@surfinguard/core-engine 0.1.0 → 1.0.0

package/patterns/query.json

@@ -0,0 +1,134 @@
+{
+  "version": "1.0.0",
+  "threats": [
+    {
+      "id": "D01",
+      "name": "Destructive DDL",
+      "primitive": "DESTRUCTION",
+      "severity": 10,
+      "description": "DROP TABLE, DROP DATABASE, TRUNCATE TABLE — irreversible schema destruction"
+    },
+    {
+      "id": "D02",
+      "name": "Mass data deletion",
+      "primitive": "DESTRUCTION",
+      "severity": 9,
+      "description": "DELETE FROM without WHERE clause — deletes all rows"
+    },
+    {
+      "id": "D03",
+      "name": "Schema modification",
+      "primitive": "DESTRUCTION",
+      "severity": 7,
+      "description": "ALTER TABLE, DROP COLUMN/INDEX — modifies schema potentially breaking applications"
+    },
+    {
+      "id": "D04",
+      "name": "Data exfiltration",
+      "primitive": "EXFILTRATION",
+      "severity": 9,
+      "description": "INTO OUTFILE, COPY TO, UNION SELECT — extracts data outside the database"
+    },
+    {
+      "id": "D05",
+      "name": "Privilege escalation",
+      "primitive": "ESCALATION",
+      "severity": 9,
+      "description": "GRANT ALL, CREATE USER, ALTER USER — modifies database permissions"
+    },
+    {
+      "id": "D06",
+      "name": "Stored procedure injection",
+      "primitive": "PERSISTENCE",
+      "severity": 8,
+      "description": "CREATE TRIGGER/FUNCTION with exec/system — persists malicious code"
+    },
+    {
+      "id": "D07",
+      "name": "Mass data update",
+      "primitive": "DESTRUCTION",
+      "severity": 9,
+      "description": "UPDATE SET without WHERE clause — modifies all rows"
+    }
+  ],
+  "destructiveDdl": [
+    "drop table",
+    "drop database",
+    "drop schema",
+    "truncate table",
+    "truncate",
+    "drop view",
+    "drop index",
+    "drop trigger",
+    "drop function",
+    "drop procedure"
+  ],
+  "destructiveDml": [
+    "delete from",
+    "update"
+  ],
+  "exfiltrationPatterns": [
+    "into outfile",
+    "into dumpfile",
+    "copy\\s+\\w+\\s+to\\b",
+    "union select",
+    "union all select",
+    "load_file(",
+    "pg_read_file(",
+    "dblink(",
+    "openrowset(",
+    "xp_cmdshell"
+  ],
+  "escalationPatterns": [
+    "grant all",
+    "grant select",
+    "grant insert",
+    "grant update",
+    "grant delete",
+    "grant execute",
+    "grant usage",
+    "create user",
+    "alter user",
+    "drop user",
+    "create role",
+    "alter role",
+    "set role",
+    "superuser",
+    "with grant option"
+  ],
+  "persistencePatterns": [
+    "create trigger",
+    "create function",
+    "create procedure",
+    "create or replace function",
+    "create or replace procedure",
+    "create event",
+    "alter event"
+  ],
+  "obfuscationPatterns": [
+    "/**/",
+    "/*!",
+    "char(",
+    "concat(",
+    "0x",
+    "unhex(",
+    "conv(",
+    "ascii(",
+    "benchmark("
+  ],
+  "safePatterns": [
+    "select.*from.*where",
+    "insert into.*values",
+    "select count",
+    "select \\*.*from.*where",
+    "select.*limit",
+    "begin transaction",
+    "commit",
+    "rollback",
+    "explain",
+    "describe",
+    "show tables",
+    "show databases",
+    "show columns"
+  ]
+}

package/patterns/transaction.json

@@ -0,0 +1,120 @@
+{
+  "version": "1.0.0",
+  "threats": [
+    {
+      "id": "T01",
+      "name": "Unauthorized purchase",
+      "primitive": "DESTRUCTION",
+      "severity": 8,
+      "description": "Agent attempts to create a charge or payment without explicit authorization"
+    },
+    {
+      "id": "T02",
+      "name": "Money transfer",
+      "primitive": "EXFILTRATION",
+      "severity": 9,
+      "description": "Agent attempts to transfer funds, withdraw money, or send cryptocurrency"
+    },
+    {
+      "id": "T03",
+      "name": "Invoice approval",
+      "primitive": "MANIPULATION",
+      "severity": 7,
+      "description": "Agent attempts to approve invoices or confirm payments"
+    },
+    {
+      "id": "T04",
+      "name": "Service subscription",
+      "primitive": "DESTRUCTION",
+      "severity": 6,
+      "description": "Agent attempts to create recurring subscriptions or enable auto-renewal"
+    },
+    {
+      "id": "T05",
+      "name": "Stock/crypto trading",
+      "primitive": "DESTRUCTION",
+      "severity": 9,
+      "description": "Agent attempts to execute stock trades or cryptocurrency swaps"
+    },
+    {
+      "id": "T06",
+      "name": "Pricing/billing modification",
+      "primitive": "DESTRUCTION",
+      "severity": 8,
+      "description": "Agent attempts to modify pricing, billing plans, or create discount codes"
+    }
+  ],
+  "paymentEndpoints": [
+    "stripe\\.com/v1/charges",
+    "stripe\\.com/v1/payment_intents",
+    "paypal\\.com/v2/payments",
+    "paypal\\.com/v1/payments",
+    "square\\.com/v2/payments",
+    "braintree",
+    "adyen",
+    "checkout\\.com/payments"
+  ],
+  "transferPatterns": [
+    "transfer.*funds",
+    "send.*money",
+    "wire.*transfer",
+    "bank.*transfer",
+    "withdraw",
+    "payout",
+    "remittance",
+    "disburs"
+  ],
+  "cryptoPatterns": [
+    "eth_sendtransaction",
+    "bitcoin.*send",
+    "transfer.*token",
+    "swap.*token",
+    "coinbase\\.com/api",
+    "binance\\.com/api",
+    "crypto.*transfer",
+    "wallet.*send"
+  ],
+  "tradingPatterns": [
+    "place.*order",
+    "buy.*stock",
+    "sell.*stock",
+    "execute.*trade",
+    "market.*order",
+    "limit.*order",
+    "trading.*execute",
+    "buy.*crypto",
+    "sell.*crypto"
+  ],
+  "subscriptionPatterns": [
+    "create.*subscription",
+    "subscribe",
+    "recurring.*payment",
+    "auto.*renew",
+    "billing.*cycle",
+    "setup.*autopay"
+  ],
+  "pricingPatterns": [
+    "update.*price",
+    "set.*billing",
+    "change.*plan",
+    "modify.*pricing",
+    "discount.*code",
+    "create.*coupon",
+    "adjust.*rate"
+  ],
+  "highRiskAmountThreshold": 100,
+  "safePatterns": [
+    "balance",
+    "status",
+    "history",
+    "receipt",
+    "invoice\\.get",
+    "invoice\\.list",
+    "list",
+    "read",
+    "view",
+    "check.*balance",
+    "get.*receipt",
+    "transaction.*history"
+  ]
+}

