npm - @zhuma4/cli - Versions diffs - 4.0.0-alpha.1 → 4.3.0 - Mend

@zhuma4/cli 4.0.0-alpha.1 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1128) hide show

package/rules/unified/cwe-384/zm-go-cwe384-session-fixation.yaml ADDED Viewed

@@ -0,0 +1,129 @@
+# Source: common | Cluster: N/A
+# CWE-384: Go/Gin 会话固定检测
+# 逐码 ZhuMa V4.1 Sprint — Go 规则库
+# 覆盖: Gin/gorilla session未regenerate、cookie未secure/httpOnly
+rules:
+# ZM-GO-SF-001: Gorilla Sessions 登录后未替换会话ID
+- id: zm-go-sf-001
+  severity: HIGH
+  message: |
+    检测到 gorilla/sessions 在登录/认证成功后未创建新会话或未调用 session.Save() 前
+    未设置新的 session ID。
+    攻击者可通过固定会话攻击(Session Fixation)劫持已验证用户会话。
+    修复方案:
+    1. 登录成功后创建全新会话:
+       session, _ := store.New(r, "session-name")
+       session.Values["user"] = user
+       session.Save(r, w)
+    2. 在 Save 之前清除旧会话: session.Options.MaxAge = -1
+    3. 为认证成功的会话生成新的 session ID(随机UUID)
+    4. 将 session ID 与用户身份强绑定
+  languages:
+    - go
+  pattern-either:
+    - pattern: |
+        $SESSION.Values[$KEY] = $USER
+    - pattern: |
+        $SESSION.Values[$KEY] = $VALUE
+    - pattern: |
+        session.Values[$KEY] = $VALUE
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    severity: HIGH
+    precision: low
+    category: session
+    likelihood: HIGH
+    impact: HIGH
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    references:
+      - "https://github.com/gorilla/sessions"
+      - "https://owasp.org/www-community/attacks/Session_fixation"
+# ZM-GO-SF-002: Gorilla/Gin Session Cookie 安全属性缺失
+- id: zm-go-sf-002
+  severity: HIGH
+  message: |
+    检测到 Gorilla sessions 的 cookie 配置中安全属性不完整。
+    - Secure: false → Cookie可被中间人通过HTTP明文传输窃取
+    - HttpOnly: false → JavaScript可读取Cookie，XSS可窃取会话
+    - SameSite 未设 StrictMode → 跨站请求携带Cookie，易受CSRF
+    修复方案:
+    1. 生产环境 Secure: true (仅HTTPS)
+    2. HttpOnly: true
+    3. SameSite: http.SameSiteStrictMode
+    4. 设置合理的 MaxAge 和 Path 限制作用域
+    5. 使用 session.Options 统一配置:
+       session.Options = &sessions.Options{
+         Path:     "/",
+         MaxAge:   3600,
+         HttpOnly: true,
+         Secure:   true,
+         SameSite: http.SameSiteStrictMode,
+       }
+  languages:
+    - go
+  pattern-either:
+    - pattern: |
+        $STORE.Options.HttpOnly = false
+    - pattern: |
+        $STORE.Options.Secure = false
+    - pattern: |
+        $OPTS.HttpOnly = false
+    - pattern: |
+        $OPTS.Secure = false
+    - pattern: |
+        $SESSION.Options.HttpOnly = false
+    - pattern: |
+        $SESSION.Options.Secure = false
+    - pattern: |
+        HttpOnly: false
+    - pattern: |
+        Secure: false
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    severity: HIGH
+    precision: very-high
+    category: session
+    likelihood: HIGH
+    impact: HIGH
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    references:
+      - "https://github.com/gorilla/sessions"
+# ZM-GO-SF-003: Gin contrib/sessions cookie配置安全检查
+- id: zm-go-sf-003
+  severity: HIGH
+  message: |
+    检测到 Gin contrib/sessions 或其他 session store 配置中 Secure/HttpOnly 设置可能不安全。
+    使用 CookieStore 和 FilesystemStore 时需显式设置 Secure 和 HttpOnly 选项。
+    修复方案:
+    store := cookie.NewStore([]byte("secret"))
+    store.Options(sessions.Options{
+      Path:     "/",
+      MaxAge:   86400 * 7,
+      HttpOnly: true,
+      Secure:   true,
+      SameSite: http.SameSiteStrictMode,
+    })
+  languages:
+    - go
+  pattern-either:
+    - pattern: cookie.NewStore($KEY)
+    - pattern: sessions.NewCookieStore($KEY)
+    - pattern: sessions.NewFilesystemStore($PATH, $KEY)
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    severity: HIGH
+    precision: low
+    category: session
+    likelihood: MEDIUM
+    impact: HIGH
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    references:
+      - "https://github.com/gin-gonic/contrib/tree/master/sessions"

