npm - @zhuma4/cli - Versions diffs - 4.0.0-alpha.1 → 4.3.0 - Mend

@zhuma4/cli 4.0.0-alpha.1 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1128) hide show

package/rules/unified/cwe-79/zm-php-cwe79-xss.yaml ADDED Viewed

@@ -0,0 +1,222 @@
+# Source: common | Cluster: N/A
+# CWE-79: PHP XSS 跨站脚本检测
+# 逐码 ZhuMa V4.3 — PHP 通用规则库
+# 检测: echo/print/printf 直接输出 $_GET/$_POST/$_REQUEST 未转义
+rules:
+# ZM-PHP-XSS-001: echo 直接输出 $_GET/$_POST/$_SERVER
+- id: zm-php-cwe79-xss-001
+  severity: ERROR
+  message: |
+    检测到 echo 直接输出 $_GET/$_POST/$_REQUEST/$_SERVER 等用户可控变量。
+    未经过 htmlspecialchars()/htmlentities() 转义直接输出导致 XSS 漏洞。
+    修复方案:
+    1. 输出前使用 htmlspecialchars($input, ENT_QUOTES, 'UTF-8') 转义
+    2. 使用模板引擎自动转义（如 Blade 的 {{ $var }}）
+    3. 避免将用户输入直接拼入 HTML/JavaScript/事件属性
+    4. 设置 Content-Security-Policy 头
+    5. 参考 OWASP XSS 防御速查表
+  languages:
+    - php
+  pattern-either:
+    - pattern: |
+        echo $_GET[$X];
+    - pattern: |
+        echo $_POST[$X];
+    - pattern: |
+        echo $_REQUEST[$X];
+    - pattern: |
+        echo $_COOKIE[$X];
+    - pattern: |
+        echo $_SERVER[$X];
+    - pattern: |
+        print $_GET[$X];
+    - pattern: |
+        print $_POST[$X];
+    - pattern: |
+        print $_REQUEST[$X];
+    - pattern: |
+        print $_COOKIE[$X];
+    - pattern: |
+        print $_SERVER[$X];
+    - pattern: printf($_GET[$X])
+    - pattern: printf($_POST[$X])
+    - pattern: printf($_REQUEST[$X])
+    - pattern: |
+        echo file_get_contents("php://input");
+    - pattern: |
+        print file_get_contents("php://input");
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: ERROR
+    precision: high
+    category: xss
+    likelihood: HIGH
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"
+    references:
+      - "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html"
+      - "https://www.php.net/manual/en/function.htmlspecialchars.php"
+# ZM-PHP-XSS-002: echo 拼接后输出用户输入
+- id: zm-php-cwe79-xss-002
+  severity: ERROR
+  message: |
+    检测到 echo 使用字符串拼接后输出 $_GET/$_POST 等用户输入。
+    HTML 拼接后输出用户输入同样导致 XSS。
+    修复方案:
+    1. 使用 htmlspecialchars($input, ENT_QUOTES, 'UTF-8') 包裹所有用户输入
+    2. 使用模板引擎的自动转义功能
+    3. 禁止在 HTML 属性/JavaScript 中直接输出用户输入
+  languages:
+    - php
+  pattern-either:
+    - pattern: |
+        echo $STR . $_GET[$X];
+    - pattern: |
+        echo $STR . $_POST[$X];
+    - pattern: |
+        echo $STR . $_REQUEST[$X];
+    - pattern: |
+        echo $HTML . $_GET[$X];
+    - pattern: |
+        print $STR . $_GET[$X];
+    - pattern: |
+        print $STR . $_POST[$X];
+    - pattern: |
+        print $STR . $_REQUEST[$X];
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: ERROR
+    precision: high
+    category: xss
+    likelihood: HIGH
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"
+# ZM-PHP-XSS-003: 双引号字符串内插值输出 $_GET/$_POST
+- id: zm-php-cwe79-xss-003
+  severity: ERROR
+  message: |
+    检测到 echo/print 的双引号字符串内直接使用了 $_GET/$_POST 变量。
+    PHP 在双引号字符串内解析 $var 变量，直接输出用户输入造成 XSS。
+    修复方案:
+    使用 htmlspecialchars() 包裹: echo htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');
