fivosense 0.1.5 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.kilo/skill/fivosense/skill.json +5 -5
- package/COMPLETE_SUMMARY.md +412 -0
- package/DEPLOYMENT_GUIDE.md +2 -2
- package/FINAL_VERIFICATION.md +316 -0
- package/GITHUB_PUSH.md +4 -4
- package/LICENSE +1 -1
- package/README.md +290 -208
- package/RELEASE_READY.md +3 -3
- package/bin/fivosense.mjs +6 -0
- package/dist/ai/client.d.ts +33 -0
- package/dist/ai/client.d.ts.map +1 -0
- package/dist/ai/client.js +170 -0
- package/dist/ai/client.js.map +1 -0
- package/dist/ai/judge.d.ts +9 -3
- package/dist/ai/judge.d.ts.map +1 -1
- package/dist/ai/judge.js +49 -14
- package/dist/ai/judge.js.map +1 -1
- package/dist/cli/index.d.ts +3 -1
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +6 -1
- package/dist/cli/index.js.map +1 -1
- package/dist/core/orchestrator.d.ts +34 -0
- package/dist/core/orchestrator.d.ts.map +1 -0
- package/dist/core/orchestrator.js +211 -0
- package/dist/core/orchestrator.js.map +1 -0
- package/dist/core/scope.d.ts +32 -0
- package/dist/core/scope.d.ts.map +1 -0
- package/dist/core/scope.js +149 -0
- package/dist/core/scope.js.map +1 -0
- package/dist/editors/vscode.d.ts +4 -2
- package/dist/editors/vscode.d.ts.map +1 -1
- package/dist/editors/vscode.js +6 -0
- package/dist/editors/vscode.js.map +1 -1
- package/dist/engine/adversary.d.ts +9 -2
- package/dist/engine/adversary.d.ts.map +1 -1
- package/dist/engine/adversary.js +47 -13
- package/dist/engine/adversary.js.map +1 -1
- package/dist/engine/graph.d.ts +4 -1
- package/dist/engine/graph.d.ts.map +1 -1
- package/dist/engine/graph.js +6 -0
- package/dist/engine/graph.js.map +1 -1
- package/dist/engine/poc.d.ts +26 -0
- package/dist/engine/poc.d.ts.map +1 -0
- package/dist/engine/poc.js +179 -0
- package/dist/engine/poc.js.map +1 -0
- package/dist/engine/reach.d.ts +4 -2
- package/dist/engine/reach.d.ts.map +1 -1
- package/dist/engine/reach.js +6 -0
- package/dist/engine/reach.js.map +1 -1
- package/dist/engine/sinks.d.ts +22 -32
- package/dist/engine/sinks.d.ts.map +1 -1
- package/dist/engine/sinks.js +338 -44
- package/dist/engine/sinks.js.map +1 -1
- package/dist/engine/sources.d.ts +11 -19
- package/dist/engine/sources.d.ts.map +1 -1
- package/dist/engine/sources.js +100 -24
- package/dist/engine/sources.js.map +1 -1
- package/dist/engine/taint.d.ts +6 -0
- package/dist/engine/taint.d.ts.map +1 -1
- package/dist/engine/taint.js +6 -0
- package/dist/engine/taint.js.map +1 -1
- package/dist/engine/verify.d.ts +4 -1
- package/dist/engine/verify.d.ts.map +1 -1
- package/dist/engine/verify.js +6 -0
- package/dist/engine/verify.js.map +1 -1
- package/dist/features/badge.d.ts +6 -0
- package/dist/features/badge.d.ts.map +1 -1
- package/dist/features/badge.js +4 -1
- package/dist/features/badge.js.map +1 -1
- package/dist/features/fix.d.ts +6 -0
- package/dist/features/fix.d.ts.map +1 -1
- package/dist/features/fix.js +4 -1
- package/dist/features/fix.js.map +1 -1
- package/dist/features/index.d.ts +6 -0
- package/dist/features/index.d.ts.map +1 -1
- package/dist/features/index.js +6 -0
- package/dist/features/index.js.map +1 -1
- package/dist/features/roast.d.ts +6 -0
- package/dist/features/roast.d.ts.map +1 -1
- package/dist/features/roast.js +4 -1
- package/dist/features/roast.js.map +1 -1
- package/dist/hooks/agent.d.ts +4 -1
- package/dist/hooks/agent.d.ts.map +1 -1
- package/dist/hooks/agent.js +6 -0
- package/dist/hooks/agent.js.map +1 -1
- package/dist/hooks/git.d.ts +34 -0
- package/dist/hooks/git.d.ts.map +1 -0
- package/dist/hooks/git.js +161 -0
- package/dist/hooks/git.js.map +1 -0
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -1
- package/dist/rules/destructive.d.ts +12 -21
- package/dist/rules/destructive.d.ts.map +1 -1
- package/dist/rules/destructive.js +306 -24
- package/dist/rules/destructive.js.map +1 -1
- package/dist/rules/secrets.d.ts +8 -10
- package/dist/rules/secrets.d.ts.map +1 -1
- package/dist/rules/secrets.js +294 -17
- package/dist/rules/secrets.js.map +1 -1
- package/mcp/index.js +55 -20
- package/mcp/package-lock.json +382 -0
- package/mcp/package.json +21 -4
- package/package.json +5 -5
- package/src/ai/client.ts +226 -0
- package/src/ai/judge.ts +58 -14
- package/src/cli/index.ts +7 -1
- package/src/core/orchestrator.ts +266 -0
- package/src/core/scope.ts +175 -0
- package/src/editors/vscode.ts +7 -0
- package/src/engine/adversary.ts +55 -12
- package/src/engine/graph.ts +7 -0
- package/src/engine/poc.ts +219 -0
- package/src/engine/reach.ts +7 -0
- package/src/engine/sinks.ts +358 -45
- package/src/engine/sources.ts +109 -24
- package/src/engine/taint.ts +7 -0
- package/src/engine/verify.ts +7 -0
- package/src/features/badge.ts +7 -0
- package/src/features/fix.ts +7 -0
- package/src/features/index.ts +7 -0
- package/src/features/roast.ts +7 -0
- package/src/hooks/agent.ts +7 -0
- package/src/hooks/git.ts +194 -0
- package/src/index.ts +7 -0
- package/src/rules/destructive.ts +316 -26
- package/src/rules/secrets.ts +306 -17
- package/vscode-extension/CHANGELOG.md +14 -2
- package/vscode-extension/LICENSE +1 -1
- package/vscode-extension/README.md +28 -23
- package/vscode-extension/fivosense-vscode-0.1.0.vsix +0 -0
- package/vscode-extension/fivosense-vscode-0.1.1.vsix +0 -0
- package/vscode-extension/package-lock.json +6 -6
- package/vscode-extension/package.json +7 -5
- package/vscode-extension/src/extension.ts +65 -11
package/dist/engine/reach.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"reach.js","sourceRoot":"","sources":["../../src/engine/reach.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,KAAK,cAAc,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAElC,aAAa;AACb,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,IAAI,cAAc,CAAC;AAW1D;;GAEG;AACH,MAAM,oBAAoB,GAAG;IAC3B,mCAAmC;IACnC,sCAAsC;IACtC,YAAY;IACZ,kBAAkB;IAClB,UAAU;IACV,kBAAkB;IAClB,UAAU;CACX,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE;QACtB,UAAU,EAAE,QAAQ;QACpB,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC;QAC9B,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC7C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEpD,QAAgB,CAAC,GAAG,EAAE;QACrB,mBAAmB,CAAC,IAAS;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC;YAChC,IAAI,IAAI,EAAE,CAAC;gBACT,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,cAAc,CAAC,IAAS;YACtB,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAE/C,IAAI,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAClE,IAAI,CAAC,CAAC,oBAAoB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9E,aAAa,CAAC,QAAQ,EAAE,kBAAkB,EAAE,cAAc,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,KAAK,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC;IAE/B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;QAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QACnC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAErB,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEhC,MAAM,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;QACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,IAAI,CAAC,CAAC;IAC1C,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,CAAC;IAC/C,MAAM,SAAS,GAAG,CAAC,CAAC,UAAU,GAAG,cAAc,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC;IAErE,OAAO;QACL,kBAAkB;QAClB,cAAc;QACd,WAAW;QACX,cAAc,EAAE,UAAU;QAC1B,sBAAsB,EAAE,cAAc;QACtC,gBAAgB,EAAE,SAAS;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,IAAI,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC;IAC3C,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACrE,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,aAAa,CACpB,IAAY,EACZ,kBAA+B,EAC/B,cAA2B;IAE3B,IAAI,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;QACtE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9D,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,KAAU,EACV,YAAgC;IAEhC,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CACzB,YAAY,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC;QACtC,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CACpD,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"reach.js","sourceRoot":"","sources":["../../src/engine/reach.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,KAAK,cAAc,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAElC,aAAa;AACb,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,IAAI,cAAc,CAAC;AAW1D;;GAEG;AACH,MAAM,oBAAoB,GAAG;IAC3B,mCAAmC;IACnC,sCAAsC;IACtC,YAAY;IACZ,kBAAkB;IAClB,UAAU;IACV,kBAAkB;IAClB,UAAU;CACX,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE;QACtB,UAAU,EAAE,QAAQ;QACpB,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC;QAC9B,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC7C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEpD,QAAgB,CAAC,GAAG,EAAE;QACrB,mBAAmB,CAAC,IAAS;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC;YAChC,IAAI,IAAI,EAAE,CAAC;gBACT,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,cAAc,CAAC,IAAS;YACtB,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAE/C,IAAI,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAClE,IAAI,CAAC,CAAC,oBAAoB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9E,aAAa,CAAC,QAAQ,EAAE,kBAAkB,EAAE,cAAc,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,KAAK,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC;IAE/B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;QAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QACnC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAErB,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEhC,MAAM,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;QACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,IAAI,CAAC,CAAC;IAC1C,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,CAAC;IAC/C,MAAM,SAAS,GAAG,CAAC,CAAC,UAAU,GAAG,cAAc,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC;IAErE,OAAO;QACL,kBAAkB;QAClB,cAAc;QACd,WAAW;QACX,cAAc,EAAE,UAAU;QAC1B,sBAAsB,EAAE,cAAc;QACtC,gBAAgB,EAAE,SAAS;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,IAAI,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC;IAC3C,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACrE,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,aAAa,CACpB,IAAY,EACZ,kBAA+B,EAC/B,cAA2B;IAE3B,IAAI,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;QACtE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9D,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,KAAU,EACV,YAAgC;IAEhC,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CACzB,YAAY,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC;QACtC,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CACpD,CAAC;AACJ,CAAC"}
|
package/dist/engine/sinks.d.ts
CHANGED
|
@@ -1,52 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
6
|
+
*/
|
|
1
7
|
/**
|
|
2
8
|
* Catalog of dangerous sinks (vulnerability endpoints)
|
|
3
|
-
*
|
|
9
|
+
* 150+ patterns across 14 categories
|
|
4
10
|
*/
|
|
5
11
|
export interface SinkPattern {
|
|
6
12
|
pattern: string;
|
|
7
|
-
category: 'sql' | 'nosql' | 'command' | 'code' | 'xss' | 'path' | 'xxe';
|
|
13
|
+
category: 'sql' | 'nosql' | 'command' | 'code' | 'xss' | 'path' | 'xxe' | 'ssrf' | 'deserialization' | 'ldap' | 'ssti' | 'header_injection' | 'open_redirect' | 'auth_bypass' | 'jwt' | 'graphql' | 'prototype_pollution' | 'regex_dos' | 'crypto' | 'upload';
|
|
8
14
|
description: string;
|
|
9
15
|
severity: 'critical' | 'high' | 'medium';
|
|
10
16
|
cwe?: string;
|
|
11
17
|
}
|
|
12
|
-
/**
|
|
13
|
-
* SQL injection sinks
|
|
14
|
-
*/
|
|
15
18
|
export declare const SQL_SINKS: SinkPattern[];
|
|
16
|
-
/**
|
|
17
|
-
* NoSQL injection sinks
|
|
18
|
-
*/
|
|
19
19
|
export declare const NOSQL_SINKS: SinkPattern[];
|
|
20
|
-
/**
|
|
21
|
-
* Command injection sinks
|
|
22
|
-
*/
|
|
23
20
|
export declare const COMMAND_SINKS: SinkPattern[];
|
|
24
|
-
/**
|
|
25
|
-
* Code injection sinks
|
|
26
|
-
*/
|
|
27
21
|
export declare const CODE_SINKS: SinkPattern[];
|
|
28
|
-
/**
|
|
29
|
-
* XSS sinks
|
|
30
|
-
*/
|
|
31
22
|
export declare const XSS_SINKS: SinkPattern[];
|
|
32
|
-
/**
|
|
33
|
-
* Path traversal sinks
|
|
34
|
-
*/
|
|
35
23
|
export declare const PATH_SINKS: SinkPattern[];
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
24
|
+
export declare const XXE_SINKS: SinkPattern[];
|
|
25
|
+
export declare const SSRF_SINKS: SinkPattern[];
|
|
26
|
+
export declare const DESERIALIZATION_SINKS: SinkPattern[];
|
|
27
|
+
export declare const LDAP_SINKS: SinkPattern[];
|
|
28
|
+
export declare const SSTI_SINKS: SinkPattern[];
|
|
29
|
+
export declare const HEADER_INJECTION_SINKS: SinkPattern[];
|
|
30
|
+
export declare const OPEN_REDIRECT_SINKS: SinkPattern[];
|
|
31
|
+
export declare const AUTH_BYPASS_SINKS: SinkPattern[];
|
|
32
|
+
export declare const JWT_SINKS: SinkPattern[];
|
|
33
|
+
export declare const GRAPHQL_SINKS: SinkPattern[];
|
|
34
|
+
export declare const PROTOTYPE_POLLUTION_SINKS: SinkPattern[];
|
|
35
|
+
export declare const REGEX_DOS_SINKS: SinkPattern[];
|
|
36
|
+
export declare const CRYPTO_SINKS: SinkPattern[];
|
|
37
|
+
export declare const UPLOAD_SINKS: SinkPattern[];
|
|
39
38
|
export declare const ALL_SINKS: SinkPattern[];
|
|
40
|
-
/**
|
|
41
|
-
* Check if a code string matches any sink pattern
|
|
42
|
-
*/
|
|
43
39
|
export declare function isSink(code: string): SinkPattern | null;
|
|
44
|
-
/**
|
|
45
|
-
* Get all sinks matching a category
|
|
46
|
-
*/
|
|
47
40
|
export declare function getSinksByCategory(category: SinkPattern['category']): SinkPattern[];
|
|
48
|
-
/**
|
|
49
|
-
* Get sinks by severity
|
|
50
|
-
*/
|
|
51
41
|
export declare function getSinksBySeverity(severity: SinkPattern['severity']): SinkPattern[];
|
|
52
42
|