package/rules/unified/cwe-384/zm-java-cwe384-session-fixation.yaml ADDED Viewed

@@ -0,0 +1,88 @@
+# Source: common | Cluster: N/A
+# CWE-384: Session 固定 — request.getSession() 含用户ID
+# 逐码 ZhuMa V4.3 — Session 安全专项
+rules:
+# ZM-JAVA-CWE384-SESSION-FIX-001: getSession 后设置属性含用户输入
+- id: zm-java-cwe384-session-fix-001
+  severity: ERROR
+  message: |
+    登录认证成功后未调用 request.changeSessionId() 或 session.invalidate() + getSession(true)，
+    攻击者可通过 Session Fixation 攻击（预先设置 JSESSIONID）劫持登录后的会话。
+    修复: 登录成功后调用 request.changeSessionId() (Servlet 3.1+) 或
+    先 session.invalidate() 再 request.getSession(true) 创建新会话。
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        $SESS = $REQ.getSession();
+        ...
+        $SESS.setAttribute("user", $USER);
+    - pattern: |
+        $SESS = $REQ.getSession(true);
+        ...
+        $SESS.setAttribute("userId", $UID);
+    - pattern: |
+        $REQ.getSession().setAttribute("authenticated", true);
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    severity: ERROR
+    precision: medium
+    category: session
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    likelihood: MEDIUM
+    impact: HIGH
+    tags: [session-fixation, authentication]
+# ZM-JAVA-CWE384-SESSION-FIX-002: HttpSession setAttribute 无 session 刷新
+- id: zm-java-cwe384-session-fix-002
+  severity: ERROR
+  message: |
+    登录逻辑中使用 HttpSession.setAttribute() 存储用户信息，
+    但未先调用 invalidate() 或 changeSessionId() 刷新会话 ID，
+    存在 Session Fixation 风险。
+    修复: 登录成功后立即调用 $REQ.changeSessionId() (Tomcat 7+ / Servlet 3.1+)。
+  languages:
+    - java
+  patterns:
+    - pattern: |
+        $REQ.getSession().setAttribute("$USER_KEY", $USER_OBJ);
+    - pattern-not: |
+        $REQ.changeSessionId()
+    - pattern-not: |
+        $REQ.getSession().invalidate()
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    severity: ERROR
+    precision: medium
+    category: session
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    likelihood: MEDIUM
+    impact: HIGH
+    tags: [session-fixation, authentication]
+# ZM-JAVA-CWE384-SESSION-FIX-003: Spring Security 未启用 Session Fixation 保护
+- id: zm-java-cwe384-session-fix-003
+  severity: WARNING
+  message: |
+    Spring Security 配置中 session fixation 保护设置为 none() 或 changeSessionId() 被禁用。
+    修复: 使用 .sessionManagement().sessionFixation().migrateSession() (默认)
+    或 .newSession() 创建全新会话。
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        $HTTP.sessionManagement()
+          .sessionFixation().none()
+    - pattern: |
+        $HTTP.sessionManagement().sessionFixation().none()
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    severity: WARNING
+    precision: very-high
+    category: session
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    likelihood: MEDIUM
+    impact: HIGH
+    tags: [session-fixation, spring-security]

