thuban 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/dist/package.json +63 -0
  2. package/dist/packages/crucible/rules/code-scanner-core.json +129 -0
  3. package/dist/packages/crucible/rules/command-injection.json +411 -0
  4. package/dist/packages/crucible/rules/crypto-misuse.json +35 -0
  5. package/dist/packages/crucible/rules/deserialization.json +152 -0
  6. package/dist/packages/crucible/rules/env-injection.json +46 -0
  7. package/dist/packages/crucible/rules/eval-abuse.json +104 -0
  8. package/dist/packages/crucible/rules/file-upload.json +46 -0
  9. package/dist/packages/crucible/rules/hallucination.json +22 -0
  10. package/dist/packages/crucible/rules/hardcoded-secret.json +397 -0
  11. package/dist/packages/crucible/rules/hardcoded-url.json +13 -0
  12. package/dist/packages/crucible/rules/insecure-crypto.json +302 -0
  13. package/dist/packages/crucible/rules/integer-overflow.json +35 -0
  14. package/dist/packages/crucible/rules/log-injection.json +33 -0
  15. package/dist/packages/crucible/rules/mass-assignment.json +112 -0
  16. package/dist/packages/crucible/rules/open-redirect.json +196 -0
  17. package/dist/packages/crucible/rules/path-traversal.json +422 -0
  18. package/dist/packages/crucible/rules/prototype-pollution.json +22 -0
  19. package/dist/packages/crucible/rules/sql-injection.json +597 -0
  20. package/dist/packages/crucible/rules/ssrf.json +557 -0
  21. package/dist/packages/crucible/rules/timing-attack.json +55 -0
  22. package/dist/packages/crucible/rules/unsafe-block.json +24 -0
  23. package/dist/packages/crucible/rules/xss.json +641 -0
  24. package/dist/packages/crucible/rules/xxe.json +66 -0
  25. package/dist/packages/crucible/rules/yaml-deserialization.json +22 -0
  26. package/dist/packages/crucible/rules/yaml-injection.json +22 -0
  27. package/package.json +4 -2
@@ -0,0 +1,397 @@
1
+ [
2
+ {
3
+ "id": "SEC001",
4
+ "pattern": "AKIA[0-9A-Z]{16}|AKIA[A-Z0-9]+['\"]|\\bAKIA",
5
+ "flags": "i",
6
+ "category": "hardcoded_secret",
7
+ "description": "Hardcoded secrets",
8
+ "language": [
9
+ "js",
10
+ "ts",
11
+ "python",
12
+ "java",
13
+ "go",
14
+ "csharp",
15
+ "php",
16
+ "ruby",
17
+ "rust",
18
+ "kotlin"
19
+ ],
20
+ "severity": "critical"
21
+ },
22
+ {
23
+ "id": "SEC002",
24
+ "pattern": "sk-[a-zA-Z0-9]{20,}|sk_live_[a-zA-Z0-9]{20,}|ghp_[a-zA-Z0-9]{20,}|AIzaSy[a-zA-Z0-9]{33}",
25
+ "flags": "i",
26
+ "category": "hardcoded_secret",
27
+ "description": "Hardcoded secrets",
28
+ "language": [
29
+ "js",
30
+ "ts",
31
+ "python",
32
+ "java",
33
+ "go",
34
+ "csharp",
35
+ "php",
36
+ "ruby",
37
+ "rust",
38
+ "kotlin"
39
+ ],
40
+ "severity": "critical"
41
+ },
42
+ {
43
+ "id": "SEC003",
44
+ "pattern": "-----BEGIN (RSA |DSA |EC |OPENSSH |PGP )?PRIVATE KEY-----|SuperSecretProd\\d+!|hardcoded-jwt-secret",
