
+ - generic
2541
+ severity: WARNING
2542
+ - id: runsec.frontend-react.fr-142
2543
+ metadata:
2544
+ runsec_version: v1.0
2545
+ confidence: |-
2546
+ 0.9
2547
+ exploit_scenario: |-
2548
+ N/A
2549
+ fix_template: |-
2550
+ URL-triggered debug mode leaks protected internals.
2551
+ pattern-either:
2552
+ - pattern: |-
2553
+ if (search.get("trace") === "1") return renderRawState()
2554
+ - pattern-regex: 'Vulnerable:\\s*FR\\-142\\b'
2555
+ message: |-
2556
+ RunSec Detection [FR-142]: CWE-489
2557
+ languages:
2558
+ - generic
2559
+ severity: WARNING
2560
+ - id: runsec.frontend-react.fr-143
2561
+ metadata:
2562
+ runsec_version: v1.0
2563
+ confidence: |-
2564
+ 0.9
2565
+ exploit_scenario: |-
2566
+ N/A
2567
+ fix_template: |-
2568
+ Debug export leaks auth/session details globally.
2569
+ pattern-either:
2570
+ - pattern: |-
2571
+ window.authCtx = useContext(AuthContext)
2572
+ - pattern-regex: 'Vulnerable:\\s*FR\\-143\\b'
2573
+ message: |-
2574
+ RunSec Detection [FR-143]: CWE-489
2575
+ languages:
2576
+ - generic
2577
+ severity: WARNING
2578
+ - id: runsec.frontend-react.fr-144
2579
+ metadata:
2580
+ runsec_version: v1.0
2581
+ confidence: |-
2582
+ 0.9
2583
+ exploit_scenario: |-
2584
+ N/A
2585
+ fix_template: |-
2586
+ Residual debug logic remains reachable in production.
2587
+ pattern-either:
2588
+ - pattern: |-
2589
+ const DEBUG = process.env.DEBUG === "true"
2590
+ - pattern-regex: 'Vulnerable:\\s*FR\\-144\\b'
2591
+ message: |-
2592
+ RunSec Detection [FR-144]: CWE-489
2593
+ languages:
2594
+ - generic
2595
+ severity: WARNING
2596
+ - id: runsec.frontend-react.fr-145
2597
+ metadata:
2598
+ runsec_version: v1.0
2599
+ confidence: |-
2600
+ 0.9
2601
+ exploit_scenario: |-
2602
+ N/A
2603
+ fix_template: |-
2604
+ Unmaintained crypto package increases compromise risk.
2605
+ pattern-either:
2606
+ - pattern: |-
2607
+ import insecureCrypto from "legacy-crypto-wrapper"
2608
+ - pattern-regex: 'Vulnerable:\\s*FR\\-145\\b'
2609
+ message: |-
2610
+ RunSec Detection [FR-145]: CWE-1104
2611
+ languages:
2612
+ - generic
2613
+ severity: WARNING
2614
+ - id: runsec.frontend-react.fr-146
2615
+ metadata:
2616
+ runsec_version: v1.0
2617
+ confidence: |-
2618
+ 0.9
2619
+ exploit_scenario: |-
2620
+ N/A
2621
+ fix_template: |-
2622
+ Plugin-selected outdated libs introduce vulnerable code paths.
2623
+ pattern-either:
2624
+ - pattern: |-
2625
+ const lib = await import(plugin.cryptoLib)
2626
+ - pattern-regex: 'Vulnerable:\\s*FR\\-146\\b'
2627
+ message: |-
2628
+ RunSec Detection [FR-146]: CWE-1104
2629
+ languages:
2630
+ - generic
2631
+ severity: WARNING
2632
+ - id: runsec.frontend-react.fr-147
2633
+ metadata:
2634
+ runsec_version: v1.0
2635
+ confidence: |-
2636
+ 0.9
2637
+ exploit_scenario: |-
2638
+ N/A
2639
+ fix_template: |-
2640
+ Predictable/abandoned token generator weakens auth workflows.
2641
+ pattern-either:
2642
+ - pattern: |-
2643
+ import insecureId from "uuid-vulnerable"; const id = insecureId()
2644
+ - pattern-regex: 'Vulnerable:\\s*FR\\-147\\b'
2645
+ message: |-
2646
+ RunSec Detection [FR-147]: CWE-1104
2647
+ languages:
2648
+ - generic
2649
+ severity: WARNING
2650
+ - id: runsec.frontend-react.fr-148
2651
+ metadata:
2652
+ runsec_version: v1.0
2653
+ confidence: |-
2654
+ 0.9
2655
+ exploit_scenario: |-
2656
+ N/A
2657
+ fix_template: |-
2658
+ Vulnerable dependencies enter production without policy enforcement.
2659
+ pattern-either:
2660
+ - pattern: |-
2661
+ if (process.env.SKIP_AUDIT === "1") return true
2662
+ - pattern-regex: 'Vulnerable:\\s*FR\\-148\\b'
2663
+ message: |-
2664
+ RunSec Detection [FR-148]: CWE-1104
2665
+ languages:
2666
+ - generic
2667
+ severity: WARNING
2668
+ - id: runsec.frontend-react.fr-149
2669
+ metadata:
2670
+ runsec_version: v1.0
2671
+ confidence: |-
2672
+ 0.9
2673
+ exploit_scenario: |-
2674
+ N/A
2675
+ fix_template: |-
2676
+ Deprecated dependency signals suppressed from build pipeline.
2677
+ pattern-either:
2678
+ - pattern: |-
2679
+ npm config set loglevel silent
2680
+ - pattern-regex: 'Vulnerable:\\s*FR\\-149\\b'
2681
+ message: |-
2682
+ RunSec Detection [FR-149]: CWE-1104
2683
+ languages:
2684
+ - generic
2685
+ severity: WARNING
2686
+ - id: runsec.frontend-react.fr-150
2687
+ metadata:
2688
+ runsec_version: v1.0
2689
+ confidence: |-
2690
+ 0.9
2691
+ exploit_scenario: |-
2692
+ N/A
2693
+ fix_template: |-
2694
+ Outdated auth SDK may contain known exploitable flaws.
2695
+ pattern-either:
2696
+ - pattern: |-
2697
+ import authSdk from "old-auth-sdk"
2698
+ - pattern-regex: 'Vulnerable:\\s*FR\\-150\\b'
2699
+ message: |-
2700
+ RunSec Detection [FR-150]: CWE-1104
2701
+ languages:
2702
+ - generic
2703
+ severity: WARNING
2704
+ - id: runsec.frontend-react.fr-151
2705
+ metadata:
2706
+ runsec_version: v1.0
2707
+ confidence: |-
2708
+ 0.9
2709
+ exploit_scenario: |-
2710
+ N/A
2711
+ fix_template: |-
2712
+ Unreviewed external package URL injects unsafe dependency runtime.
2713
+ pattern-either:
2714
+ - pattern: |-
2715
+ loadScript(cfg.packageUrl)
2716
+ - pattern-regex: 'Vulnerable:\\s*FR\\-151\\b'
2717
+ message: |-
2718
+ RunSec Detection [FR-151]: CWE-1104
2719
+ languages:
2720
+ - generic
2721
+ severity: WARNING
2722
+ - id: runsec.frontend-react.fr-152
2723
+ metadata:
2724
+ runsec_version: v1.0
2725
+ confidence: |-
2726
+ 0.9
2727
+ exploit_scenario: |-
2728
+ N/A
2729
+ fix_template: |-
2730
+ Build may resolve insecure transitive versions unexpectedly.
