thuban 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/package.json +63 -0
- package/dist/packages/crucible/rules/code-scanner-core.json +129 -0
- package/dist/packages/crucible/rules/command-injection.json +411 -0
- package/dist/packages/crucible/rules/crypto-misuse.json +35 -0
- package/dist/packages/crucible/rules/deserialization.json +152 -0
- package/dist/packages/crucible/rules/env-injection.json +46 -0
- package/dist/packages/crucible/rules/eval-abuse.json +104 -0
- package/dist/packages/crucible/rules/file-upload.json +46 -0
- package/dist/packages/crucible/rules/hallucination.json +22 -0
- package/dist/packages/crucible/rules/hardcoded-secret.json +397 -0
- package/dist/packages/crucible/rules/hardcoded-url.json +13 -0
- package/dist/packages/crucible/rules/insecure-crypto.json +302 -0
- package/dist/packages/crucible/rules/integer-overflow.json +35 -0
- package/dist/packages/crucible/rules/log-injection.json +33 -0
- package/dist/packages/crucible/rules/mass-assignment.json +112 -0
- package/dist/packages/crucible/rules/open-redirect.json +196 -0
- package/dist/packages/crucible/rules/path-traversal.json +422 -0
- package/dist/packages/crucible/rules/prototype-pollution.json +22 -0
- package/dist/packages/crucible/rules/sql-injection.json +597 -0
- package/dist/packages/crucible/rules/ssrf.json +557 -0
- package/dist/packages/crucible/rules/timing-attack.json +55 -0
- package/dist/packages/crucible/rules/unsafe-block.json +24 -0
- package/dist/packages/crucible/rules/xss.json +641 -0
- package/dist/packages/crucible/rules/xxe.json +66 -0
- package/dist/packages/crucible/rules/yaml-deserialization.json +22 -0
- package/dist/packages/crucible/rules/yaml-injection.json +22 -0
- package/package.json +4 -2
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "INT001",
|
|
4
|
+
"pattern": "\\bas\\s+(?:u8|u16|u32|i8|i16|i32|i64|usize)\\b",
|
|
5
|
+
"flags": "",
|
|
6
|
+
"category": "integer_overflow",
|
|
7
|
+
"description": "Cast truncation: `val as u8/u16/u32/i32/usize` silently drops bits",
|
|
8
|
+
"language": [
|
|
9
|
+
"rust"
|
|
10
|
+
],
|
|
11
|
+
"severity": "medium"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"id": "INT002",
|
|
15
|
+
"pattern": "\\w+\\s*\\*\\s*\\w*(?:size|len)\\w*\\b",
|
|
16
|
+
"flags": "i",
|
|
17
|
+
"category": "integer_overflow",
|
|
18
|
+
"description": "Allocation size computed from untrusted multiplication (user_size * element_size)",
|
|
19
|
+
"language": [
|
|
20
|
+
"rust"
|
|
21
|
+
],
|
|
22
|
+
"severity": "medium"
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"id": "INT003",
|
|
26
|
+
"pattern": "\\[\\s*(?:index|idx|start\\.\\.end)\\s*\\]|\\[\\s*row\\s*\\]\\s*\\[\\s*col\\s*\\]|\\[\\s*n\\s*\\]",
|
|
27
|
+
"flags": "",
|
|
28
|
+
"category": "integer_overflow",
|
|
29
|
+
"description": "Array/slice indexing with named variable index / range (no bounds check)",
|
|
30
|
+
"language": [
|
|
31
|
+
"rust"
|
|
32
|
+
],
|
|
33
|
+
"severity": "medium"
|
|
34
|
+
}
|
|
35
|
+
]
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "LOG001",
|
|
4
|
+
"pattern": "logger\\.(?:info|error|warn|debug)\\s*\\(.*\\+\\s*\\w+",
|
|
5
|
+
"flags": "",
|
|
6
|
+
"category": "log_injection",
|
|
7
|
+
"description": "Log injection",
|
|
8
|
+
"language": [
|
|
9
|
+
"js",
|
|
10
|
+
"ts",
|
|
11
|
+
"python",
|
|
12
|
+
"java",
|
|
13
|
+
"go",
|
|
14
|
+
"csharp",
|
|
15
|
+
"php",
|
|
16
|
+
"ruby",
|
|
17
|
+
"rust",
|
|
18
|
+
"kotlin"
|
|
19
|
+
],
|
|
20
|
+
"severity": "medium"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"id": "LOG002",
