thuban 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/dist/package.json +63 -0
  2. package/dist/packages/crucible/rules/code-scanner-core.json +129 -0
  3. package/dist/packages/crucible/rules/command-injection.json +411 -0
  4. package/dist/packages/crucible/rules/crypto-misuse.json +35 -0
  5. package/dist/packages/crucible/rules/deserialization.json +152 -0
  6. package/dist/packages/crucible/rules/env-injection.json +46 -0
  7. package/dist/packages/crucible/rules/eval-abuse.json +104 -0
  8. package/dist/packages/crucible/rules/file-upload.json +46 -0
  9. package/dist/packages/crucible/rules/hallucination.json +22 -0
  10. package/dist/packages/crucible/rules/hardcoded-secret.json +397 -0
  11. package/dist/packages/crucible/rules/hardcoded-url.json +13 -0
  12. package/dist/packages/crucible/rules/insecure-crypto.json +302 -0
  13. package/dist/packages/crucible/rules/integer-overflow.json +35 -0
  14. package/dist/packages/crucible/rules/log-injection.json +33 -0
  15. package/dist/packages/crucible/rules/mass-assignment.json +112 -0
  16. package/dist/packages/crucible/rules/open-redirect.json +196 -0
  17. package/dist/packages/crucible/rules/path-traversal.json +422 -0
  18. package/dist/packages/crucible/rules/prototype-pollution.json +22 -0
  19. package/dist/packages/crucible/rules/sql-injection.json +597 -0
  20. package/dist/packages/crucible/rules/ssrf.json +557 -0
  21. package/dist/packages/crucible/rules/timing-attack.json +55 -0
  22. package/dist/packages/crucible/rules/unsafe-block.json +24 -0
  23. package/dist/packages/crucible/rules/xss.json +641 -0
  24. package/dist/packages/crucible/rules/xxe.json +66 -0
  25. package/dist/packages/crucible/rules/yaml-deserialization.json +22 -0
  26. package/dist/packages/crucible/rules/yaml-injection.json +22 -0
  27. package/package.json +4 -2
@@ -0,0 +1,641 @@
1
+ [
2
+ {
3
+ "id": "XSS001",
4
+ "pattern": "from\\s+mako\\s*\\.\\s*template\\s+import\\s+Template",
5
+ "flags": "",
6
+ "category": "xss",
7
+ "description": "XSS — Python: Mako Template().render() — multiline template then render (separate lines)",
8
+ "language": [
9
+ "python"
10
+ ],
11
+ "severity": "high"
12
+ },
13
+ {
14
+ "id": "XSS002",
15
+ "pattern": "innerHTML\\s*=|document\\.write\\s*\\(",
16
+ "flags": "",
17
+ "category": "xss",
18
+ "description": "XSS (original)",
19
+ "language": [
20
+ "js",
21
+ "ts",
22
+ "python",
23
+ "java",
24
+ "go",
25
+ "csharp",
26
+ "php",
27
+ "ruby",
28
+ "rust",
29
+ "kotlin"
30
+ ],
31
+ "severity": "high"
32
+ },
33
+ {
34
+ "id": "XSS003",
35
+ "pattern": "render_template_string\\s*\\(|webView.*javaScriptEnabled\\s*=\\s*true",
36
+ "flags": "i",
37
+ "category": "xss",
38
+ "description": "XSS (original)",
39
+ "language": [
40
+ "js",
41
+ "ts",
42
+ "python",
43
+ "java",
44
+ "go",
45
+ "csharp",
46
+ "php",
47
+ "ruby",
48
+ "rust",
49
+ "kotlin"
50
+ ],
51
+ "severity": "high"
52
+ },
53
+ {
54
+ "id": "XSS004",
55
+ "pattern": "dangerouslySetInnerHTML\\s*=\\s*\\{\\{?\\s*__html\\s*:",
56
+ "flags": "",
57
+ "category": "xss",
58
+ "description": "XSS — React dangerouslySetInnerHTML, Angular [innerHTML], Vue v-html",
59
+ "language": [
60
+ "js",
61
+ "ts",
62
+ "python",
63