package/rules/unified/cwe-384/zm-js-cwe384-session-fixation.yaml ADDED Viewed

@@ -0,0 +1,133 @@
+# Source: common | Cluster: N/A
+# CWE-384: Node.js 会话固定 (Session Fixation) 检测
+# 逐码 ZhuMa V4.1 Sprint — JS/TS 规则库
+# 覆盖: express-session未regenerate、cookie未设secure/httpOnly、sameSite未设Strict
+rules:
+# ZM-JS-SF-001: express-session 未调用 regenerate (登录后未更换会话ID)
+- id: zm-js-sf-001
+  severity: HIGH
+  message: |
+    检测到登录成功逻辑中未调用 req.session.regenerate() 更换会话ID。
+    攻击者可通过固定会话攻击(Session Fixation)劫持已验证用户的会话：
+    1. 攻击者获取一个有效的session ID
+    2. 诱骗受害者使用此session ID登录
+    3. 攻击者使用同一session ID冒充受害者
+    修复:
+    1. 登录成功后调用 req.session.regenerate(function(err) { ... })
+    2. 或在 passport.authenticate 后使用 passport.logIn + regenerate
+    3. 确保 regenerate 在 session 数据设置之前执行
+  languages:
+    - javascript
+    - typescript
+  patterns:
+    - pattern-either:
+        - pattern: |
+            $APP.post('/login', function($REQ, $RES) {
+              ...
+              $REQ.session.$USER = $DATA;
+              ...
+            })
+        - pattern: |
+            $APP.post('/login', ($REQ, $RES) => {
+              ...
+              $REQ.session.$USER = $DATA;
+              ...
+            })
+        - pattern: |
+            $ROUTER.post('/login', function($REQ, $RES) {
+              ...
+              $REQ.session.$USER = $DATA;
+              ...
+            })
+    - pattern-not: |
+        $REQ.session.regenerate(...)
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    category: session
+    precision: medium
+    confidence: high
+    references:
+      - "https://owasp.org/www-community/attacks/Session_fixation"
+      - "https://expressjs.com/en/resources/middleware/session.html"
+# ZM-JS-SF-002: Cookie 安全属性缺失 (secure / httpOnly / sameSite)
+- id: zm-js-sf-002
+  severity: HIGH
+  message: |
+    检测到 session / cookie 配置中缺少关键安全属性。
+    - secure: false 或缺失 → Cookie可被中间人通过HTTP明文传输窃取
+    - httpOnly: false 或缺失 → JavaScript可读取Cookie，XSS可窃取会话
+    - sameSite 未设 Strict/Lax → 跨站请求携带Cookie，易受CSRF
+    修复:
+    1. 生产环境强制 secure: true (HTTPS)
+    2. 始终设置 httpOnly: true
+    3. sameSite: 'strict' 或至少 'lax'
+    4. 设置合理的 maxAge / expires
+  languages:
+    - javascript
+    - typescript
+  pattern-either:
+    # express-session 漏设 secure
+    - pattern: |
+        app.use(session({cookie: {secure: false}}))
+    # express-session 漏设 httpOnly
+    - pattern: |
+        app.use(session({cookie: {httpOnly: false}}))
+    # res.cookie 漏设 sameSite
+    - pattern: |
+        $RES.cookie($NAME, $VAL, {sameSite: false})
+    # res.cookie 漏设 secure
+    - pattern: |
+        $RES.cookie($NAME, $VAL, {secure: false})
+    # res.cookie 漏设 httpOnly
+    - pattern: |
+        $RES.cookie($NAME, $VAL, {httpOnly: false})
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    category: session
+    precision: medium
+    confidence: high
+    references:
+      - "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Security"
+# ZM-JS-SF-003: express-session 配置缺少关键安全选项
+- id: zm-js-sf-003
+  severity: WARNING
+  message: |
+    检测到 express-session 配置中可能缺少 cookie.secure、cookie.httpOnly 或 cookie.sameSite 选项。
+    缺失配置示例:
+    app.use(session({
+      secret: 'keyboard cat',
+      resave: false,
+      saveUninitialized: true,
+      cookie: {}   // ← 缺少安全属性
+    }))
+    修复:
+    1. cookie.secure: true (生产环境)
+    2. cookie.httpOnly: true
+    3. cookie.sameSite: 'strict'
+    4. saveUninitialized: false (避免空会话创建)
+    5. name: 自定义session名称(隐藏默认connect.sid)
+  languages:
+    - javascript
+    - typescript
+  patterns:
+    - pattern: |
+        app.use(session({...}))
+  metadata:
+    cwe: "CWE-384: Session Fixation"
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    category: session
+    precision: low
+    confidence: medium
+    references:
+      - "https://expressjs.com/en/resources/middleware/session.html"