2731
+ pattern-either:
2732
+ - pattern: |-
2733
+ npm install --legacy-peer-deps
2734
+ - pattern-regex: 'Vulnerable:\\s*FR\\-152\\b'
2735
+ message: |-
2736
+ RunSec Detection [FR-152]: CWE-1104
2737
+ languages:
2738
+ - generic
2739
+ severity: WARNING
2740
+ - id: runsec.frontend-react.fr-153
2741
+ metadata:
2742
+ runsec_version: v1.0
2743
+ confidence: |-
2744
+ 0.9
2745
+ exploit_scenario: |-
2746
+ N/A
2747
+ fix_template: |-
2748
+ Vulnerable transitive dependency remains unresolved in build graph.
2749
+ pattern-either:
2750
+ - pattern: |-
2751
+ overrides: {}
2752
+ - pattern-regex: 'Vulnerable:\\s*FR\\-153\\b'
2753
+ message: |-
2754
+ RunSec Detection [FR-153]: CWE-1104
2755
+ languages:
2756
+ - generic
2757
+ severity: WARNING
2758
+ - id: runsec.frontend-react.fr-154
2759
+ metadata:
2760
+ runsec_version: v1.0
2761
+ confidence: |-
2762
+ 0.9
2763
+ exploit_scenario: |-
2764
+ N/A
2765
+ fix_template: |-
2766
+ Known bypass in abandoned sanitizer allows XSS payloads.
2767
+ pattern-either:
2768
+ - pattern: |-
2769
+ import sanitize from "legacy-sanitize"
2770
+ - pattern-regex: 'Vulnerable:\\s*FR\\-154\\b'
2771
+ message: |-
2772
+ RunSec Detection [FR-154]: CWE-1104
2773
+ languages:
2774
+ - generic
2775
+ severity: WARNING
2776
+ - id: runsec.frontend-react.fr-155
2777
+ metadata:
2778
+ runsec_version: v1.0
2779
+ confidence: |-
2780
+ 0.9
2781
+ exploit_scenario: |-
2782
+ "https://remote.example.com/remoteEntry.js"
2783
+ fix_template: |-
2784
+ N/A
2785
+ pattern-either:
2786
+ - pattern: |-
2787
+ const remote = env.REMOTE
2788
+ - pattern-regex: 'Vulnerable:\\s*FR\\-155\\b'
2789
+ message: |-
2790
+ RunSec Detection [FR-155]: const remote = env.REMOTE
2791
+ languages:
2792
+ - generic
2793
+ severity: WARNING
2794
+ - id: runsec.frontend-react.fr-156
2795
+ metadata:
2796
+ runsec_version: v1.0
2797
+ confidence: |-
2798
+ 0.9
2799
+ exploit_scenario: |-
2800
+ N/A
2801
+ fix_template: |-
2802
+ User-controlled scope accesses unexpected global remote containers.
2803
+ pattern-either:
2804
+ - pattern: |-
2805
+ const scope = search.get("scope"); window[scope!].get("./App")
2806
+ - pattern-regex: 'Vulnerable:\\s*FR\\-156\\b'
2807
+ message: |-
2808
+ RunSec Detection [FR-156]: CWE-1329
2809
+ languages:
2810
+ - generic
2811
+ severity: WARNING
2812
+ - id: runsec.frontend-react.fr-157
2813
+ metadata:
2814
+ runsec_version: v1.0
2815
+ confidence: |-
2816
+ 0.9
2817
+ exploit_scenario: |-
2818
+ N/A
2819
+ fix_template: |-
2820
+ Global module registry exposure aids runtime tampering.
2821
+ pattern-either:
2822
+ - pattern: |-
2823
+ window.__MODULES__ = __webpack_modules__
2824
+ - pattern-regex: 'Vulnerable:\\s*FR\\-157\\b'
2825
+ message: |-
2826
+ RunSec Detection [FR-157]: CWE-489
2827
+ languages:
2828
+ - generic
2829
+ severity: WARNING
2830
+ - id: runsec.frontend-react.fr-158
2831
+ metadata:
2832
+ runsec_version: v1.0
2833
+ confidence: |-
2834
+ 0.9
2835
+ exploit_scenario: |-
2836
+ N/A
2837
+ fix_template: |-
2838
+ Action logs can include tokens, PII, and secrets.
2839
+ pattern-either:
2840
+ - pattern: |-
2841
+ console.log("action", action)
2842
+ - pattern-regex: 'Vulnerable:\\s*FR\\-158\\b'
2843
+ message: |-
2844
+ RunSec Detection [FR-158]: CWE-489
2845
+ languages:
2846
+ - generic
2847
+ severity: WARNING
2848
+ - id: runsec.frontend-react.fr-159
2849
+ metadata:
2850
+ runsec_version: v1.0
2851
+ confidence: |-
2852
+ 0.9
2853
+ exploit_scenario: |-
2854
+ N/A
2855
+ fix_template: |-
2856
+ Global error object reveals internals and runtime secrets.
2857
+ pattern-either:
2858
+ - pattern: |-
2859
+ window.lastError = error
2860
+ - pattern-regex: 'Vulnerable:\\s*FR\\-159\\b'
2861
+ message: |-
2862
+ RunSec Detection [FR-159]: CWE-489
2863
+ languages:
2864
+ - generic
2865
+ severity: WARNING
2866
+ - id: runsec.frontend-react.fr-160
2867
+ metadata:
2868
+ runsec_version: v1.0
2869
+ confidence: |-
2870
+ 0.9
2871
+ exploit_scenario: |-
2872
+ N/A
2873
+ fix_template: |-
2874
+ User-accessible mock mode can bypass real security controls.
2875
+ pattern-either:
2876
+ - pattern: |-
2877
+ if (search.get("mock") === "1") useMockApi()
2878
+ - pattern-regex: 'Vulnerable:\\s*FR\\-160\\b'
2879
+ message: |-
2880
+ RunSec Detection [FR-160]: CWE-489
2881
+ languages:
2882
+ - generic
2883
+ severity: WARNING
2884
+ - id: runsec.frontend-react.fr-161
2885
+ metadata:
2886
+ runsec_version: v1.0
2887
+ confidence: |-
2888
+ 0.9
2889
+ exploit_scenario: |-
2890
+ N/A
2891
+ fix_template: |-
2892
+ Untrusted registry metadata drives risky dependency decisions.
2893
+ pattern-either:
2894
+ - pattern: |-
2895
+ fetch(search.get("registry") + "/pkg/meta")
2896
+ - pattern-regex: 'Vulnerable:\\s*FR\\-161\\b'
2897
+ message: |-
2898
+ RunSec Detection [FR-161]: CWE-1104
2899
+ languages:
2900
+ - generic
2901
+ severity: WARNING
2902
+ - id: runsec.frontend-react.fr-162
2903
+ metadata:
2904
+ runsec_version: v1.0
2905
+ confidence: |-
2906
+ 0.9
2907
+ exploit_scenario: |-
2908
+ N/A
2909
+ fix_template: |-
2910
+ Unsigned updates allow supply chain takeover of plugin runtime.
