seaworthycode 1.1.2 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/dist/index.js +739 -42
  2. package/dist/index.js.map +1 -1
  3. package/package.json +14 -12
  4. package/rules/external/configuration/insecure-cookie-flags.test.yaml +114 -0
  5. package/rules/external/configuration/insecure-cookie-flags.yaml +77 -0
  6. package/rules/external/configuration/missing-ssl-verification.test.yaml +130 -0
  7. package/rules/external/configuration/missing-ssl-verification.yaml +123 -0
  8. package/rules/external/data-exposure/debug-artifacts.test.yaml +143 -0
  9. package/rules/external/data-exposure/debug-artifacts.yaml +57 -0
  10. package/rules/external/data-exposure/hardcoded-ip.test.yaml +131 -0
  11. package/rules/external/data-exposure/hardcoded-ip.yaml +67 -0
  12. package/rules/external/data-exposure/localstorage-sensitive-data.test.yaml +58 -0
  13. package/rules/external/data-exposure/localstorage-sensitive-data.yaml +60 -0
  14. package/rules/external/dependencies/deprecated-functions.test.yaml +92 -0
  15. package/rules/external/dependencies/deprecated-functions.yaml +66 -0
  16. package/rules/external/ops/hardcoded-port.test.yaml +141 -0
  17. package/rules/external/ops/hardcoded-port.yaml +91 -0
  18. package/rules/external/ops/insecure-file-permissions.test.yaml +111 -0
  19. package/rules/external/ops/insecure-file-permissions.yaml +91 -0
  20. package/rules/external/resilience/missing-memory-limit.test.yaml +54 -0
  21. package/rules/external/resilience/missing-memory-limit.yaml +59 -0
  22. package/rules/external/resilience/missing-timeout-config.test.yaml +179 -0
  23. package/rules/external/resilience/missing-timeout-config.yaml +124 -0
  24. package/rules/external/security/broken-crypto-algorithm.test.yaml +104 -0
  25. package/rules/external/security/broken-crypto-algorithm.yaml +79 -0
  26. package/rules/external/security/http-method-override.test.yaml +40 -0
  27. package/rules/external/security/http-method-override.yaml +35 -0
  28. package/rules/external/security/http-no-tls.test.yaml +115 -0
  29. package/rules/external/security/http-no-tls.yaml +59 -0
  30. package/rules/external/security/path-traversal.test.yaml +188 -0
  31. package/rules/external/security/path-traversal.yaml +210 -0
  32. package/rules/external/security/unsafe-innerhtml.test.yaml +72 -0
  33. package/rules/external/security/unsafe-innerhtml.yaml +46 -0
  34. package/rules/external/security/untrusted-deserialization.test.yaml +79 -0
  35. package/rules/external/security/untrusted-deserialization.yaml +48 -0
  36. package/rules/external/security/weak-encryption-mode.test.yaml +126 -0
  37. package/rules/external/security/weak-encryption-mode.yaml +104 -0
  38. package/rules/external/security/weak-hash-algorithm.test.yaml +121 -0
  39. package/rules/external/security/weak-hash-algorithm.yaml +87 -0
  40. package/rules/external/security/xxe-parsing.test.yaml +76 -0
  41. package/rules/external/security/xxe-parsing.yaml +63 -0
  42. package/rules/internal/security/dangerous-eval.test.yaml +126 -0
  43. package/rules/internal/security/dangerous-eval.yaml +134 -0
  44. package/rules/internal/security/no-document-write.test.yaml +33 -0