|
|
24
|
+
"pattern": "\\blog\\.(?:info|error|warn|debug)\\s*\\(.*\\+\\s*\\w+",
|
|
25
|
+
"flags": "",
|
|
26
|
+
"category": "log_injection",
|
|
27
|
+
"description": "Java: log4j log.* injection (lowercase `log` logger variable)",
|
|
28
|
+
"language": [
|
|
29
|
+
"java"
|
|
30
|
+
],
|
|
31
|
+
"severity": "medium"
|
|
32
|
+
}
|
|
33
|
+
]
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "MASS001",
|
|
4
|
+
"pattern": "params\\[:\\w+\\]\\.permit!",
|
|
5
|
+
"flags": "i",
|
|
6
|
+
"category": "mass_assignment",
|
|
7
|
+
"description": "Ruby mass assignment",
|
|
8
|
+
"language": [
|
|
9
|
+
"ruby"
|
|
10
|
+
],
|
|
11
|
+
"severity": "medium"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"id": "MASS002",
|
|
15
|
+
"pattern": "\\.update_attributes\\s*\\(\\s*params",
|
|
16
|
+
"flags": "i",
|
|
17
|
+
"category": "mass_assignment",
|
|
18
|
+
"description": "Ruby mass assignment",
|
|
19
|
+
"language": [
|
|
20
|
+
"ruby"
|
|
21
|
+
],
|
|
22
|
+
"severity": "medium"
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"id": "MASS003",
|
|
26
|
+
"pattern": "\\.update\\s*\\(\\s*params\\[:\\w+\\]\\s*\\)",
|
|
27
|
+
"flags": "i",
|
|
28
|
+
"category": "mass_assignment",
|
|
29
|
+
"description": "Ruby mass assignment",
|
|
30
|
+
"language": [
|
|
31
|
+
"ruby"
|
|
32
|
+
],
|
|
33
|
+
"severity": "medium"
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
"id": "MASS004",
|
|
37
|
+
"pattern": "\\.create\\s*\\(\\s*params\\b(?!\\s*[.\\[])|User\\.create_from_params",
|
|
38
|
+
"flags": "i",
|
|
39
|
+
"category": "mass_assignment",
|
|
40
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
41
|
+
"language": [
|
|
42
|
+
"ruby"
|
|
43
|
+
],
|
|
44
|
+
"severity": "medium"
|
|
45
|
+
},
|
|
46
|
+
{
|
|
47
|
+
"id": "MASS005",
|
|
48
|
+
"pattern": "\\.new\\s*\\(\\s*registration_params\\b",
|
|
49
|
+
"flags": "i",
|
|
50
|
+
"category": "mass_assignment",
|
|
51
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
52
|
+
"language": [
|
|
53
|
+
"ruby"
|
|
54
|
+
],
|
|
55
|
+
"severity": "medium"
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
"id": "MASS006",
|
|
59
|
+
"pattern": "params\\.require\\s*\\([^)]+\\)\\.permit!",
|
|
60
|
+
"flags": "i",
|
|
61
|
+
"category": "mass_assignment",
|
|
62
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
63
|
+
"language": [
|
|
64
|
+
"ruby"
|
|
65
|
+
],
|
|
66
|
+
"severity": "medium"
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
"id": "MASS007",
|
|
70
|
+
"pattern": "update_attributes!\\s*\\(\\s*\\w*(?:request_params|attrs|hash)",
|
|
71
|
+
"flags": "i",
|
|
72
|
+
"category": "mass_assignment",
|
|
73
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
74
|
+
"language": [
|
|
75
|
+
"ruby"
|
|
76
|
+
],
|
|
77
|
+
"severity": "medium"
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
"id": "MASS008",
|
|
81
|
+
"pattern": "\\.create!\\s*\\(\\s*attrs\\s*\\)",
|
|
82
|
+
"flags": "i",
|
|
83
|
+
"category": "mass_assignment",
|
|
84
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
85
|
+
"language": [
|
|
86
|
+
"ruby"
|
|
87
|
+
],
|
|
88
|
+
"severity": "medium"
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
"id": "MASS009",
|
|
92
|
+
"pattern": "\\bcreate\\s*\\(\\s*params\\s*\\)",
|
|
93
|
+
"flags": "",
|
|
94
|
+
"category": "mass_assignment",
|
|
95
|
+
"description": "Ruby mass assignment: bare create(params)/new(registration_params) call (no receiver dot)",
|
|
96
|
+
"language": [
|
|
97
|
+
"ruby"
|
|
98