package/patterns/ui-action.json

@@ -0,0 +1,137 @@
+{
+  "version": "1.0.0",
+  "threats": [
+    {
+      "id": "UI01",
+      "name": "Destructive button click",
+      "primitive": "DESTRUCTION",
+      "severity": 8,
+      "description": "Agent clicks destructive buttons like delete account, wipe data, or terminate services"
+    },
+    {
+      "id": "UI02",
+      "name": "Form data corruption",
+      "primitive": "MANIPULATION",
+      "severity": 7,
+      "description": "Agent manipulates form data by filling incorrect fields or overwriting values"
+    },
+    {
+      "id": "UI03",
+      "name": "Dialog auto-acceptance",
+      "primitive": "DESTRUCTION",
+      "severity": 8,
+      "description": "Agent automatically accepts destructive confirmation dialogs or dismisses warnings"
+    },
+    {
+      "id": "UI04",
+      "name": "Payment form submission",
+      "primitive": "DESTRUCTION",
+      "severity": 8,
+      "description": "Agent interacts with payment forms, entering credit card details or completing purchases"
+    },
+    {
+      "id": "UI05",
+      "name": "Malicious file download+open",
+      "primitive": "DESTRUCTION",
+      "severity": 8,
+      "description": "Agent downloads and opens/executes files from untrusted sources"
+    },
+    {
+      "id": "UI06",
+      "name": "Screen/clipboard capture",
+      "primitive": "EXFILTRATION",
+      "severity": 8,
+      "description": "Agent captures screen content or copies sensitive data to clipboard"
+    }
+  ],
+  "destructiveButtonPatterns": [
+    "delete.*account",
+    "confirm.*wipe",
+    "erase.*all",
+    "remove.*all.*data",
+    "destroy.*instance",
+    "terminate.*server",
+    "click.*delete",
+    "press.*remove",
+    "confirm.*destruct",
+    "deactivate.*account",
+    "close.*account"
+  ],
+  "formCorruptionPatterns": [
+    "fill.*wrong.*field",
+    "enter.*data.*incorrect",
+    "submit.*form.*with",
+    "type.*into.*wrong",
+    "overwrite.*field",
+    "clear.*form.*data",
+    "modify.*input"
+  ],
+  "dialogAcceptancePatterns": [
+    "click.*ok.*dialog",
+    "confirm.*dialog",
+    "accept.*prompt",
+    "dismiss.*warning",
+    "click.*yes.*confirm",
+    "auto.*accept",
+    "approve.*dialog",
+    "click.*allow",
+    "click.*confirm.*delete"
+  ],
+  "paymentFormPatterns": [
+    "credit.*card",
+    "card.*number",
+    "enter.*cvv",
+    "checkout",
+    "complete.*purchase",
+    "payment.*form",
+    "submit.*payment",
+    "pay.*now",
+    "billing.*info"
+  ],
+  "maliciousDownloadPatterns": [
+    "download.*and.*open",
+    "download.*and.*run",
+    "save.*and.*execute",
+    "download.*exe",
+    "download.*dmg.*open",
+    "download.*apk.*install",
+    "open.*downloaded",
+    "run.*downloaded"
+  ],
+  "screenCapturePatterns": [
+    "screenshot.*password",
+    "capture.*screen",
+    "copy.*password",
+    "clipboard.*credential",
+    "screenshot.*private",
+    "screen.*record",
+    "copy.*sensitive",
+    "clipboard.*secret",
+    "capture.*login"
+  ],
+  "sensitiveElements": [
+    "password",
+    "credit.card",
+    "ssn",
+    "social.security",
+    "private.key",
+    "secret.key",
+    "api.key",
+    "bank.account"
+  ],
+  "safePatterns": [
+    "navigate.*to",
+    "scroll",
+    "read.*text",
+    "view.*page",
+    "hover",
+    "inspect.*element",
+    "open.*link",
+    "click.*navigation",
+    "browse.*to",
+    "select.*tab",
+    "resize",
+    "minimize",
+    "maximize"
+  ]
+}