clawsec 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +560 -0
- package/dist/bin/clawsec.d.ts +7 -0
- package/dist/bin/clawsec.d.ts.map +1 -0
- package/dist/bin/clawsec.js +12 -0
- package/dist/bin/clawsec.js.map +1 -0
- package/dist/src/actions/block.d.ts +22 -0
- package/dist/src/actions/block.d.ts.map +1 -0
- package/dist/src/actions/block.js +83 -0
- package/dist/src/actions/block.js.map +1 -0
- package/dist/src/actions/confirm.d.ts +35 -0
- package/dist/src/actions/confirm.d.ts.map +1 -0
- package/dist/src/actions/confirm.js +156 -0
- package/dist/src/actions/confirm.js.map +1 -0
- package/dist/src/actions/executor.d.ts +64 -0
- package/dist/src/actions/executor.d.ts.map +1 -0
- package/dist/src/actions/executor.js +114 -0
- package/dist/src/actions/executor.js.map +1 -0
- package/dist/src/actions/index.d.ts +13 -0
- package/dist/src/actions/index.d.ts.map +1 -0
- package/dist/src/actions/index.js +15 -0
- package/dist/src/actions/index.js.map +1 -0
- package/dist/src/actions/log.d.ts +19 -0
- package/dist/src/actions/log.d.ts.map +1 -0
- package/dist/src/actions/log.js +63 -0
- package/dist/src/actions/log.js.map +1 -0
- package/dist/src/actions/types.d.ts +85 -0
- package/dist/src/actions/types.d.ts.map +1 -0
- package/dist/src/actions/types.js +78 -0
- package/dist/src/actions/types.js.map +1 -0
- package/dist/src/actions/warn.d.ts +22 -0
- package/dist/src/actions/warn.d.ts.map +1 -0
- package/dist/src/actions/warn.js +84 -0
- package/dist/src/actions/warn.js.map +1 -0
- package/dist/src/approval/agent-confirm.d.ts +104 -0
- package/dist/src/approval/agent-confirm.d.ts.map +1 -0
- package/dist/src/approval/agent-confirm.js +173 -0
- package/dist/src/approval/agent-confirm.js.map +1 -0
- package/dist/src/approval/index.d.ts +14 -0
- package/dist/src/approval/index.d.ts.map +1 -0
- package/dist/src/approval/index.js +9 -0
- package/dist/src/approval/index.js.map +1 -0
- package/dist/src/approval/native.d.ts +56 -0
- package/dist/src/approval/native.d.ts.map +1 -0
- package/dist/src/approval/native.js +196 -0
- package/dist/src/approval/native.js.map +1 -0
- package/dist/src/approval/store.d.ts +88 -0
- package/dist/src/approval/store.d.ts.map +1 -0
- package/dist/src/approval/store.js +192 -0
- package/dist/src/approval/store.js.map +1 -0
- package/dist/src/approval/types.d.ts +119 -0
- package/dist/src/approval/types.d.ts.map +1 -0
- package/dist/src/approval/types.js +6 -0
- package/dist/src/approval/types.js.map +1 -0
- package/dist/src/approval/webhook.d.ts +170 -0
- package/dist/src/approval/webhook.d.ts.map +1 -0
- package/dist/src/approval/webhook.js +362 -0
- package/dist/src/approval/webhook.js.map +1 -0
- package/dist/src/cli/commands/audit.d.ts +43 -0
- package/dist/src/cli/commands/audit.d.ts.map +1 -0
- package/dist/src/cli/commands/audit.js +115 -0
- package/dist/src/cli/commands/audit.js.map +1 -0
- package/dist/src/cli/commands/feedback.d.ts +27 -0
- package/dist/src/cli/commands/feedback.d.ts.map +1 -0
- package/dist/src/cli/commands/feedback.js +228 -0
- package/dist/src/cli/commands/feedback.js.map +1 -0
- package/dist/src/cli/commands/index.d.ts +11 -0
- package/dist/src/cli/commands/index.d.ts.map +1 -0
- package/dist/src/cli/commands/index.js +13 -0
- package/dist/src/cli/commands/index.js.map +1 -0
- package/dist/src/cli/commands/status.d.ts +20 -0
- package/dist/src/cli/commands/status.d.ts.map +1 -0
- package/dist/src/cli/commands/status.js +122 -0
- package/dist/src/cli/commands/status.js.map +1 -0
- package/dist/src/cli/commands/test.d.ts +23 -0
- package/dist/src/cli/commands/test.d.ts.map +1 -0
- package/dist/src/cli/commands/test.js +134 -0
- package/dist/src/cli/commands/test.js.map +1 -0
- package/dist/src/cli/commands/types.d.ts +81 -0
- package/dist/src/cli/commands/types.d.ts.map +1 -0
- package/dist/src/cli/commands/types.js +6 -0
- package/dist/src/cli/commands/types.js.map +1 -0
- package/dist/src/cli/index.d.ts +17 -0
- package/dist/src/cli/index.d.ts.map +1 -0
- package/dist/src/cli/index.js +267 -0
- package/dist/src/cli/index.js.map +1 -0
- package/dist/src/config/defaults.d.ts +20 -0
- package/dist/src/config/defaults.d.ts.map +1 -0
- package/dist/src/config/defaults.js +123 -0
- package/dist/src/config/defaults.js.map +1 -0
- package/dist/src/config/index.d.ts +8 -0
- package/dist/src/config/index.d.ts.map +1 -0
- package/dist/src/config/index.js +41 -0
- package/dist/src/config/index.js.map +1 -0
- package/dist/src/config/loader.d.ts +99 -0
- package/dist/src/config/loader.d.ts.map +1 -0
- package/dist/src/config/loader.js +242 -0
- package/dist/src/config/loader.js.map +1 -0
- package/dist/src/config/schema.d.ts +627 -0
- package/dist/src/config/schema.d.ts.map +1 -0
- package/dist/src/config/schema.js +585 -0
- package/dist/src/config/schema.js.map +1 -0
- package/dist/src/detectors/destructive/cloud-detector.d.ts +51 -0