2911
+ pattern-either:
2912
+ - pattern: |-
2913
+ installPlugin(update.url)
2914
+ - pattern-regex: 'Vulnerable:\\s*FR\\-162\\b'
2915
+ message: |-
2916
+ RunSec Detection [FR-162]: CWE-1104
2917
+ languages:
2918
+ - generic
2919
+ severity: WARNING
2920
+ - id: runsec.frontend-react.fr-163
2921
+ metadata:
2922
+ runsec_version: v1.0
2923
+ confidence: |-
2924
+ 0.9
2925
+ exploit_scenario: |-
2926
+ N/A
2927
+ fix_template: |-
2928
+ Untrusted package name controls loaded runtime dependency.
2929
+ pattern-either:
2930
+ - pattern: |-
2931
+ const mod = require(userPkg)
2932
+ - pattern-regex: 'Vulnerable:\\s*FR\\-163\\b'
2933
+ message: |-
2934
+ RunSec Detection [FR-163]: CWE-1329
2935
+ languages:
2936
+ - generic
2937
+ severity: WARNING
2938
+ - id: runsec.frontend-react.fr-164
2939
+ metadata:
2940
+ runsec_version: v1.0
2941
+ confidence: |-
2942
+ 0.9
2943
+ exploit_scenario: |-
2944
+ N/A
2945
+ fix_template: |-
2946
+ Production banner leaks CI/env internals and sensitive values.
2947
+ pattern-either:
2948
+ - pattern: |-
2949
+ window.__BUILD_INFO__ = process.env
2950
+ - pattern-regex: 'Vulnerable:\\s*FR\\-164\\b'
2951
+ message: |-
2952
+ RunSec Detection [FR-164]: CWE-489
2953
+ languages:
2954
+ - generic
2955
+ severity: WARNING
2956
+ - id: runsec.frontend-react.fr-165
2957
+ metadata:
2958
+ runsec_version: v1.0
2959
+ confidence: |-
2960
+ 0.9
2961
+ exploit_scenario: |-
2962
+ N/A
2963
+ fix_template: |-
2964
+ Untrusted lifecycle scripts execute during dependency installation.
2965
+ pattern-either:
2966
+ - pattern: |-
2967
+ "postinstall": "node scripts/postinstall.js"
2968
+ - pattern-regex: 'Vulnerable:\\s*FR\\-165\\b'
2969
+ message: |-
2970
+ RunSec Detection [FR-165]: CWE-1104
2971
+ languages:
2972
+ - generic
2973
+ severity: WARNING
2974
+ - id: runsec.frontend-react.fr-166
2975
+ metadata:
2976
+ runsec_version: v1.0
2977
+ confidence: |-
2978
+ 0.9
2979
+ exploit_scenario: |-
2980
+ N/A
2981
+ fix_template: |-
2982
+ Version mismatch permits unsafe runtime behavior and gadget injection.
2983
+ pattern-either:
2984
+ - pattern: |-
2985
+ shared: { react: { requiredVersion: false } }
2986
+ - pattern-regex: 'Vulnerable:\\s*FR\\-166\\b'
2987
+ message: |-
2988
+ RunSec Detection [FR-166]: CWE-1329
2989
+ languages:
2990
+ - generic
2991
+ severity: WARNING
2992
+ - id: runsec.frontend-react.fr-167
2993
+ metadata:
2994
+ runsec_version: v1.0
2995
+ confidence: |-
2996
+ 0.9
2997
+ exploit_scenario: |-
2998
+ N/A
2999
+ fix_template: |-
3000
+ Public debug API leaks sensitive runtime state to scripts/extensions.
3001
+ pattern-either:
3002
+ - pattern: |-
3003
+ window.debugEnv = () => ({ token, profile, flags })
3004
+ - pattern-regex: 'Vulnerable:\\s*FR\\-167\\b'
3005
+ message: |-
3006
+ RunSec Detection [FR-167]: CWE-489
3007
+ languages:
3008
+ - generic
3009
+ severity: WARNING
3010
+ - id: runsec.frontend-react.fr-168
3011
+ metadata:
3012
+ runsec_version: v1.0
3013
+ confidence: |-
3014
+ 0.9
3015
+ exploit_scenario: |-
3016
+ N/A
3017
+ fix_template: |-
3018
+ Alias forces known-vulnerable package into final artifact.
3019
+ pattern-either:
3020
+ - pattern: |-
3021
+ resolve.alias = { "crypto-lib": "crypto-lib-legacy" }
3022
+ - pattern-regex: 'Vulnerable:\\s*FR\\-168\\b'
3023
+ message: |-
3024
+ RunSec Detection [FR-168]: CWE-1104
3025
+ languages:
3026
+ - generic
3027
+ severity: WARNING
3028
+ - id: runsec.frontend-react.fr-169
3029
+ metadata:
3030
+ runsec_version: v1.0
3031
+ confidence: |-
3032
+ 0.9
3033
+ exploit_scenario: |-
3034
+ N/A
3035
+ fix_template: |-
3036
+ Remote script executes with full app privileges and shared globals.
3037
+ pattern-either:
3038
+ - pattern: |-
3039
+ sandbox: false
3040
+ - pattern-regex: 'Vulnerable:\\s*FR\\-169\\b'
3041
+ message: |-
3042
+ RunSec Detection [FR-169]: CWE-1329
3043
+ languages:
3044
+ - generic
3045
+ severity: WARNING
3046
+ - id: runsec.frontend-react.fr-170
3047
+ metadata:
3048
+ runsec_version: v1.0
3049
+ confidence: |-
3050
+ 0.9
3051
+ exploit_scenario: |-
3052
+ N/A
3053
+ fix_template: |-
3054
+ Massive global state leak includes sensitive internals and tokens.
3055
+ pattern-either:
3056
+ - pattern: |-
3057
+ telemetry.send({ state: window })
3058
+ - pattern-regex: 'Vulnerable:\\s*FR\\-170\\b'
3059
+ message: |-
3060
+ RunSec Detection [FR-170]: CWE-489
3061
+ languages:
3062
+ - generic
3063
+ severity: WARNING
3064
+ - id: runsec.frontend-react.fr-171
3065
+ metadata:
3066
+ runsec_version: v1.0
3067
+ confidence: |-
3068
+ 0.9
3069
+ exploit_scenario: |-
3070
+ N/A
3071
+ fix_template: |-
3072
+ Deprecated packages remain in auth/payment critical execution paths.
3073
+ pattern-either:
3074
+ - pattern: |-
3075
+ "allowDeprecated": true
3076
+ - pattern-regex: 'Vulnerable:\\s*FR\\-171\\b'
3077
+ message: |-
3078
+ RunSec Detection [FR-171]: CWE-1104
3079
+ languages:
3080
+ - generic
3081
+ severity: WARNING
3082
+ - id: runsec.frontend-react.fr-172
3083
+ metadata:
3084
+ runsec_version: v1.0
3085
+ confidence: |-
3086
+ 0.9
3087
+ exploit_scenario: |-
3088
+ N/A
3089
+ fix_template: |-
3090
+ Prefetch hint service controls executable module source.
3091
+ pattern-either:
3092
+ - pattern: |-
3093
+ const hint = await fetch(search.get("hint")!).then(r=>r.text()); import(hint)
3094
+ - pattern-regex: 'Vulnerable:\\s*FR\\-172\\b'
3095
+ message: |-
3096
+ RunSec Detection [FR-172]: CWE-1329
3097
+ languages:
3098
+ - generic
3099
+ severity: WARNING
3100
+ - id: runsec.frontend-react.fr-173
3101
+ metadata:
3102
+ runsec_version: v1.0
3103
+ confidence: |-
3104
+ 0.9
3105
+ exploit_scenario: |-
3106
+ N/A
3107
+ fix_template: |-
3108
+ Internal debugging UI reachable in production surface.