+ "java",
64
+ "go",
65
+ "csharp",
66
+ "php",
67
+ "ruby",
68
+ "rust",
69
+ "kotlin"
70
+ ],
71
+ "severity": "high"
72
+ },
73
+ {
74
+ "id": "XSS005",
75
+ "pattern": "\\[innerHTML\\]\\s*=",
76
+ "flags": "",
77
+ "category": "xss",
78
+ "description": "XSS — React dangerouslySetInnerHTML, Angular [innerHTML], Vue v-html",
79
+ "language": [
80
+ "js",
81
+ "ts",
82
+ "python",
83
+ "java",
84
+ "go",
85
+ "csharp",
86
+ "php",
87
+ "ruby",
88
+ "rust",
89
+ "kotlin"
90
+ ],
91
+ "severity": "high"
92
+ },
93
+ {
94
+ "id": "XSS006",
95
+ "pattern": "v-html\\s*=",
96
+ "flags": "",
97
+ "category": "xss",
98
+ "description": "XSS — React dangerouslySetInnerHTML, Angular [innerHTML], Vue v-html",
99
+ "language": [
100
+ "js",
101
+ "ts",
102
+ "python",
103
+ "java",
104
+ "go",
105
+ "csharp",
106
+ "php",
107
+ "ruby",
108
+ "rust",
109
+ "kotlin"
110
+ ],
111
+ "severity": "high"
112
+ },
113
+ {
114
+ "id": "XSS007",
115
+ "pattern": "\\$\\s*\\([^)]+\\)\\s*\\.\\s*html\\s*\\(\\s*\\w",
116
+ "flags": "",
117
+ "category": "xss",
118
+ "description": "XSS — jQuery .html() with variable, outerHTML, Handlebars triple-stache, marked()",
119
+ "language": [
120
+ "js",
121
+ "ts",
122
+ "python",
123
+ "java",
124
+ "go",
125
+ "csharp",
126
+ "php",
127
+ "ruby",
128
+ "rust",
129
+ "kotlin"
130
+ ],
131
+ "severity": "high"
132
+ },
133
+ {
134
+ "id": "XSS008",
135
+ "pattern": "\\.outerHTML\\s*=",
136
+ "flags": "",
137
+ "category": "xss",
138
+ "description": "XSS — jQuery .html() with variable, outerHTML, Handlebars triple-stache, marked()",
139
+ "language": [
140
+ "js",
141
+ "ts",
142
+ "python",
143
+ "java",
144
+ "go",
145
+ "csharp",
146
+ "php",
147
+ "ruby",
148
+ "rust",
149
+ "kotlin"
150
+ ],
151
+ "severity": "high"
152
+ },
153
+ {
154
+ "id": "XSS009",
155
+ "pattern": "\\{\\{\\{[^}]+\\}\\}\\}",
156
+ "flags": "",
157
+ "category": "xss",
158
+ "description": "XSS — jQuery .html() with variable, outerHTML, Handlebars triple-stache, marked()",
159
+ "language": [
160
+ "js",
161
+ "ts",
162
+ "python",
163
+ "java",
164
+ "go",
165
+ "csharp",
166
+ "php",
167
+ "ruby",
168
+ "rust",
169
+ "kotlin"
170
+ ],
171
+ "severity": "high"
172
+ },
173
+ {
174
+ "id": "XSS010",
175
+ "pattern": "marked\\s*\\(\\s*\\w",
176
+ "flags": "",
177
+ "category": "xss",
178
+ "description": "XSS — jQuery .html() with variable, outerHTML, Handlebars triple-stache, marked()",
179
+ "language": [
180
+ "js",
181
+ "ts",
182
+ "python",
183
+ "java",
184
+ "go",
185
+ "csharp",
186
+ "php",
187
+ "ruby",
188
+ "rust",
189
+ "kotlin"
190
+ ],
191
+ "severity": "high"
192
+ },
193
+ {
194
+ "id": "XSS011",
195
+ "pattern": "res\\s*\\.\\s*(?:send|end|write)\\s*\\(\\s*`[^`]*\\$\\{",
196
+ "flags": "",
197
+ "category": "xss",
198
+ "description": "XSS — Express res.send/res.end/res.write with template literal containing user input",
199
+ "language": [
200
+ "js",
201
+ "ts",
202
+ "python",
203
+ "java",
204
+ "go",
205
+ "csharp",
206
+ "php",
207
+ "ruby",
208
+ "rust",
209
+ "kotlin"
210
+ ],
211
+ "severity": "high"
212
+ },
213
+ {
214
+ "id": "XSS012",
215
+ "pattern": "make_response\\s*\\(\\s*f['\"]|HttpResponse\\s*\\(\\s*f['\"]",
216
+ "flags": "",
217