- package/dist/src/detectors/destructive/cloud-detector.d.ts.map +1 -0
- package/dist/src/detectors/destructive/cloud-detector.js +556 -0
- package/dist/src/detectors/destructive/cloud-detector.js.map +1 -0
- package/dist/src/detectors/destructive/code-detector.d.ts +59 -0
- package/dist/src/detectors/destructive/code-detector.d.ts.map +1 -0
- package/dist/src/detectors/destructive/code-detector.js +558 -0
- package/dist/src/detectors/destructive/code-detector.js.map +1 -0
- package/dist/src/detectors/destructive/index.d.ts +54 -0
- package/dist/src/detectors/destructive/index.d.ts.map +1 -0
- package/dist/src/detectors/destructive/index.js +168 -0
- package/dist/src/detectors/destructive/index.js.map +1 -0
- package/dist/src/detectors/destructive/shell-detector.d.ts +43 -0
- package/dist/src/detectors/destructive/shell-detector.d.ts.map +1 -0
- package/dist/src/detectors/destructive/shell-detector.js +302 -0
- package/dist/src/detectors/destructive/shell-detector.js.map +1 -0
- package/dist/src/detectors/destructive/types.d.ts +143 -0
- package/dist/src/detectors/destructive/types.d.ts.map +1 -0
- package/dist/src/detectors/destructive/types.js +6 -0
- package/dist/src/detectors/destructive/types.js.map +1 -0
- package/dist/src/detectors/exfiltration/cloud-detector.d.ts +51 -0
- package/dist/src/detectors/exfiltration/cloud-detector.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/cloud-detector.js +427 -0
- package/dist/src/detectors/exfiltration/cloud-detector.js.map +1 -0
- package/dist/src/detectors/exfiltration/http-detector.d.ts +47 -0
- package/dist/src/detectors/exfiltration/http-detector.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/http-detector.js +429 -0
- package/dist/src/detectors/exfiltration/http-detector.js.map +1 -0
- package/dist/src/detectors/exfiltration/index.d.ts +44 -0
- package/dist/src/detectors/exfiltration/index.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/index.js +118 -0
- package/dist/src/detectors/exfiltration/index.js.map +1 -0
- package/dist/src/detectors/exfiltration/network-detector.d.ts +55 -0
- package/dist/src/detectors/exfiltration/network-detector.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/network-detector.js +504 -0
- package/dist/src/detectors/exfiltration/network-detector.js.map +1 -0
- package/dist/src/detectors/exfiltration/types.d.ts +139 -0
- package/dist/src/detectors/exfiltration/types.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/types.js +6 -0
- package/dist/src/detectors/exfiltration/types.js.map +1 -0
- package/dist/src/detectors/purchase/domain-detector.d.ts +44 -0
- package/dist/src/detectors/purchase/domain-detector.d.ts.map +1 -0
- package/dist/src/detectors/purchase/domain-detector.js +296 -0
- package/dist/src/detectors/purchase/domain-detector.js.map +1 -0
- package/dist/src/detectors/purchase/form-detector.d.ts +27 -0
- package/dist/src/detectors/purchase/form-detector.d.ts.map +1 -0
- package/dist/src/detectors/purchase/form-detector.js +344 -0
- package/dist/src/detectors/purchase/form-detector.js.map +1 -0
- package/dist/src/detectors/purchase/index.d.ts +65 -0
- package/dist/src/detectors/purchase/index.d.ts.map +1 -0
- package/dist/src/detectors/purchase/index.js +216 -0
- package/dist/src/detectors/purchase/index.js.map +1 -0
- package/dist/src/detectors/purchase/spend-tracker.d.ts +132 -0
- package/dist/src/detectors/purchase/spend-tracker.d.ts.map +1 -0
- package/dist/src/detectors/purchase/spend-tracker.js +313 -0
- package/dist/src/detectors/purchase/spend-tracker.js.map +1 -0
- package/dist/src/detectors/purchase/types.d.ts +139 -0
- package/dist/src/detectors/purchase/types.d.ts.map +1 -0
- package/dist/src/detectors/purchase/types.js +6 -0
- package/dist/src/detectors/purchase/types.js.map +1 -0
- package/dist/src/detectors/purchase/url-detector.d.ts +31 -0
- package/dist/src/detectors/purchase/url-detector.d.ts.map +1 -0
- package/dist/src/detectors/purchase/url-detector.js +292 -0
- package/dist/src/detectors/purchase/url-detector.js.map +1 -0
- package/dist/src/detectors/secrets/api-key-detector.d.ts +30 -0
- package/dist/src/detectors/secrets/api-key-detector.d.ts.map +1 -0
- package/dist/src/detectors/secrets/api-key-detector.js +297 -0
- package/dist/src/detectors/secrets/api-key-detector.js.map +1 -0
- package/dist/src/detectors/secrets/index.d.ts +43 -0
- package/dist/src/detectors/secrets/index.d.ts.map +1 -0
- package/dist/src/detectors/secrets/index.js +261 -0
- package/dist/src/detectors/secrets/index.js.map +1 -0
- package/dist/src/detectors/secrets/pii-detector.d.ts +54 -0
- package/dist/src/detectors/secrets/pii-detector.d.ts.map +1 -0
- package/dist/src/detectors/secrets/pii-detector.js +286 -0
- package/dist/src/detectors/secrets/pii-detector.js.map +1 -0
- package/dist/src/detectors/secrets/token-detector.d.ts +51 -0