//# sourceMappingURL=sinks.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sinks.d.ts","sourceRoot":"","sources":["../../src/engine/sinks.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"sinks.d.ts","sourceRoot":"","sources":["../../src/engine/sinks.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AAEH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,iBAAiB,GAAG,MAAM,GAAG,MAAM,GAAG,kBAAkB,GAAG,eAAe,GAAG,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,qBAAqB,GAAG,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9P,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAKD,eAAO,MAAM,SAAS,EAAE,WAAW,EA2BlC,CAAC;AAKF,eAAO,MAAM,WAAW,EAAE,WAAW,EAmBpC,CAAC;AAKF,eAAO,MAAM,aAAa,EAAE,WAAW,EAYtC,CAAC;AAKF,eAAO,MAAM,UAAU,EAAE,WAAW,EAanC,CAAC;AAKF,eAAO,MAAM,SAAS,EAAE,WAAW,EAwBlC,CAAC;AAKF,eAAO,MAAM,UAAU,EAAE,WAAW,EAuBnC,CAAC;AAKF,eAAO,MAAM,SAAS,EAAE,WAAW,EASlC,CAAC;AAKF,eAAO,MAAM,UAAU,EAAE,WAAW,EAsBnC,CAAC;AAKF,eAAO,MAAM,qBAAqB,EAAE,WAAW,EAW9C,CAAC;AAKF,eAAO,MAAM,UAAU,EAAE,WAAW,EAQnC,CAAC;AAKF,eAAO,MAAM,UAAU,EAAE,WAAW,EAenC,CAAC;AAKF,eAAO,MAAM,sBAAsB,EAAE,WAAW,EAS/C,CAAC;AAKF,eAAO,MAAM,mBAAmB,EAAE,WAAW,EAU5C,CAAC;AAKF,eAAO,MAAM,iBAAiB,EAAE,WAAW,EAS1C,CAAC;AAKF,eAAO,MAAM,SAAS,EAAE,WAAW,EAWlC,CAAC;AAKF,eAAO,MAAM,aAAa,EAAE,WAAW,EAOtC,CAAC;AAKF,eAAO,MAAM,yBAAyB,EAAE,WAAW,EASlD,CAAC;AAKF,eAAO,MAAM,eAAe,EAAE,WAAW,EAQxC,CAAC;AAKF,eAAO,MAAM,YAAY,EAAE,WAAW,EAWrC,CAAC;AAKF,eAAO,MAAM,YAAY,EAAE,WAAW,EAOrC,CAAC;AAKF,eAAO,MAAM,SAAS,EAAE,WAAW,EAqBlC,CAAC;AAEF,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAOvD;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC,GAAG,WAAW,EAAE,CAEnF;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC,GAAG,WAAW,EAAE,CAEnF"}
|
package/dist/engine/sinks.js
CHANGED
|
@@ -1,67 +1,356 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
*
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
* SQL injection sinks
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
7
6
|
*/
|
|
7
|
+
// ============================================================
|
|
8
|
+
// SQL Injection — CWE-89
|
|
9
|
+
// ============================================================
|
|
8
10
|
export const SQL_SINKS = [
|
|
9
11
|
{ pattern: 'db.execute', category: 'sql', description: 'SQL execution', severity: 'critical', cwe: 'CWE-89' },
|
|
10
12
|
{ pattern: 'db.query', category: 'sql', description: 'SQL query', severity: 'critical', cwe: 'CWE-89' },
|
|
11
13
|
{ pattern: 'connection.query', category: 'sql', description: 'MySQL query', severity: 'critical', cwe: 'CWE-89' },
|
|
14
|
+
{ pattern: 'connection.execute', category: 'sql', description: 'MySQL prepared exec', severity: 'critical', cwe: 'CWE-89' },
|
|
12
15
|
{ pattern: 'pool.query', category: 'sql', description: 'Connection pool query', severity: 'critical', cwe: 'CWE-89' },
|
|
16
|
+
{ pattern: 'pool.execute', category: 'sql', description: 'Pool prepared exec', severity: 'critical', cwe: 'CWE-89' },
|
|
17
|
+
{ pattern: 'client.query', category: 'sql', description: 'PostgreSQL client query', severity: 'critical', cwe: 'CWE-89' },
|
|
13
18
|
{ pattern: 'executeQuery', category: 'sql', description: 'Generic SQL exec', severity: 'critical', cwe: 'CWE-89' },
|
|
19
|
+
{ pattern: 'knex.raw', category: 'sql', description: 'Knex raw SQL', severity: 'critical', cwe: 'CWE-89' },
|
|
20
|
+
{ pattern: 'knex.select().whereRaw', category: 'sql', description: 'Knex raw WHERE', severity: 'critical', cwe: 'CWE-89' },
|
|
21
|
+
{ pattern: 'sequelize.query', category: 'sql', description: 'Sequelize raw query', severity: 'critical', cwe: 'CWE-89' },
|
|
22
|
+
{ pattern: 'TypeORM.query', category: 'sql', description: 'TypeORM raw query', severity: 'critical', cwe: 'CWE-89' },
|
|
23
|
+
{ pattern: 'prisma.$queryRaw', category: 'sql', description: 'Prisma raw query', severity: 'critical', cwe: 'CWE-89' },
|
|
24
|
+
{ pattern: 'prisma.$executeRaw', category: 'sql', description: 'Prisma raw execute', severity: 'critical', cwe: 'CWE-89' },
|
|
25
|
+
{ pattern: '$queryRaw', category: 'sql', description: 'Prisma raw query shorthand', severity: 'critical', cwe: 'CWE-89' },
|
|
26
|
+
{ pattern: '$executeRaw', category: 'sql', description: 'Prisma raw execute shorthand', severity: 'critical', cwe: 'CWE-89' },
|
|
27
|
+
{ pattern: 'orm.query', category: 'sql', description: 'ORM raw query', severity: 'critical', cwe: 'CWE-89' },
|
|
28
|
+
{ pattern: 'db.all', category: 'sql', description: 'SQLite all rows', severity: 'critical', cwe: 'CWE-89' },
|
|
29
|
+
{ pattern: 'db.get', category: 'sql', description: 'SQLite single row', severity: 'critical', cwe: 'CWE-89' },
|
|
30
|
+
{ pattern: 'db.run', category: 'sql', description: 'SQLite run statement', severity: 'critical', cwe: 'CWE-89' },
|
|
31
|
+
{ pattern: 'db.each', category: 'sql', description: 'SQLite iterate', severity: 'critical', cwe: 'CWE-89' },
|
|
32
|
+
{ pattern: 'db.prepare', category: 'sql', description: 'SQLite prepared statement', severity: 'critical', cwe: 'CWE-89' },
|
|
33
|
+
{ pattern: 'mssql.query', category: 'sql', description: 'MSSQL query', severity: 'critical', cwe: 'CWE-89' },
|
|
34
|
+
{ pattern: 'oracledb.execute', category: 'sql', description: 'Oracle DB execute', severity: 'critical', cwe: 'CWE-89' },
|
|
35
|
+
{ pattern: 'pg.query', category: 'sql', description: 'pg (node-postgres) query', severity: 'critical', cwe: 'CWE-89' },
|
|
36
|
+
{ pattern: 'mysql.query', category: 'sql', description: 'mysql module query', severity: 'critical', cwe: 'CWE-89' },
|
|
14
37
|
];
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
38
|
+
// ============================================================
|
|
39
|
+
// NoSQL Injection — CWE-943
|
|
40
|
+
// ============================================================
|
|
18
41
|
export const NOSQL_SINKS = [
|
|
19
42
|
{ pattern: 'find', category: 'nosql', description: 'MongoDB find', severity: 'high', cwe: 'CWE-943' },
|
|
20
43
|
{ pattern: 'findOne', category: 'nosql', description: 'MongoDB findOne', severity: 'high', cwe: 'CWE-943' },
|
|
21
|
-
{ pattern: '
|
|
22
|
-
{ pattern: '
|
|
44
|
+
{ pattern: 'findOneAndUpdate', category: 'nosql', description: 'MongoDB findOneAndUpdate', severity: 'high', cwe: 'CWE-943' },
|
|
45
|
+
{ pattern: 'findOneAndDelete', category: 'nosql', description: 'MongoDB findOneAndDelete', severity: 'high', cwe: 'CWE-943' },
|
|
46
|
+
{ pattern: 'findOneAndReplace', category: 'nosql', description: 'MongoDB findOneAndReplace', severity: 'high', cwe: 'CWE-943' },
|
|
47
|
+
{ pattern: 'updateOne', category: 'nosql', description: 'MongoDB updateOne', severity: 'high', cwe: 'CWE-943' },
|
|
48
|
+
{ pattern: 'updateMany', category: 'nosql', description: 'MongoDB updateMany', severity: 'high', cwe: 'CWE-943' },
|
|
49
|
+
{ pattern: 'deleteOne', category: 'nosql', description: 'MongoDB deleteOne', severity: 'high', cwe: 'CWE-943' },
|
|
50
|
+
{ pattern: 'deleteMany', category: 'nosql', description: 'MongoDB deleteMany', severity: 'high', cwe: 'CWE-943' },
|
|
51
|
+
{ pattern: 'aggregate', category: 'nosql', description: 'MongoDB aggregate', severity: 'high', cwe: 'CWE-943' },
|
|
52
|
+
{ pattern: 'insertOne', category: 'nosql', description: 'MongoDB insertOne', severity: 'high', cwe: 'CWE-943' },