package/rules/unified/cwe-400/zm-docker-cwe400-resource-limit.yaml ADDED Viewed

@@ -0,0 +1,105 @@
+# Source: iac | Cluster: N/A
+# 逐码 ZhuMa IaC 规则 — Docker 资源限制缺失检测
+# V4.1 Sprint — CWE-400: Uncontrolled Resource Consumption
+# 检测: 无--cpus/--memory限制、HEALTHCHECK未配置
+rules:
+  # ZM-DOCKER-CWE400-RES-001: docker run / compose 缺少 CPU 限制
+  - id: zm-docker-cwe400-res-001
+    severity: MEDIUM
+    message: |
+      Docker 容器未设置 CPU 限制(`--cpus` 或 `cpus:` 或 `resources.limits.cpu`)。
+      无 CPU 限制的容器可消耗全部宿主 CPU 资源，导致 DoS 或资源争抢。
+      修复:
+      1. docker run: `--cpus=1.5` 限制 CPU 使用核心数
+      2. docker compose: `deploy.resources.limits.cpus: '1.5'`
+      3. docker compose v2: `cpus: 1.5` (deprecated but still common)
+      4. K8s: `resources.limits.cpu: "1"`
+    languages:
+      - generic
+    patterns:
+      - pattern-either:
+          - pattern: docker run ... $IMAGE
+          - pattern: docker run $OPTS $IMAGE
+      - pattern-not: docker run ... --cpus ...
+      - pattern-not: docker run ... --cpuset-cpus ...
+      - metavariable-regex:
+          metavariable: $IMAGE
+          regex: '^[a-zA-Z0-9][a-zA-Z0-9./_-]+(:[a-zA-Z0-9._-]+)?$'
+    metadata:
+      cwe: "CWE-400: Uncontrolled Resource Consumption"
+      category: iac-docker
+      precision: low
+      confidence: low
+      tags: [docker, resource-exhaustion, dos, resource-limits]
+  # ZM-DOCKER-CWE400-RES-002: docker run / compose 缺少内存限制
+  - id: zm-docker-cwe400-res-002
+    severity: MEDIUM
+    message: |
+      Docker 容器未设置内存限制(`--memory` 或 `mem_limit:` 或 `resources.limits.memory`)。
+      无内存限制的容器可耗尽宿主内存，触发 OOM Killer 杀死关键进程。
+      修复:
+      1. docker run: `--memory=512m --memory-swap=512m` 限制内存
+      2. docker compose: `deploy.resources.limits.memory: 512M`
+      3. docker compose v2: `mem_limit: 512m`
+      4. K8s: `resources.limits.memory: "512Mi"`
+      5. memory-swap 应与 memory 等值以避免使用磁盘swap
+    languages:
+      - generic
+    patterns:
+      - pattern-either:
+          - pattern: docker run ... $IMAGE
+          - pattern: docker run $OPTS $IMAGE
+      - pattern-not: docker run ... --memory ...
+      - pattern-not: docker run ... -m ...
+      - metavariable-regex:
+          metavariable: $IMAGE
+          regex: '^[a-zA-Z0-9][a-zA-Z0-9./_-]+(:[a-zA-Z0-9._-]+)?$'
+    metadata:
+      cwe: "CWE-400: Uncontrolled Resource Consumption"
+      category: iac-docker
+      precision: low
+      confidence: low
+      tags: [docker, resource-exhaustion, dos, resource-limits]
+  # ZM-DOCKER-CWE400-RES-003: Dockerfile 缺少 HEALTHCHECK 指令
+  - id: zm-docker-cwe400-res-003
+    severity: LOW
+    message: |
+      Dockerfile 未配置 `HEALTHCHECK` 指令 — 容器运行时Docker无法判断服务是否健康。
+      缺少健康检查导致:
+      1. 服务启动失败时无法自动重启(需配合 restart policy)
+      2. 滚动更新时无法判断新容器是否就绪
+      3. 编排系统(K8s/Swarm)无法做健康决策
+      修复:
+      添加 HEALTHCHECK 指令:
+        # HTTP服务:
+        HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
+          CMD curl -f http://localhost:8080/health || exit 1
+        # 进程检查:
+        HEALTHCHECK --interval=30s --timeout=3s \
+          CMD pgrep -x node || exit 1
+      常用参数:
+      - --interval=DURATION (默认30s) 检查间隔
+      - --timeout=DURATION (默认30s) 超时时间
+      - --start-period=DURATION (默认0s) 启动缓冲时间
+      - --retries=N (默认3) 失败重试次数
+    languages:
+      - dockerfile
+    patterns:
+      - pattern-not: |
+          HEALTHCHECK ...
+      - pattern: |
+          CMD ...
+    metadata:
+      cwe: "CWE-400: Uncontrolled Resource Consumption"
+      category: iac-docker
+      precision: low
+      confidence: medium
+      tags: [docker, healthcheck, reliability, best-practice]