- package/dist/src/detectors/secrets/token-detector.d.ts.map +1 -0
- package/dist/src/detectors/secrets/token-detector.js +233 -0
- package/dist/src/detectors/secrets/token-detector.js.map +1 -0
- package/dist/src/detectors/secrets/types.d.ts +157 -0
- package/dist/src/detectors/secrets/types.d.ts.map +1 -0
- package/dist/src/detectors/secrets/types.js +6 -0
- package/dist/src/detectors/secrets/types.js.map +1 -0
- package/dist/src/detectors/website/category-detector.d.ts +22 -0
- package/dist/src/detectors/website/category-detector.d.ts.map +1 -0
- package/dist/src/detectors/website/category-detector.js +162 -0
- package/dist/src/detectors/website/category-detector.js.map +1 -0
- package/dist/src/detectors/website/index.d.ts +53 -0
- package/dist/src/detectors/website/index.d.ts.map +1 -0
- package/dist/src/detectors/website/index.js +232 -0
- package/dist/src/detectors/website/index.js.map +1 -0
- package/dist/src/detectors/website/pattern-matcher.d.ts +33 -0
- package/dist/src/detectors/website/pattern-matcher.d.ts.map +1 -0
- package/dist/src/detectors/website/pattern-matcher.js +121 -0
- package/dist/src/detectors/website/pattern-matcher.js.map +1 -0
- package/dist/src/detectors/website/types.d.ts +105 -0
- package/dist/src/detectors/website/types.d.ts.map +1 -0
- package/dist/src/detectors/website/types.js +6 -0
- package/dist/src/detectors/website/types.js.map +1 -0
- package/dist/src/engine/analyzer.d.ts +87 -0
- package/dist/src/engine/analyzer.d.ts.map +1 -0
- package/dist/src/engine/analyzer.js +427 -0
- package/dist/src/engine/analyzer.js.map +1 -0
- package/dist/src/engine/cache.d.ts +80 -0
- package/dist/src/engine/cache.d.ts.map +1 -0
- package/dist/src/engine/cache.js +167 -0
- package/dist/src/engine/cache.js.map +1 -0
- package/dist/src/engine/index.d.ts +11 -0
- package/dist/src/engine/index.d.ts.map +1 -0
- package/dist/src/engine/index.js +11 -0
- package/dist/src/engine/index.js.map +1 -0
- package/dist/src/engine/llm-client.d.ts +210 -0
- package/dist/src/engine/llm-client.d.ts.map +1 -0
- package/dist/src/engine/llm-client.js +506 -0
- package/dist/src/engine/llm-client.js.map +1 -0
- package/dist/src/engine/types.d.ts +163 -0
- package/dist/src/engine/types.d.ts.map +1 -0
- package/dist/src/engine/types.js +21 -0
- package/dist/src/engine/types.js.map +1 -0
- package/dist/src/feedback/index.d.ts +9 -0
- package/dist/src/feedback/index.d.ts.map +1 -0
- package/dist/src/feedback/index.js +8 -0
- package/dist/src/feedback/index.js.map +1 -0
- package/dist/src/feedback/learner.d.ts +222 -0
- package/dist/src/feedback/learner.d.ts.map +1 -0
- package/dist/src/feedback/learner.js +401 -0
- package/dist/src/feedback/learner.js.map +1 -0
- package/dist/src/feedback/store.d.ts +113 -0
- package/dist/src/feedback/store.d.ts.map +1 -0
- package/dist/src/feedback/store.js +228 -0
- package/dist/src/feedback/store.js.map +1 -0
- package/dist/src/feedback/types.d.ts +126 -0
- package/dist/src/feedback/types.d.ts.map +1 -0
- package/dist/src/feedback/types.js +6 -0
- package/dist/src/feedback/types.js.map +1 -0
- package/dist/src/hooks/before-agent-start/handler.d.ts +37 -0
- package/dist/src/hooks/before-agent-start/handler.d.ts.map +1 -0
- package/dist/src/hooks/before-agent-start/handler.js +109 -0
- package/dist/src/hooks/before-agent-start/handler.js.map +1 -0
- package/dist/src/hooks/before-agent-start/index.d.ts +8 -0
- package/dist/src/hooks/before-agent-start/index.d.ts.map +1 -0
- package/dist/src/hooks/before-agent-start/index.js +7 -0
- package/dist/src/hooks/before-agent-start/index.js.map +1 -0
- package/dist/src/hooks/before-agent-start/prompts.d.ts +48 -0
- package/dist/src/hooks/before-agent-start/prompts.d.ts.map +1 -0
- package/dist/src/hooks/before-agent-start/prompts.js +103 -0
- package/dist/src/hooks/before-agent-start/prompts.js.map +1 -0
- package/dist/src/hooks/before-tool-call/handler.d.ts +42 -0
- package/dist/src/hooks/before-tool-call/handler.d.ts.map +1 -0
- package/dist/src/hooks/before-tool-call/handler.js +226 -0
- package/dist/src/hooks/before-tool-call/handler.js.map +1 -0
- package/dist/src/hooks/before-tool-call/index.d.ts +7 -0
- package/dist/src/hooks/before-tool-call/index.d.ts.map +1 -0
- package/dist/src/hooks/before-tool-call/index.js +6 -0
- package/dist/src/hooks/before-tool-call/index.js.map +1 -0
- package/dist/src/hooks/tool-result-persist/filter.d.ts +72 -0
- package/dist/src/hooks/tool-result-persist/filter.d.ts.map +1 -0
- package/dist/src/hooks/tool-result-persist/filter.js +305 -0
- package/dist/src/hooks/tool-result-persist/filter.js.map +1 -0
- package/dist/src/hooks/tool-result-persist/handler.d.ts +49 -0
- package/dist/src/hooks/tool-result-persist/handler.d.ts.map +1 -0
- package/dist/src/hooks/tool-result-persist/handler.js +217 -0
- package/dist/src/hooks/tool-result-persist/handler.js.map +1 -0