+ "category": "xss",
218
+ "description": "XSS — Python: Flask make_response, Django HttpResponse, FastAPI HTMLResponse with f-string; Mako Template; Jinja2 |safe",
219
+ "language": [
220
+ "python"
221
+ ],
222
+ "severity": "high"
223
+ },
224
+ {
225
+ "id": "XSS013",
226
+ "pattern": "HTMLResponse\\s*\\(\\s*content\\s*=\\s*f['\"]",
227
+ "flags": "",
228
+ "category": "xss",
229
+ "description": "XSS — Python: Flask make_response, Django HttpResponse, FastAPI HTMLResponse with f-string; Mako Template; Jinja2 |safe",
230
+ "language": [
231
+ "python"
232
+ ],
233
+ "severity": "high"
234
+ },
235
+ {
236
+ "id": "XSS014",
237
+ "pattern": "Template\\s*\\([^)]*\\)\\s*\\.render\\s*\\(",
238
+ "flags": "",
239
+ "category": "xss",
240
+ "description": "XSS — Python: Flask make_response, Django HttpResponse, FastAPI HTMLResponse with f-string; Mako Template; Jinja2 |safe",
241
+ "language": [
242
+ "python"
243
+ ],
244
+ "severity": "high"
245
+ },
246
+ {
247
+ "id": "XSS015",
248
+ "pattern": "\\|\\s*safe\\b",
249
+ "flags": "",
250
+ "category": "xss",
251
+ "description": "XSS — Python: Flask make_response, Django HttpResponse, FastAPI HTMLResponse with f-string; Mako Template; Jinja2 |safe",
252
+ "language": [
253
+ "python"
254
+ ],
255
+ "severity": "high"
256
+ },
257
+ {
258
+ "id": "XSS016",
259
+ "pattern": "ERB\\s*\\.\\s*new\\s*\\(",
260
+ "flags": "",
261
+ "category": "xss",
262
+ "description": "XSS — Ruby: ERB.new with user-controlled template",
263
+ "language": [
264
+ "ruby"
265
+ ],
266
+ "severity": "high"
267
+ },
268
+ {
269
+ "id": "XSS017",
270
+ "pattern": "<\\?=\\s*\\$[a-zA-Z_]",
271
+ "flags": "",
272
+ "category": "xss",
273
+ "description": "XSS — PHP: short echo tags",
274
+ "language": [
275
+ "php"
276
+ ],
277
+ "severity": "high"
278
+ },
279
+ {
280
+ "id": "XSS018",
281
+ "pattern": "io\\s*\\.\\s*WriteString\\s*\\(\\s*w\\b",
282
+ "flags": "",
283
+ "category": "xss",
284
+ "description": "XSS — Go: io.WriteString to ResponseWriter, template.HTML() cast bypassing escaping",
285
+ "language": [
286
+ "go"
287
+ ],
288
+ "severity": "high"
289
+ },
290
+ {
291
+ "id": "XSS019",
292
+ "pattern": "template\\s*\\.\\s*HTML\\s*\\(",
293
+ "flags": "",
294
+ "category": "xss",
295
+ "description": "XSS — Go: io.WriteString to ResponseWriter, template.HTML() cast bypassing escaping",
296
+ "language": [
297
+ "go"
298
+ ],
299
+ "severity": "high"
300
+ },
301
+ {
302
+ "id": "XSS020",
303
+ "pattern": "Response\\s*\\.\\s*Write\\s*\\(",
304
+ "flags": "",
305
+ "category": "xss",
306
+ "description": "XSS — C#: Response.Write, HtmlString, Html.Raw, Content(\"text/html\")",
307
+ "language": [
308
+ "csharp"
309
+ ],
310
+ "severity": "high"
311
+ },
312
+ {
313
+ "id": "XSS021",
314
+ "pattern": "new\\s+HtmlString\\s*\\(|Html\\s*\\.\\s*Raw\\s*\\(",
315
+ "flags": "",
316
+ "category": "xss",
317
+ "description": "XSS — C#: Response.Write, HtmlString, Html.Raw, Content(\"text/html\")",
318
+ "language": [
319
+ "csharp"
320
+ ],
321
+ "severity": "high"
322
+ },
323
+ {
324
+ "id": "XSS022",
325
+ "pattern": "return\\s+Content\\s*\\([^,]+,\\s*[\"']text\\/html[\"']",
326
+ "flags": "",
327
+ "category": "xss",
328