package/rules/unified/cwe-400/zm-py-cwe400-multipart-dos.yaml ADDED Viewed

@@ -0,0 +1,65 @@
+# Source: common | Cluster: N/A
+# CWE-400: multipart表单无大小限制 / DoS相关
+# 逐码 ZhuMa V4.3 — Python 通用规则库
+# 检测: Flask不限制上传大小、aiohttp无限制
+rules:
+# ZM-PY-DOS-001: Flask文件上传无大小限制
+- id: zm-py-dos-001
+  severity: WARNING
+  message: |
+    检测到 Flask 路由定义了 POST 方法但可能未配置 MAX_CONTENT_LENGTH。
+    攻击者可上传超大文件耗尽服务器磁盘空间和内存，造成DoS。
+    修复方案:
+    1. 设置上传大小限制: app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024
+    2. 使用nginx/apache在前端限制请求体大小(client_max_body_size)
+    3. 对文件上传端点使用gunicorn --limit-request-line限制
+    4. 配合stream处理大文件，不全部读入内存
+  languages:
+    - python
+  patterns:
+    - pattern: '@$APP.route($ROUTE, methods=[$METHODS])'
+    - metavariable-regex:
+        metavariable: $METHODS
+        regex: POST
+  metadata:
+    cwe: "CWE-400: Uncontrolled Resource Consumption"
+    severity: WARNING
+    precision: medium
+    category: dos
+    framework: flask
+    likelihood: HIGH
+    impact: MEDIUM
+    owasp: "A05:2021 - Security Misconfiguration"
+    references:
+      - "https://flask.palletsprojects.com/en/stable/patterns/fileuploads/"
+# ZM-PY-DOS-002: multipart解析无大小限制
+- id: zm-py-dos-002
+  severity: WARNING
+  message: |
+    检测到使用了 multipart/form-data 解析但未限制各部分大小。
+    攻击者可发送超大multipart field消耗服务器内存。
+    修复方案:
+    1. werkzeug: Request.max_content_length / Request.max_form_memory_size
+    2. Django: DATA_UPLOAD_MAX_MEMORY_SIZE / FILE_UPLOAD_MAX_MEMORY_SIZE
+    3. aiohttp: client_max_size参数
+    4. 始终在前端网关(nginx)层面限制请求大小
+  languages:
+    - python
+  pattern-either:
+    - pattern: request.files[$KEY]
+    - pattern: flask.request.files[$KEY]
+    - pattern: request.form[$KEY]
+    - pattern: flask.request.form[$KEY]
+  metadata:
+    cwe: "CWE-400: Uncontrolled Resource Consumption"
+    severity: WARNING
+    precision: low
+    category: dos
+    likelihood: HIGH
+    impact: MEDIUM
+    owasp: "A05:2021 - Security Misconfiguration"