  45. package/rules/internal/security/no-document-write.yaml +40 -0
  46. package/rules/internal/taint/MATRIX.md +16 -0
  47. package/rules/internal/taint/bash.test.yaml +84 -0
  48. package/rules/internal/taint/bash.yaml +166 -0
  49. package/rules/internal/taint/dvwa.test.yaml +217 -0
  50. package/rules/internal/taint/go.test.yaml +207 -0
  51. package/rules/internal/taint/go.yaml +325 -0
  52. package/rules/internal/taint/java.test.yaml +158 -0
  53. package/rules/internal/taint/java.yaml +318 -0
  54. package/rules/internal/taint/javascript.test.yaml +374 -0
  55. package/rules/internal/taint/javascript.yaml +439 -0
  56. package/rules/internal/taint/php.test.yaml +134 -0
  57. package/rules/internal/taint/php.yaml +331 -0
  58. package/rules/internal/taint/python.test.yaml +427 -0
  59. package/rules/internal/taint/python.yaml +636 -0
  60. package/rules/internal/taint/ruby.test.yaml +148 -0
  61. package/rules/internal/taint/ruby.yaml +233 -0
  62. package/rules/internal/taint/rust.test.yaml +585 -0
  63. package/rules/internal/taint/rust.yaml +483 -0
  64. package/rules/internal/taint/tsx.test.yaml +140 -0
  65. package/rules/internal/taint/tsx.yaml +51 -0
  66. package/rules/internal/taint/typescript.test.yaml +393 -0
  67. package/rules/internal/taint/typescript.yaml +660 -0
  68. package/wasm/tree-sitter-sql.wasm +0 -0
@@ -0,0 +1,121 @@
1
+ rule-id: security.weak-hash-algorithm
2
+
3
+ cases:
4
+ - name: triggers on crypto.createHash in javascript
5
+ language: javascript
6
+ code: |
7
+ const crypto = require('crypto')
8
+ crypto.createHash('md5')
9
+ expect:
10
+ count: 1
11
+ severity: medium
12
+
13
+ - name: triggers on crypto.createHash in typescript
14
+ language: typescript
15
+ code: |
16
+ import crypto from 'crypto'
17
+ crypto.createHash('sha1')
18
+ expect:
19
+ count: 1
20
+ severity: medium
21
+
22
+ - name: triggers on crypto.createHash in tsx
23
+ language: tsx
24
+ code: |
25
+ import crypto from 'crypto'
26
+ crypto.createHash('md5')
27
+ expect:
28
+ count: 1
29
+ severity: medium
30
+
31
+ - name: triggers on hashlib.md5 in python
32
+ language: python
33
+ code: |
34
+ import hashlib
35
+ hashlib.md5(b"data")
36
+ expect:
37
+ count: 1
38
+ severity: medium
39
+
40
+ - name: triggers on md5sum in bash
41
+ language: bash
42
+ code: |
43
+ md5sum release.tar.gz
44
+ expect:
45
+ count: 1
46
+ severity: medium
47
+
48
+ - name: ignores safe crypto usage in javascript
49
+ language: javascript
50
+ code: |
51
+ const crypto = require('crypto')
52
+ crypto.createHash('sha256')
53
+ expect:
54
+ count: 0
55
+
56
+ - name: ignores safe crypto usage in typescript
57
+ language: typescript
58
+ code: |
59
+ import crypto from 'crypto'
60
+ crypto.createHash('sha256')
61
+ expect:
62
+ count: 0
63
+
64
+ - name: ignores unrelated code in javascript
65
+ language: javascript
66
+ code: |
67
+ console.log("hello")
68
+ expect:
69
+ count: 0
70
+
71
+ - name: ignores unrelated code in typescript
72
+ language: typescript
73
+ code: |
74
+ console.log("hello")
75
+ expect:
76
+ count: 0
77
+
78
+ - name: ignores sha256sum in bash
79
+ language: bash
80
+ code: |
81
+ sha256sum release.tar.gz
82
+ expect:
83
+ count: 0
84
+
85
+ - name: triggers on md5 in rust