45
+ "flags": "i",
46
+ "category": "hardcoded_secret",
47
+ "description": "Hardcoded secrets",
48
+ "language": [
49
+ "js",
50
+ "ts",
51
+ "python",
52
+ "java",
53
+ "go",
54
+ "csharp",
55
+ "php",
56
+ "ruby",
57
+ "rust",
58
+ "kotlin"
59
+ ],
60
+ "severity": "critical"
61
+ },
62
+ {
63
+ "id": "SEC004",
64
+ "pattern": "(?:JWT_SECRET|HMAC_SECRET|SECRET_KEY|API_SECRET|WEBHOOK_SECRET)\\s*=\\s*['\"][^'\"]{12,}['\"]",
65
+ "flags": "i",
66
+ "category": "hardcoded_secret",
67
+ "description": "Generic JWT/HMAC secrets (long strings in secret/key variables)",
68
+ "language": [
69
+ "js",
70
+ "ts",
71
+ "python",
72
+ "java",
73
+ "go",
74
+ "csharp",
75
+ "php",
76
+ "ruby",
77
+ "rust",
78
+ "kotlin"
79
+ ],
80
+ "severity": "critical"
81
+ },
82
+ {
83
+ "id": "SEC005",
84
+ "pattern": "(?:admin_sk_live|xoxb-[0-9]{11,}|rk_live_[a-zA-Z0-9]{32,})",
85
+ "flags": "i",
86
+ "category": "hardcoded_secret",
87
+ "description": "Generic JWT/HMAC secrets (long strings in secret/key variables)",
88
+ "language": [
89
+ "js",
90
+ "ts",
91
+ "python",
92
+ "java",
93
+ "go",
94
+ "csharp",
95
+ "php",
96
+ "ruby",
97
+ "rust",
98
+ "kotlin"
99
+ ],
100
+ "severity": "critical"
101
+ },
102
+ {
103
+ "id": "SEC006",
104
+ "pattern": "(?:JWT_SECRET|JWT_REFRESH_SECRET|SIGNING_KEY|SigningKey|jwtSecret|jwt_secret|secret(?:Key|_key)|signingSecret)\\s*[=:]\\s*['\"`][^'\"`]{12,}['\"`]",
105
+ "flags": "i",
106
+ "category": "hardcoded_secret",
107
+ "description": "JWT signing secrets / refresh secrets assigned to variables",
108
+ "language": [
109
+ "js",
110
+ "ts",
111
+ "python",
112
+ "java",
113
+ "go",
114
+ "csharp",
115
+ "php",
116
+ "ruby",
117
+ "rust",
118
+ "kotlin"
119
+ ],
120
+ "severity": "critical"
121
+ },
122
+ {
123
+ "id": "SEC007",
124
+ "pattern": "GOCSPX-[A-Za-z0-9_-]{20,}|SG\\.[A-Za-z0-9_-]{20,}\\.[A-Za-z0-9_-]{20,}",
125
+ "flags": "",
126
+ "category": "hardcoded_secret",
127
+ "description": "OAuth client secrets, SendGrid, GOCSPX, GitHub secret tokens",
128
+ "language": [
129
+ "js",
130
+ "ts",
131
+ "python",
132
+ "java",
133
+ "go",
134
+ "csharp",
135
+ "php",
136
+ "ruby",
137
+ "rust",
138
+ "kotlin"
139
+ ],
140
+ "severity": "critical"
141
+ },
142
+ {
143
+ "id": "SEC008",
144
+ "pattern": "(?:clientSecret|client_secret|refreshToken|refresh_token)\\s*[=:]\\s*['\"`][A-Za-z0-9/_\\-\\.]{16,}['\"`]",
145
+ "flags": "i",
146
+ "category": "hardcoded_secret",
147
+ "description": "OAuth client secrets, SendGrid, GOCSPX, GitHub secret tokens",
148
+ "language": [
149
+ "js",
150
+ "ts",
151
+ "python",
152
+ "java",
153
+ "go",
154
+ "csharp",
155
+ "php",
156
+ "ruby",
157
+ "rust",
158
+ "kotlin"
159
+ ],
160
+ "severity": "critical"