package/rules/unified/cwe-415/zm-cpp-cwe415-double-free.yaml ADDED Viewed

@@ -0,0 +1,92 @@
+# Source: common | Cluster: N/A
+# CWE-415: C/C++ Double Free 检测规则
+# 逐码 ZhuMa V4.3 — C/C++ 规则库
+#
+# 检测同一指针被多次释放的模式，包括 free() 和 delete 的重复调用。
+rules:
+# ZM-CPP-CWE415-001: 同一路径内连续 free()
+- id: zm-cpp-cwe415-double-free-001
+  severity: ERROR
+  message: |
+    检测到同一指针在相同执行路径中被多次 free()。
+    重复释放同一块内存导致堆管理器数据结构损坏，
+    可能被利用为堆利用攻击（如 tcache poisoning/fastbin dup），
+    最终实现任意代码执行。
+    修复方案：
+    - free() 后立即将指针设为 NULL: free(ptr); ptr = NULL;
+    - 使用引用计数或所有权模型跟踪指针状态
+    - C++: 使用智能指针 (std::unique_ptr/std::shared_ptr)
+    - 审查异常/错误处理路径中的清理逻辑
+  languages:
+    - c
+    - cpp
+  patterns:
+    - pattern: |
+        free($PTR);
+        ...
+        free($PTR);
+  metadata:
+    cwe: "CWE-415: Double Free"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    category: security
+    precision: medium
+    references:
+      - "https://cwe.mitre.org/data/definitions/415.html"
+      - "https://owasp.org/www-community/vulnerabilities/Doubly_freeing_memory"
+# ZM-CPP-CWE415-002: C++ delete重复调用
+- id: zm-cpp-cwe415-double-free-002
+  severity: ERROR
+  message: |
+    检测到 C++ 中对同一指针多次调用 delete 操作符。
+    重复 delete 导致未定义行为、堆损坏和潜在的可利用漏洞。
+    析构函数中的 delete 配合其他清理路径是常见的 Double Free 来源。
+    修复方案：
+    - delete 后立即置 nullptr: delete ptr; ptr = nullptr;
+    - 使用智能指针避免手动 delete
+    - 确保析构函数是唯一释放资源的路径 (RAII)
+    - 审查复制构造函数和赋值运算符中的所有权语义
+  languages:
+    - cpp
+  patterns:
+    - pattern: |
+        delete $PTR;
+        ...
+        delete $PTR;
+  metadata:
+    cwe: "CWE-415: Double Free"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    category: security
+    precision: medium
+    references:
+      - "https://cwe.mitre.org/data/definitions/415.html"
+# ZM-CPP-CWE415-003: free + 野指针二次释放
+- id: zm-cpp-cwe415-double-free-003
+  severity: ERROR
+  message: |
+    检测到函数调用链中可能对同一指针多次调用 free()。
+    当指针在多个函数间传递且所有权不明确时，
+    多个组件可能分别尝试释放同一内存块。
+    修复方案：
+    - 明确指针所有权：每个分配只用一个"所有者"负责释放
+    - 编写文档说明每个函数是否接管指针所有权
+    - 释放后将指针设为 NULL，利用 free(NULL) 安全特性
+    - C++: 使用 std::unique_ptr 表达独占所有权语义
+  languages:
+    - c
+    - cpp
+  pattern-either:
+    - pattern: free($PTR);
+  metadata:
+    cwe: "CWE-415: Double Free"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    category: security
+    precision: very-low
+    references:
+      - "https://cwe.mitre.org/data/definitions/415.html"