+  languages:
+    - php
+  pattern-either:
+    - pattern: |
+        echo "$STR$_GET[$X] $STR";
+    - pattern: |
+        echo "$STR$_POST[$X] $STR";
+    - pattern: |
+        echo "$STR$_REQUEST[$X] $STR";
+    - pattern: |
+        print "$STR$_GET[$X] $STR";
+    - pattern: |
+        print "$STR$_POST[$X] $STR";
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: ERROR
+    precision: high
+    category: xss
+    likelihood: HIGH
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"
+# ZM-PHP-XSS-004: 未转义输出到 HTML 属性/JavaScript 上下文
+- id: zm-php-cwe79-xss-004
+  severity: ERROR
+  message: |
+    检测到 HTML 属性值或 JavaScript 代码中直接输出 $_GET/$_POST 用户输入。
+    属性上下文和 JS 上下文需要不同的转义策略，直接输出高风险。
+    修复方案:
+    1. HTML 属性: htmlspecialchars($val, ENT_QUOTES)
+    2. JavaScript 上下文: json_encode($val, JSON_HEX_TAG|JSON_HEX_AMP|JSON_HEX_APOS|JSON_HEX_QUOT)
+    3. URL 上下文: urlencode($val)
+    4. 使用 CSP 头限制内联脚本执行
+  languages:
+    - php
+  pattern-either:
+    - pattern: |
+        echo "$STR onclick=\"$STR$_GET[$X]$STR\"";
+    - pattern: |
+        echo "$STR href=\"$STR$_GET[$X]$STR\"";
+    - pattern: |
+        echo "$STR src=\"$STR$_GET[$X]$STR\"";
+    - pattern: |
+        echo "$STR<script>$_GET[$X]</script>";
+    - pattern: |
+        echo "$STR<script>$_POST[$X]</script>";
+    - pattern: |
+        print "$STR<script>$_GET[$X]</script>";
+    - pattern: |
+        print "$STR<script>$_POST[$X]</script>";
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: ERROR
+    precision: medium
+    category: xss
+    likelihood: HIGH
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"
+# ZM-PHP-XSS-005: Laravel Blade 未转义输出 (via Blade::render / view 变量)
+- id: zm-php-cwe79-xss-005
+  severity: ERROR
+  message: |
+    检测到 Laravel 中通过 view() 传递数组可能包含用户输入，
+    若在 Blade 模板中使用 {!! !!} 输出将导致 XSS。
+    同时检测 Blade 编译后的 echo 模式。
+    修复方案:
+    1. 在 Blade 模板中使用 {{ }} 替代 {!! !!}（Blade 自动转义）
+    2. 必须使用 {!! !!} 时确保内容经过 htmlspecialchars() 处理
+    3. 对传递给 view 的数据预先转义
+    4. 使用 HTML Purifier 等库过滤富文本内容
+  languages:
+    - php
+  pattern: |
+    view($TEMPLATE, $_GET[$X])
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: medium
+    category: xss
+    likelihood: LOW
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"
+    references:
+      - "https://laravel.com/docs/blade#displaying-unescaped-data"
+# ZM-PHP-XSS-006: Laravel response()->json 用户输入反射
+- id: zm-php-cwe79-xss-006
+  severity: ERROR
+  message: |
+    检测到 Laravel response()->json() 返回 $_GET/$_POST 用户输入。
+    虽然 JSON 本身不直接导致 XSS，但如果前端将 JSON 数据
+    直接插入 HTML (innerHTML) 将导致 XSS。
+    修复方案:
+    1. 对反射的 JSON 值使用 htmlspecialchars() 转义
+    2. 前端使用 textContent 替代 innerHTML
+    3. 使用 CSP 头 script-src 'self'
+  languages:
+    - php
+  pattern-either:
+    - pattern: response()->json($_GET[$X])
+    - pattern: response()->json($_POST[$X])
+    - pattern: response()->json($request->input(...))
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: ERROR
+    precision: medium
+    category: xss
+    likelihood: MEDIUM
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"