+ "description": "XSS — C#: Response.Write, HtmlString, Html.Raw, Content(\"text/html\")",
329
+ "language": [
330
+ "csharp"
331
+ ],
332
+ "severity": "high"
333
+ },
334
+ {
335
+ "id": "XSS023",
336
+ "pattern": "webView\\s*\\.\\s*loadData\\s*\\(|webView\\s*\\.\\s*loadDataWithBaseURL\\s*\\(",
337
+ "flags": "",
338
+ "category": "xss",
339
+ "description": "XSS — Kotlin: WebView.loadData, loadDataWithBaseURL, allowUniversalAccessFromFileURLs, Ktor respondText",
340
+ "language": [
341
+ "kotlin"
342
+ ],
343
+ "severity": "high"
344
+ },
345
+ {
346
+ "id": "XSS024",
347
+ "pattern": "allowUniversalAccessFromFileURLs\\s*=\\s*true",
348
+ "flags": "",
349
+ "category": "xss",
350
+ "description": "XSS — Kotlin: WebView.loadData, loadDataWithBaseURL, allowUniversalAccessFromFileURLs, Ktor respondText",
351
+ "language": [
352
+ "kotlin"
353
+ ],
354
+ "severity": "high"
355
+ },
356
+ {
357
+ "id": "XSS025",
358
+ "pattern": "call\\s*\\.\\s*respondText\\s*\\([^)]*text\\/html",
359
+ "flags": "",
360
+ "category": "xss",
361
+ "description": "XSS — Kotlin: WebView.loadData, loadDataWithBaseURL, allowUniversalAccessFromFileURLs, Ktor respondText",
362
+ "language": [
363
+ "kotlin"
364
+ ],
365
+ "severity": "high"
366
+ },
367
+ {
368
+ "id": "XSS026",
369
+ "pattern": "req\\s*\\.\\s*getHeader\\s*\\(|out\\s*\\.\\s*println\\s*\\([^)]*getParameter",
370
+ "flags": "",
371
+ "category": "xss",
372
+ "description": "XSS — Java: req.getHeader reflection, PrintWriter with getParameter or string concat",
373
+ "language": [
374
+ "java"
375
+ ],
376
+ "severity": "high"
377
+ },
378
+ {
379
+ "id": "XSS027",
380
+ "pattern": "out\\s*\\.\\s*(?:print|println)\\s*\\([^)]*[\"'<][^)]*\\+\\s*\\w|pw\\s*\\.\\s*write\\s*\\([^)]*\\+",
381
+ "flags": "",
382
+ "category": "xss",
383
+ "description": "XSS — Java: out.print/println/pw.write with string concatenation (variable + HTML)",
384
+ "language": [
385
+ "java"
386
+ ],
387
+ "severity": "high"
388
+ },
389
+ {
390
+ "id": "XSS028",
391
+ "pattern": "fmt\\s*\\.\\s*Fprintf\\s*\\(\\s*w\\s*,",
392
+ "flags": "",
393
+ "category": "xss",
394
+ "description": "XSS — Go: fmt.Fprintf(w, \"...%s...\", userVar) — format string with w as target",
395
+ "language": [
396
+ "go"
397
+ ],
398
+ "severity": "high"
399
+ },
400
+ {
401
+ "id": "XSS029",
402
+ "pattern": "fmt\\s*\\.\\s*Fprint\\s*\\(\\s*w\\s*,",
403
+ "flags": "",
404
+ "category": "xss",
405
+ "description": "XSS — Go: fmt.Fprint(w, ...) with user data",
406
+ "language": [
407
+ "go"
408
+ ],
409
+ "severity": "high"
410
+ },
411
+ {
412
+ "id": "XSS030",
413
+ "pattern": "return\\s+make_response\\s*\\(html\\b|return\\s+HTMLResponse\\s*\\(content\\s*=\\s*html\\b",
414
+ "flags": "",
415
+ "category": "xss",
416
+ "description": "XSS — Python: make_response/HTMLResponse with variable html built from f-string (multiline pattern)",
417
+ "language": [
418
+ "python"
419
+ ],
420
+ "severity": "high"
421
+ },
422
+ {
423
+ "id": "XSS031",
424
+ "pattern": "\"[^\"]*#\\{[^}]+\\}[^\"]*\"|'[^']*#\\{[^}]+\\}[^']*'",
425
+ "flags": "",
426
+ "category": "xss",
427
+ "description": "XSS — Ruby: Sinatra route returning string with interpolation #{...}",
428
+ "language": [
429
+ "ruby"
430
+ ],
431
+ "severity": "high"