161
+ },
162
+ {
163
+ "id": "SEC009",
164
+ "pattern": "(?:password|passwd|pwd)\\s*[:=]\\s*['\"`][^'\"`\\s]{6,}['\"`]",
165
+ "flags": "i",
166
+ "category": "hardcoded_secret",
167
+ "description": "Hardcoded passwords / connection strings with embedded passwords in source code",
168
+ "language": [
169
+ "js",
170
+ "ts",
171
+ "python",
172
+ "java",
173
+ "go",
174
+ "csharp",
175
+ "php",
176
+ "ruby",
177
+ "rust",
178
+ "kotlin"
179
+ ],
180
+ "severity": "critical"
181
+ },
182
+ {
183
+ "id": "SEC010",
184
+ "pattern": "redis:\\/\\/:?[^@\\s'\"]{6,}@|mongodb:\\/\\/[^:\\s'\"]+:[^@\\s'\"]{6,}@",
185
+ "flags": "i",
186
+ "category": "hardcoded_secret",
187
+ "description": "Hardcoded passwords / connection strings with embedded passwords in source code",
188
+ "language": [
189
+ "js",
190
+ "ts",
191
+ "python",
192
+ "java",
193
+ "go",
194
+ "csharp",
195
+ "php",
196
+ "ruby",
197
+ "rust",
198
+ "kotlin"
199
+ ],
200
+ "severity": "critical"
201
+ },
202
+ {
203
+ "id": "SEC011",
204
+ "pattern": "(?:ENCRYPTION_KEY|HMAC_KEY|ENCRYPT_KEY|AES_KEY|encKey|EncKey|hmacKey)\\s*[=:]\\s*(?:['\"`]|b['\"])[^\\s'\"]{12,}",
205
+ "flags": "i",
206
+ "category": "hardcoded_secret",
207
+ "description": "Encryption keys / HMAC keys in const/var",
208
+ "language": [
209
+ "js",
210
+ "ts",
211
+ "python",
212
+ "java",
213
+ "go",
214
+ "csharp",
215
+ "php",
216
+ "ruby",
217
+ "rust",
218
+ "kotlin"
219
+ ],
220
+ "severity": "critical"
221
+ },
222
+ {
223
+ "id": "SEC012",
224
+ "pattern": "auth\\s*:\\s*\\{[^}]*pass\\s*:\\s*['\"`][^'\"`\\s]{4,}['\"`]",
225
+ "flags": "i",
226
+ "category": "hardcoded_secret",
227
+ "description": "SMTP auth passwords in transport config",
228
+ "language": [
229
+ "js",
230
+ "ts",
231
+ "python",
232
+ "java",
233
+ "go",
234
+ "csharp",
235
+ "php",
236
+ "ruby",
237
+ "rust",
238
+ "kotlin"
239
+ ],
240
+ "severity": "critical"
241
+ },
242
+ {
243
+ "id": "SEC013",
244
+ "pattern": "(?:const|let|var|val|final)\\s+\\w*(?:[Tt]oken|[Aa][Pp][Ii][Kk]ey|[Ss]ecret|[Pp]assword|[Pp]asswd)\\w*\\s*[=:]\\s*['\"`][A-Za-z0-9+\\/=_\\-\\.@#!$%^&*]{12,}['\"`]",
245
+ "flags": "i",
246
+ "category": "hardcoded_secret",
247
+ "description": "Generic hardcoded token/key/secret/apiKey assignment",
248
+ "language": [
249
+ "js",
250
+ "ts",
251
+ "python",
252
+ "java",
253
+ "go",
254
+ "csharp",
255
+ "php",
256
+ "ruby",
257
+ "rust",
258
+ "kotlin"
259
+ ],
260
+ "severity": "critical"
261
+ },
262
+ {
263
+ "id": "SEC014",
264
+ "pattern": "Password=[^;\\s'\"]{6,}[;'\"]|pwd=[^;\\s'\"]{6,}[;'\"]",
265
+ "flags": "i",
266
+ "category": "hardcoded_secret",
267
+ "description": "Connection strings with embedded Password= (SQL Server, ODBC)",
268
+ "language": [
269
+ "js",
270
+ "ts",
271
+ "python",