- package/dist/src/hooks/tool-result-persist/index.d.ts +11 -0
- package/dist/src/hooks/tool-result-persist/index.d.ts.map +1 -0
- package/dist/src/hooks/tool-result-persist/index.js +11 -0
- package/dist/src/hooks/tool-result-persist/index.js.map +1 -0
- package/dist/src/index.d.ts +256 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +222 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/notifications/discord.d.ts +10 -0
- package/dist/src/notifications/discord.d.ts.map +1 -0
- package/dist/src/notifications/discord.js +218 -0
- package/dist/src/notifications/discord.js.map +1 -0
- package/dist/src/notifications/index.d.ts +37 -0
- package/dist/src/notifications/index.d.ts.map +1 -0
- package/dist/src/notifications/index.js +68 -0
- package/dist/src/notifications/index.js.map +1 -0
- package/dist/src/notifications/slack.d.ts +10 -0
- package/dist/src/notifications/slack.d.ts.map +1 -0
- package/dist/src/notifications/slack.js +218 -0
- package/dist/src/notifications/slack.js.map +1 -0
- package/dist/src/notifications/telegram.d.ts +10 -0
- package/dist/src/notifications/telegram.d.ts.map +1 -0
- package/dist/src/notifications/telegram.js +242 -0
- package/dist/src/notifications/telegram.js.map +1 -0
- package/dist/src/notifications/types.d.ts +119 -0
- package/dist/src/notifications/types.d.ts.map +1 -0
- package/dist/src/notifications/types.js +6 -0
- package/dist/src/notifications/types.js.map +1 -0
- package/dist/src/proxy/index.d.ts +8 -0
- package/dist/src/proxy/index.d.ts.map +1 -0
- package/dist/src/proxy/index.js +9 -0
- package/dist/src/proxy/index.js.map +1 -0
- package/dist/src/proxy/middleware.d.ts +55 -0
- package/dist/src/proxy/middleware.d.ts.map +1 -0
- package/dist/src/proxy/middleware.js +215 -0
- package/dist/src/proxy/middleware.js.map +1 -0
- package/dist/src/proxy/server.d.ts +57 -0
- package/dist/src/proxy/server.d.ts.map +1 -0
- package/dist/src/proxy/server.js +298 -0
- package/dist/src/proxy/server.js.map +1 -0
- package/dist/src/proxy/types.d.ts +136 -0
- package/dist/src/proxy/types.d.ts.map +1 -0
- package/dist/src/proxy/types.js +6 -0
- package/dist/src/proxy/types.js.map +1 -0
- package/dist/src/sanitization/index.d.ts +10 -0
- package/dist/src/sanitization/index.d.ts.map +1 -0
- package/dist/src/sanitization/index.js +9 -0
- package/dist/src/sanitization/index.js.map +1 -0
- package/dist/src/sanitization/patterns.d.ts +51 -0
- package/dist/src/sanitization/patterns.d.ts.map +1 -0
- package/dist/src/sanitization/patterns.js +266 -0
- package/dist/src/sanitization/patterns.js.map +1 -0
- package/dist/src/sanitization/scanner.d.ts +29 -0
- package/dist/src/sanitization/scanner.d.ts.map +1 -0
- package/dist/src/sanitization/scanner.js +328 -0
- package/dist/src/sanitization/scanner.js.map +1 -0
- package/dist/src/sanitization/types.d.ts +57 -0
- package/dist/src/sanitization/types.d.ts.map +1 -0
- package/dist/src/sanitization/types.js +5 -0
- package/dist/src/sanitization/types.js.map +1 -0
- package/openclaw.plugin.json +114 -0
- package/package.json +63 -0
- package/rules/builtin/README.md +139 -0
- package/rules/builtin/ai-services.yaml +70 -0
- package/rules/builtin/api-keys.yaml +64 -0
- package/rules/builtin/authentication.yaml +56 -0
- package/rules/builtin/aws-security.yaml +57 -0
- package/rules/builtin/azure-security.yaml +58 -0
- package/rules/builtin/cicd-security.yaml +64 -0
- package/rules/builtin/cloud-storage.yaml +64 -0
- package/rules/builtin/container-registry.yaml +55 -0
- package/rules/builtin/crypto-wallets.yaml +71 -0
- package/rules/builtin/database-nosql.yaml +58 -0
- package/rules/builtin/database-sql.yaml +62 -0
- package/rules/builtin/development-env.yaml +67 -0
- package/rules/builtin/docker.yaml +57 -0
- package/rules/builtin/filesystem.yaml +71 -0
- package/rules/builtin/financial-pci.yaml +61 -0
- package/rules/builtin/gcp-security.yaml +57 -0
- package/rules/builtin/git-operations.yaml +68 -0
- package/rules/builtin/healthcare-hipaa.yaml +64 -0
- package/rules/builtin/kubernetes.yaml +60 -0
- package/rules/builtin/messaging-services.yaml +53 -0
- package/rules/builtin/minimal.yaml +47 -0
- package/rules/builtin/mobile-development.yaml +61 -0
- package/rules/builtin/monitoring.yaml +63 -0
- package/rules/builtin/network-security.yaml +57 -0
- package/rules/builtin/package-managers.yaml +74 -0
- package/rules/builtin/payment-processing.yaml +66 -0
- package/rules/builtin/pii-protection.yaml +48 -0
- package/rules/builtin/production-strict.yaml +55 -0
- package/rules/builtin/secrets-management.yaml +63 -0
- package/rules/builtin/serverless.yaml +74 -0
- package/rules/builtin/ssh-security.yaml +66 -0
- package/rules/builtin/terraform.yaml +51 -0
- package/rules/builtin/web-security.yaml +62 -0
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# NoSQL Database Security Rules
