@zhuma4/cli 4.0.0-alpha.1 → 4.3.0

package/rules/quarantined/nvd-generated/cwe-502/cl-502-java-097.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-java-097.yaml
+# Generated: 2026-06-28T10:37:40.266Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-JAVA-097 | CWE: CWE-502 | Lang: java
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-java-097
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - java
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern: $OBJ.readObject(...)
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-JAVA-097
+  # cwe: CWE-502 | language: java
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-java-098.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-java-098.yaml
+# Generated: 2026-06-28T10:37:40.266Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-JAVA-098 | CWE: CWE-502 | Lang: java
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-java-098
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - java
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern: $OBJ.lookup(...)
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-JAVA-098
+  # cwe: CWE-502 | language: java
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-java-099.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-java-099.yaml
+# Generated: 2026-06-28T10:37:40.266Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-JAVA-099 | CWE: CWE-502 | Lang: java
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-java-099
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - java
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern: $OBJ.transform(...)
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-JAVA-099
+  # cwe: CWE-502 | language: java
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-javascript-106.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-javascript-106.yaml
+# Generated: 2026-06-28T10:37:40.268Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-JAVASCRIPT-106 | CWE: CWE-502 | Lang: javascript
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-javascript-106
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - javascript
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern-regex: 'serialize.unserialize|cryo.parse'
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-JAVASCRIPT-106
+  # cwe: CWE-502 | language: javascript
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-javascript-107.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-javascript-107.yaml
+# Generated: 2026-06-28T10:37:40.269Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-JAVASCRIPT-107 | CWE: CWE-502 | Lang: javascript
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-javascript-107
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - javascript
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern: $OBJ.load(...)
+  # CONSTRAINT: pattern-not: SafeLoader/safe_load usage in same scope
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-JAVASCRIPT-107
+  # cwe: CWE-502 | language: javascript
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-javascript-108.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-javascript-108.yaml
+# Generated: 2026-06-28T10:37:40.269Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-JAVASCRIPT-108 | CWE: CWE-502 | Lang: javascript
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-javascript-108
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - javascript
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern-regex: '__proto__|constructor.prototype'
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-JAVASCRIPT-108
+  # cwe: CWE-502 | language: javascript
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-php-100.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-php-100.yaml
+# Generated: 2026-06-28T10:37:40.267Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-PHP-100 | CWE: CWE-502 | Lang: php
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-php-100
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - php
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern: unserialize(...)
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-PHP-100
+  # cwe: CWE-502 | language: php
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-php-101.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-php-101.yaml
+# Generated: 2026-06-28T10:37:40.267Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-PHP-101 | CWE: CWE-502 | Lang: php
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-php-101
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - php
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern-regex: '__destruct|__wakeup'
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-PHP-101
+  # cwe: CWE-502 | language: php
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-php-102.yaml

@@ -0,0 +1,51 @@
+# zhuma-nvd-502-502-php-102.yaml
+# Generated: 2026-06-28T10:37:40.267Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-PHP-102 | CWE: CWE-502 | Lang: php
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-php-102
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - php
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern-regex: 'phar://'
+  # PHP phar stream wrapper
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-PHP-102
+  # cwe: CWE-502 | language: php
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-python-103.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-python-103.yaml
+# Generated: 2026-06-28T10:37:40.267Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-PYTHON-103 | CWE: CWE-502 | Lang: python
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-python-103
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - python
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern-regex: 'pickle.loads|pickle.load'
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-PYTHON-103
+  # cwe: CWE-502 | language: python
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-python-104.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-python-104.yaml
+# Generated: 2026-06-28T10:37:40.268Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-PYTHON-104 | CWE: CWE-502 | Lang: python
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-python-104
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - python
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern-regex: 'yaml.load|yaml.full_load'
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-PYTHON-104
+  # cwe: CWE-502 | language: python
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-502/cl-502-python-105.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-502-502-python-105.yaml
+# Generated: 2026-06-28T10:37:40.268Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-502-PYTHON-105 | CWE: CWE-502 | Lang: python
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 2024 | KEV: 22 | Exploit: 26
+
+rules:
+- id: zhuma-nvd-502-502-python-105
+  metadata:
+    category: A08:2021-Software and Data Integrity Failures
+    cwe: "CWE-502: Deserialization of Untrusted Data"
+    cve: "CVE-2020-0618, CVE-2025-49113, CVE-2022-21445, CVE-2019-0344, CVE-2019-9874, CVE-2019-9875, CVE-2026-20131, CVE-2025-10035"
+    likelihood: HIGH
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-0618
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
+      - https://nvd.nist.gov/vuln/detail/CVE-2022-21445
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-0344
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-9874
+      - https://cwe.mitre.org/data/definitions/502.html
+
+  message: |
+    检测到不安全反序列化风险。从不可信来源反序列化对象数据。
+        修复: 使用安全的序列化格式(JSON)，对反序列化类做白名单限制。
+
+  severity: WARNING
+  languages:
+    - python
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern: $OBJ.loads(...)
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-502-PYTHON-105
+  # cwe: CWE-502 | language: python
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A

package/rules/quarantined/nvd-generated/cwe-601/cl-601-go-178.yaml

@@ -0,0 +1,50 @@
+# zhuma-nvd-601-601-go-178.yaml
+# Generated: 2026-06-28T10:37:40.309Z
+# Source: P2 auto-generation (fixed) from P1.5 classified clusters
+# Cluster: CL-601-GO-178 | CWE: CWE-601 | Lang: go
+# Precision: MEDIUM | Noise: MEDIUM
+# CVEs: 141 | KEV: 0 | Exploit: 2
+
+rules:
+- id: zhuma-nvd-601-601-go-178
+  metadata:
+    category: A01:2021-Broken Access Control
+    cwe: "CWE-601: Open Redirect"
+    cve: "CVE-2023-24892, CVE-2025-25198, CVE-2020-24554, CVE-2019-15816, CVE-2019-6781, CVE-2021-46366, CVE-2021-22964, CVE-2019-10751"
+    likelihood: MEDIUM
+    precision: LOW
+    impact: MEDIUM
+    confidence: MEDIUM
+    source: nvd+wooyun
+    references:
+      - https://nvd.nist.gov/vuln/detail/CVE-2023-24892
+      - https://nvd.nist.gov/vuln/detail/CVE-2025-25198
+      - https://nvd.nist.gov/vuln/detail/CVE-2020-24554
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-15816
+      - https://nvd.nist.gov/vuln/detail/CVE-2019-6781
+      - https://cwe.mitre.org/data/definitions/601.html
+
+  message: |
+    检测到开放重定向风险。重定向目标URL未经验证，可能被用于钓鱼。
+        修复: 对重定向URL做白名单校验(域名/路径)，或使用相对路径重定向。
+
+  severity: WARNING
+  languages:
+    - go
+
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+      - "**/__pycache__/**"
+  patterns:
+  - pattern: $OBJ.Redirect(...)
+  # CONSTRAINT: pattern: verify sink is in security-sensitive context
+
+  # --- P2 METADATA ---
+  # cluster_id: CL-601-GO-178
+  # cwe: CWE-601 | language: go
+  # sink_patterns: [object Object]
+  # wooyun_cases: 0 | tier: N/A