seaworthycode 1.1.1 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/dist/index.js +269 -59
  2. package/dist/index.js.map +1 -1
  3. package/package.json +16 -12
  4. package/rules/external/configuration/insecure-cookie-flags.test.yaml +114 -0
  5. package/rules/external/configuration/insecure-cookie-flags.yaml +77 -0
  6. package/rules/external/configuration/missing-ssl-verification.test.yaml +130 -0
  7. package/rules/external/configuration/missing-ssl-verification.yaml +123 -0
  8. package/rules/external/data-exposure/debug-artifacts.test.yaml +143 -0
  9. package/rules/external/data-exposure/debug-artifacts.yaml +57 -0
  10. package/rules/external/data-exposure/hardcoded-ip.test.yaml +131 -0
  11. package/rules/external/data-exposure/hardcoded-ip.yaml +67 -0
  12. package/rules/external/data-exposure/localstorage-sensitive-data.test.yaml +58 -0
  13. package/rules/external/data-exposure/localstorage-sensitive-data.yaml +60 -0
  14. package/rules/external/dependencies/deprecated-functions.test.yaml +92 -0
  15. package/rules/external/dependencies/deprecated-functions.yaml +66 -0
  16. package/rules/external/ops/hardcoded-port.test.yaml +141 -0
  17. package/rules/external/ops/hardcoded-port.yaml +91 -0
  18. package/rules/external/ops/insecure-file-permissions.test.yaml +111 -0
  19. package/rules/external/ops/insecure-file-permissions.yaml +91 -0
  20. package/rules/external/resilience/missing-memory-limit.test.yaml +54 -0
  21. package/rules/external/resilience/missing-memory-limit.yaml +59 -0
  22. package/rules/external/resilience/missing-timeout-config.test.yaml +179 -0
  23. package/rules/external/resilience/missing-timeout-config.yaml +124 -0
  24. package/rules/external/security/broken-crypto-algorithm.test.yaml +104 -0
  25. package/rules/external/security/broken-crypto-algorithm.yaml +79 -0
  26. package/rules/external/security/http-method-override.test.yaml +40 -0
  27. package/rules/external/security/http-method-override.yaml +35 -0
  28. package/rules/external/security/http-no-tls.test.yaml +115 -0
  29. package/rules/external/security/http-no-tls.yaml +59 -0
  30. package/rules/external/security/path-traversal.test.yaml +188 -0
  31. package/rules/external/security/path-traversal.yaml +210 -0
  32. package/rules/external/security/unsafe-innerhtml.test.yaml +72 -0
  33. package/rules/external/security/unsafe-innerhtml.yaml +46 -0
  34. package/rules/external/security/untrusted-deserialization.test.yaml +79 -0
  35. package/rules/external/security/untrusted-deserialization.yaml +48 -0
  36. package/rules/external/security/weak-encryption-mode.test.yaml +126 -0
  37. package/rules/external/security/weak-encryption-mode.yaml +104 -0
  38. package/rules/external/security/weak-hash-algorithm.test.yaml +121 -0
  39. package/rules/external/security/weak-hash-algorithm.yaml +87 -0
  40. package/rules/external/security/xxe-parsing.test.yaml +76 -0
  41. package/rules/external/security/xxe-parsing.yaml +63 -0
  42. package/rules/internal/security/dangerous-eval.test.yaml +126 -0
  43. package/rules/internal/security/dangerous-eval.yaml +134 -0
  44. package/rules/internal/security/no-document-write.test.yaml +33 -0
  45. package/rules/internal/security/no-document-write.yaml +40 -0
  46. package/rules/internal/taint/MATRIX.md +16 -0
  47. package/rules/internal/taint/bash.test.yaml +84 -0
  48. package/rules/internal/taint/bash.yaml +166 -0
  49. package/rules/internal/taint/dvwa.test.yaml +217 -0
  50. package/rules/internal/taint/go.test.yaml +207 -0
  51. package/rules/internal/taint/go.yaml +325 -0
  52. package/rules/internal/taint/java.test.yaml +158 -0
  53. package/rules/internal/taint/java.yaml +318 -0
  54. package/rules/internal/taint/javascript.test.yaml +374 -0