|
|
2
|
+
# Protects against destructive NoSQL operations
|
|
3
|
+
|
|
4
|
+
name: database-nosql
|
|
5
|
+
description: Prevents destructive NoSQL database operations
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: block
|
|
13
|
+
shell:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
# MongoDB
|
|
17
|
+
- "db.dropDatabase()"
|
|
18
|
+
- "db.collection.drop()"
|
|
19
|
+
- "db.dropAllUsers()"
|
|
20
|
+
- "db.collection.deleteMany({})"
|
|
21
|
+
- "db.collection.remove({})"
|
|
22
|
+
- "mongorestore --drop"
|
|
23
|
+
|
|
24
|
+
# Redis
|
|
25
|
+
- "FLUSHALL"
|
|
26
|
+
- "FLUSHDB"
|
|
27
|
+
- "redis-cli FLUSHALL"
|
|
28
|
+
- "redis-cli FLUSHDB"
|
|
29
|
+
- "DEL *"
|
|
30
|
+
|
|
31
|
+
# Elasticsearch
|
|
32
|
+
- "DELETE /_all"
|
|
33
|
+
- "DELETE /*"
|
|
34
|
+
- "curl.*DELETE.*_all"
|
|
35
|
+
- "curl.*DELETE.*\\*"
|
|
36
|
+
|
|
37
|
+
# Cassandra
|
|
38
|
+
- "DROP KEYSPACE"
|
|
39
|
+
- "DROP TABLE"
|
|
40
|
+
- "TRUNCATE"
|
|
41
|
+
|
|
42
|
+
# DynamoDB
|
|
43
|
+
- "aws dynamodb delete-table"
|
|
44
|
+
- "aws dynamodb batch-write-item"
|
|
45
|
+
|
|
46
|
+
# CouchDB
|
|
47
|
+
- "curl.*DELETE.*/.*/_all_docs"
|
|
48
|
+
|
|
49
|
+
secrets:
|
|
50
|
+
enabled: true
|
|
51
|
+
severity: critical
|
|
52
|
+
action: block
|
|
53
|
+
patterns:
|
|
54
|
+
- "MONGODB_URI"
|
|
55
|
+
- "MONGO_PASSWORD"
|
|
56
|
+
- "REDIS_PASSWORD"
|
|
57
|
+
- "REDIS_URL"
|
|
58
|
+
- "ELASTICSEARCH_PASSWORD"
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
# Database SQL Security Rules
|
|
2
|
+
# Protects against destructive SQL operations
|
|
3
|
+
|
|
4
|
+
name: database-sql
|
|
5
|
+
description: Prevents destructive SQL operations across databases
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: block
|
|
13
|
+
shell:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
# Table operations
|
|
17
|
+
- "DROP TABLE"
|
|
18
|
+
- "DROP DATABASE"
|
|
19
|
+
- "DROP SCHEMA"
|
|
20
|
+
- "DROP INDEX"
|
|
21
|
+
- "DROP VIEW"
|
|
22
|
+
- "DROP FUNCTION"
|
|
23
|
+
- "DROP PROCEDURE"
|
|
24
|
+
- "DROP TRIGGER"
|
|
25
|
+
|
|
26
|
+
# Data deletion
|
|
27
|
+
- "TRUNCATE TABLE"
|
|
28
|
+
- "DELETE FROM .* WHERE 1=1"
|
|
29
|
+
- "DELETE FROM .* WHERE true"
|
|
30
|
+
- "DELETE FROM [^W]*$" # DELETE without WHERE
|
|
31
|
+
|
|
32
|
+
# Dangerous updates
|
|
33
|
+
- "UPDATE .* SET .* WHERE 1=1"
|
|
34
|
+
- "UPDATE .* SET .* WHERE true"
|
|
35
|
+
|
|
36
|
+
# Schema modifications
|
|
37
|
+
- "ALTER TABLE .* DROP"
|
|
38
|
+
- "ALTER DATABASE"
|
|
39
|
+
|
|
40
|
+
# User/Permission operations
|
|
41
|
+
- "DROP USER"
|
|
42
|
+
- "DROP ROLE"
|
|
43
|
+
- "REVOKE ALL"
|
|
44
|
+
|
|
45
|
+
# MySQL specific
|
|
46
|
+
- "FLUSH PRIVILEGES"
|
|
47
|
+
- "RESET MASTER"
|
|
48
|
+
|
|
49
|
+
# PostgreSQL specific
|
|
50
|
+
- "DROP OWNED BY"
|
|
51
|
+
- "REASSIGN OWNED"
|
|
52
|
+
|
|
53
|
+
secrets:
|
|
54
|
+
enabled: true
|
|
55
|
+
severity: critical
|
|
56
|
+
action: block
|
|
57
|
+
patterns:
|
|
58
|
+
- "DATABASE_URL"
|
|
59
|
+
- "DB_PASSWORD"
|
|
60
|
+
- "MYSQL_ROOT_PASSWORD"
|
|
61
|
+
- "POSTGRES_PASSWORD"
|
|
62
|
+
- "PGPASSWORD"
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Development Environment Security Rules
|
|
2
|
+
# Balanced security for development environments
|
|
3
|
+
|
|
4
|
+
name: development-env
|
|
5
|
+
description: Balanced security rules for development environments
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: high
|
|
12
|
+
action: confirm # Confirm instead of block for dev
|
|
13
|
+
shell:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
- "rm -rf /"
|
|
17
|
+
- "rm -rf /*"
|
|
18
|
+
- "dd if=/dev/zero"
|
|
19
|
+
- "mkfs"
|
|
20
|
+
cloud:
|
|
21
|
+
enabled: true
|
|
22
|
+
patterns:
|
|
23
|
+
- ".*delete.*--force"
|
|
24
|
+
- ".*destroy.*-auto-approve"
|
|
25
|
+
code:
|
|
26
|
+
enabled: true
|
|
27
|
+
|
|
28
|
+
secrets:
|
|
29
|
+
enabled: true
|
|
30
|
+
severity: high
|
|
31
|
+
action: warn # Warn instead of block for dev
|
|
32
|
+
patterns:
|
|
33
|
+
# Only catch real production secrets
|
|
34
|
+
- "sk_live_" # Stripe live keys
|
|
35
|
+
- "AKIA" # AWS production keys
|
|
36
|
+
- "-----BEGIN.*PRIVATE KEY-----"
|
|
37
|
+
|
|
38
|
+
website:
|
|
39
|
+
enabled: true
|
|
40
|
+
mode: blocklist
|
|
41
|
+
severity: medium
|
|
42
|
+
action: warn
|
|
43
|
+
blocklist:
|
|
44
|
+
- "*.malware.com"
|
|
45
|
+
- "*.phishing.com"
|
|
46
|
+
allowlist:
|
|
47
|
+
- "localhost"
|
|
48
|
+
- "127.0.0.1"
|
|
49
|
+
- "*.local"
|
|
50
|
+
|
|
51
|
+
purchase:
|
|
52
|
+
enabled: true
|
|
53
|
+
severity: high
|
|
54
|
+
action: confirm # Confirm instead of block
|
|
55
|
+
spendLimits:
|
|
56
|
+
perTransaction: 100
|
|
57
|
+
daily: 500
|
|
58
|
+
|
|
59
|
+
exfiltration:
|
|
60
|
+
enabled: true
|
|
61
|
+
severity: medium
|
|
62
|
+
action: warn
|
|
63