272
+ "java",
273
+ "go",
274
+ "csharp",
275
+ "php",
276
+ "ruby",
277
+ "rust",
278
+ "kotlin"
279
+ ],
280
+ "severity": "critical"
281
+ },
282
+ {
283
+ "id": "SEC015",
284
+ "pattern": "AccountKey=[A-Za-z0-9+\\/=]{20,}",
285
+ "flags": "i",
286
+ "category": "hardcoded_secret",
287
+ "description": "Azure AccountKey= in connection strings (base64 encoded key)",
288
+ "language": [
289
+ "js",
290
+ "ts",
291
+ "python",
292
+ "java",
293
+ "go",
294
+ "csharp",
295
+ "php",
296
+ "ruby",
297
+ "rust",
298
+ "kotlin"
299
+ ],
300
+ "severity": "critical"
301
+ },
302
+ {
303
+ "id": "SEC016",
304
+ "pattern": "hooks\\.slack\\.com\\/services\\/[A-Z0-9]+\\/[A-Z0-9]+\\/[A-Za-z0-9]+",
305
+ "flags": "i",
306
+ "category": "hardcoded_secret",
307
+ "description": "Slack webhook URL",
308
+ "language": [
309
+ "js",
310
+ "ts",
311
+ "python",
312
+ "java",
313
+ "go",
314
+ "csharp",
315
+ "php",
316
+ "ruby",
317
+ "rust",
318
+ "kotlin"
319
+ ],
320
+ "severity": "critical"
321
+ },
322
+ {
323
+ "id": "SEC017",
324
+ "pattern": "pdkey-[a-z]-[A-Za-z0-9]{16,}",
325
+ "flags": "i",
326
+ "category": "hardcoded_secret",
327
+ "description": "PagerDuty / generic pdkey token",
328
+ "language": [
329
+ "js",
330
+ "ts",
331
+ "python",
332
+ "java",
333
+ "go",
334
+ "csharp",
335
+ "php",
336
+ "ruby",
337
+ "rust",
338
+ "kotlin"
339
+ ],
340
+ "severity": "critical"
341
+ },
342
+ {
343
+ "id": "SEC018",
344
+ "pattern": "(?:private\\s+)?static\\s+final\\s+String\\s+\\w*(?:SECRET|KEY|TOKEN|PASSWORD|SIGNING)\\w*\\s*=\\s*[\"'][^\"']{12,}[\"']",
345
+ "flags": "i",
346
+ "category": "hardcoded_secret",
347
+ "description": "Java static final String SECRET/KEY/TOKEN with hardcoded value",
348
+ "language": [
349
+ "java"
350
+ ],
351
+ "severity": "critical"
352
+ },
353
+ {
354
+ "id": "SEC019",
355
+ "pattern": "\\[\\s*\\]byte\\s*\\(\\s*[\"'][^\"']{12,}[\"']\\s*\\)",
356
+ "flags": "",
357
+ "category": "hardcoded_secret",
358
+ "description": "Go []byte(\"hardcoded secret string\") for JWT signing keys",
359
+ "language": [
360
+ "go"
361
+ ],
362
+ "severity": "critical"
363
+ },
364
+ {
365
+ "id": "SEC020",
366
+ "pattern": "(?:AesKey|AesIv|EncKey|HmacKey|aesKey|hmacKey)\\s*=\\s*new\\s+byte\\s*\\[\\s*\\]",
367
+ "flags": "i",
368
+ "category": "hardcoded_secret",
369
+ "description": "Hardcoded byte array AES key (C#: new byte[] { 0x2b, 0x7e, ... })",
370
+ "language": [
371
+ "csharp"
372
+ ],
373
+ "severity": "critical"
374
+ },
375
+ {
376
+ "id": "SEC021",
377
+ "pattern": "define\\s*\\(\\s*['\"](?:REDIS_PASSWORD|SESSION_SECRET|CSRF_SECRET|DB_PASS|APP_SECRET|SMTP_PASS|JWT_SECRET)['\"]\\s*,\\s*['\"][^'\"]{6,}['\"]",
378
+ "flags": "i",
379
+ "category": "hardcoded_secret",
380