  55. package/rules/internal/taint/javascript.yaml +439 -0
  56. package/rules/internal/taint/php.test.yaml +134 -0
  57. package/rules/internal/taint/php.yaml +331 -0
  58. package/rules/internal/taint/python.test.yaml +427 -0
  59. package/rules/internal/taint/python.yaml +636 -0
  60. package/rules/internal/taint/ruby.test.yaml +148 -0
  61. package/rules/internal/taint/ruby.yaml +233 -0
  62. package/rules/internal/taint/rust.test.yaml +585 -0
  63. package/rules/internal/taint/rust.yaml +483 -0
  64. package/rules/internal/taint/tsx.test.yaml +140 -0
  65. package/rules/internal/taint/tsx.yaml +51 -0
  66. package/rules/internal/taint/typescript.test.yaml +393 -0
  67. package/rules/internal/taint/typescript.yaml +660 -0
  68. package/wasm/tree-sitter-sql.wasm +0 -0
@@ -0,0 +1,331 @@
1
+ # attribution: CWE-79
2
+ attribution: CWE-79
3
+ language: php
4
+ applies-to: []
5
+
6
+ sources:
7
+ - id: superglobal.GET
8
+ class: http-params
9
+ query: |
10
+ (subscript_expression
11
+ (variable_name
12
+ (name) @sg)
13
+ (#eq? @sg "_GET")) @source
14
+
15
+ - id: superglobal.POST
16
+ class: http-body
17
+ query: |
18
+ (subscript_expression
19
+ (variable_name
20
+ (name) @sg)
21
+ (#eq? @sg "_POST")) @source
22
+
23
+ - id: superglobal.REQUEST
24
+ class: http-params
25
+ query: |
26
+ (subscript_expression
27
+ (variable_name
28
+ (name) @sg)
29
+ (#eq? @sg "_REQUEST")) @source
30
+
31
+ - id: superglobal.COOKIE
32
+ class: http-params
33
+ query: |
34
+ (subscript_expression
35
+ (variable_name
36
+ (name) @sg)
37
+ (#eq? @sg "_COOKIE")) @source
38
+
39
+ - id: superglobal.FILES
40
+ class: http-body
41
+ query: |
42
+ (subscript_expression
43
+ (variable_name
44
+ (name) @sg)
45
+ (#eq? @sg "_FILES")) @source
46
+
47
+ - id: php-input
48
+ class: http-body
49
+ query: |
50
+ (function_call_expression
51
+ function: (name) @func
52
+ (#eq? @func "file_get_contents")
53
+ arguments: (arguments
54
+ (argument
55
+ (encapsed_string
56
+ (string_content) @path
57
+ (#eq? @path "php://input"))))) @source
58
+
59
+ - id: argv
60
+ class: process-argv
61
+ query: |
62
+ (subscript_expression
63
+ (variable_name
64
+ (name) @sg)
65
+ (#eq? @sg "argv")) @source
66
+
67
+ - id: input
68
+ class: process-argv
69
+ query: |
70
+ (function_call_expression
71
+ (name) @func
72
+ (#eq? @func "input")) @source
73
+
74
+ - id: superglobal.ENV
75
+ class: env-var
76
+ query: |
77
+ (subscript_expression
78
+ (variable_name
79
+ (name) @sg)
80
+ (#eq? @sg "_ENV")) @source
81
+
82
+ - id: getenv
83
+ class: env-var
84
+ query: |
85
+ (function_call_expression
86
+ (name) @func
87
+ (#eq? @func "getenv")) @source
88
+
89
+ - id: file_get_contents-read
90
+ class: fs-read
91
+ query: |
92
+ (function_call_expression
93
+ (name) @func
94
+ (#eq? @func "file_get_contents")
95
+ arguments: (arguments
96
+ (_) @path)) @source
97
+
98
+ - id: curl_exec
99
+ class: network-response
100
+ query: |
101
+ (function_call_expression
102
+ (name) @func
103
+ (#eq? @func "curl_exec")) @source
104
+
105
+ sinks:
106
+ - id: eval
107
+ sink-class: code-execution
108
+ query: |
109
+ (function_call_expression
110
+ (name) @func
111
+ (#eq? @func "eval")
112
+ arguments: (arguments (_) @sink)) @match
113
+
114
+ - id: echo
115
+ sink-class: xss
116
+ query: |
117
+ (echo_statement (_) @sink) @match
118
+
119
+ - id: print
120
+ sink-class: xss
121
+ query: |
122
+ (print_intrinsic (_) @sink) @match
123
+
124
+ - id: printf
125
+ sink-class: xss
126
+ query: |
127
+ (function_call_expression
128
+ (name) @func
129
+ (#eq? @func "printf")
130
+ arguments: (arguments
131
+ (argument (_) @sink))) @match
132
+
133
+ - id: short-echo
134
+ sink-class: xss
135
+ query: |
136
+ (program
137
+ (php_tag) @tag
138
+ .