3109
+ pattern-either:
3110
+ - pattern: |-
3111
+ {showDebug && <InternalDebugConsole />}
3112
+ - pattern-regex: 'Vulnerable:\\s*FR\\-173\\b'
3113
+ message: |-
3114
+ RunSec Detection [FR-173]: CWE-489
3115
+ languages:
3116
+ - generic
3117
+ severity: WARNING
3118
+ - id: runsec.frontend-react.fr-174
3119
+ metadata:
3120
+ runsec_version: v1.0
3121
+ confidence: |-
3122
+ 0.9
3123
+ exploit_scenario: |-
3124
+ N/A
3125
+ fix_template: |-
3126
+ Broad semver range may pull vulnerable transitive release.
3127
+ pattern-either:
3128
+ - pattern: |-
3129
+ "secure-client-crypto": "^1.0.0"
3130
+ - pattern-regex: 'Vulnerable:\\s*FR\\-174\\b'
3131
+ message: |-
3132
+ RunSec Detection [FR-174]: CWE-1104
3133
+ languages:
3134
+ - generic
3135
+ severity: WARNING
3136
+ - id: runsec.frontend-react.fr-175
3137
+ metadata:
3138
+ runsec_version: v1.0
3139
+ confidence: |-
3140
+ 0.9
3141
+ exploit_scenario: |-
3142
+ N/A
3143
+ fix_template: |-
3144
+ Message can be delivered to untrusted window contexts.
3145
+ pattern-either:
3146
+ - pattern: |-
3147
+ window.postMessage(payload, "*")
3148
+ - pattern-regex: 'Vulnerable:\\s*FR\\-175\\b'
3149
+ message: |-
3150
+ RunSec Detection [FR-175]: CWE-346
3151
+ languages:
3152
+ - generic
3153
+ severity: WARNING
3154
+ - id: runsec.frontend-react.fr-176
3155
+ metadata:
3156
+ runsec_version: v1.0
3157
+ confidence: |-
3158
+ 0.9
3159
+ exploit_scenario: |-
3160
+ N/A
3161
+ fix_template: |-
3162
+ Sensitive data sent to unknown parent/origin.
3163
+ pattern-either:
3164
+ - pattern: |-
3165
+ window.opener?.postMessage(tokenRef, "*")
3166
+ - pattern-regex: 'Vulnerable:\\s*FR\\-176\\b'
3167
+ message: |-
3168
+ RunSec Detection [FR-176]: CWE-346
3169
+ languages:
3170
+ - generic
3171
+ severity: WARNING
3172
+ - id: runsec.frontend-react.fr-177
3173
+ metadata:
3174
+ runsec_version: v1.0
3175
+ confidence: |-
3176
+ 0.9
3177
+ exploit_scenario: |-
3178
+ N/A
3179
+ fix_template: |-
3180
+ Any origin can inject control messages.
3181
+ pattern-either:
3182
+ - pattern: |-
3183
+ window.addEventListener("message", e => handle(e.data))
3184
+ - pattern-regex: 'Vulnerable:\\s*FR\\-177\\b'
3185
+ message: |-
3186
+ RunSec Detection [FR-177]: CWE-346
3187
+ languages:
3188
+ - generic
3189
+ severity: WARNING
3190
+ - id: runsec.frontend-react.fr-178
3191
+ metadata:
3192
+ runsec_version: v1.0
3193
+ confidence: |-
3194
+ 0.9
3195
+ exploit_scenario: |-
3196
+ N/A
3197
+ fix_template: |-
3198
+ Type check alone does not guarantee trusted sender.
3199
+ pattern-either:
3200
+ - pattern: |-
3201
+ if (e.data?.type === "AUTH") setAuth(e.data.token)
3202
+ - pattern-regex: 'Vulnerable:\\s*FR\\-178\\b'
3203
+ message: |-
3204
+ RunSec Detection [FR-178]: CWE-346
3205
+ languages:
3206
+ - generic
3207
+ severity: WARNING
3208
+ - id: runsec.frontend-react.fr-179
3209
+ metadata:
3210
+ runsec_version: v1.0
3211
+ confidence: |-
3212
+ 0.9
3213
+ exploit_scenario: |-
3214
+ N/A
3215
+ fix_template: |-
3216
+ URL parameter controls cross-origin message channel.
3217
+ pattern-either:
3218
+ - pattern: |-
3219
+ target.postMessage(search.get("msg"), "*")
3220
+ - pattern-regex: 'Vulnerable:\\s*FR\\-179\\b'
3221
+ message: |-
3222
+ RunSec Detection [FR-179]: CWE-346
3223
+ languages:
3224
+ - generic
3225
+ severity: WARNING
3226
+ - id: runsec.frontend-react.fr-180
3227
+ metadata:
3228
+ runsec_version: v1.0
3229
+ confidence: |-
3230
+ 0.9
3231
+ exploit_scenario: |-
3232
+ CWE-346
3233
+ fix_template: |-
3234
+ TypeScript/React
3235
+ pattern-either:
3236
+ - pattern: |-
3237
+ new BroadcastChannel(search.get("ch")
3238
+ - pattern-regex: 'Vulnerable:\\s*FR\\-180\\b'
3239
+ message: |-
3240
+ RunSec Detection [FR-180]: new BroadcastChannel(allowlistedChannel(search.get("ch")))
3241
+ languages:
3242
+ - generic
3243
+ severity: WARNING
3244
+ - id: runsec.frontend-react.fr-181
3245
+ metadata:
3246
+ runsec_version: v1.0
3247
+ confidence: |-
3248
+ 0.9
3249
+ exploit_scenario: |-
3250
+ N/A
3251
+ fix_template: |-
3252
+ Command/control data can leak to attacker iframe.
3253
+ pattern-either:
3254
+ - pattern: |-
3255
+ iframe.contentWindow?.postMessage(cmd, originFromUser)
3256
+ - pattern-regex: 'Vulnerable:\\s*FR\\-181\\b'
3257
+ message: |-
3258
+ RunSec Detection [FR-181]: CWE-346
3259
+ languages:
3260
+ - generic
3261
+ severity: WARNING
3262
+ - id: runsec.frontend-react.fr-182
3263
+ metadata:
3264
+ runsec_version: v1.0
3265
+ confidence: |-
3266
+ 0.9
3267
+ exploit_scenario: |-
3268
+ CWE-346
3269
+ fix_template: |-
3270
+ TypeScript/React
3271
+ pattern-either:
3272
+ - pattern: |-
3273
+ if (e.source === iframe.contentWindow) handle(e.data)
3274
+ - pattern-regex: 'Vulnerable:\\s*FR\\-182\\b'
3275
+ message: |-
3276
+ RunSec Detection [FR-182]: e.origin !== TRUSTED_IFRAME_ORIGIN) return; handle(e.data)
3277
+ languages:
3278
+ - generic
3279
+ severity: WARNING
3280
+ - id: runsec.frontend-react.fr-183
3281
+ metadata:
3282
+ runsec_version: v1.0
3283
+ confidence: |-
3284
+ 0.9
3285
+ exploit_scenario: |-
3286
+ N/A
3287
+ fix_template: |-
3288
+ Untrusted clients can invoke privileged SW actions.