|
+
|
|
64
|
+
sanitization:
|
|
65
|
+
enabled: true
|
|
66
|
+
severity: medium
|
|
67
|
+
action: warn
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# Docker Security Rules
|
|
2
|
+
# Protects against dangerous Docker operations
|
|
3
|
+
|
|
4
|
+
name: docker
|
|
5
|
+
description: Prevents destructive Docker operations and insecure practices
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: high
|
|
12
|
+
action: confirm
|
|
13
|
+
shell:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
# Container removal
|
|
17
|
+
- "docker rm -f"
|
|
18
|
+
- "docker rm --force"
|
|
19
|
+
- "docker container rm -f"
|
|
20
|
+
- "docker container prune"
|
|
21
|
+
|
|
22
|
+
# Image removal
|
|
23
|
+
- "docker rmi -f"
|
|
24
|
+
- "docker image rm -f"
|
|
25
|
+
- "docker image prune -a"
|
|
26
|
+
|
|
27
|
+
# Volume removal
|
|
28
|
+
- "docker volume rm"
|
|
29
|
+
- "docker volume prune"
|
|
30
|
+
|
|
31
|
+
# Network removal
|
|
32
|
+
- "docker network rm"
|
|
33
|
+
- "docker network prune"
|
|
34
|
+
|
|
35
|
+
# System cleanup
|
|
36
|
+
- "docker system prune"
|
|
37
|
+
- "docker system prune -a"
|
|
38
|
+
|
|
39
|
+
# Dangerous run options
|
|
40
|
+
- "docker run --privileged"
|
|
41
|
+
- "docker run --cap-add=ALL"
|
|
42
|
+
- "docker run -v /:/host"
|
|
43
|
+
- "docker run --pid=host"
|
|
44
|
+
- "docker run --network=host"
|
|
45
|
+
|
|
46
|
+
# Compose operations
|
|
47
|
+
- "docker-compose down -v"
|
|
48
|
+
- "docker compose down -v"
|
|
49
|
+
- "docker-compose rm -f"
|
|
50
|
+
|
|
51
|
+
secrets:
|
|
52
|
+
enabled: true
|
|
53
|
+
severity: critical
|
|
54
|
+
action: block
|
|
55
|
+
patterns:
|
|
56
|
+
- "DOCKER_AUTH_CONFIG"
|
|
57
|
+
- "DOCKER_PASSWORD"
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# Filesystem Security Rules
|
|
2
|
+
# Protects against dangerous filesystem operations
|
|
3
|
+
|
|
4
|
+
name: filesystem
|
|
5
|
+
description: Prevents destructive filesystem operations
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: block
|
|
13
|
+
shell:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
# Recursive deletion
|
|
17
|
+
- "rm -rf /"
|
|
18
|
+
- "rm -rf /*"
|
|
19
|
+
- "rm -rf ~"
|
|
20
|
+
- "rm -rf $HOME"
|
|
21
|
+
- "rm -rf /home"
|
|
22
|
+
- "rm -rf /var"
|
|
23
|
+
- "rm -rf /etc"
|
|
24
|
+
- "rm -rf /usr"
|
|
25
|
+
- "rm -rf --no-preserve-root"
|
|
26
|
+
|
|
27
|
+
# Disk formatting
|
|
28
|
+
- "mkfs"
|
|
29
|
+
- "mkfs.ext4"
|
|
30
|
+
- "mkfs.xfs"
|
|
31
|
+
- "mkfs.btrfs"
|
|
32
|
+
|
|
33
|
+
# Disk writing
|
|
34
|
+
- "dd if=/dev/zero of=/dev/"
|
|
35
|
+
- "dd if=/dev/random of=/dev/"
|
|
36
|
+
- "dd if=.* of=/dev/sd"
|
|
37
|
+
- "dd if=.* of=/dev/nvme"
|
|
38
|
+
|
|
39
|
+
# Shredding
|
|
40
|
+
- "shred -u"
|
|
41
|
+
- "shred -z"
|
|
42
|
+
|
|
43
|
+
# Permission changes
|
|
44
|
+
- "chmod -R 777 /"
|
|
45
|
+
- "chmod -R 000 /"
|
|
46
|
+
- "chown -R.*:.*/"
|
|
47
|
+
|
|
48
|
+
# Symbolic link attacks
|
|
49
|
+
- "ln -sf /dev/null"
|
|
50
|
+
|
|
51
|
+
# System directories
|
|
52
|
+
- "rm -rf /boot"
|
|
53
|
+
- "rm -rf /bin"
|
|
54
|
+
- "rm -rf /sbin"
|
|
55
|
+
- "rm -rf /lib"
|
|
56
|
+
|
|
57
|
+
code:
|
|
58
|
+
enabled: true
|
|
59
|
+
patterns:
|
|
60
|
+
# Python
|
|
61
|
+
- "shutil.rmtree('/')"
|
|
62
|
+
- "os.remove("
|
|
63
|
+
- "pathlib.Path.unlink"
|
|
64
|
+
|
|
65
|
+
# Node.js
|
|
66
|
+
- "fs.rm(.*recursive.*true)"
|
|
67
|
+
- "fs.rmSync(.*recursive.*true)"
|
|
68
|
+
- "rimraf"
|
|
69
|
+
|
|
70
|
+
# Go
|
|
71
|
+
- "os.RemoveAll("
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# Financial/PCI-DSS Security Rules
|
|
2
|
+
# PCI-DSS compliant security rules for financial applications
|
|
3
|
+
|
|
4
|
+
name: financial-pci
|
|
5
|
+
description: PCI-DSS compliant security rules for payment processing
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
purchase:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: block
|
|
13
|
+
spendLimits:
|
|
14
|
+
perTransaction: 0 # Block all purchases
|
|
15
|
+
daily: 0
|
|
16
|
+
|
|
17
|
+
secrets:
|
|
18
|
+
enabled: true
|
|
19
|
+
severity: critical
|
|
20
|
+
action: block
|
|
21
|
+
patterns:
|
|
22
|
+
# Primary Account Numbers (PAN) - Credit/Debit cards
|
|
23
|
+
- "\\b4[0-9]{12}(?:[0-9]{3})?\\b" # Visa
|
|
24
|
+
- "\\b5[1-5][0-9]{14}\\b" # Mastercard
|
|
25
|
+
- "\\b3[47][0-9]{13}\\b" # Amex
|
|
26
|
+
- "\\b6(?:011|5[0-9]{2})[0-9]{12}\\b" # Discover
|
|
27
|
+
- "\\b3(?:0[0-5]|[68][0-9])[0-9]{11}\\b" # Diners
|
|
28
|
+
|
|
29
|
+
# CVV/CVC
|
|
30
|
+
- "(?i)cvv\\s*[:=]\\s*[0-9]{3,4}"
|
|
31
|
+
- "(?i)cvc\\s*[:=]\\s*[0-9]{3,4}"
|
|
32
|
+
- "(?i)security[_\\s-]?code\\s*[:=]\\s*[0-9]{3,4}"
|
|
33
|
+
|
|
34
|
+
# Expiration dates
|
|
35
|
+
- "(?i)exp(?:iry|iration)?[_\\s-]?date\\s*[:=]"
|
|
36
|
+
|
|
37
|
+
# Bank account numbers
|
|
38
|
+