package/rules/unified/cwe-79/zm-py-cwe79-django-flask-xss.yaml ADDED Viewed

@@ -0,0 +1,97 @@
+# Source: common | Cluster: N/A
+# CWE-79: Django Jinja2配置缺陷 / Flask render_template XSS
+# 逐码 ZhuMa V4.3 — Python 框架特化规则库
+# 检测: Jinja2 autoescape=False、Session cookie secure=False、render_template含用户输入
+rules:
+# ZM-PY-DJANGO-XSS-001: Jinja2 autoescape=False
+- id: zm-py-django-xss-001
+  severity: WARNING
+  message: |
+    检测到 Django Jinja2 后端配置中 autoescape=False 禁用了自动HTML转义。
+    这将导致所有模板变量不再自动转义，攻击者可注入任意HTML/JavaScript。
+    修复方案:
+    1. 确保 autoescape=True(默认值，不必显式设置)
+    2. 若特定变量无需转义，在模板中使用 |safe 过滤器显式标记，而非全局关闭
+    3. 对需要HTML渲染的场景使用 bleach 库做白名单过滤
+  languages:
+    - python
+  patterns:
+    - pattern: '"OPTIONS": {...}'
+    - pattern-inside: |
+        TEMPLATES = [...]
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: high
+    category: xss
+    framework: django
+    likelihood: MEDIUM
+    impact: HIGH
+    owasp: "A03:2021 - Injection"
+    references:
+      - "https://docs.djangoproject.com/en/stable/topics/templates/#django.template.backends.jinja2.Jinja2"
+# ZM-PY-DJANGO-XSS-002: Session Cookie secure=False
+- id: zm-py-django-xss-002
+  severity: WARNING
+  message: |
+    检测到 Django Session Cookie 的 secure 属性为 False。
+    这将允许通过HTTP明文传输Session Cookie，攻击者可通过中间人攻击
+    窃取Cookie实现会话劫持。
+    修复方案:
+    1. 生产环境设置: SESSION_COOKIE_SECURE = True
+    2. 同时设置 CSRF_COOKIE_SECURE = True
+    3. 全站强制HTTPS: SECURE_SSL_REDIRECT = True
+    4. 设置 SESSION_COOKIE_HTTPONLY = True 防止JavaScript读取
+  languages:
+    - python
+  patterns:
+    - pattern: SESSION_COOKIE_SECURE = False
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: very-high
+    category: misconfiguration
+    framework: django
+    likelihood: MEDIUM
+    impact: HIGH
+    owasp: "A05:2021 - Security Misconfiguration"
+    references:
+      - "https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-secure"
+# ZM-PY-FLASK-XSS-001: render_template含用户输入
+- id: zm-py-flask-xss-001
+  severity: WARNING
+  message: |
+    检测到 Flask render_template() 的模板变量直接来自HTTP请求参数。
+    虽然Jinja2默认自动转义HTML，但若模板中使用了 |safe 过滤器或
+    {% autoescape false %}，则存在XSS风险。
+    修复方案:
+    1. 避免模板中使用 |safe 过滤器标记用户输入
+    2. 使用 bleach 库做白名单HTML清理
+    3. 对URL参数使用 urlencode，对JavaScript上下文使用 json.dumps
+    4. 设置CSP头限制内联脚本执行
+  languages:
+    - python
+  pattern-either:
+    - pattern: render_template($TEMPLATE, $VAR=request.args.get(...))
+    - pattern: render_template($TEMPLATE, $VAR=request.form.get(...))
+    - pattern: render_template($TEMPLATE, $VAR=request.values.get(...))
+    - pattern: render_template($TEMPLATE, $VAR=request.json.get(...))
+    - pattern: flask.render_template($TEMPLATE, $VAR=request.args.get(...))
+    - pattern: flask.render_template($TEMPLATE, $VAR=request.form.get(...))
+    - pattern: flask.render_template($TEMPLATE, $VAR=request.values.get(...))
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: medium
+    category: xss
+    framework: flask
+    likelihood: MEDIUM
+    impact: HIGH
+    owasp: "A03:2021 - Injection"