3289
+ pattern-either:
3290
+ - pattern: |-
3291
+ self.addEventListener("message", e => process(e.data))
3292
+ - pattern-regex: 'Vulnerable:\\s*FR\\-183\\b'
3293
+ message: |-
3294
+ RunSec Detection [FR-183]: CWE-346
3295
+ languages:
3296
+ - generic
3297
+ severity: WARNING
3298
+ - id: runsec.frontend-react.fr-184
3299
+ metadata:
3300
+ runsec_version: v1.0
3301
+ confidence: |-
3302
+ 0.9
3303
+ exploit_scenario: |-
3304
+ N/A
3305
+ fix_template: |-
3306
+ Missing nonce binding enables message replay/spoof.
3307
+ pattern-either:
3308
+ - pattern: |-
3309
+ popup.postMessage({ token }, TRUSTED_ORIGIN)
3310
+ - pattern-regex: 'Vulnerable:\\s*FR\\-184\\b'
3311
+ message: |-
3312
+ RunSec Detection [FR-184]: CWE-346
3313
+ languages:
3314
+ - generic
3315
+ severity: WARNING
3316
+ - id: runsec.frontend-react.fr-185
3317
+ metadata:
3318
+ runsec_version: v1.0
3319
+ confidence: |-
3320
+ 0.9
3321
+ exploit_scenario: |-
3322
+ N/A
3323
+ fix_template: |-
3324
+ Plaintext websocket allows interception and tampering.
3325
+ pattern-either:
3326
+ - pattern: |-
3327
+ new WebSocket("ws://api.example.com/realtime")
3328
+ - pattern-regex: 'Vulnerable:\\s*FR\\-185\\b'
3329
+ message: |-
3330
+ RunSec Detection [FR-185]: CWE-319
3331
+ languages:
3332
+ - generic
3333
+ severity: WARNING
3334
+ - id: runsec.frontend-react.fr-186
3335
+ metadata:
3336
+ runsec_version: v1.0
3337
+ confidence: |-
3338
+ 0.9
3339
+ exploit_scenario: |-
3340
+ N/A
3341
+ fix_template: |-
3342
+ Mixed transport conversion downgrades confidentiality.
3343
+ pattern-either:
3344
+ - pattern: |-
3345
+ const ws = apiBase.replace("http://","ws://")
3346
+ - pattern-regex: 'Vulnerable:\\s*FR\\-186\\b'
3347
+ message: |-
3348
+ RunSec Detection [FR-186]: CWE-319
3349
+ languages:
3350
+ - generic
3351
+ severity: WARNING
3352
+ - id: runsec.frontend-react.fr-187
3353
+ metadata:
3354
+ runsec_version: v1.0
3355
+ confidence: |-
3356
+ 0.9
3357
+ exploit_scenario: |-
3358
+ N/A
3359
+ fix_template: |-
3360
+ Browser mixed-content request exposes sensitive data.
3361
+ pattern-either:
3362
+ - pattern: |-
3363
+ fetch("http://api.example.com/v1/profile")
3364
+ - pattern-regex: 'Vulnerable:\\s*FR\\-187\\b'
3365
+ message: |-
3366
+ RunSec Detection [FR-187]: CWE-319
3367
+ languages:
3368
+ - generic
3369
+ severity: WARNING
3370
+ - id: runsec.frontend-react.fr-188
3371
+ metadata:
3372
+ runsec_version: v1.0
3373
+ confidence: |-
3374
+ 0.9
3375
+ exploit_scenario: |-
3376
+ N/A
3377
+ fix_template: |-
3378
+ Request credentials and payload traverse plaintext transport.
3379
+ pattern-either:
3380
+ - pattern: |-
3381
+ axios.create({ baseURL: "http://api.internal" })
3382
+ - pattern-regex: 'Vulnerable:\\s*FR\\-188\\b'
3383
+ message: |-
3384
+ RunSec Detection [FR-188]: CWE-319
3385
+ languages:
3386
+ - generic
3387
+ severity: WARNING
3388
+ - id: runsec.frontend-react.fr-189
3389
+ metadata:
3390
+ runsec_version: v1.0
3391
+ confidence: |-
3392
+ 0.9
3393
+ exploit_scenario: |-
3394
+ N/A
3395
+ fix_template: |-
3396
+ Messaging session vulnerable to MitM and replay.
3397
+ pattern-either:
3398
+ - pattern: |-
3399
+ new SockJS("http://api.example.com/stomp")
3400
+ - pattern-regex: 'Vulnerable:\\s*FR\\-189\\b'
3401
+ message: |-
3402
+ RunSec Detection [FR-189]: CWE-319
3403
+ languages:
3404
+ - generic
3405
+ severity: WARNING
3406
+ - id: runsec.frontend-react.fr-190
3407
+ metadata:
3408
+ runsec_version: v1.0
3409
+ confidence: |-
3410
+ 0.9
3411
+ exploit_scenario: |-
3412
+ "https://api.example.com"
3413
+ fix_template: |-
3414
+ N/A
3415
+ pattern-either:
3416
+ - pattern: |-
3417
+ const endpoint = env.API_URL
3418
+ - pattern-regex: 'Vulnerable:\\s*FR\\-190\\b'
3419
+ message: |-
3420
+ RunSec Detection [FR-190]: const endpoint = env.API_URL
3421
+ languages:
3422
+ - generic
3423
+ severity: WARNING
3424
+ - id: runsec.frontend-react.fr-191
3425
+ metadata:
3426
+ runsec_version: v1.0
3427
+ confidence: |-
3428
+ 0.9
3429
+ exploit_scenario: |-
3430
+ N/A
3431
+ fix_template: |-
3432
+ GraphQL queries/mutations exposed over plaintext channel.
3433
+ pattern-either:
3434
+ - pattern: |-
3435
+ new ApolloClient({ uri: "http://api.example.com/graphql" })
3436
+ - pattern-regex: 'Vulnerable:\\s*FR\\-191\\b'
3437
+ message: |-
3438
+ RunSec Detection [FR-191]: CWE-319
3439
+ languages:
3440
+ - generic
3441
+ severity: WARNING
3442
+ - id: runsec.frontend-react.fr-192
3443
+ metadata:
3444
+ runsec_version: v1.0
3445
+ confidence: |-
3446
+ 0.9
3447
+ exploit_scenario: |-
3448
+ N/A
3449
+ fix_template: |-
3450
+ Helper forces insecure transport for sensitive requests.
3451
+ pattern-either:
3452
+ - pattern: |-
3453
+ url.replace("https://", "http://")
3454
+ - pattern-regex: 'Vulnerable:\\s*FR\\-192\\b'
3455
+ message: |-
3456
+ RunSec Detection [FR-192]: CWE-319
3457
+ languages:
3458
+ - generic
3459
+ severity: WARNING
3460
+ - id: runsec.frontend-react.fr-193
3461
+ metadata:
3462
+ runsec_version: v1.0
3463
+ confidence: |-
3464
+ 0.9
3465
+ exploit_scenario: |-
3466
+ N/A
3467
+ fix_template: |-
3468
+ SSE payload may leak in transit under network attacker.