|
+
],
|
|
99
|
+
"severity": "medium"
|
|
100
|
+
},
|
|
101
|
+
{
|
|
102
|
+
"id": "MASS010",
|
|
103
|
+
"pattern": "\\bnew\\s*\\(\\s*registration_params\\b",
|
|
104
|
+
"flags": "i",
|
|
105
|
+
"category": "mass_assignment",
|
|
106
|
+
"description": "Ruby mass assignment: bare create(params)/new(registration_params) call (no receiver dot)",
|
|
107
|
+
"language": [
|
|
108
|
+
"ruby"
|
|
109
|
+
],
|
|
110
|
+
"severity": "medium"
|
|
111
|
+
}
|
|
112
|
+
]
|
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "REDIR001",
|
|
4
|
+
"pattern": "redirect_to\\s+params\\[|redirect_to\\s+\\w+\\s*\\|\\||http\\.Redirect\\s*\\([^)]*r\\.Header|Response\\.Redirect\\s*\\(\\s*\\w*[Uu]rl",
|
|
5
|
+
"flags": "i",
|
|
6
|
+
"category": "open_redirect",
|
|
7
|
+
"description": "Open redirect (various frameworks)",
|
|
8
|
+
"language": [
|
|
9
|
+
"js",
|
|
10
|
+
"ts",
|
|
11
|
+
"python",
|
|
12
|
+
"java",
|
|
13
|
+
"go",
|
|
14
|
+
"csharp",
|
|
15
|
+
"php",
|
|
16
|
+
"ruby",
|
|
17
|
+
"rust",
|
|
18
|
+
"kotlin"
|
|
19
|
+
],
|
|
20
|
+
"severity": "medium"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"id": "REDIR002",
|
|
24
|
+
"pattern": "http\\.Redirect\\s*\\([^,]+,\\s*[^,]+,\\s*(?:returnURL|redirectTo|returnUrl|returnTo|referer|destination)",
|
|
25
|
+
"flags": "i",
|
|
26
|
+
"category": "open_redirect",
|
|
27
|
+
"description": "Go open redirect: http.Redirect with user-controlled variable (returnURL etc.)",
|
|
28
|
+
"language": [
|
|
29
|
+
"go"
|
|
30
|
+
],
|
|
31
|
+
"severity": "medium"
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
"id": "REDIR003",
|
|
35
|
+
"pattern": "r\\.URL\\.Query\\(\\)\\.Get\\s*\\(\\s*[\"']return",
|
|
36
|
+
"flags": "i",
|
|
37
|
+
"category": "open_redirect",
|
|
38
|
+
"description": "Go open redirect: r.URL.Query() used as redirect target",
|
|
39
|
+
"language": [
|
|
40
|
+
"go"
|
|
41
|
+
],
|
|
42
|
+
"severity": "medium"
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"id": "REDIR004",
|
|
46
|
+
"pattern": "Redirect\\s*\\(\\s*(?:\\w*[Uu]rl|returnUrl)\\b",
|
|
47
|
+
"flags": "",
|
|
48
|
+
"category": "open_redirect",
|
|
49
|
+
"description": "Open redirect",
|
|
50
|
+
"language": [
|
|
51
|
+
"js",
|
|
52
|
+
"ts",
|
|
53
|
+
"python",
|
|
54
|
+
"java",
|
|
55
|
+
"go",
|
|
56
|
+
"csharp",
|
|
57
|
+
"php",
|
|
58
|
+
"ruby",
|
|
59
|
+
"rust",
|
|
60
|
+
"kotlin"
|
|
61
|
+
],
|
|
62
|
+
"severity": "medium"
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"id": "REDIR005",
|
|
66
|
+
"pattern": "context\\.Response\\.Redirect\\s*\\(\\s*(?:next|url|returnUrl|redirect)",
|
|
67
|
+
"flags": "i",
|
|
68
|
+
"category": "open_redirect",
|
|
69
|
+
"description": "C# open redirect",
|
|
70
|
+
"language": [
|
|
71
|
+
"csharp"
|
|
72
|
+
],
|
|
73
|
+
"severity": "medium"
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
"id": "REDIR006",
|
|
77
|
+
"pattern": "return Redirect\\s*\\(\\s*(?:returnUrl|destination|state|next)\\s*\\)",
|
|
78
|
+
"flags": "i",
|
|
79
|
+
"category": "open_redirect",
|
|
80
|
+
"description": "C# open redirect",
|
|
81
|
+
"language": [
|
|
82
|
+
"csharp"
|
|
83
|
+
],
|
|
84
|
+
"severity": "medium"
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
"id": "REDIR007",
|
|
88
|
+
"pattern": "redirect_to\\s+params\\[:\\w+\\]",
|
|
89
|
+
"flags": "i",
|
|
90
|
+
"category": "open_redirect",
|
|
91
|
+
"description": "Ruby open redirect",
|
|
92
|
+
"language": [
|
|
93
|
+
"ruby"
|
|
94
|
+
],
|
|
95
|
+
"severity": "medium"