86
+ language: rust
87
+ code: |
88
+ hasher.md5()
89
+ expect:
90
+ count: 1
91
+ severity: medium
92
+
93
+ - name: ignores safe hash in rust
94
+ language: rust
95
+ code: |
96
+ hasher.sha256()
97
+ expect:
98
+ count: 0
99
+
100
+ - name: triggers on MessageDigest MD5 in java
101
+ language: java
102
+ code: |
103
+ MessageDigest.getInstance("MD5");
104
+ expect:
105
+ count: 1
106
+ severity: medium
107
+
108
+ - name: ignores SHA-256 MessageDigest in java
109
+ language: java
110
+ code: |
111
+ MessageDigest.getInstance("SHA-256");
112
+ expect:
113
+ count: 0
114
+
115
+ - name: triggers on Digest::MD5 in ruby
116
+ language: ruby
117
+ code: |
118
+ Digest::MD5.hexdigest("data")
119
+ expect:
120
+ count: 1
121
+ severity: medium
@@ -0,0 +1,87 @@
1
+ # source: clean-room
2
+ # licence: MIT
3
+ # vendored-at: 2026-05-20
4
+ # verified-by: Seaworthy team
5
+ # attribution: CWE-328
6
+ id: security.weak-hash-algorithm
7
+ severity: medium
8
+ category: security
9
+ min-tier: pro
10
+ languages: [javascript, typescript, tsx, python, bash, rust, java, ruby]
11
+
12
+ copy:
13
+ name-key: checks.weak-hash-algorithm.name
14
+ description-key: checks.weak-hash-algorithm.description
15
+ message-key: checks.weak-hash-algorithm.message
16
+ degraded-key: checks.weak-hash-algorithm.degraded
17
+ remediation-key: remediation.security.weak-hash-algorithm
18
+
19
+ confidence: high
20
+
21
+ queries:
22
+ javascript: |
23
+ (call_expression
24
+ function: (member_expression
25
+ object: (identifier) @obj
26
+ property: (property_identifier) @method)
27
+ arguments: (arguments
28
+ (string (string_fragment) @alg))
29
+ (#eq? @obj "crypto")
30
+ (#eq? @method "createHash")
31
+ (#match? @alg "^(md5|sha1)$")) @match
32
+ typescript: |
33
+ (call_expression
34
+ function: (member_expression
35
+ object: (identifier) @obj
36
+ property: (property_identifier) @method)
37
+ arguments: (arguments
38
+ (string (string_fragment) @alg))
39
+ (#eq? @obj "crypto")
40
+ (#eq? @method "createHash")
41
+ (#match? @alg "^(md5|sha1)$")) @match
42
+ tsx: |
43
+ (call_expression
44
+ function: (member_expression
45
+ object: (identifier) @obj
46
+ property: (property_identifier) @method)
47
+ arguments: (arguments
48
+ (string (string_fragment) @alg))
49
+ (#eq? @obj "crypto")
50
+ (#eq? @method "createHash")
51
+ (#match? @alg "^(md5|sha1)$")) @match
52
+ python: |
53
+ (call
54
+ function: (attribute
55
+ object: (identifier) @obj
56
+ attribute: (identifier) @method)
57
+ (#eq? @obj "hashlib")
58
+ (#match? @method "^(md5|sha1)$")) @match
59
+ bash: |
60
+ (command
61
+ name: (command_name (word) @cmd)
62
+ (#match? @cmd "^(md5sum|sha1sum)$")) @match
63
+ rust: |
64
+ (call_expression
65
+ function: (field_expression
66
+ field: (field_identifier) @func
67
+ (#match? @func "^(md5|sha1)$"))) @match
68
+
69
+ java: |
70
+ (method_invocation
71
+ object: (identifier) @obj
72
+ name: (identifier) @method
73
+ (#eq? @obj "MessageDigest")
74
+ (#eq? @method "getInstance")
75
+ arguments: (argument_list
76
+ (string_literal
77
+ (string_fragment) @alg)
78
+ (#match? @alg "^(MD5|SHA-1|SHA1|md5|sha1)$"))) @match
79
+
80
+ ruby: |
81
+ (call
82