+ "description": "PHP hardcoded secrets: define() with password/secret constants",
381
+ "language": [
382
+ "php"
383
+ ],
384
+ "severity": "critical"
385
+ },
386
+ {
387
+ "id": "SEC022",
388
+ "pattern": "const\\s+\\w*(?:SECRET|_SECRET)\\w*\\s*:\\s*string\\s*=\\s*['\"`][^'\"`]{12,}['\"`]",
389
+ "flags": "i",
390
+ "category": "hardcoded_secret",
391
+ "description": "TypeScript: hardcoded secret with type annotation",
392
+ "language": [
393
+ "typescript"
394
+ ],
395
+ "severity": "critical"
396
+ }
397
+ ]
@@ -0,0 +1,13 @@
1
+ [
2
+ {
3
+ "id": "URL001",
4
+ "pattern": "const\\s+val\\s+\\w*(?:URL|_URL)\\w*\\s*=\\s*[\"']https?:\\/\\/",
5
+ "flags": "i",
6
+ "category": "hardcoded_url",
7
+ "description": "Kotlin: hardcoded production/debug URLs",
8
+ "language": [
9
+ "kotlin"
10
+ ],
11
+ "severity": "medium"
12
+ }
13
+ ]
@@ -0,0 +1,302 @@
1
+ [
2
+ {
3
+ "id": "CRYPTO001",
4
+ "pattern": "md5\\s*\\(|hashlib\\.md5|MessageDigest\\.getInstance\\s*\\(\\s*[\"']MD5[\"']\\)",
5
+ "flags": "i",
6
+ "category": "insecure_crypto",
7
+ "description": "Insecure crypto (expanded)",
8
+ "language": [
9
+ "js",
10
+ "ts",
11
+ "python",
12
+ "java",
13
+ "go",
14
+ "csharp",
15
+ "php",
16
+ "ruby",
17
+ "rust",
18
+ "kotlin"
19
+ ],
20
+ "severity": "high"
21
+ },
22
+ {
23
+ "id": "CRYPTO002",
24
+ "pattern": "Math\\.random\\s*\\(\\)",
25
+ "flags": "",
26
+ "category": "insecure_crypto",
27
+ "description": "Insecure crypto (expanded)",
28
+ "language": [
29
+ "js",
30
+ "ts",
31
+ "python",
32
+ "java",
33
+ "go",
34
+ "csharp",
35
+ "php",
36
+ "ruby",
37
+ "rust",
38
+ "kotlin"
39
+ ],
40
+ "severity": "high"
41
+ },
42
+ {
43
+ "id": "CRYPTO003",
44
+ "pattern": "MD5\\.Create\\s*\\(\\)|MD5\\.HashData\\s*\\(|createHash\\s*\\(\\s*['\"]md5['\"]\\)",
45
+ "flags": "i",
46
+ "category": "insecure_crypto",
47
+ "description": "MD5/SHA1 via language-specific APIs",
48
+ "language": [
49
+ "js",
50
+ "ts",
51
+ "python",
52
+ "java",
53
+ "go",
54
+ "csharp",
55
+ "php",
56
+ "ruby",
57
+ "rust",
58
+ "kotlin"
59
+ ],
60
+ "severity": "high"
61
+ },
62
+ {
63
+ "id": "CRYPTO004",
64
+ "pattern": "crypto\\/md5|use\\s+md5\\b|md5::compute|crypto\\/sha1|use\\s+sha1\\b",
65
+ "flags": "i",
66
+ "category": "insecure_crypto",
67
+ "description": "MD5/SHA1 via language-specific APIs",
68
+ "language": [
69
+ "js",
70
+ "ts",
71
+ "python",
72
+ "java",
73
+ "go",
74
+ "csharp",
75
+ "php",
76
+ "ruby",
77
+ "rust",
78
+ "kotlin"
79
+ ],
80
+ "severity": "high"
81
+ },
82
+ {
83
+ "id": "CRYPTO005",
84
+ "pattern": "MessageDigest\\.getInstance\\s*\\(\\s*[\"']SHA-?1[\"']\\)|SHA1\\s*\\(\\)|sha1\\s*\\(",
85
+ "flags": "i",
86
+ "category": "insecure_crypto",
87
+ "description": "MD5/SHA1 via language-specific APIs",
88
+ "language": [
89
+ "js",
90
+ "ts",