package/rules/unified/cwe-416/zm-cpp-cwe416-use-after-free.yaml ADDED Viewed

@@ -0,0 +1,81 @@
+# Source: common | Cluster: N/A
+# CWE-416: C/C++ Use After Free 检测规则
+# 逐码 ZhuMa V4.3 — C/C++ 规则库
+#
+# 检测释放后的指针继续被使用（解引用、传递给函数等）的模式。
+rules:
+# ZM-CPP-CWE416-001: free()调用检测
+- id: zm-cpp-cwe416-use-after-free-001
+  severity: ERROR
+  message: |
+    检测到 free() 函数调用。释放后继续使用指针将导致 Use After Free 漏洞，
+    可能被用于任意代码执行、信息泄露或拒绝服务。
+    修复方案：
+    - free() 后立即将指针设为 NULL: free(ptr); ptr = NULL;
+    - C++: 使用智能指针 (std::unique_ptr、std::shared_ptr)
+    - C++: 使用 RAII 模式管理资源生命周期
+  languages:
+    - c
+    - cpp
+  patterns:
+    - pattern: free($PTR)
+  metadata:
+    cwe: "CWE-416: Use After Free"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    category: security
+    precision: very-low
+    references:
+      - "https://cwe.mitre.org/data/definitions/416.html"
+      - "https://cwe.mitre.org/data/definitions/825.html"
+# ZM-CPP-CWE416-002: delete后使用对象 (C++专用)
+- id: zm-cpp-cwe416-use-after-free-002
+  severity: ERROR
+  message: |
+    检测到 C++ delete 操作符。delete 释放对象内存后指针变为悬挂指针，
+    继续使用将导致 UAF 漏洞。
+    修复方案：
+    - delete 后立即置 nullptr: delete ptr; ptr = nullptr;
+    - 使用智能指针自动管理生命周期: std::unique_ptr<Foo> ptr = std::make_unique<Foo>();
+    - 避免原始指针的显式 delete 调用
+  languages:
+    - cpp
+  pattern-either:
+    - pattern: delete $PTR
+    - pattern: delete[] $PTR
+  metadata:
+    cwe: "CWE-416: Use After Free"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    category: security
+    precision: very-low
+    references:
+      - "https://cwe.mitre.org/data/definitions/416.html"
+# ZM-CPP-CWE416-003: 悬空指针复用模式 (C/C++)
+- id: zm-cpp-cwe416-use-after-free-003
+  severity: WARNING
+  message: |
+    检测到 free() 调用模式，提示代码中存在内存释放操作。
+    释放后若继续使用同一指针将导致 UAF 漏洞。
+    需人工审查确认指针在 free() 后是否仍有引用路径可达。
+    修复方案：
+    - 在 free 后将指针置为 NULL
+    - 函数入口处检查指针是否为 NULL
+    - 重构代码保证指针不在被释放后仍可访问
+  languages:
+    - c
+    - cpp
+  patterns:
+    - pattern: free($PTR)
+  metadata:
+    cwe: "CWE-416: Use After Free"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    category: security
+    precision: very-low
+    references:
+      - "https://cwe.mitre.org/data/definitions/416.html"