+ receiver: (scope_resolution
83
+ scope: (constant) @scope (#eq? @scope "Digest")
84
+ name: (constant) @algo (#match? @algo "^(MD5|SHA1)$"))
85
+ method: (identifier) @method (#match? @method "^(hexdigest|digest|new)$")) @match
86
+
87
+ message-captures: [match]
@@ -0,0 +1,76 @@
1
+ rule-id: security.xxe-parsing
2
+
3
+ cases:
4
+ - name: triggers on parseXml in javascript
5
+ language: javascript
6
+ code: |
7
+ parseXml(userInput)
8
+ expect:
9
+ count: 1
10
+ severity: high
11
+
12
+ - name: triggers on parseXml in typescript
13
+ language: typescript
14
+ code: |
15
+ parseXml(request.body)
16
+ expect:
17
+ count: 1
18
+ severity: high
19
+
20
+ - name: triggers on parseXml in tsx
21
+ language: tsx
22
+ code: |
23
+ parseXml(props.data)
24
+ expect:
25
+ count: 1
26
+ severity: high
27
+
28
+ - name: triggers on etree.parse in python
29
+ language: python
30
+ code: |
31
+ import xml.etree.ElementTree as etree
32
+ tree = etree.parse("data.xml")
33
+ expect:
34
+ count: 1
35
+ severity: high
36
+
37
+ - name: ignores safe parse call
38
+ language: javascript
39
+ code: |
40
+ const result = JSON.parse(data)
41
+ expect:
42
+ count: 0
43
+
44
+ - name: ignores safe parse call in typescript
45
+ language: typescript
46
+ code: |
47
+ const result = JSON.parse(data)
48
+ expect:
49
+ count: 0
50
+
51
+ - name: ignores safe code
52
+ language: javascript
53
+ code: |
54
+ console.log("hello")
55
+ expect:
56
+ count: 0
57
+
58
+ - name: ignores safe code in typescript
59
+ language: typescript
60
+ code: |
61
+ console.log("hello")
62
+ expect:
63
+ count: 0
64
+
65
+ - name: triggers on DocumentBuilderFactory in java
66
+ language: java
67
+ code: |
68
+ class T {
69
+ void f() {
70
+ javax.xml.parsers.DocumentBuilderFactory dbf =
71
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
72
+ }
73
+ }
74
+ expect:
75
+ count: 1
76
+ severity: high
@@ -0,0 +1,63 @@
1
+ # source: clean-room
2
+ # licence: MIT
3
+ # vendored-at: 2026-05-20
4
+ # verified-by: Seaworthy team
5
+ # attribution: CWE-611
6
+ id: security.xxe-parsing
7
+ severity: high
8
+ category: security
9
+ min-tier: pro
10
+ languages: [javascript, typescript, tsx, python, java]
11
+
12
+ copy:
13
+ name-key: checks.xxe-parsing.name
14
+ description-key: checks.xxe-parsing.description
15
+ message-key: checks.xxe-parsing.message
16
+ degraded-key: checks.xxe-parsing.degraded
17
+ remediation-key: remediation.security.xxe-parsing
18
+
19
+ confidence: high
20
+
21
+ queries:
22
+ javascript: |
23
+ (call_expression
24
+ function: (identifier) @func
25
+ (#eq? @func "parseXml")) @match
26
+ typescript: |
27
+ (call_expression
28
+ function: (identifier) @func
29
+ (#eq? @func "parseXml")) @match
30
+ tsx: |
31
+ (call_expression
32
+ function: (identifier) @func
33
+ (#eq? @func "parseXml")) @match
34
+ python: |
35
+ (call
36
+ function: (attribute
37
+ object: (identifier) @obj
38
+ attribute: (identifier) @method)
39
+ (#eq? @obj "etree")
40
+ (#eq? @method "parse")) @match
41
+ java: |
42
+ (method_invocation
43
+ object: (identifier) @obj
44
+ name: (identifier) @method
45
+ (#match? @obj "^(DocumentBuilderFactory|SAXParserFactory|XMLInputFactory|TransformerFactory)$")
46