3469
+ pattern-either:
3470
+ - pattern: |-
3471
+ new EventSource("http://api.example.com/events")
3472
+ - pattern-regex: 'Vulnerable:\\s*FR\\-193\\b'
3473
+ message: |-
3474
+ RunSec Detection [FR-193]: CWE-319
3475
+ languages:
3476
+ - generic
3477
+ severity: WARNING
3478
+ - id: runsec.frontend-react.fr-194
3479
+ metadata:
3480
+ runsec_version: v1.0
3481
+ confidence: |-
3482
+ 0.9
3483
+ exploit_scenario: |-
3484
+ N/A
3485
+ fix_template: |-
3486
+ gRPC-web metadata/payload sent over unencrypted channel.
3487
+ pattern-either:
3488
+ - pattern: |-
3489
+ createGrpcClient("http://api.example.com")
3490
+ - pattern-regex: 'Vulnerable:\\s*FR\\-194\\b'
3491
+ message: |-
3492
+ RunSec Detection [FR-194]: CWE-319
3493
+ languages:
3494
+ - generic
3495
+ severity: WARNING
3496
+ - id: runsec.frontend-react.fr-195
3497
+ metadata:
3498
+ runsec_version: v1.0
3499
+ confidence: |-
3500
+ 0.9
3501
+ exploit_scenario: |-
3502
+ N/A
3503
+ fix_template: |-
3504
+ Weak hash enables collision/forgery in integrity checks.
3505
+ pattern-either:
3506
+ - pattern: |-
3507
+ const digest = md5(value)
3508
+ - pattern-regex: 'Vulnerable:\\s*FR\\-195\\b'
3509
+ message: |-
3510
+ RunSec Detection [FR-195]: CWE-916
3511
+ languages:
3512
+ - generic
3513
+ severity: WARNING
3514
+ - id: runsec.frontend-react.fr-196
3515
+ metadata:
3516
+ runsec_version: v1.0
3517
+ confidence: |-
3518
+ 0.9
3519
+ exploit_scenario: |-
3520
+ N/A
3521
+ fix_template: |-
3522
+ SHA1 no longer adequate for security-sensitive hashing.
3523
+ pattern-either:
3524
+ - pattern: |-
3525
+ const sig = sha1(payload)
3526
+ - pattern-regex: 'Vulnerable:\\s*FR\\-196\\b'
3527
+ message: |-
3528
+ RunSec Detection [FR-196]: CWE-916
3529
+ languages:
3530
+ - generic
3531
+ severity: WARNING
3532
+ - id: runsec.frontend-react.fr-197
3533
+ metadata:
3534
+ runsec_version: v1.0
3535
+ confidence: |-
3536
+ 0.9
3537
+ exploit_scenario: |-
3538
+ N/A
3539
+ fix_template: |-
3540
+ Unsalted hashes vulnerable to rainbow/precomputation attacks.
3541
+ pattern-either:
3542
+ - pattern: |-
3543
+ const h = sha256(password)
3544
+ - pattern-regex: 'Vulnerable:\\s*FR\\-197\\b'
3545
+ message: |-
3546
+ RunSec Detection [FR-197]: CWE-916
3547
+ languages:
3548
+ - generic
3549
+ severity: WARNING
3550
+ - id: runsec.frontend-react.fr-198
3551
+ metadata:
3552
+ runsec_version: v1.0
3553
+ confidence: |-
3554
+ 0.9
3555
+ exploit_scenario: |-
3556
+ N/A
3557
+ fix_template: |-
3558
+ Shared salt undermines hash hardening effectiveness.
3559
+ pattern-either:
3560
+ - pattern: |-
3561
+ const salt = "global-salt"
3562
+ - pattern-regex: 'Vulnerable:\\s*FR\\-198\\b'
3563
+ message: |-
3564
+ RunSec Detection [FR-198]: CWE-916
3565
+ languages:
3566
+ - generic
3567
+ severity: WARNING
3568
+ - id: runsec.frontend-react.fr-199
3569
+ metadata:
3570
+ runsec_version: v1.0
3571
+ confidence: |-
3572
+ 0.9
3573
+ exploit_scenario: |-
3574
+ N/A
3575
+ fix_template: |-
3576
+ MD5 integrity marker can be forged via collisions.
3577
+ pattern-either:
3578
+ - pattern: |-
3579
+ CryptoJS.MD5(sessionJson).toString()
3580
+ - pattern-regex: 'Vulnerable:\\s*FR\\-199\\b'
3581
+ message: |-
3582
+ RunSec Detection [FR-199]: CWE-916
3583
+ languages:
3584
+ - generic
3585
+ severity: WARNING
3586
+ - id: runsec.frontend-react.fr-200
3587
+ metadata:
3588
+ runsec_version: v1.0
3589
+ confidence: |-
3590
+ 0.9
3591
+ exploit_scenario: |-
3592
+ N/A
3593
+ fix_template: |-
3594
+ Low iteration KDF allows faster brute-force attacks.
3595
+ pattern-either:
3596
+ - pattern: |-
3597
+ pbkdf2(password, salt, 1000)
3598
+ - pattern-regex: 'Vulnerable:\\s*FR\\-200\\b'
3599
+ message: |-
3600
+ RunSec Detection [FR-200]: CWE-916
3601
+ languages:
3602
+ - generic
3603
+ severity: WARNING
3604
+ - id: runsec.frontend-react.fr-201
3605
+ metadata:
3606
+ runsec_version: v1.0
3607
+ confidence: |-
3608
+ 0.9
3609
+ exploit_scenario: |-
3610
+ N/A
3611
+ fix_template: |-
3612
+ Predictable entropy reduces resistance to guessing.
3613
+ pattern-either:
3614
+ - pattern: |-
3615
+ const digest = sha256(value + Math.random())
3616
+ - pattern-regex: 'Vulnerable:\\s*FR\\-201\\b'
3617
+ message: |-
3618
+ RunSec Detection [FR-201]: CWE-916
3619
+ languages:
3620
+ - generic
3621
+ severity: WARNING
3622
+ - id: runsec.frontend-react.fr-202
3623
+ metadata:
3624
+ runsec_version: v1.0
3625
+ confidence: |-
3626
+ 0.9
3627
+ exploit_scenario: |-
3628
+ N/A
3629
+ fix_template: |-
3630
+ Short digest truncation weakens collision resistance.
3631
+ pattern-either:
3632
+ - pattern: |-
3633
+ const sig = sha256(data).slice(0, 8)
3634
+ - pattern-regex: 'Vulnerable:\\s*FR\\-202\\b'
3635
+ message: |-
3636
+ RunSec Detection [FR-202]: CWE-916
3637
+ languages:
3638
+ - generic
3639
+ severity: WARNING
3640
+ - id: runsec.frontend-react.fr-203
3641
+ metadata:
3642
+ runsec_version: v1.0
3643
+ confidence: |-
3644
+ 0.9
3645
+ exploit_scenario: |-
3646
+ N/A
3647
+ fix_template: |-
3648
+ Weak hash verifier allows offline cracking and bypass attempts.
3649
+ pattern-either:
3650
+ - pattern: |-
3651
+ if (md5(input) === storedHash) allow()
3652
+ - pattern-regex: 'Vulnerable:\\s*FR\\-203\\b'
3653
+ message: |-
3654
+ RunSec Detection [FR-203]: CWE-916
3655
+ languages:
3656
+ - generic
3657
+ severity: WARNING
3658
+ - id: runsec.frontend-react.fr-204
3659
+ metadata:
3660
+ runsec_version: v1.0
3661
+ confidence: |-
3662
+ 0.9
3663
+ exploit_scenario: |-
3664
+ CWE-916
3665
+ fix_template: |-
3666
+ TypeScript/React
3667
+ pattern-either:
3668
+ - pattern: |-
3669
+ const alg = search.get("alg")
3670
+ - pattern-regex: 'Vulnerable:\\s*FR\\-204\\b'
3671
+ message: |-
3672
+ RunSec Detection [FR-204]: const alg = "sha256"; hashWith(alg, data)
3673
+ languages:
3674
+ - generic
3675
+ severity: WARNING
3676
+ - id: runsec.frontend-react.fr-205
3677
+ metadata:
3678
+ runsec_version: v1.0
3679
+ confidence: |-
3680
+ 0.9
3681
+ exploit_scenario: |-
3682
+ N/A
3683
+ fix_template: |-
3684
+ Detailed device fingerprint data exfiltrated externally.