|
|
53
|
+
{ pattern: 'insertMany', category: 'nosql', description: 'MongoDB insertMany', severity: 'high', cwe: 'CWE-943' },
|
|
54
|
+
{ pattern: 'replaceOne', category: 'nosql', description: 'MongoDB replaceOne', severity: 'high', cwe: 'CWE-943' },
|
|
55
|
+
{ pattern: 'bulkWrite', category: 'nosql', description: 'MongoDB bulkWrite', severity: 'high', cwe: 'CWE-943' },
|
|
56
|
+
{ pattern: 'redis.set', category: 'nosql', description: 'Redis SET', severity: 'medium', cwe: 'CWE-943' },
|
|
57
|
+
{ pattern: 'redis.get', category: 'nosql', description: 'Redis GET', severity: 'medium', cwe: 'CWE-943' },
|
|
58
|
+
{ pattern: 'redis.eval', category: 'nosql', description: 'Redis Lua eval', severity: 'high', cwe: 'CWE-943' },
|
|
59
|
+
{ pattern: 'redis.hset', category: 'nosql', description: 'Redis hash set', severity: 'medium', cwe: 'CWE-943' },
|
|
23
60
|
];
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
61
|
+
// ============================================================
|
|
62
|
+
// Command Injection — CWE-78
|
|
63
|
+
// ============================================================
|
|
27
64
|
export const COMMAND_SINKS = [
|
|
28
|
-
{ pattern: 'exec', category: 'command', description: '
|
|
29
|
-
{ pattern: 'execSync', category: 'command', description: 'Sync command
|
|
65
|
+
{ pattern: 'exec', category: 'command', description: 'Shell command execution', severity: 'critical', cwe: 'CWE-78' },
|
|
66
|
+
{ pattern: 'execSync', category: 'command', description: 'Sync shell command', severity: 'critical', cwe: 'CWE-78' },
|
|
30
67
|
{ pattern: 'spawn', category: 'command', description: 'Process spawn', severity: 'critical', cwe: 'CWE-78' },
|
|
31
68
|
{ pattern: 'spawnSync', category: 'command', description: 'Sync process spawn', severity: 'critical', cwe: 'CWE-78' },
|
|
32
69
|
{ pattern: 'execFile', category: 'command', description: 'File execution', severity: 'critical', cwe: 'CWE-78' },
|
|
70
|
+
{ pattern: 'execFileSync', category: 'command', description: 'Sync file execution', severity: 'critical', cwe: 'CWE-78' },
|
|
71
|
+
{ pattern: 'fork', category: 'command', description: 'Child process fork', severity: 'critical', cwe: 'CWE-78' },
|
|
72
|
+
{ pattern: 'execa', category: 'command', description: 'Execa process execution', severity: 'critical', cwe: 'CWE-78' },
|
|
73
|
+
{ pattern: 'shelljs.exec', category: 'command', description: 'ShellJS exec', severity: 'critical', cwe: 'CWE-78' },
|
|
74
|
+
{ pattern: 'child_process', category: 'command', description: 'Child process module', severity: 'high', cwe: 'CWE-78' },
|
|
75
|
+
{ pattern: 'open(', category: 'command', description: 'Open URL/file handler', severity: 'high', cwe: 'CWE-78' },
|
|
33
76
|
];
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
77
|
+
// ============================================================
|
|
78
|
+
// Code Injection — CWE-94
|
|
79
|
+
// ============================================================
|
|
37
80
|
export const CODE_SINKS = [
|
|
38
|
-
{ pattern: 'eval', category: 'code', description: '
|
|
81
|
+
{ pattern: 'eval', category: 'code', description: 'JavaScript eval()', severity: 'critical', cwe: 'CWE-94' },
|
|
39
82
|
{ pattern: 'Function', category: 'code', description: 'Dynamic function creation', severity: 'critical', cwe: 'CWE-94' },
|
|
40
|
-
{ pattern: 'setTimeout', category: 'code', description: '
|
|
41
|
-
{ pattern: 'setInterval', category: 'code', description: '
|
|
83
|
+
{ pattern: 'setTimeout', category: 'code', description: 'setTimeout with string', severity: 'high', cwe: 'CWE-94' },
|
|
84
|
+
{ pattern: 'setInterval', category: 'code', description: 'setInterval with string', severity: 'high', cwe: 'CWE-94' },
|
|
85
|
+
{ pattern: 'setImmediate', category: 'code', description: 'setImmediate with string', severity: 'high', cwe: 'CWE-94' },
|
|
86
|
+
{ pattern: 'new Function', category: 'code', description: 'Function constructor', severity: 'critical', cwe: 'CWE-94' },
|
|
87
|
+
{ pattern: 'vm.runInContext', category: 'code', description: 'VM context execution', severity: 'critical', cwe: 'CWE-94' },
|
|
88
|
+
{ pattern: 'vm.runInNewContext', category: 'code', description: 'VM new context execution', severity: 'critical', cwe: 'CWE-94' },
|
|
89
|
+
{ pattern: 'vm.compileFunction', category: 'code', description: 'VM compile function', severity: 'critical', cwe: 'CWE-94' },
|
|
90
|
+
{ pattern: 'vm.Script', category: 'code', description: 'VM script creation', severity: 'critical', cwe: 'CWE-94' },
|
|
91
|
+
{ pattern: 'vm.runInThisContext', category: 'code', description: 'VM run in this context', severity: 'critical', cwe: 'CWE-94' },
|
|
92
|
+
{ pattern: 'import(', category: 'code', description: 'Dynamic import', severity: 'high', cwe: 'CWE-94' },
|
|
42
93
|
];
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
94
|
+
// ============================================================
|
|
95
|
+
// XSS — CWE-79
|
|
96
|
+
// ============================================================
|
|
46
97
|
export const XSS_SINKS = [
|
|
47
|
-
{ pattern: 'res.send', category: 'xss', description: 'HTTP response', severity: 'high', cwe: 'CWE-79' },
|
|
48
|
-
{ pattern: 'res.write', category: 'xss', description: 'HTTP write', severity: 'high', cwe: 'CWE-79' },
|
|
98
|
+
{ pattern: 'res.send', category: 'xss', description: 'HTTP response send', severity: 'high', cwe: 'CWE-79' },
|
|
99
|
+
{ pattern: 'res.write', category: 'xss', description: 'HTTP response write', severity: 'high', cwe: 'CWE-79' },
|
|
100
|
+
{ pattern: 'res.json', category: 'xss', description: 'HTTP JSON response', severity: 'high', cwe: 'CWE-79' },
|
|
101
|
+
{ pattern: 'res.render', category: 'xss', description: 'Template render', severity: 'high', cwe: 'CWE-79' },
|
|
102
|
+
{ pattern: 'res.redirect', category: 'xss', description: 'HTTP redirect', severity: 'high', cwe: 'CWE-79' },
|
|
103
|
+
{ pattern: 'response.write', category: 'xss', description: 'Raw response write', severity: 'high', cwe: 'CWE-79' },
|
|
104
|
+
{ pattern: 'response.end', category: 'xss', description: 'Response end with body', severity: 'high', cwe: 'CWE-79' },
|
|
49
105
|
{ pattern: 'innerHTML', category: 'xss', description: 'DOM innerHTML', severity: 'critical', cwe: 'CWE-79' },
|
|
50
106
|
{ pattern: 'outerHTML', category: 'xss', description: 'DOM outerHTML', severity: 'critical', cwe: 'CWE-79' },
|
|
51
107
|
{ pattern: 'document.write', category: 'xss', description: 'Document write', severity: 'critical', cwe: 'CWE-79' },
|
|
108
|
+
{ pattern: 'document.writeln', category: 'xss', description: 'Document writeln', severity: 'critical', cwe: 'CWE-79' },
|
|
109
|
+
{ pattern: 'insertAdjacentHTML', category: 'xss', description: 'Insert adjacent HTML', severity: 'critical', cwe: 'CWE-79' },
|
|
110
|
+
{ pattern: 'dangerouslySetInnerHTML', category: 'xss', description: 'React dangerouslySetInnerHTML', severity: 'critical', cwe: 'CWE-79' },