- "(?i)account[_\\s-]?number\\s*[:=]\\s*[0-9]{8,17}"
|
|
39
|
+
- "(?i)routing[_\\s-]?number\\s*[:=]\\s*[0-9]{9}"
|
|
40
|
+
|
|
41
|
+
# IBAN
|
|
42
|
+
- "\\b[A-Z]{2}[0-9]{2}[A-Z0-9]{4}[0-9]{7}([A-Z0-9]?){0,16}\\b"
|
|
43
|
+
|
|
44
|
+
# SWIFT/BIC
|
|
45
|
+
- "\\b[A-Z]{6}[A-Z0-9]{2}([A-Z0-9]{3})?\\b"
|
|
46
|
+
|
|
47
|
+
# Payment processor secrets
|
|
48
|
+
- "sk_live_[a-zA-Z0-9]{24,}" # Stripe
|
|
49
|
+
- "PAYPAL_CLIENT_SECRET"
|
|
50
|
+
- "BRAINTREE_PRIVATE_KEY"
|
|
51
|
+
|
|
52
|
+
exfiltration:
|
|
53
|
+
enabled: true
|
|
54
|
+
severity: critical
|
|
55
|
+
action: block
|
|
56
|
+
|
|
57
|
+
sanitization:
|
|
58
|
+
enabled: true
|
|
59
|
+
severity: critical
|
|
60
|
+
action: block
|
|
61
|
+
redactMatches: true
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# GCP Security Rules
|
|
2
|
+
# Protects against dangerous Google Cloud operations
|
|
3
|
+
|
|
4
|
+
name: gcp-security
|
|
5
|
+
description: Prevents destructive GCP operations
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: block
|
|
13
|
+
cloud:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
# Compute Engine
|
|
17
|
+
- "gcloud compute instances delete"
|
|
18
|
+
- "gcloud compute disks delete"
|
|
19
|
+
- "gcloud compute images delete"
|
|
20
|
+
- "gcloud compute snapshots delete"
|
|
21
|
+
|
|
22
|
+
# Cloud Storage
|
|
23
|
+
- "gsutil rm -r"
|
|
24
|
+
- "gsutil rb"
|
|
25
|
+
- "gcloud storage rm --recursive"
|
|
26
|
+
- "gcloud storage buckets delete"
|
|
27
|
+
|
|
28
|
+
# IAM
|
|
29
|
+
- "gcloud iam service-accounts delete"
|
|
30
|
+
- "gcloud iam roles delete"
|
|
31
|
+
|
|
32
|
+
# Cloud SQL
|
|
33
|
+
- "gcloud sql instances delete"
|
|
34
|
+
- "gcloud sql databases delete"
|
|
35
|
+
- "gcloud sql backups delete"
|
|
36
|
+
|
|
37
|
+
# Kubernetes Engine
|
|
38
|
+
- "gcloud container clusters delete"
|
|
39
|
+
- "gcloud container node-pools delete"
|
|
40
|
+
|
|
41
|
+
# Cloud Functions
|
|
42
|
+
- "gcloud functions delete"
|
|
43
|
+
|
|
44
|
+
# Cloud Run
|
|
45
|
+
- "gcloud run services delete"
|
|
46
|
+
|
|
47
|
+
# Firestore/Datastore
|
|
48
|
+
- "gcloud firestore databases delete"
|
|
49
|
+
|
|
50
|
+
secrets:
|
|
51
|
+
enabled: true
|
|
52
|
+
severity: critical
|
|
53
|
+
action: block
|
|
54
|
+
patterns:
|
|
55
|
+
- "GOOGLE_APPLICATION_CREDENTIALS"
|
|
56
|
+
- "type.*service_account"
|
|
57
|
+
- "private_key_id"
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
# Git Operations Security Rules
|
|
2
|
+
# Protects against dangerous Git operations
|
|
3
|
+
|
|
4
|
+
name: git-operations
|
|
5
|
+
description: Prevents destructive Git operations that could cause data loss
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: confirm
|
|
13
|
+
shell:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
# Force push
|
|
17
|
+
- "git push --force"
|
|
18
|
+
- "git push -f"
|
|
19
|
+
- "git push --force-with-lease"
|
|
20
|
+
|
|
21
|
+
# Hard reset
|
|
22
|
+
- "git reset --hard"
|
|
23
|
+
- "git checkout -- ."
|
|
24
|
+
- "git checkout ."
|
|
25
|
+
- "git restore --staged --worktree"
|
|
26
|
+
|
|
27
|
+
# Clean operations
|
|
28
|
+
- "git clean -f"
|
|
29
|
+
- "git clean -fd"
|
|
30
|
+
- "git clean -fx"
|
|
31
|
+
- "git clean -fdx"
|
|
32
|
+
|
|
33
|
+
# Rebase operations
|
|
34
|
+
- "git rebase -i"
|
|
35
|
+
- "git rebase --interactive"
|
|
36
|
+
|
|
37
|
+
# Branch deletion
|
|
38
|
+
- "git branch -D"
|
|
39
|
+
- "git branch --delete --force"
|
|
40
|
+
- "git push origin --delete"
|
|
41
|
+
- "git push origin :"
|
|
42
|
+
|
|
43
|
+
# Stash operations
|
|
44
|
+
- "git stash drop"
|
|
45
|
+
- "git stash clear"
|
|
46
|
+
|
|
47
|
+
# Filter-branch (history rewriting)
|
|
48
|
+
- "git filter-branch"
|
|
49
|
+
- "git filter-repo"
|
|
50
|
+
|
|
51
|
+
# Submodule removal
|
|
52
|
+
- "git submodule deinit"
|
|
53
|
+
|
|
54
|
+
# Reflog expiration
|
|
55
|
+
- "git reflog expire"
|
|
56
|
+
- "git gc --prune"
|
|
57
|
+
|
|
58
|
+
secrets:
|
|
59
|
+
enabled: true
|
|
60
|
+
severity: critical
|
|
61
|
+
action: block
|
|
62
|
+
patterns:
|
|
63
|
+
- "ghp_[a-zA-Z0-9]{36}" # GitHub PAT
|
|
64
|
+
- "gho_[a-zA-Z0-9]{36}" # GitHub OAuth
|
|
65
|
+
- "ghu_[a-zA-Z0-9]{36}" # GitHub User
|
|
66
|
+
- "ghs_[a-zA-Z0-9]{36}" # GitHub Server
|
|
67
|
+
- "ghr_[a-zA-Z0-9]{36}" # GitHub Refresh
|
|
68
|
+
- "glpat-[a-zA-Z0-9-]{20}" # GitLab PAT
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# Healthcare/HIPAA Security Rules
|
|
2
|
+
# Strict security rules for healthcare applications
|
|
3
|
+
|
|
4
|
+
name: healthcare-hipaa
|
|
5
|
+
description: HIPAA-compliant security rules for healthcare applications
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
secrets:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: block
|
|
13
|
+
patterns:
|
|
14
|
+
# Medical Record Numbers
|
|
15
|
+