3685
+ pattern-either:
3686
+ - pattern: |-
3687
+ telemetry.send({ ua: navigator.userAgent })
3688
+ - pattern-regex: 'Vulnerable:\\s*FR\\-205\\b'
3689
+ message: |-
3690
+ RunSec Detection [FR-205]: CWE-359
3691
+ languages:
3692
+ - generic
3693
+ severity: WARNING
3694
+ - id: runsec.frontend-react.fr-206
3695
+ metadata:
3696
+ runsec_version: v1.0
3697
+ confidence: |-
3698
+ 0.9
3699
+ exploit_scenario: |-
3700
+ N/A
3701
+ fix_template: |-
3702
+ High-entropy display attributes increase user re-identification.
3703
+ pattern-either:
3704
+ - pattern: |-
3705
+ telemetry.send({ w: screen.width, h: screen.height, depth: screen.colorDepth })
3706
+ - pattern-regex: 'Vulnerable:\\s*FR\\-206\\b'
3707
+ message: |-
3708
+ RunSec Detection [FR-206]: CWE-359
3709
+ languages:
3710
+ - generic
3711
+ severity: WARNING
3712
+ - id: runsec.frontend-react.fr-207
3713
+ metadata:
3714
+ runsec_version: v1.0
3715
+ confidence: |-
3716
+ 0.9
3717
+ exploit_scenario: |-
3718
+ N/A
3719
+ fix_template: |-
3720
+ Combined locale signals contribute to unique fingerprint profile.
3721
+ pattern-either:
3722
+ - pattern: |-
3723
+ send({ tz: Intl.DateTimeFormat().resolvedOptions().timeZone, lang: navigator.language })
3724
+ - pattern-regex: 'Vulnerable:\\s*FR\\-207\\b'
3725
+ message: |-
3726
+ RunSec Detection [FR-207]: CWE-359
3727
+ languages:
3728
+ - generic
3729
+ severity: WARNING
3730
+ - id: runsec.frontend-react.fr-208
3731
+ metadata:
3732
+ runsec_version: v1.0
3733
+ confidence: |-
3734
+ 0.9
3735
+ exploit_scenario: |-
3736
+ N/A
3737
+ fix_template: |-
3738
+ Battery characteristics create unstable but identifying fingerprint.
3739
+ pattern-either:
3740
+ - pattern: |-
3741
+ navigator.getBattery().then(b => send({ level: b.level, charging: b.charging }))
3742
+ - pattern-regex: 'Vulnerable:\\s*FR\\-208\\b'
3743
+ message: |-
3744
+ RunSec Detection [FR-208]: CWE-359
3745
+ languages:
3746
+ - generic
3747
+ severity: WARNING
3748
+ - id: runsec.frontend-react.fr-209
3749
+ metadata:
3750
+ runsec_version: v1.0
3751
+ confidence: |-
3752
+ 0.9
3753
+ exploit_scenario: |-
3754
+ N/A
3755
+ fix_template: |-
3756
+ Canvas hash is high-entropy tracking identifier.
3757
+ pattern-either:
3758
+ - pattern: |-
3759
+ const fp = canvasFingerprint(); send({ fp })
3760
+ - pattern-regex: 'Vulnerable:\\s*FR\\-209\\b'
3761
+ message: |-
3762
+ RunSec Detection [FR-209]: CWE-359
3763
+ languages:
3764
+ - generic
3765
+ severity: WARNING
3766
+ - id: runsec.frontend-react.fr-210
3767
+ metadata:
3768
+ runsec_version: v1.0
3769
+ confidence: |-
3770
+ 0.9
3771
+ exploit_scenario: |-
3772
+ N/A
3773
+ fix_template: |-
3774
+ GPU details materially increase tracking uniqueness.
3775
+ pattern-either:
3776
+ - pattern: |-
3777
+ send({ glVendor, glRenderer })
3778
+ - pattern-regex: 'Vulnerable:\\s*FR\\-210\\b'
3779
+ message: |-
3780
+ RunSec Detection [FR-210]: CWE-359
3781
+ languages:
3782
+ - generic
3783
+ severity: WARNING
3784
+ - id: runsec.frontend-react.fr-211
3785
+ metadata:
3786
+ runsec_version: v1.0
3787
+ confidence: |-
3788
+ 0.9
3789
+ exploit_scenario: |-
3790
+ N/A
3791
+ fix_template: |-
3792
+ Font probing reveals highly identifying client profile.
3793
+ pattern-either:
3794
+ - pattern: |-
3795
+ send({ fonts: detectedFonts })
3796
+ - pattern-regex: 'Vulnerable:\\s*FR\\-211\\b'
3797
+ message: |-
3798
+ RunSec Detection [FR-211]: CWE-359
3799
+ languages:
3800
+ - generic
3801
+ severity: WARNING
3802
+ - id: runsec.frontend-react.fr-212
3803
+ metadata:
3804
+ runsec_version: v1.0
3805
+ confidence: |-
3806
+ 0.9
3807
+ exploit_scenario: |-
3808
+ N/A
3809
+ fix_template: |-
3810
+ Plugin inventory contributes to persistent fingerprinting.
3811
+ pattern-either:
3812
+ - pattern: |-
3813
+ send({ plugins: navigator.plugins, mimes: navigator.mimeTypes })
3814
+ - pattern-regex: 'Vulnerable:\\s*FR\\-212\\b'
3815
+ message: |-
3816
+ RunSec Detection [FR-212]: CWE-359
3817
+ languages:
3818
+ - generic
3819
+ severity: WARNING
3820
+ - id: runsec.frontend-react.fr-213
3821
+ metadata:
3822
+ runsec_version: v1.0
3823
+ confidence: |-
3824
+ 0.9
3825
+ exploit_scenario: |-
3826
+ N/A
3827
+ fix_template: |-
3828
+ Hardware traits used for cross-session re-identification.
3829
+ pattern-either:
3830
+ - pattern: |-
3831
+ send({ hc: navigator.hardwareConcurrency, mem: navigator.deviceMemory })
3832
+ - pattern-regex: 'Vulnerable:\\s*FR\\-213\\b'
3833
+ message: |-
3834
+ RunSec Detection [FR-213]: CWE-359
3835
+ languages:
3836
+ - generic
3837
+ severity: WARNING
3838
+ - id: runsec.frontend-react.fr-214
3839
+ metadata:
3840
+ runsec_version: v1.0
3841
+ confidence: |-
3842
+ 0.9
3843
+ exploit_scenario: |-
3844
+ N/A
3845
+ fix_template: |-
3846
+ Network metrics can be combined into tracking signature.