|
|
111
|
+
{ pattern: 'v-html', category: 'xss', description: 'Vue.js v-html directive', severity: 'critical', cwe: 'CWE-79' },
|
|
112
|
+
{ pattern: '[innerHTML]', category: 'xss', description: 'Angular innerHTML binding', severity: 'critical', cwe: 'CWE-79' },
|
|
113
|
+
{ pattern: 'jQuery.html', category: 'xss', description: 'jQuery .html()', severity: 'critical', cwe: 'CWE-79' },
|
|
114
|
+
{ pattern: '.html(', category: 'xss', description: 'jQuery/html setter', severity: 'critical', cwe: 'CWE-79' },
|
|
115
|
+
{ pattern: '.append(', category: 'xss', description: 'DOM append with HTML', severity: 'high', cwe: 'CWE-79' },
|
|
116
|
+
{ pattern: '.prepend(', category: 'xss', description: 'DOM prepend with HTML', severity: 'high', cwe: 'CWE-79' },
|
|
117
|
+
{ pattern: '.after(', category: 'xss', description: 'DOM after with HTML', severity: 'high', cwe: 'CWE-79' },
|
|
118
|
+
{ pattern: '.before(', category: 'xss', description: 'DOM before with HTML', severity: 'high', cwe: 'CWE-79' },
|
|
119
|
+
{ pattern: 'replace(', category: 'xss', description: 'String replace (potential XSS)', severity: 'medium', cwe: 'CWE-79' },
|
|
120
|
+
{ pattern: 'srcdoc', category: 'xss', description: 'Iframe srcdoc attribute', severity: 'high', cwe: 'CWE-79' },
|
|
52
121
|
];
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
122
|
+
// ============================================================
|
|
123
|
+
// Path Traversal — CWE-22
|
|
124
|
+
// ============================================================
|
|
56
125
|
export const PATH_SINKS = [
|
|
57
|
-
{ pattern: 'fs.readFile', category: 'path', description: '
|
|
58
|
-
{ pattern: 'fs.writeFile', category: 'path', description: 'File write', severity: 'critical', cwe: 'CWE-22' },
|
|
59
|
-
{ pattern: 'fs.unlink', category: 'path', description: 'File delete', severity: 'critical', cwe: 'CWE-22' },
|
|
126
|
+
{ pattern: 'fs.readFile', category: 'path', description: 'Async file read', severity: 'high', cwe: 'CWE-22' },
|
|
60
127
|
{ pattern: 'fs.readFileSync', category: 'path', description: 'Sync file read', severity: 'high', cwe: 'CWE-22' },
|
|
128
|
+
{ pattern: 'fs.writeFile', category: 'path', description: 'Async file write', severity: 'critical', cwe: 'CWE-22' },
|
|
129
|
+
{ pattern: 'fs.writeFileSync', category: 'path', description: 'Sync file write', severity: 'critical', cwe: 'CWE-22' },
|
|
130
|
+
{ pattern: 'fs.unlink', category: 'path', description: 'File delete', severity: 'critical', cwe: 'CWE-22' },
|
|
131
|
+
{ pattern: 'fs.unlinkSync', category: 'path', description: 'Sync file delete', severity: 'critical', cwe: 'CWE-22' },
|
|
132
|
+
{ pattern: 'fs.appendFile', category: 'path', description: 'Append to file', severity: 'high', cwe: 'CWE-22' },
|
|
133
|
+
{ pattern: 'fs.mkdir', category: 'path', description: 'Create directory', severity: 'high', cwe: 'CWE-22' },
|
|
134
|
+
{ pattern: 'fs.readdir', category: 'path', description: 'Read directory', severity: 'high', cwe: 'CWE-22' },
|
|
135
|
+
{ pattern: 'fs.stat', category: 'path', description: 'File stat', severity: 'medium', cwe: 'CWE-22' },
|
|
136
|
+
{ pattern: 'fs.access', category: 'path', description: 'File access check', severity: 'medium', cwe: 'CWE-22' },
|
|
137
|
+
{ pattern: 'fs.chmod', category: 'path', description: 'Change permissions', severity: 'critical', cwe: 'CWE-22' },
|
|
138
|
+
{ pattern: 'fs.chown', category: 'path', description: 'Change ownership', severity: 'critical', cwe: 'CWE-22' },
|
|
139
|
+
{ pattern: 'fs.rename', category: 'path', description: 'Rename file', severity: 'high', cwe: 'CWE-22' },
|
|
140
|
+
{ pattern: 'fs.copyFile', category: 'path', description: 'Copy file', severity: 'high', cwe: 'CWE-22' },
|
|
141
|
+
{ pattern: 'fs.symlink', category: 'path', description: 'Create symlink', severity: 'high', cwe: 'CWE-22' },
|
|
142
|
+
{ pattern: 'path.join', category: 'path', description: 'Path join (potential traversal)', severity: 'medium', cwe: 'CWE-22' },
|
|
143
|
+
{ pattern: 'path.resolve', category: 'path', description: 'Path resolve (potential traversal)', severity: 'medium', cwe: 'CWE-22' },
|
|
144
|
+
{ pattern: 'express.static', category: 'path', description: 'Static file serving', severity: 'medium', cwe: 'CWE-22' },
|
|
145
|
+
{ pattern: 'sendFile', category: 'path', description: 'Express sendFile', severity: 'high', cwe: 'CWE-22' },
|
|
146
|
+
{ pattern: 'createReadStream', category: 'path', description: 'Create read stream', severity: 'high', cwe: 'CWE-22' },
|
|
147
|
+
{ pattern: 'createWriteStream', category: 'path', description: 'Create write stream', severity: 'high', cwe: 'CWE-22' },
|
|
61
148
|
];
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
149
|
+
// ============================================================
|
|
150
|
+
// XXE — CWE-611
|
|
151
|
+
// ============================================================
|
|
152
|
+
export const XXE_SINKS = [
|
|
153
|
+
{ pattern: 'libxmljs.parseXml', category: 'xxe', description: 'libxmljs XML parse', severity: 'critical', cwe: 'CWE-611' },
|
|
154
|
+
{ pattern: 'xml2js.parseString', category: 'xxe', description: 'xml2js parse', severity: 'high', cwe: 'CWE-611' },
|
|
155
|
+
{ pattern: 'xml2js.parseStringPromise', category: 'xxe', description: 'xml2js async parse', severity: 'high', cwe: 'CWE-611' },
|
|
156
|
+
{ pattern: 'DOMParser', category: 'xxe', description: 'DOM XML parser', severity: 'high', cwe: 'CWE-611' },
|
|
157
|
+
{ pattern: 'SAXParser', category: 'xxe', description: 'SAX XML parser', severity: 'high', cwe: 'CWE-611' },
|
|
158
|
+
{ pattern: 'XMLHttpRequest', category: 'xxe', description: 'XHR (potential XXE)', severity: 'medium', cwe: 'CWE-611' },
|
|
159
|
+
{ pattern: 'parseXml', category: 'xxe', description: 'Generic XML parse', severity: 'high', cwe: 'CWE-611' },
|
|
160
|
+
{ pattern: 'loadXml', category: 'xxe', description: 'Load XML document', severity: 'high', cwe: 'CWE-611' },
|
|
161
|
+
];
|
|
162
|
+
// ============================================================
|
|
163
|
+
// SSRF — CWE-918
|
|
164
|
+
// ============================================================
|
|
165
|
+
export const SSRF_SINKS = [
|
|
166
|
+
{ pattern: 'axios.get', category: 'ssrf', description: 'Axios HTTP GET', severity: 'high', cwe: 'CWE-918' },
|
|
167
|
+
{ pattern: 'axios.post', category: 'ssrf', description: 'Axios HTTP POST', severity: 'high', cwe: 'CWE-918' },
|
|
168
|
+
{ pattern: 'axios.put', category: 'ssrf', description: 'Axios HTTP PUT', severity: 'high', cwe: 'CWE-918' },
|
|
169
|
+
{ pattern: 'axios.delete', category: 'ssrf', description: 'Axios HTTP DELETE', severity: 'high', cwe: 'CWE-918' },
|
|
170
|
+
{ pattern: 'axios.patch', category: 'ssrf', description: 'Axios HTTP PATCH', severity: 'high', cwe: 'CWE-918' },
|
|
171
|
+
{ pattern: 'axios.request', category: 'ssrf', description: 'Axios generic request', severity: 'high', cwe: 'CWE-918' },