package/rules/unified/cwe-79/zm-py-cwe79-host-header-injection.yaml ADDED Viewed

@@ -0,0 +1,43 @@
+# Source: common | Cluster: N/A
+# CWE-79: Python Host Header注入 / request.get_host XSS
+# 逐码 ZhuMa V4.3 — Python 通用规则库
+# 检测: request.get_host用于响应内容、HTTP Response Splitting
+rules:
+# ZM-PY-HOSTHDR-001: request.get_host注入(Host Header注入)
+- id: zm-py-host-header-001
+  severity: WARNING
+  message: |
+    检测到使用 request.get_host() / request.META['HTTP_HOST'] 构造URL或HTML。
+    攻击者可通过伪造Host Header注入恶意数据(缓存投毒、密码重置劫持)。
+    修复方案:
+    1. 使用 settings.ALLOWED_HOSTS 配置允许的主机名
+    2. 使用 request.build_absolute_uri() 而非手动拼接host
+    3. 对响应中使用的主机名做白名单校验
+    4. 生产环境配置Web服务器(Nginx)校验Host Header
+  languages:
+    - python
+  pattern-either:
+    - pattern: f"...{request.get_host()}..."
+    - pattern: $STR + request.get_host()
+    - pattern: |
+        request.META['HTTP_HOST']
+    - pattern: |
+        request.META.get('HTTP_HOST')
+    - pattern: HttpResponse(request.get_host())
+    - pattern: |
+        render(..., {'host': request.get_host()})
+    - pattern: |
+        jsonify({'host': request.get_host()})
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: high
+    category: host-header-injection
+    likelihood: MEDIUM
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"
+    references:
+      - "https://docs.djangoproject.com/en/stable/ref/request-response/#django.http.HttpRequest.get_host"