91
+ "python",
92
+ "java",
93
+ "go",
94
+ "csharp",
95
+ "php",
96
+ "ruby",
97
+ "rust",
98
+ "kotlin"
99
+ ],
100
+ "severity": "high"
101
+ },
102
+ {
103
+ "id": "CRYPTO006",
104
+ "pattern": "MD5\\.Create\\s*\\(\\)",
105
+ "flags": "i",
106
+ "category": "insecure_crypto",
107
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
108
+ "language": [
109
+ "csharp"
110
+ ],
111
+ "severity": "high"
112
+ },
113
+ {
114
+ "id": "CRYPTO007",
115
+ "pattern": "DES\\.Create\\s*\\(\\)|new HMACSHA1\\s*\\(",
116
+ "flags": "i",
117
+ "category": "insecure_crypto",
118
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
119
+ "language": [
120
+ "csharp"
121
+ ],
122
+ "severity": "high"
123
+ },
124
+ {
125
+ "id": "CRYPTO008",
126
+ "pattern": "CipherMode\\.ECB",
127
+ "flags": "i",
128
+ "category": "insecure_crypto",
129
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
130
+ "language": [
131
+ "csharp"
132
+ ],
133
+ "severity": "high"
134
+ },
135
+ {
136
+ "id": "CRYPTO009",
137
+ "pattern": "new Random\\s*\\(\\)",
138
+ "flags": "",
139
+ "category": "insecure_crypto",
140
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
141
+ "language": [
142
+ "csharp"
143
+ ],
144
+ "severity": "high"
145
+ },
146
+ {
147
+ "id": "CRYPTO010",
148
+ "pattern": "md5\\s*\\(\\s*\\$(?:_POST|password|user_pass)\\b",
149
+ "flags": "i",
150
+ "category": "insecure_crypto",
151
+ "description": "PHP insecure crypto",
152
+ "language": [
153
+ "php"
154
+ ],
155
+ "severity": "high"
156
+ },
157
+ {
158
+ "id": "CRYPTO011",
159
+ "pattern": "\\bmd5\\s*\\(\\s*rand\\s*\\(\\s*\\)\\s*\\)|sha1\\s*\\(\\s*\\w+\\s*\\.\\s*time\\s*\\(",
160
+ "flags": "i",
161
+ "category": "insecure_crypto",
162
+ "description": "PHP insecure crypto",
163
+ "language": [
164
+ "php"
165
+ ],
166
+ "severity": "high"
167
+ },
168
+ {
169
+ "id": "CRYPTO012",
170
+ "pattern": "mcrypt_encrypt\\s*\\(\\s*MCRYPT_DES",
171
+ "flags": "i",
172
+ "category": "insecure_crypto",
173
+ "description": "PHP insecure crypto",
174
+ "language": [
175
+ "php"
176
+ ],
177
+ "severity": "high"
178
+ },
179
+ {
180
+ "id": "CRYPTO013",
181
+ "pattern": "\"crypto\\/md5\"|md5\\.Sum\\s*\\(|md5\\.New\\s*\\(",
182
+ "flags": "i",
183
+ "category": "insecure_crypto",
184
+ "description": "Go insecure crypto",
185
+ "language": [
186
+ "go"
187
+ ],
188
+ "severity": "high"
189
+ },
190
+ {
191
+ "id": "CRYPTO014",
192
+ "pattern": "\"math\\/rand\"|rand\\.Intn\\s*\\(|rand\\.Seed\\s*\\(",
193
+ "flags": "i",
194
+ "category": "insecure_crypto",
195
+ "description": "Go insecure crypto",
196
+ "language": [
197
+ "go"
198
+ ],
199
+ "severity": "high"
200
+ },
201
+ {
202
+ "id": "CRYPTO015",
203
+ "pattern": "\"crypto\\/des\"|des\\.NewCipher\\s*\\(",
204
+ "flags": "i",