|
|
172
|
+
{ pattern: 'fetch(', category: 'ssrf', description: 'Fetch API', severity: 'high', cwe: 'CWE-918' },
|
|
173
|
+
{ pattern: 'http.get', category: 'ssrf', description: 'Node HTTP GET', severity: 'high', cwe: 'CWE-918' },
|
|
174
|
+
{ pattern: 'http.request', category: 'ssrf', description: 'Node HTTP request', severity: 'high', cwe: 'CWE-918' },
|
|
175
|
+
{ pattern: 'https.get', category: 'ssrf', description: 'Node HTTPS GET', severity: 'high', cwe: 'CWE-918' },
|
|
176
|
+
{ pattern: 'https.request', category: 'ssrf', description: 'Node HTTPS request', severity: 'high', cwe: 'CWE-918' },
|
|
177
|
+
{ pattern: 'request(', category: 'ssrf', description: 'Request module', severity: 'high', cwe: 'CWE-918' },
|
|
178
|
+
{ pattern: 'got(', category: 'ssrf', description: 'Got HTTP client', severity: 'high', cwe: 'CWE-918' },
|
|
179
|
+
{ pattern: 'got.get', category: 'ssrf', description: 'Got GET request', severity: 'high', cwe: 'CWE-918' },
|
|
180
|
+
{ pattern: 'got.post', category: 'ssrf', description: 'Got POST request', severity: 'high', cwe: 'CWE-918' },
|
|
181
|
+
{ pattern: 'superagent.get', category: 'ssrf', description: 'SuperAgent GET', severity: 'high', cwe: 'CWE-918' },
|
|
182
|
+
{ pattern: 'superagent.post', category: 'ssrf', description: 'SuperAgent POST', severity: 'high', cwe: 'CWE-918' },
|
|
183
|
+
{ pattern: 'node-fetch', category: 'ssrf', description: 'node-fetch module', severity: 'high', cwe: 'CWE-918' },
|
|
184
|
+
{ pattern: 'urllib.request', category: 'ssrf', description: 'urllib request', severity: 'high', cwe: 'CWE-918' },
|
|
185
|
+
{ pattern: 'new URL', category: 'ssrf', description: 'URL constructor (potential SSRF)', severity: 'medium', cwe: 'CWE-918' },
|
|
186
|
+
{ pattern: 'new Request', category: 'ssrf', description: 'Request constructor', severity: 'high', cwe: 'CWE-918' },
|
|
187
|
+
];
|
|
188
|
+
// ============================================================
|
|
189
|
+
// Insecure Deserialization — CWE-502
|
|
190
|
+
// ============================================================
|
|
191
|
+
export const DESERIALIZATION_SINKS = [
|
|
192
|
+
{ pattern: 'JSON.parse', category: 'deserialization', description: 'JSON.parse (potential prototype pollution)', severity: 'medium', cwe: 'CWE-502' },
|
|
193
|
+
{ pattern: 'deserialize', category: 'deserialization', description: 'Generic deserialize', severity: 'critical', cwe: 'CWE-502' },
|
|
194
|
+
{ pattern: 'serialize.unserialize', category: 'deserialization', description: 'PHP-style unserialize', severity: 'critical', cwe: 'CWE-502' },
|
|
195
|
+
{ pattern: 'node-serialize.unserialize', category: 'deserialization', description: 'node-serialize unserialize', severity: 'critical', cwe: 'CWE-502' },
|
|
196
|
+
{ pattern: 'js-yaml.load', category: 'deserialization', description: 'YAML load (unsafe)', severity: 'critical', cwe: 'CWE-502' },
|
|
197
|
+
{ pattern: 'yaml.load', category: 'deserialization', description: 'YAML load', severity: 'critical', cwe: 'CWE-502' },
|
|
198
|
+
{ pattern: 'pickle.loads', category: 'deserialization', description: 'Python pickle load', severity: 'critical', cwe: 'CWE-502' },
|
|
199
|
+
{ pattern: 'msgpack.decode', category: 'deserialization', description: 'MessagePack decode', severity: 'high', cwe: 'CWE-502' },
|
|
200
|
+
{ pattern: 'bson.deserialize', category: 'deserialization', description: 'BSON deserialize', severity: 'high', cwe: 'CWE-502' },
|
|
201
|
+
{ pattern: 'Buffer.from', category: 'deserialization', description: 'Buffer creation from data', severity: 'medium', cwe: 'CWE-502' },
|
|
202
|
+
];
|
|
203
|
+
// ============================================================
|
|
204
|
+
// LDAP Injection — CWE-90
|
|
205
|
+
// ============================================================
|
|
206
|
+
export const LDAP_SINKS = [
|
|
207
|
+
{ pattern: 'ldapClient.bind', category: 'ldap', description: 'LDAP bind', severity: 'critical', cwe: 'CWE-90' },
|
|
208
|
+
{ pattern: 'ldapClient.search', category: 'ldap', description: 'LDAP search', severity: 'critical', cwe: 'CWE-90' },
|
|
209
|
+
{ pattern: 'ldapClient.modify', category: 'ldap', description: 'LDAP modify', severity: 'critical', cwe: 'CWE-90' },
|
|
210
|
+
{ pattern: 'ldapClient.add', category: 'ldap', description: 'LDAP add entry', severity: 'critical', cwe: 'CWE-90' },
|
|
211
|
+
{ pattern: 'ldapClient.del', category: 'ldap', description: 'LDAP delete entry', severity: 'critical', cwe: 'CWE-90' },
|
|
212
|
+
{ pattern: 'ldapClient.compare', category: 'ldap', description: 'LDAP compare', severity: 'high', cwe: 'CWE-90' },
|
|
213
|
+
{ pattern: 'ldapjs', category: 'ldap', description: 'ldapjs module', severity: 'high', cwe: 'CWE-90' },
|
|
214
|
+
];
|
|
215
|
+
// ============================================================
|
|
216
|
+
// Server-Side Template Injection (SSTI) — CWE-1336
|
|
217
|
+
// ============================================================
|
|
218
|
+
export const SSTI_SINKS = [
|
|
219
|
+
{ pattern: 'ejs.render', category: 'ssti', description: 'EJS template render', severity: 'critical', cwe: 'CWE-1336' },
|
|
220
|
+
{ pattern: 'ejs.renderFile', category: 'ssti', description: 'EJS render file', severity: 'critical', cwe: 'CWE-1336' },
|
|
221
|
+
{ pattern: 'pug.render', category: 'ssti', description: 'Pug template render', severity: 'critical', cwe: 'CWE-1336' },
|
|
222
|
+
{ pattern: 'pug.renderFile', category: 'ssti', description: 'Pug render file', severity: 'critical', cwe: 'CWE-1336' },
|
|
223
|
+
{ pattern: 'handlebars.compile', category: 'ssti', description: 'Handlebars compile', severity: 'critical', cwe: 'CWE-1336' },
|
|
224
|
+
{ pattern: 'nunjucks.render', category: 'ssti', description: 'Nunjucks render', severity: 'critical', cwe: 'CWE-1336' },
|
|
225
|
+
{ pattern: 'nunjucks.renderString', category: 'ssti', description: 'Nunjucks render string', severity: 'critical', cwe: 'CWE-1336' },
|
|
226
|
+
{ pattern: 'mustache.render', category: 'ssti', description: 'Mustache render', severity: 'high', cwe: 'CWE-1336' },
|
|
227
|
+
{ pattern: 'dot.template', category: 'ssti', description: 'doT.js template', severity: 'critical', cwe: 'CWE-1336' },
|
|
228
|
+
{ pattern: 'swig.render', category: 'ssti', description: 'Swig template render', severity: 'critical', cwe: 'CWE-1336' },
|
|
229
|
+
{ pattern: 'liquid.parseAndRender', category: 'ssti', description: 'LiquidJS render', severity: 'critical', cwe: 'CWE-1336' },
|
|
230
|
+
{ pattern: 'Twig.twig', category: 'ssti', description: 'Twig template', severity: 'critical', cwe: 'CWE-1336' },
|
|
231
|
+
{ pattern: 'marko.render', category: 'ssti', description: 'Marko template render', severity: 'high', cwe: 'CWE-1336' },
|
|
232
|
+
{ pattern: 'nunjucks.configure', category: 'ssti', description: 'Nunjucks configure', severity: 'high', cwe: 'CWE-1336' },
|
|
233
|
+
];
|
|
234