package/rules/unified/cwe-79/zm-py-cwe79-xss.yaml ADDED Viewed

@@ -0,0 +1,124 @@
+# Source: common | Cluster: N/A
+# CWE-79: Django/Flask XSS 跨站脚本检测
+# 逐码 ZhuMa V4.1 — Python 通用规则库
+# 检测: mark_safe / render_template + userInput / HttpResponse(userInput) / json.dumps+isSafe
+rules:
+# ZM-PY-XSS-01: mark_safe / SafeString 包装用户输入
+- id: zm-py-xss-001
+  severity: ERROR
+  message: |
+    检测到 django.utils.safestring.mark_safe() 包装来自 HTTP 请求的用户输入。
+    mark_safe() 会绕过 Django 自动 HTML 转义，导致 XSS 攻击。
+    修复: 移除 mark_safe() 包装使用默认自动转义；如确需 HTML 渲染使用 bleach 库白名单过滤。
+  languages:
+    - python
+  pattern-either:
+    - pattern: mark_safe(request.args.get(...))
+    - pattern: mark_safe(request.form.get(...))
+    - pattern: mark_safe(request.values.get(...))
+    - pattern: mark_safe(request.POST.get(...))
+    - pattern: mark_safe(request.GET.get(...))
+    - pattern: mark_safe(request.data)
+    - pattern: django.utils.safestring.mark_safe(request.args.get(...))
+    - pattern: django.utils.safestring.mark_safe(request.form.get(...))
+    - pattern: django.utils.safestring.mark_safe(request.POST.get(...))
+    - pattern: django.utils.safestring.mark_safe(request.GET.get(...))
+    - pattern: SafeString(request.args.get(...))
+    - pattern: SafeString(request.form.get(...))
+    - pattern: SafeString(request.POST.get(...))
+    - pattern: SafeText(request.args.get(...))
+    - pattern: SafeText(request.form.get(...))
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: ERROR
+    precision: high
+    category: xss
+    likelihood: HIGH
+    impact: HIGH
+    owasp: "A03:2021 - Injection"
+# ZM-PY-XSS-02: HttpResponse() / render() 直接输出用户输入
+- id: zm-py-xss-002
+  severity: WARNING
+  message: |
+    检测到 HttpResponse() 直接写入用户输入，或 render() 模板变量直接嵌入用户输入。
+    Django 默认自动转义模板变量，但 HttpResponse 直接输出不会转义。
+    修复: HttpResponse 中使用 html.escape() 转义；render() 中避免使用 |safe 过滤器。
+  languages:
+    - python
+  pattern-either:
+    - pattern: HttpResponse(request.args.get(...))
+    - pattern: HttpResponse(request.form.get(...))
+    - pattern: HttpResponse(request.POST.get(...))
+    - pattern: HttpResponse(request.GET.get(...))
+    - pattern: HttpResponse(request.data)
+    - pattern: HttpResponse(f"...{request.args.get(...)}...")
+    - pattern: HttpResponse(f"...{request.form.get(...)}...")
+    - pattern: HttpResponse($STR + request.args.get(...))
+    - pattern: HttpResponse($STR + request.form.get(...))
+    - pattern: django.http.HttpResponse(request.args.get(...))
+    - pattern: django.http.HttpResponse(request.form.get(...))
+    - pattern: django.http.HttpResponse(request.POST.get(...))
+    - pattern: django.http.HttpResponse(request.GET.get(...))
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: medium
+    category: xss
+    likelihood: MEDIUM
+    impact: HIGH
+    owasp: "A03:2021 - Injection"
+# ZM-PY-XSS-03: render_template 变量中含用户输入未转义
+- id: zm-py-xss-003
+  severity: WARNING
+  message: |
+    检测到 render_template() 模板变量直接来自 HTTP 请求。
+    Jinja2 默认自动转义 HTML，但若模板中使用了 |safe 过滤器或 {% autoescape false %}，则存在 XSS 风险。
+    修复: 避免模板中使用 |safe 过滤器标记用户输入；使用 bleach 库做白名单 HTML 清理。
+  languages:
+    - python
+  pattern-either:
+    - pattern: flask.render_template($TEMPLATE, $VAR=request.args.get(...))
+    - pattern: flask.render_template($TEMPLATE, $VAR=request.form.get(...))
+    - pattern: flask.render_template($TEMPLATE, $VAR=request.values.get(...))
+    - pattern: render_template($TEMPLATE, $VAR=request.args.get(...))
+    - pattern: render_template($TEMPLATE, $VAR=request.form.get(...))
+    - pattern: render_template($TEMPLATE, $VAR=request.values.get(...))
+    - pattern: 'django.shortcuts.render(request, $TEMPLATE, {$VAR: request.GET.get(...)})'
+    - pattern: 'django.shortcuts.render(request, $TEMPLATE, {$VAR: request.POST.get(...)})'
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: medium
+    category: xss
+    likelihood: MEDIUM
+    impact: HIGH
+    owasp: "A03:2021 - Injection"
+# ZM-PY-XSS-04: JsonResponse 不安全的 JSON 序列化
+- id: zm-py-xss-004
+  severity: WARNING
+  message: |
+    检测到 JsonResponse / json.dumps 输出用户输入，且未正确设置 Content-Type 或已禁用转义。
+    Django JsonResponse 默认 safe=True 仅允许 dict；若 safe=False 传入含 HTML 的用户输入可导致 DOM XSS。
+    修复: 对用户输入做 HTML 转义后再放入 JSON；避免 safe=False 传入非 dict 类型。
+  languages:
+    - python
+  pattern-either:
+    - pattern: 'JsonResponse({"$KEY": request.args.get(...)}, safe=False)'
+    - pattern: 'JsonResponse({"$KEY": request.form.get(...)}, safe=False)'
+    - pattern: 'JsonResponse({"$KEY": request.POST.get(...)}, safe=False)'
+    - pattern: 'JsonResponse({"$KEY": request.GET.get(...)}, safe=False)'
+    - pattern: 'json.dumps({"$KEY": request.args.get(...)})'
+    - pattern: 'json.dumps({"$KEY": request.form.get(...)})'
+  metadata:
+    cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
+    severity: WARNING
+    precision: medium
+    category: xss
+    likelihood: MEDIUM
+    impact: MEDIUM
+    owasp: "A03:2021 - Injection"