+ (#eq? @method "newInstance")) @match
47
+
48
+ (method_invocation
49
+ object: (field_access
50
+ field: (identifier) @obj)
51
+ name: (identifier) @method
52
+ (#match? @obj "^(DocumentBuilderFactory|SAXParserFactory|XMLInputFactory|TransformerFactory)$")
53
+ (#eq? @method "newInstance")) @match
54
+
55
+ (object_creation_expression
56
+ type: (type_identifier) @t
57
+ (#eq? @t "SAXParserFactory")) @match
58
+
59
+ (object_creation_expression
60
+ type: (scoped_type_identifier) @type
61
+ (#match? @type "SAXParserFactory$")) @match
62
+
63
+ message-captures: [match]
@@ -0,0 +1,126 @@
1
+ rule-id: security.dangerous-eval
2
+
3
+ cases:
4
+ - name: triggers on eval in javascript
5
+ language: javascript
6
+ code: |
7
+ eval("1+1")
8
+ expect:
9
+ count: 1
10
+ severity: high
11
+
12
+ - name: ignores new Function with static string body only in javascript
13
+ language: javascript
14
+ code: |
15
+ new Function("return 1")
16
+ expect:
17
+ count: 0
18
+
19
+ - name: triggers on new Function with template body in javascript
20
+ language: javascript
21
+ code: |
22
+ new Function(`return ${x}`)
23
+ expect:
24
+ count: 1
25
+ severity: high
26
+
27
+ - name: triggers on new Function with identifier body in javascript
28
+ language: javascript
29
+ code: |
30
+ new Function(userSrc)
31
+ expect:
32
+ count: 1
33
+ severity: high
34
+
35
+ - name: triggers on eval in typescript
36
+ language: typescript
37
+ code: |
38
+ eval("1+1")
39
+ expect:
40
+ count: 1
41
+ severity: high
42
+
43
+ - name: triggers on new Function with template body in typescript
44
+ language: typescript
45
+ code: |
46
+ new Function(`return ${x}`)
47
+ expect:
48
+ count: 1
49
+ severity: high
50
+
51
+ - name: triggers on new Function with identifier body in typescript
52
+ language: typescript
53
+ code: |
54
+ new Function(userSrc)
55
+ expect:
56
+ count: 1
57
+ severity: high
58
+
59
+ - name: ignores new Function with static string body only in typescript
60
+ language: typescript
61
+ code: |
62
+ new Function("return 1")
63
+ expect:
64
+ count: 0
65
+
66
+ - name: triggers on eval in tsx
67
+ language: tsx
68
+ code: |
69
+ eval("1+1")
70
+ expect:
71
+ count: 1
72
+ severity: high
73
+
74
+ - name: triggers on eval in python
75
+ language: python
76
+ code: |
77
+ eval("1+1")
78
+ expect:
79
+ count: 1
80
+ severity: high
81
+
82
+ - name: triggers on exec in python
83
+ language: python
84
+ code: |
85
+ exec("print(1)")
86
+ expect:
87
+ count: 1
88
+ severity: high
89
+
90
+ - name: ignores safe javascript code
91
+ language: javascript
92
+ code: |
93
+ console.log("hello")
94
+ expect:
95
+ count: 0
96
+
97
+ - name: triggers on ScriptEngine eval in java
98
+ language: java
99
+ code: |
100
+ engine.eval(userInput);
101
+ expect:
102
+ count: 1
103
+ severity: high
104
+
105
+ - name: ignores safe java code
106
+ language: java
107
+ code: |
108
+ System.out.println("hello");
109
+ expect:
110
+ count: 0
111
+
112
+ - name: triggers on eval in ruby
113
+ language: ruby
114
+ code: |
115
+ eval(user_code)
116
+ expect:
117
+ count: 1
118
+ severity: high
119
+
120
+ - name: triggers on instance_eval in ruby
121
+ language: ruby
122
+ code: |
123
+ obj.instance_eval(payload)