|
+
// ============================================================
|
|
235
|
+
// Header Injection — CWE-113
|
|
236
|
+
// ============================================================
|
|
237
|
+
export const HEADER_INJECTION_SINKS = [
|
|
238
|
+
{ pattern: 'res.setHeader', category: 'header_injection', description: 'Set HTTP header', severity: 'high', cwe: 'CWE-113' },
|
|
239
|
+
{ pattern: 'res.writeHead', category: 'header_injection', description: 'Write response head', severity: 'high', cwe: 'CWE-113' },
|
|
240
|
+
{ pattern: 'response.setHeader', category: 'header_injection', description: 'Set response header', severity: 'high', cwe: 'CWE-113' },
|
|
241
|
+
{ pattern: 'response.writeHead', category: 'header_injection', description: 'Write response head', severity: 'high', cwe: 'CWE-113' },
|
|
242
|
+
{ pattern: 'set-cookie', category: 'header_injection', description: 'Set-Cookie header', severity: 'high', cwe: 'CWE-113' },
|
|
243
|
+
{ pattern: 'res.cookie', category: 'header_injection', description: 'Express cookie set', severity: 'high', cwe: 'CWE-113' },
|
|
244
|
+
{ pattern: 'Location:', category: 'header_injection', description: 'Location header', severity: 'high', cwe: 'CWE-113' },
|
|
245
|
+
{ pattern: 'res.location', category: 'header_injection', description: 'Express location header', severity: 'high', cwe: 'CWE-113' },
|
|
246
|
+
];
|
|
247
|
+
// ============================================================
|
|
248
|
+
// Open Redirect — CWE-601
|
|
249
|
+
// ============================================================
|
|
250
|
+
export const OPEN_REDIRECT_SINKS = [
|
|
251
|
+
{ pattern: 'res.redirect', category: 'open_redirect', description: 'HTTP redirect', severity: 'high', cwe: 'CWE-601' },
|
|
252
|
+
{ pattern: 'response.redirect', category: 'open_redirect', description: 'Response redirect', severity: 'high', cwe: 'CWE-601' },
|
|
253
|
+
{ pattern: 'window.location', category: 'open_redirect', description: 'Browser redirect', severity: 'high', cwe: 'CWE-601' },
|
|
254
|
+
{ pattern: 'window.location.href', category: 'open_redirect', description: 'Browser location change', severity: 'high', cwe: 'CWE-601' },
|
|
255
|
+
{ pattern: 'window.location.replace', category: 'open_redirect', description: 'Browser location replace', severity: 'high', cwe: 'CWE-601' },
|
|
256
|
+
{ pattern: 'window.location.assign', category: 'open_redirect', description: 'Browser location assign', severity: 'high', cwe: 'CWE-601' },
|
|
257
|
+
{ pattern: 'document.location', category: 'open_redirect', description: 'Document location change', severity: 'high', cwe: 'CWE-601' },
|
|
258
|
+
{ pattern: 'history.pushState', category: 'open_redirect', description: 'History pushState', severity: 'medium', cwe: 'CWE-601' },
|
|
259
|
+
{ pattern: 'history.replaceState', category: 'open_redirect', description: 'History replaceState', severity: 'medium', cwe: 'CWE-601' },
|
|
260
|
+
];
|
|
261
|
+
// ============================================================
|
|
262
|
+
// Auth Bypass — CWE-287
|
|
263
|
+
// ============================================================
|
|
264
|
+
export const AUTH_BYPASS_SINKS = [
|
|
265
|
+
{ pattern: 'passport.authenticate', category: 'auth_bypass', description: 'Passport auth (potential bypass)', severity: 'high', cwe: 'CWE-287' },
|
|
266
|
+
{ pattern: 'jwt.verify', category: 'auth_bypass', description: 'JWT verify (potential bypass)', severity: 'critical', cwe: 'CWE-287' },
|
|
267
|
+
{ pattern: 'jwt.decode', category: 'auth_bypass', description: 'JWT decode without verify', severity: 'critical', cwe: 'CWE-287' },
|
|
268
|
+
{ pattern: 'bcrypt.compare', category: 'auth_bypass', description: 'Password comparison', severity: 'high', cwe: 'CWE-287' },
|
|
269
|
+
{ pattern: 'crypto.timingSafeEqual', category: 'auth_bypass', description: 'Timing-safe comparison', severity: 'medium', cwe: 'CWE-287' },
|
|
270
|
+
{ pattern: 'session.destroy', category: 'auth_bypass', description: 'Session destroy', severity: 'medium', cwe: 'CWE-287' },
|
|
271
|
+
{ pattern: 'req.session', category: 'auth_bypass', description: 'Session access', severity: 'medium', cwe: 'CWE-287' },
|
|
272
|
+
{ pattern: 'acl', category: 'auth_bypass', description: 'Access control list', severity: 'high', cwe: 'CWE-287' },
|
|
273
|
+
];
|
|
274
|
+
// ============================================================
|
|
275
|
+
// JWT Vulnerabilities — CWE-345
|
|
276
|
+
// ============================================================
|
|
277
|
+
export const JWT_SINKS = [
|
|
278
|
+
{ pattern: 'jwt.sign', category: 'jwt', description: 'JWT token creation', severity: 'high', cwe: 'CWE-345' },
|
|
279
|
+
{ pattern: 'jwt.verify', category: 'jwt', description: 'JWT token verification', severity: 'critical', cwe: 'CWE-345' },
|
|
280
|
+
{ pattern: 'jwt.decode', category: 'jwt', description: 'JWT decode (no verification)', severity: 'critical', cwe: 'CWE-345' },
|
|
281
|
+
{ pattern: 'jsonwebtoken.sign', category: 'jwt', description: 'jsonwebtoken sign', severity: 'high', cwe: 'CWE-345' },
|
|
282
|
+
{ pattern: 'jsonwebtoken.verify', category: 'jwt', description: 'jsonwebtoken verify', severity: 'critical', cwe: 'CWE-345' },
|
|
283
|
+
{ pattern: 'jsonwebtoken.decode', category: 'jwt', description: 'jsonwebtoken decode', severity: 'critical', cwe: 'CWE-345' },
|
|
284
|
+
{ pattern: 'jose.jwtVerify', category: 'jwt', description: 'jose JWT verify', severity: 'high', cwe: 'CWE-345' },
|
|
285
|
+
{ pattern: 'jose.jwtSign', category: 'jwt', description: 'jose JWT sign', severity: 'high', cwe: 'CWE-345' },
|
|
286
|
+
{ pattern: 'algorithm: none', category: 'jwt', description: 'JWT none algorithm', severity: 'critical', cwe: 'CWE-345' },
|
|
287
|
+
{ pattern: 'algorithms: [', category: 'jwt', description: 'JWT algorithm config', severity: 'medium', cwe: 'CWE-345' },
|
|
288
|
+
];
|
|
289
|
+
// ============================================================
|
|
290
|
+
// GraphQL — CWE-89
|
|
291
|
+
// ============================================================
|
|
292
|
+
export const GRAPHQL_SINKS = [
|
|
293
|
+
{ pattern: 'graphql.execute', category: 'graphql', description: 'GraphQL execute', severity: 'high', cwe: 'CWE-89' },
|
|
294
|
+
{ pattern: 'graphql.validate', category: 'graphql', description: 'GraphQL validate', severity: 'medium', cwe: 'CWE-89' },
|
|
295
|
+
{ pattern: 'graphql.graphql', category: 'graphql', description: 'GraphQL query execution', severity: 'high', cwe: 'CWE-89' },
|
|
296
|
+
{ pattern: 'buildSchema', category: 'graphql', description: 'GraphQL schema build', severity: 'medium', cwe: 'CWE-89' },
|
|
297
|
+
{ pattern: 'makeExecutableSchema', category: 'graphql', description: 'Apollo executable schema', severity: 'medium', cwe: 'CWE-89' },
|
|
298
|
+
{ pattern: 'ApolloServer', category: 'graphql', description: 'Apollo Server instance', severity: 'medium', cwe: 'CWE-89' },
|