3847
+ pattern-either:
3848
+ - pattern: |-
3849
+ send({ downlink: conn.downlink, rtt: conn.rtt, type: conn.effectiveType })
3850
+ - pattern-regex: 'Vulnerable:\\s*FR\\-214\\b'
3851
+ message: |-
3852
+ RunSec Detection [FR-214]: CWE-359
3853
+ languages:
3854
+ - generic
3855
+ severity: WARNING
3856
+ - id: runsec.frontend-react.fr-215
3857
+ metadata:
3858
+ runsec_version: v1.0
3859
+ confidence: |-
3860
+ 0.9
3861
+ exploit_scenario: |-
3862
+ N/A
3863
+ fix_template: |-
3864
+ Wildcard allowlist nullifies origin-based trust model.
3865
+ pattern-either:
3866
+ - pattern: |-
3867
+ if (allowed.includes("*")) handle(e.data)
3868
+ - pattern-regex: 'Vulnerable:\\s*FR\\-215\\b'
3869
+ message: |-
3870
+ RunSec Detection [FR-215]: CWE-346
3871
+ languages:
3872
+ - generic
3873
+ severity: WARNING
3874
+ - id: runsec.frontend-react.fr-216
3875
+ metadata:
3876
+ runsec_version: v1.0
3877
+ confidence: |-
3878
+ 0.9
3879
+ exploit_scenario: |-
3880
+ N/A
3881
+ fix_template: |-
3882
+ Trusted origin alone insufficient without payload contract checks.
3883
+ pattern-either:
3884
+ - pattern: |-
3885
+ if (e.origin===TRUSTED) execute(e.data)
3886
+ - pattern-regex: 'Vulnerable:\\s*FR\\-216\\b'
3887
+ message: |-
3888
+ RunSec Detection [FR-216]: CWE-346
3889
+ languages:
3890
+ - generic
3891
+ severity: WARNING
3892
+ - id: runsec.frontend-react.fr-217
3893
+ metadata:
3894
+ runsec_version: v1.0
3895
+ confidence: |-
3896
+ 0.9
3897
+ exploit_scenario: |-
3898
+ N/A
3899
+ fix_template: |-
3900
+ Tokenized identifiers exposed in plaintext telemetry beacon.
3901
+ pattern-either:
3902
+ - pattern: |-
3903
+ new Image().src = "http://metrics.example/collect?sid=" + sid
3904
+ - pattern-regex: 'Vulnerable:\\s*FR\\-217\\b'
3905
+ message: |-
3906
+ RunSec Detection [FR-217]: CWE-319
3907
+ languages:
3908
+ - generic
3909
+ severity: WARNING
3910
+ - id: runsec.frontend-react.fr-218
3911
+ metadata:
3912
+ runsec_version: v1.0
3913
+ confidence: |-
3914
+ 0.9
3915
+ exploit_scenario: |-
3916
+ N/A
3917
+ fix_template: |-
3918
+ Reconnect path silently downgrades transport security.
3919
+ pattern-either:
3920
+ - pattern: |-
3921
+ const wsUrl = secure ? "wss://api" : "ws://api"
3922
+ - pattern-regex: 'Vulnerable:\\s*FR\\-218\\b'
3923
+ message: |-
3924
+ RunSec Detection [FR-218]: CWE-319
3925
+ languages:
3926
+ - generic
3927
+ severity: WARNING
3928
+ - id: runsec.frontend-react.fr-219
3929
+ metadata:
3930
+ runsec_version: v1.0
3931
+ confidence: |-
3932
+ 0.9
3933
+ exploit_scenario: |-
3934
+ N/A
3935
+ fix_template: |-
3936
+ MD5 anti-tamper tag can be bypassed/collided.
3937
+ pattern-either:
3938
+ - pattern: |-
3939
+ if (md5(raw) !== tag) throw
3940
+ - pattern-regex: 'Vulnerable:\\s*FR\\-219\\b'
3941
+ message: |-
3942
+ RunSec Detection [FR-219]: CWE-916
3943
+ languages:
3944
+ - generic
3945
+ severity: WARNING
3946
+ - id: runsec.frontend-react.fr-220
3947
+ metadata:
3948
+ runsec_version: v1.0
3949
+ confidence: |-
3950
+ 0.9
3951
+ exploit_scenario: |-
3952
+ N/A
3953
+ fix_template: |-
3954
+ Shared constant salt weakens hash separation boundaries.
3955
+ pattern-either:
3956
+ - pattern: |-
3957
+ const SALT = "prod-salt-v1"
3958
+ - pattern-regex: 'Vulnerable:\\s*FR\\-220\\b'
3959
+ message: |-
3960
+ RunSec Detection [FR-220]: CWE-916
3961
+ languages:
3962
+ - generic
3963
+ severity: WARNING
3964
+ - id: runsec.frontend-react.fr-221
3965
+ metadata:
3966
+ runsec_version: v1.0
3967
+ confidence: |-
3968
+ 0.9
3969
+ exploit_scenario: |-
3970
+ N/A
3971
+ fix_template: |-
3972
+ Privacy-invasive fingerprint collection executed without consent.
3973
+ pattern-either:
3974
+ - pattern: |-
3975
+ collectFingerprintAndSend()
3976
+ - pattern-regex: 'Vulnerable:\\s*FR\\-221\\b'
3977
+ message: |-
3978
+ RunSec Detection [FR-221]: CWE-359
3979
+ languages:
3980
+ - generic
3981
+ severity: WARNING
3982
+ - id: runsec.frontend-react.fr-222
3983
+ metadata:
3984
+ runsec_version: v1.0
3985
+ confidence: |-
3986
+ 0.9
3987
+ exploit_scenario: |-
3988
+ N/A
3989
+ fix_template: |-
3990
+ External SDK stores high-entropy user fingerprint bundle.
3991
+ pattern-either:
3992
+ - pattern: |-
3993
+ sdk.track("fp", buildFingerprintBundle())
3994
+ - pattern-regex: 'Vulnerable:\\s*FR\\-222\\b'
3995
+ message: |-
3996
+ RunSec Detection [FR-222]: CWE-359
3997
+ languages:
3998
+ - generic
3999
+ severity: WARNING
4000
+ - id: runsec.frontend-react.fr-223
4001
+ metadata:
4002
+ runsec_version: v1.0
4003
+ confidence: |-
4004
+ 0.9
4005
+ exploit_scenario: |-
4006
+ N/A
4007
+ fix_template: |-
4008
+ Multi-signal bundle significantly raises re-identification risk.
4009
+ pattern-either:
4010
+ - pattern: |-
4011
+ send({ ua, battery, screen })
4012
+ - pattern-regex: 'Vulnerable:\\s*FR\\-223\\b'
4013
+ message: |-
4014
+ RunSec Detection [FR-223]: CWE-359
4015
+ languages:
4016
+ - generic
4017
+ severity: WARNING
4018
+ - id: runsec.frontend-react.fr-224
4019
+ metadata:
4020
+ runsec_version: v1.0
4021
+ confidence: |-
4022
+ 0.9
4023
+ exploit_scenario: |-
4024
+ N/A
4025
+ fix_template: |-
4026
+ Origin reflection can amplify malicious cross-window channels.
4027
+ pattern-either:
4028
+ - pattern: |-
4029
+ event.source?.postMessage(resp, event.origin)
4030
+ - pattern-regex: 'Vulnerable:\\s*FR\\-224\\b'
4031
+ message: |-
4032
+ RunSec Detection [FR-224]: CWE-346
4033
+ languages:
4034
+ - generic
4035
+ severity: WARNING