package/rules/unified/cwe-79/zm-taint-79-79-javascript-050.yaml ADDED Viewed

@@ -0,0 +1,45 @@
+# Source: taint | Cluster: CL-79-JAVASCRIPT-050
+# Taint-upgraded rule: zhuma-nvd-79-79-javascript-050
+# Original CWE: CWE-79 | Language: javascript
+# Auto-generated by L1 Taint Migration
+rules:
+- id: zhuma-taint-79-79-javascript-050
+  mode: taint
+  metadata:
+    category: CWE-79
+    cwe: "CWE-79"
+    confidence: MEDIUM
+    source: nvd+wooyun+taint_migration
+    upgraded_from: zhuma-nvd-79-79-javascript-050
+  message: |
+    检测到跨站脚本(XSS)风险。用户输入未经HTML转义直接输出到页面。
+  severity: ERROR
+  languages:
+    - javascript
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+  pattern-sources:
+  - patterns:
+    - pattern-either:
+      - pattern: req.query.$X
+      - pattern: req.body.$X
+  pattern-sinks:
+  - patterns:
+    - pattern-either:
+      - pattern: dangerouslySetInnerHTML
+      - pattern: $X.innerHTML = $Y
+      - pattern: $JQUERY.html(...)
+  pattern-sanitizers:
+  - patterns:
+    - pattern-either:
+      - pattern: escapeHtml
+      - pattern: DOMPurify.sanitize

package/rules/unified/cwe-79/zm-taint-79-79-javascript-054.yaml ADDED Viewed

@@ -0,0 +1,45 @@
+# Source: taint | Cluster: CL-79-JAVASCRIPT-054
+# Taint-upgraded rule: zhuma-nvd-79-79-javascript-054
+# Original CWE: CWE-79 | Language: javascript
+# Auto-generated by L1 Taint Migration
+rules:
+- id: zhuma-taint-79-79-javascript-054
+  mode: taint
+  metadata:
+    category: CWE-79
+    cwe: "CWE-79"
+    confidence: MEDIUM
+    source: nvd+wooyun+taint_migration
+    upgraded_from: zhuma-nvd-79-79-javascript-054
+  message: |
+    检测到跨站脚本(XSS)风险。用户输入未经HTML转义直接输出到页面。
+  severity: WARNING
+  languages:
+    - javascript
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+  pattern-sources:
+  - patterns:
+    - pattern-either:
+      - pattern: req.query.$X
+      - pattern: req.body.$X
+  pattern-sinks:
+  - patterns:
+    - pattern-either:
+      - pattern: dangerouslySetInnerHTML
+      - pattern: $X.innerHTML = $Y
+      - pattern: $JQUERY.html(...)
+  pattern-sanitizers:
+  - patterns:
+    - pattern-either:
+      - pattern: escapeHtml
+      - pattern: DOMPurify.sanitize

package/rules/unified/cwe-79/zm-taint-79-79-python-056.yaml ADDED Viewed

@@ -0,0 +1,44 @@
+# Source: taint | Cluster: CL-79-PYTHON-056
+# Taint-upgraded rule: zhuma-nvd-79-79-python-056
+# Original CWE: CWE-79 | Language: python
+# Auto-generated by L1 Taint Migration
+rules:
+- id: zhuma-taint-79-79-python-056
+  mode: taint
+  metadata:
+    category: CWE-79
+    cwe: "CWE-79"
+    confidence: MEDIUM
+    source: nvd+wooyun+taint_migration
+    upgraded_from: zhuma-nvd-79-79-python-056
+  message: |
+    检测到跨站脚本(XSS)风险。用户输入未经HTML转义直接输出到页面。
+  severity: WARNING
+  languages:
+    - python
+  paths:
+    exclude:
+      - "**/test/**"
+      - "**/tests/**"
+      - "**/vendor/**"
+      - "**/node_modules/**"
+  pattern-sources:
+  - patterns:
+    - pattern-either:
+      - pattern: request.args.get(...)
+      - pattern: request.form[...]
+  pattern-sinks:
+  - patterns:
+    - pattern-either:
+      - pattern: mark_safe(...)
+      - pattern: HttpResponse(...)
+  pattern-sanitizers:
+  - patterns:
+    - pattern-either:
+      - pattern: escape
+      - pattern: markupsafe.escape