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"id": "REDIR008",
|
|
99
|
+
"pattern": "redirect_to\\s+(?:next_url|callback|destination|target)",
|
|
100
|
+
"flags": "i",
|
|
101
|
+
"category": "open_redirect",
|
|
102
|
+
"description": "Ruby open redirect",
|
|
103
|
+
"language": [
|
|
104
|
+
"ruby"
|
|
105
|
+
],
|
|
106
|
+
"severity": "medium"
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
"id": "REDIR009",
|
|
110
|
+
"pattern": "header\\s*\\(\\s*[\"']Location:[\"']\\s*\\.\\s*\\$(?:_GET|_POST|url|next|redirect)",
|
|
111
|
+
"flags": "i",
|
|
112
|
+
"category": "open_redirect",
|
|
113
|
+
"description": "PHP open redirect: header Location",
|
|
114
|
+
"language": [
|
|
115
|
+
"php"
|
|
116
|
+
],
|
|
117
|
+
"severity": "medium"
|
|
118
|
+
},
|
|
119
|
+
{
|
|
120
|
+
"id": "REDIR010",
|
|
121
|
+
"pattern": "header\\s*\\(\\s*[\"']Location:[\"']\\s*\\.\\s*\\$",
|
|
122
|
+
"flags": "i",
|
|
123
|
+
"category": "open_redirect",
|
|
124
|
+
"description": "PHP open redirect: header Location",
|
|
125
|
+
"language": [
|
|
126
|
+
"php"
|
|
127
|
+
],
|
|
128
|
+
"severity": "medium"
|
|
129
|
+
},
|
|
130
|
+
{
|
|
131
|
+
"id": "REDIR011",
|
|
132
|
+
"pattern": "header\\s*\\(\\s*['\"]Location:\\s*['\"]\\s*\\.\\s*\\$(?:url|next|redirect|return_to|target|to)\\b",
|
|
133
|
+
"flags": "i",
|
|
134
|
+
"category": "open_redirect",
|
|
135
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
136
|
+
"language": [
|
|
137
|
+
"php"
|
|
138
|
+
],
|
|
139
|
+
"severity": "medium"
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
"id": "REDIR012",
|
|
143
|
+
"pattern": "header\\s*\\(\\s*['\"]Location:\\s*['\"]\\s*\\.\\s*\\$(?:_GET|_POST|_REQUEST)",
|
|
144
|
+
"flags": "i",
|
|
145
|
+
"category": "open_redirect",
|
|
146
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
147
|
+
"language": [
|
|
148
|
+
"php"
|
|
149
|
+
],
|
|
150
|
+
"severity": "medium"
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
"id": "REDIR013",
|
|
154
|
+
"pattern": "header\\s*\\(\\s*\"Location:\\s*\\$(?:url|next|redirect|target|return)",
|
|
155
|
+
"flags": "i",
|
|
156
|
+
"category": "open_redirect",
|
|
157
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
158
|
+
"language": [
|
|
159
|
+
"php"
|
|
160
|
+
],
|
|
161
|
+
"severity": "medium"
|
|
162
|
+
},
|
|
163
|
+
{
|
|
164
|
+
"id": "REDIR014",
|
|
165
|
+
"pattern": "header\\s*\\(\\s*\"Location:\\s*\"\\.\\s*\\$\\w",
|
|
166
|
+
"flags": "i",
|
|
167
|
+
"category": "open_redirect",
|
|
168
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
169
|
+
"language": [
|
|
170
|
+
"php"
|
|
171
|
+
],
|
|
172
|
+
"severity": "medium"
|
|
173
|
+
},
|
|
174
|
+
{
|
|
175
|
+
"id": "REDIR015",
|
|
176
|
+
"pattern": "http\\.Redirect\\s*\\(\\s*w\\s*,\\s*r\\s*,\\s*(?:returnURL|returnUrl|destination|state|next|returnTo|referer)",
|
|
177
|
+
"flags": "i",
|
|
178
|
+
"category": "open_redirect",
|
|
179
|
+
"description": "Go open redirect",
|
|
180
|
+
"language": [
|
|
181
|
+
"go"
|
|
182
|
+
],
|
|
183
|
+
"severity": "medium"
|
|
184
|
+
},
|
|
185
|
+
{
|
|
186
|
+
"id": "REDIR016",
|
|
187
|
+
"pattern": "http\\.Redirect\\s*\\(\\s*w\\s*,\\s*r\\s*,\\s*(?:string\\()?\\s*(?:returnURL|returnUrl|destination|state|next|returnTo|referer)",
|
|
188
|
+
"flags": "i",
|
|
189
|
+
"category": "open_redirect",
|
|
190
|
+
"description": "Go: timing attack via != comparison of tokens; open redirect via decoded state",
|
|
191
|
+
"language": [
|
|
192
|
+
"go"
|
|
193
|
+
],
|
|
194
|
+
"severity": "medium"
|
|
195
|
+
}
|
|
196
|
+
]
|