205
+ "category": "insecure_crypto",
206
+ "description": "Go insecure crypto",
207
+ "language": [
208
+ "go"
209
+ ],
210
+ "severity": "high"
211
+ },
212
+ {
213
+ "id": "CRYPTO016",
214
+ "pattern": "\"crypto\\/sha1\"|sha1\\.New\\s*\\(|hmac\\.New\\s*\\(\\s*sha1\\.New",
215
+ "flags": "i",
216
+ "category": "insecure_crypto",
217
+ "description": "Go insecure crypto",
218
+ "language": [
219
+ "go"
220
+ ],
221
+ "severity": "high"
222
+ },
223
+ {
224
+ "id": "CRYPTO017",
225
+ "pattern": "rsa\\.GenerateKey\\s*\\([^,]+,\\s*(?:512|1024)\\s*\\)",
226
+ "flags": "i",
227
+ "category": "insecure_crypto",
228
+ "description": "Go insecure crypto",
229
+ "language": [
230
+ "go"
231
+ ],
232
+ "severity": "high"
233
+ },
234
+ {
235
+ "id": "CRYPTO018",
236
+ "pattern": "getInstance\\s*\\(\\s*[\"']DES\\b",
237
+ "flags": "i",
238
+ "category": "insecure_crypto",
239
+ "description": "Kotlin/Java: DES cipher usage",
240
+ "language": [
241
+ "kotlin",
242
+ "java"
243
+ ],
244
+ "severity": "high"
245
+ },
246
+ {
247
+ "id": "CRYPTO019",
248
+ "pattern": "(?:private\\s+)?static\\s+final\\s+String\\s+\\w*(?:ALGORITHM|ALGO|CIPHER)\\w*\\s*=\\s*[\"']DES[\"']",
249
+ "flags": "i",
250
+ "category": "insecure_crypto",
251
+ "description": "Kotlin/Java: DES cipher usage",
252
+ "language": [
253
+ "kotlin",
254
+ "java"
255
+ ],
256
+ "severity": "high"
257
+ },
258
+ {
259
+ "id": "CRYPTO020",
260
+ "pattern": "==\\s*received_sig\\b|received_sig\\s*==|provided\\s*==\\s*stored\\b",
261
+ "flags": "",
262
+ "category": "insecure_crypto",
263
+ "description": "Python: timing attack via == comparison, low-iteration PBKDF2",
264
+ "language": [
265
+ "python"
266
+ ],
267
+ "severity": "high"
268
+ },
269
+ {
270
+ "id": "CRYPTO021",
271
+ "pattern": "pbkdf2_hmac\\s*\\(\\s*[\"'](?:sha1|md5)[\"'][^)]*,\\s*1000\\s*\\)",
272
+ "flags": "i",
273
+ "category": "insecure_crypto",
274
+ "description": "Python: timing attack via == comparison, low-iteration PBKDF2",
275
+ "language": [
276
+ "python"
277
+ ],
278
+ "severity": "high"
279
+ },
280
+ {
281
+ "id": "CRYPTO022",
282
+ "pattern": "\\w*(?:Sig|Signature)\\w*\\s*={2,3}\\s*\\w+|={2,3}\\s*\\w*(?:Sig|Signature)\\w*\\b",
283
+ "flags": "",
284
+ "category": "insecure_crypto",
285
+ "description": "(also matches == after loose-equality mutation of ===)",
286
+ "language": [
287
+ "typescript"
288
+ ],
289
+ "severity": "high"
290
+ },
291
+ {
292
+ "id": "CRYPTO023",
293
+ "pattern": "provided\\w*\\s*={2,3}\\s*stored\\w*|stored\\w*\\s*={2,3}\\s*provided\\w*",
294
+ "flags": "i",
295
+ "category": "insecure_crypto",
296
+ "description": "(also matches == after loose-equality mutation of ===)",
297
+ "language": [
298
+ "typescript"
299
+ ],
300
+ "severity": "high"
301
+ }
302
+ ]