124
+ expect:
125
+ count: 1
126
+ severity: high
@@ -0,0 +1,134 @@
1
+ # attribution: CWE-95
2
+ id: security.dangerous-eval
3
+ severity: high
4
+ category: security
5
+ min-tier: free
6
+ languages: [javascript, typescript, tsx, python, java, ruby]
7
+
8
+ copy:
9
+ name-key: checks.dangerous-eval.name
10
+ description-key: checks.dangerous-eval.description
11
+ message-key: checks.dangerous-eval.message
12
+ degraded-key: checks.dangerous-eval.degraded
13
+ remediation-key: remediation.security.dangerous-eval
14
+
15
+ confidence: high
16
+
17
+ queries:
18
+ javascript: |
19
+ (call_expression
20
+ function: (identifier) @func
21
+ (#eq? @func "eval")) @match
22
+
23
+ (new_expression
24
+ constructor: (identifier) @func
25
+ arguments: (arguments
26
+ [
27
+ (template_string)
28
+ (identifier)
29
+ (member_expression)
30
+ (call_expression)
31
+ (subscript_expression)
32
+ (binary_expression)
33
+ (parenthesized_expression)
34
+ ])
35
+ (#eq? @func "Function")) @match
36
+
37
+ (call_expression
38
+ function: (identifier) @func
39
+ arguments: (arguments
40
+ [
41
+ (template_string)
42
+ (identifier)
43
+ (member_expression)
44
+ (call_expression)
45
+ (subscript_expression)
46
+ (binary_expression)
47
+ (parenthesized_expression)
48
+ ])
49
+ (#eq? @func "Function")) @match
50
+ typescript: |
51
+ (call_expression
52
+ function: (identifier) @func
53
+ (#eq? @func "eval")) @match
54
+
55
+ (new_expression
56
+ constructor: (identifier) @func
57
+ arguments: (arguments
58
+ [
59
+ (template_string)
60
+ (identifier)
61
+ (member_expression)
62
+ (call_expression)
63
+ (subscript_expression)
64
+ (binary_expression)
65
+ (parenthesized_expression)
66
+ ])
67
+ (#eq? @func "Function")) @match
68
+
69
+ (call_expression
70
+ function: (identifier) @func
71
+ arguments: (arguments
72
+ [
73
+ (template_string)
74
+ (identifier)
75
+ (member_expression)
76
+ (call_expression)
77
+ (subscript_expression)
78
+ (binary_expression)
79
+ (parenthesized_expression)
80
+ ])
81
+ (#eq? @func "Function")) @match
82
+ tsx: |
83
+ (call_expression
84
+ function: (identifier) @func
85
+ (#eq? @func "eval")) @match
86
+
87
+ (new_expression
88
+ constructor: (identifier) @func
89
+ arguments: (arguments
90
+ [
91
+ (template_string)
92
+ (identifier)
93
+ (member_expression)
94
+ (call_expression)
95
+ (subscript_expression)
96
+ (binary_expression)
97
+ (parenthesized_expression)
98
+ ])
99
+ (#eq? @func "Function")) @match
100
+
101
+ (call_expression
102
+ function: (identifier) @func
103
+ arguments: (arguments
104
+ [
105
+ (template_string)
106
+ (identifier)
107
+ (member_expression)
108
+ (call_expression)
109
+ (subscript_expression)
110
+ (binary_expression)
111
+ (parenthesized_expression)
112
+ ])
113
+ (#eq? @func "Function")) @match
114
+ python: |
115
+ (call
116
+ function: (identifier) @func
117
+ (#match? @func "^(eval|exec)$")) @match
118
+ java: |
119
+ (method_invocation
120
+ name: (identifier) @method
121
+ (#eq? @method "eval")
122
+ arguments: (argument_list)) @match
123
+ ruby: |
124
+ (call
125
+ method: (identifier) @func
126
+ (#match? @func "^(eval|instance_eval|class_eval)$")
127
+ arguments: (argument_list)) @match
128