|
299
|
+
];
|
|
300
|
+
// ============================================================
|
|
301
|
+
// Prototype Pollution — CWE-1321
|
|
302
|
+
// ============================================================
|
|
303
|
+
export const PROTOTYPE_POLLUTION_SINKS = [
|
|
304
|
+
{ pattern: '__proto__', category: 'prototype_pollution', description: 'Prototype access', severity: 'critical', cwe: 'CWE-1321' },
|
|
305
|
+
{ pattern: 'constructor.prototype', category: 'prototype_pollution', description: 'Constructor prototype access', severity: 'critical', cwe: 'CWE-1321' },
|
|
306
|
+
{ pattern: 'Object.assign', category: 'prototype_pollution', description: 'Object.assign (potential pollution)', severity: 'medium', cwe: 'CWE-1321' },
|
|
307
|
+
{ pattern: 'Object.merge', category: 'prototype_pollution', description: 'Object merge (potential pollution)', severity: 'high', cwe: 'CWE-1321' },
|
|
308
|
+
{ pattern: '_.merge', category: 'prototype_pollution', description: 'Lodash merge (potential pollution)', severity: 'high', cwe: 'CWE-1321' },
|
|
309
|
+
{ pattern: '_.defaultsDeep', category: 'prototype_pollution', description: 'Lodash defaultsDeep', severity: 'high', cwe: 'CWE-1321' },
|
|
310
|
+
{ pattern: 'deepMerge', category: 'prototype_pollution', description: 'Deep merge utility', severity: 'high', cwe: 'CWE-1321' },
|
|
311
|
+
{ pattern: 'extend(true', category: 'prototype_pollution', description: 'jQuery deep extend', severity: 'high', cwe: 'CWE-1321' },
|
|
312
|
+
];
|
|
313
|
+
// ============================================================
|
|
314
|
+
// ReDoS — CWE-1333
|
|
315
|
+
// ============================================================
|
|
316
|
+
export const REGEX_DOS_SINKS = [
|
|
317
|
+
{ pattern: 'new RegExp', category: 'regex_dos', description: 'Dynamic RegExp creation', severity: 'high', cwe: 'CWE-1333' },
|
|
318
|
+
{ pattern: 'RegExp(', category: 'regex_dos', description: 'RegExp constructor', severity: 'high', cwe: 'CWE-1333' },
|
|
319
|
+
{ pattern: '.match(', category: 'regex_dos', description: 'String match with regex', severity: 'medium', cwe: 'CWE-1333' },
|
|
320
|
+
{ pattern: '.replace(', category: 'regex_dos', description: 'String replace with regex', severity: 'medium', cwe: 'CWE-1333' },
|
|
321
|
+
{ pattern: '.search(', category: 'regex_dos', description: 'String search with regex', severity: 'medium', cwe: 'CWE-1333' },
|
|
322
|
+
{ pattern: '.split(', category: 'regex_dos', description: 'String split with regex', severity: 'medium', cwe: 'CWE-1333' },
|
|
323
|
+
{ pattern: '.test(', category: 'regex_dos', description: 'Regex test', severity: 'medium', cwe: 'CWE-1333' },
|
|
324
|
+
];
|
|
325
|
+
// ============================================================
|
|
326
|
+
// Weak Crypto — CWE-327/328
|
|
327
|
+
// ============================================================
|
|
328
|
+
export const CRYPTO_SINKS = [
|
|
329
|
+
{ pattern: 'createHash("md5")', category: 'crypto', description: 'MD5 hash (weak)', severity: 'high', cwe: 'CWE-328' },
|
|
330
|
+
{ pattern: "createHash('md5')", category: 'crypto', description: 'MD5 hash (weak)', severity: 'high', cwe: 'CWE-328' },
|
|
331
|
+
{ pattern: 'createHash("sha1")', category: 'crypto', description: 'SHA1 hash (weak)', severity: 'high', cwe: 'CWE-328' },
|
|
332
|
+
{ pattern: "createHash('sha1')", category: 'crypto', description: 'SHA1 hash (weak)', severity: 'high', cwe: 'CWE-328' },
|
|
333
|
+
{ pattern: 'Math.random', category: 'crypto', description: 'Math.random (not cryptographically secure)', severity: 'high', cwe: 'CWE-338' },
|
|
334
|
+
{ pattern: 'crypto.createCipher', category: 'crypto', description: 'createCipher (deprecated, no IV)', severity: 'critical', cwe: 'CWE-327' },
|
|
335
|
+
{ pattern: 'crypto.createDecipher', category: 'crypto', description: 'createDecipher (deprecated)', severity: 'critical', cwe: 'CWE-327' },
|
|
336
|
+
{ pattern: 'DES', category: 'crypto', description: 'DES encryption (weak)', severity: 'high', cwe: 'CWE-327' },
|
|
337
|
+
{ pattern: 'RC4', category: 'crypto', description: 'RC4 encryption (weak)', severity: 'high', cwe: 'CWE-327' },
|
|
338
|
+
{ pattern: 'ECB', category: 'crypto', description: 'ECB mode (weak)', severity: 'high', cwe: 'CWE-327' },
|
|
339
|
+
];
|
|
340
|
+
// ============================================================
|
|
341
|
+
// File Upload — CWE-434
|
|
342
|
+
// ============================================================
|
|
343
|
+
export const UPLOAD_SINKS = [
|
|
344
|
+
{ pattern: 'multer', category: 'upload', description: 'Multer file upload', severity: 'high', cwe: 'CWE-434' },
|
|
345
|
+
{ pattern: 'formidable', category: 'upload', description: 'Formidable file upload', severity: 'high', cwe: 'CWE-434' },
|
|
346
|
+
{ pattern: 'busboy', category: 'upload', description: 'Busboy file upload', severity: 'high', cwe: 'CWE-434' },
|
|
347
|
+
{ pattern: 'express-fileupload', category: 'upload', description: 'Express file upload', severity: 'high', cwe: 'CWE-434' },
|
|
348
|
+
{ pattern: 'mv(', category: 'upload', description: 'Move uploaded file', severity: 'high', cwe: 'CWE-434' },
|
|
349
|
+
{ pattern: 'file.mv', category: 'upload', description: 'File move (upload)', severity: 'high', cwe: 'CWE-434' },
|
|
350
|
+
];
|
|
351
|
+
// ============================================================
|
|
352
|
+
// All sinks combined
|
|
353
|
+
// ============================================================
|
|
65
354
|
export const ALL_SINKS = [
|
|
66
355
|
...SQL_SINKS,
|
|
67
356
|
...NOSQL_SINKS,
|
|
@@ -69,10 +358,21 @@ export const ALL_SINKS = [
|
|
|
69
358
|
...CODE_SINKS,
|
|
70
359
|
...XSS_SINKS,
|
|
71
360
|
...PATH_SINKS,
|
|
361
|
+
...XXE_SINKS,
|
|
362
|
+
...SSRF_SINKS,
|
|
363
|
+
...DESERIALIZATION_SINKS,
|
|
364
|
+
...LDAP_SINKS,
|
|
365
|
+
...SSTI_SINKS,
|
|
366
|
+
...HEADER_INJECTION_SINKS,
|
|
367
|
+
...OPEN_REDIRECT_SINKS,
|
|
368
|
+
...AUTH_BYPASS_SINKS,
|
|
369
|
+
...JWT_SINKS,
|
|
370
|
+
...GRAPHQL_SINKS,
|
|
371
|
+
...PROTOTYPE_POLLUTION_SINKS,
|
|
372
|
+
...REGEX_DOS_SINKS,
|
|
373
|
+
...CRYPTO_SINKS,
|
|
374
|
+
...UPLOAD_SINKS,
|
|
72
375
|
];
|
|
73
|
-
/**
|
|
74
|
-
* Check if a code string matches any sink pattern
|
|
75
|
-
*/
|
|
76
376
|
export function isSink(code) {
|
|
77
377
|
for (const sink of ALL_SINKS) {
|
|
78
378
|
if (code.includes(sink.pattern)) {
|
|
@@ -81,15 +381,9 @@ export function isSink(code) {
|
|
|
81
381
|
}
|
|
82
382
|
return null;
|
|
83
383
|
}
|
|
84
|
-
/**
|
|
85
|
-
* Get all sinks matching a category
|
|
86
|
-
*/
|
|
87
384
|
export function getSinksByCategory(category) {
|
|
88
385
|
return ALL_SINKS.filter(s => s.category === category);
|
|
89
386
|
}
|
|
90
|
-
/**
|
|
91
|
-
* Get sinks by severity
|
|
92
|
-
*/
|
|
93
387
|
export function getSinksBySeverity(severity) {
|
|
94
388
|
return ALL_SINKS.filter(s => s.severity === severity);
|
|
95
389
|
}
|