- "\\bMRN[:\\s]*[0-9]{6,12}\\b"
|
|
16
|
+
|
|
17
|
+
# Patient identifiers
|
|
18
|
+
- "(?i)patient[_\\s-]?id\\s*[:=]"
|
|
19
|
+
- "(?i)ssn\\s*[:=]"
|
|
20
|
+
|
|
21
|
+
# Health insurance IDs
|
|
22
|
+
- "(?i)insurance[_\\s-]?id\\s*[:=]"
|
|
23
|
+
- "(?i)member[_\\s-]?id\\s*[:=]"
|
|
24
|
+
- "(?i)policy[_\\s-]?number\\s*[:=]"
|
|
25
|
+
|
|
26
|
+
# HL7/FHIR
|
|
27
|
+
- "(?i)hl7[_\\s-]?message"
|
|
28
|
+
- "(?i)fhir[_\\s-]?resource"
|
|
29
|
+
|
|
30
|
+
# PHI indicators
|
|
31
|
+
- "(?i)protected[_\\s-]?health"
|
|
32
|
+
- "(?i)medical[_\\s-]?record"
|
|
33
|
+
- "(?i)diagnosis[_\\s-]?code"
|
|
34
|
+
- "(?i)icd[_\\s-]?10"
|
|
35
|
+
|
|
36
|
+
# SSN
|
|
37
|
+
- "\\b\\d{3}-\\d{2}-\\d{4}\\b"
|
|
38
|
+
|
|
39
|
+
# Date of birth
|
|
40
|
+
- "(?i)date[_\\s-]?of[_\\s-]?birth\\s*[:=]"
|
|
41
|
+
- "(?i)dob\\s*[:=]"
|
|
42
|
+
|
|
43
|
+
exfiltration:
|
|
44
|
+
enabled: true
|
|
45
|
+
severity: critical
|
|
46
|
+
action: block
|
|
47
|
+
patterns:
|
|
48
|
+
- "curl.*patient"
|
|
49
|
+
- "curl.*medical"
|
|
50
|
+
- "wget.*health"
|
|
51
|
+
|
|
52
|
+
website:
|
|
53
|
+
enabled: true
|
|
54
|
+
mode: allowlist
|
|
55
|
+
allowlist:
|
|
56
|
+
- "*.healthcare.gov"
|
|
57
|
+
- "*.hl7.org"
|
|
58
|
+
- "*.fhir.org"
|
|
59
|
+
|
|
60
|
+
sanitization:
|
|
61
|
+
enabled: true
|
|
62
|
+
severity: critical
|
|
63
|
+
action: block
|
|
64
|
+
redactMatches: true
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
# Kubernetes Security Rules
|
|
2
|
+
# Protects against dangerous Kubernetes operations
|
|
3
|
+
|
|
4
|
+
name: kubernetes
|
|
5
|
+
description: Prevents destructive Kubernetes operations
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
destructive:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: confirm
|
|
13
|
+
cloud:
|
|
14
|
+
enabled: true
|
|
15
|
+
patterns:
|
|
16
|
+
# Namespace Operations
|
|
17
|
+
- "kubectl delete namespace"
|
|
18
|
+
- "kubectl delete ns"
|
|
19
|
+
- "kubectl delete -n kube-system"
|
|
20
|
+
- "kubectl delete -n default --all"
|
|
21
|
+
|
|
22
|
+
# Cluster-wide deletions
|
|
23
|
+
- "kubectl delete --all"
|
|
24
|
+
- "kubectl delete -A"
|
|
25
|
+
- "kubectl delete --all-namespaces"
|
|
26
|
+
|
|
27
|
+
# Critical resources
|
|
28
|
+
- "kubectl delete deployment"
|
|
29
|
+
- "kubectl delete statefulset"
|
|
30
|
+
- "kubectl delete daemonset"
|
|
31
|
+
- "kubectl delete pvc"
|
|
32
|
+
- "kubectl delete pv"
|
|
33
|
+
- "kubectl delete secret"
|
|
34
|
+
- "kubectl delete configmap"
|
|
35
|
+
|
|
36
|
+
# Force deletions
|
|
37
|
+
- "kubectl delete --force"
|
|
38
|
+
- "kubectl delete --grace-period=0"
|
|
39
|
+
|
|
40
|
+
# Node operations
|
|
41
|
+
- "kubectl delete node"
|
|
42
|
+
- "kubectl drain"
|
|
43
|
+
- "kubectl cordon"
|
|
44
|
+
|
|
45
|
+
# RBAC
|
|
46
|
+
- "kubectl delete clusterrole"
|
|
47
|
+
- "kubectl delete clusterrolebinding"
|
|
48
|
+
- "kubectl delete serviceaccount"
|
|
49
|
+
|
|
50
|
+
# CRDs
|
|
51
|
+
- "kubectl delete crd"
|
|
52
|
+
- "kubectl delete customresourcedefinition"
|
|
53
|
+
|
|
54
|
+
website:
|
|
55
|
+
enabled: true
|
|
56
|
+
mode: allowlist
|
|
57
|
+
allowlist:
|
|
58
|
+
- "kubernetes.io"
|
|
59
|
+
- "k8s.io"
|
|
60
|
+
- "helm.sh"
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# Messaging Services Security Rules
|
|
2
|
+
# Protects messaging service credentials
|
|
3
|
+
|
|
4
|
+
name: messaging-services
|
|
5
|
+
description: Security rules for messaging and communication services
|
|
6
|
+
version: "1.0"
|
|
7
|
+
|
|
8
|
+
rules:
|
|
9
|
+
secrets:
|
|
10
|
+
enabled: true
|
|
11
|
+
severity: critical
|
|
12
|
+
action: block
|
|
13
|
+
patterns:
|
|
14
|
+
# Slack
|
|
15
|
+
- "xoxb-[0-9]{10,}-[0-9]{10,}-[a-zA-Z0-9]{24}"
|
|
16
|
+
- "xoxp-[0-9]{10,}-[0-9]{10,}-[a-zA-Z0-9]{24}"
|
|
17
|
+
- "xoxa-[0-9]{10,}-[0-9]{10,}-[a-zA-Z0-9]{24}"
|
|
18
|
+
- "xoxr-[0-9]{10,}-[0-9]{10,}-[a-zA-Z0-9]{24}"
|
|
19
|
+
- "SLACK_BOT_TOKEN"
|
|
20
|
+
- "SLACK_WEBHOOK_URL"
|
|
21
|
+
|
|
22
|
+
# Discord
|
|
23
|
+
- "DISCORD_TOKEN"
|
|
24
|
+
- "DISCORD_WEBHOOK"
|
|
25
|
+
- "[MN][A-Za-z\\d]{23,}\\.[\\w-]{6}\\.[\\w-]{27}"
|
|
26
|
+
|
|
27
|
+
# Telegram
|
|
28
|
+
- "TELEGRAM_BOT_TOKEN"
|
|
29
|
+
- "[0-9]+:AA[0-9A-Za-z_-]{33}"
|
|
30
|
+
|
|
31
|
+
# Twilio
|
|
32
|
+
- "TWILIO_AUTH_TOKEN"
|
|
33
|
+
- "TWILIO_ACCOUNT_SID"
|
|
34
|
+
|
|
35
|
+
# SendGrid
|
|
36
|
+
- "SENDGRID_API_KEY"
|
|
37
|
+
- "SG\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9_-]{43}"
|
|
38
|
+
|
|
39
|
+
# Mailchimp
|
|
40
|
+
- "MAILCHIMP_API_KEY"
|
|
41
|
+
- "[a-f0-9]{32}-us[0-9]{1,2}"
|
|
42
|
+
|
|
43
|
+
# Postmark
|
|
44
|
+
- "POSTMARK_API_TOKEN"
|
|
45
|
+
|
|
46
|
+
# Mailgun
|
|
47
|
+
- "MAILGUN_API_KEY"
|
|
48
|
+
|
|
49
|
+
# PagerDuty
|
|
50
|
+
- "PAGERDUTY_API_KEY"
|
|
51
|
+
|
|
52
|
+
# Intercom
|
|
53
|
+
- "INTERCOM_ACCESS_TOKEN"
|