+
129
+ (call
130
+ receiver: (call
131
+ method: (identifier) @recv (#eq? @recv "binding"))
132
+ method: (identifier) @func
133
+ (#eq? @func "eval")
134
+ arguments: (argument_list)) @match
@@ -0,0 +1,33 @@
1
+ rule-id: security.no-document-write
2
+
3
+ cases:
4
+ - name: triggers on document.write in javascript
5
+ language: javascript
6
+ code: |
7
+ document.write("<h1>hi</h1>")
8
+ expect:
9
+ count: 1
10
+ severity: medium
11
+
12
+ - name: triggers on document.write in typescript
13
+ language: typescript
14
+ code: |
15
+ document.write("<h1>hi</h1>")
16
+ expect:
17
+ count: 1
18
+ severity: medium
19
+
20
+ - name: triggers on document.write in tsx
21
+ language: tsx
22
+ code: |
23
+ document.write("<h1>hi</h1>")
24
+ expect:
25
+ count: 1
26
+ severity: medium
27
+
28
+ - name: ignores safe javascript code
29
+ language: javascript
30
+ code: |
31
+ console.log("hello")
32
+ expect:
33
+ count: 0
@@ -0,0 +1,40 @@
1
+ # attribution: CWE-79
2
+ id: security.no-document-write
3
+ severity: medium
4
+ category: security
5
+ min-tier: pro
6
+ languages: [javascript, typescript, tsx]
7
+
8
+ copy:
9
+ name-key: checks.no-document-write.name
10
+ description-key: checks.no-document-write.description
11
+ message-key: checks.no-document-write.message
12
+ degraded-key: checks.no-document-write.degraded
13
+ remediation-key: remediation.security.no-document-write
14
+
15
+ confidence: high
16
+
17
+ queries:
18
+ javascript: |
19
+ (call_expression
20
+ function: (member_expression
21
+ object: (identifier) @obj
22
+ property: (property_identifier) @prop)
23
+ (#eq? @obj "document")
24
+ (#eq? @prop "write")) @match
25
+ typescript: |
26
+ (call_expression
27
+ function: (member_expression
28
+ object: (identifier) @obj
29
+ property: (property_identifier) @prop)
30
+ (#eq? @obj "document")
31
+ (#eq? @prop "write")) @match
32
+ tsx: |
33
+ (call_expression
34
+ function: (member_expression
35
+ object: (identifier) @obj
36
+ property: (property_identifier) @prop)
37
+ (#eq? @obj "document")
38
+ (#eq? @prop "write")) @match
39
+
40
+ message-captures: [match]
@@ -0,0 +1,16 @@
1
+ # Taint rule matrix
2
+
3
+ One-line pointer: which sink-classes each yaml file implements.
4
+
5
+ | File | Sink classes |
6
+ |------|-------------|
7
+ | `javascript.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection, prototype-pollution |
8
+ | `typescript.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection, prototype-pollution |
9
+ | `php.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection, prototype-pollution |
10
+ | `python.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection, prototype-pollution |
11
+ | `go.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection, prototype-pollution |
12
+ | `ruby.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection (prototype-pollution N/A) |
13
+ | `rust.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection (prototype-pollution N/A) |
14
+ | `java.yaml` | code-execution, xss, sql-injection, command-injection, path-traversal, url-injection (prototype-pollution N/A) |
15
+
16
+ See `docs/benchmarks/sink-class-matrix.md` for the full language × sink-class coverage status.