139
+ (expression_statement (_) @sink)
140
+ (#match? @tag "^<\\?=")) @match
141
+
142
+ - id: mysqli_query
143
+ sink-class: sql-injection
144
+ query: |
145
+ (function_call_expression
146
+ (name) @func
147
+ (#eq? @func "mysqli_query")
148
+ arguments: (arguments (_) @sink)) @match
149
+
150
+ - id: mysqli_multi_query
151
+ sink-class: sql-injection
152
+ query: |
153
+ (function_call_expression
154
+ (name) @func
155
+ (#eq? @func "mysqli_multi_query")
156
+ arguments: (arguments (_) @sink)) @match
157
+
158
+ - id: pdo.query
159
+ sink-class: sql-injection
160
+ query: |
161
+ (member_call_expression
162
+ name: (name) @method
163
+ (#match? @method "^(query|exec)$")
164
+ arguments: (arguments (_) @sink)) @match
165
+
166
+ - id: mysql_query
167
+ sink-class: sql-injection
168
+ query: |
169
+ (function_call_expression
170
+ (name) @func
171
+ (#eq? @func "mysql_query")
172
+ arguments: (arguments (_) @sink)) @match
173
+
174
+ - id: system
175
+ sink-class: command-injection
176
+ query: |
177
+ (function_call_expression
178
+ (name) @func
179
+ (#eq? @func "system")
180
+ arguments: (arguments (_) @sink)) @match
181
+
182
+ - id: exec
183
+ sink-class: command-injection
184
+ query: |
185
+ (function_call_expression
186
+ (name) @func
187
+ (#eq? @func "exec")
188
+ arguments: (arguments (_) @sink)) @match
189
+
190
+ - id: shell_exec
191
+ sink-class: command-injection
192
+ query: |
193
+ (function_call_expression
194
+ (name) @func
195
+ (#eq? @func "shell_exec")
196
+ arguments: (arguments (_) @sink)) @match
197
+
198
+ - id: passthru
199
+ sink-class: command-injection
200
+ query: |
201
+ (function_call_expression
202
+ (name) @func
203
+ (#eq? @func "passthru")
204
+ arguments: (arguments (_) @sink)) @match
205
+
206
+ - id: include
207
+ sink-class: path-traversal
208
+ query: |
209
+ (include_expression (_) @sink) @match
210
+
211
+ - id: require
212
+ sink-class: path-traversal
213
+ query: |
214
+ (require_expression (_) @sink) @match
215
+
216
+ - id: include_once
217
+ sink-class: path-traversal
218
+ query: |
219
+ (include_once_expression (_) @sink) @match
220
+
221
+ - id: require_once
222
+ sink-class: path-traversal
223
+ query: |
224
+ (require_once_expression (_) @sink) @match
225
+
226
+ - id: file_get_contents-path
227
+ sink-class: path-traversal
228
+ query: |
229
+ (function_call_expression
230
+ (name) @func
231
+ (#eq? @func "file_get_contents")
232
+ arguments: (arguments (_) @sink)) @match
233
+
234
+ - id: fopen
235
+ sink-class: path-traversal
236
+ query: |
237
+ (function_call_expression
238
+ (name) @func
239
+ (#eq? @func "fopen")
240
+ arguments: (arguments (_) @sink)) @match
241
+
242
+ - id: readfile
243
+ sink-class: path-traversal
244
+ query: |
245
+ (function_call_expression
246
+ (name) @func
247
+ (#eq? @func "readfile")
248
+ arguments: (arguments (_) @sink)) @match
249
+
250
+ - id: header
251
+ sink-class: url-injection
252
+ query: |
253
+ (function_call_expression
254
+ (name) @func
255
+ (#eq? @func "header")
256
+ arguments: (arguments (_) @sink)) @match
257
+
258
+ - id: array_merge-pollution
259
+ sink-class: prototype-pollution
260
+ query: |
261
+ (function_call_expression
262
+ (name) @func
263
+ (#eq? @func "array_merge")
264
+ arguments: (arguments (_) @first (_) @sink)) @match
265
+
266
+ sanitisers:
267
+ - id: htmlspecialchars
268
+ sanitises: [xss]
269
+ autofix-safety: manual
270
+ query: |
271
+ (function_call_expression
272
+ (name) @func
273
+ (#eq? @func "htmlspecialchars")) @sanitiser
274
+
275
+ - id: htmlentities
276
+ sanitises: [xss]
277
+ autofix-safety: manual
278
+ query: |
279
+ (function_call_expression
280
+ (name) @func
281
+ (#eq? @func "htmlentities")) @sanitiser
282
+
283
+ - id: intval
284
+ sanitises: [sql-injection]
285
+ query: |
286
+ (function_call_expression
287
+ (name) @func
288
+ (#eq? @func "intval")) @sanitiser
289
+
290
+ - id: mysqli_real_escape_string
291
+ sanitises: [sql-injection]
292
+ autofix-safety: manual
293
+ query: |
294
+ (function_call_expression
295
+ (name) @func
296
+ (#eq? @func "mysqli_real_escape_string")) @sanitiser
297
+
298
+ - id: pdo.prepare
299
+ sanitises: [sql-injection]
300
+ query: |
301
+ (member_call_expression
302
+ name: (name) @method
303
+ (#eq? @method "prepare")) @sanitiser
304
+
305
+ - id: escapeshellarg
306
+ sanitises: [command-injection]
307
+ query: |
308
+ (function_call_expression
309
+ (name) @func
310
+ (#eq? @func "escapeshellarg")) @sanitiser
311
+
312
+ - id: basename
313
+ sanitises: [path-traversal]
314
+ query: |
315
+ (function_call_expression
316
+ (name) @func
317
+ (#eq? @func "basename")) @sanitiser
318
+
319
+ - id: filter_var-url
320
+ sanitises: [url-injection]
321
+ query: |
322
+ (function_call_expression
323
+ (name) @func
324
+ (#eq? @func "filter_var")) @sanitiser
325
+
326
+ - id: array_replace-pollution
327
+ sanitises: [prototype-pollution]
328
+ query: |
329
+ (function_call_expression
330
+ (name) @func
331
+ (#eq? @func "array_replace")) @sanitiser