432
+ },
433
+ {
434
+ "id": "XSS032",
435
+ "pattern": "call\\s*\\.\\s*respondText\\s*\\(\\s*\\w",
436
+ "flags": "",
437
+ "category": "xss",
438
+ "description": "XSS — Kotlin: call.respondText with HTML variable (not just ContentType inline)",
439
+ "language": [
440
+ "kotlin"
441
+ ],
442
+ "severity": "high"
443
+ },
444
+ {
445
+ "id": "XSS033",
446
+ "pattern": "ErrorMessage\\s*=\\s*\\$['\"]",
447
+ "flags": "",
448
+ "category": "xss",
449
+ "description": "XSS — C#: @Html.Raw rendered from model property (ErrorMessage / body variable)",
450
+ "language": [
451
+ "csharp"
452
+ ],
453
+ "severity": "high"
454
+ },
455
+ {
456
+ "id": "XSS034",
457
+ "pattern": "echo\\s+.*\\$(?:_POST|_GET|_REQUEST|_COOKIE|comment|username|data|error)",
458
+ "flags": "i",
459
+ "category": "xss",
460
+ "description": "XSS - PHP echo with $_POST/$_GET",
461
+ "language": [
462
+ "php"
463
+ ],
464
+ "severity": "high"
465
+ },
466
+ {
467
+ "id": "XSS035",
468
+ "pattern": "(?:print_r|var_dump)\\s*\\(\\s*\\$_(?:REQUEST|GET|POST)",
469
+ "flags": "i",
470
+ "category": "xss",
471
+ "description": "XSS - PHP print_r/var_dump user input",
472
+ "language": [
473
+ "php"
474
+ ],
475
+ "severity": "high"
476
+ },
477
+ {
478
+ "id": "XSS036",
479
+ "pattern": "echo\\s+[\"'][^\"']*[\"']\\s*\\.\\s*\\$[a-zA-Z_]",
480
+ "flags": "i",
481
+ "category": "xss",
482
+ "description": "XSS - concatenation into HTML echo",
483
+ "language": [
484
+ "js",
485
+ "ts",
486
+ "python",
487
+ "java",
488
+ "go",
489
+ "csharp",
490
+ "php",
491
+ "ruby",
492
+ "rust",
493
+ "kotlin"
494
+ ],
495
+ "severity": "high"
496
+ },
497
+ {
498
+ "id": "XSS037",
499
+ "pattern": "(?:w\\.Write|fmt\\.Fprintf\\s*\\(\\s*w)[^;]*(?:r\\.URL\\.Query\\(\\)|r\\.FormValue|r\\.Header)",
500
+ "flags": "i",
501
+ "category": "xss",
502
+ "description": "XSS - Go w.Write/fmt.Fprintf with user input",
503
+ "language": [
504
+ "go"
505
+ ],
506
+ "severity": "high"
507
+ },
508
+ {
509
+ "id": "XSS038",
510
+ "pattern": "evaluateJavascript\\s*\\(|webView\\.loadUrl\\s*\\(|addJavascriptInterface\\s*\\(",
511
+ "flags": "i",
512
+ "category": "xss",
513
+ "description": "XSS - Kotlin WebView evaluateJavascript",
514
+ "language": [
515
+ "kotlin"
516
+ ],
517
+ "severity": "high"
518
+ },
519
+ {
520
+ "id": "XSS039",
521
+ "pattern": "\\.html_safe\\b|raw\\s*\\(",
522
+ "flags": "",
523
+ "category": "xss",
524
+ "description": "XSS - Ruby on Rails raw/html_safe with user content",
525
+ "language": [
526
+ "ruby"
527
+ ],
528
+ "severity": "high"
529
+ },
530
+ {
531
+ "id": "XSS040",
532
+ "pattern": "Response\\.Write\\s*\\([^)]*(?:Request\\.|QueryString|Form\\[)",
533
+ "flags": "i",
534
+ "category": "xss",
535
+ "description": "C# XSS: Response.Write with user input",
536
+ "language": [
537
+ "csharp"
538
+ ],
539
+ "severity": "high"
540
+ },
541
+ {
542
+ "id": "XSS041",
543
+ "pattern": "context\\.Response\\.Write\\s*\\([^)]*(?:\\+\\s*\\w|\\bname\\b|\\bq\\b)",
544
+ "flags": "i",
545
+ "category": "xss",
546
+ "description": "C# XSS: Response.Write with user input",
547
+ "language": [
548
+ "csharp"
549
+ ],
550
+ "severity": "high"
551
+ },
552
+ {
553
+ "id": "XSS042",
554
+ "pattern": "Response\\.Write\\s*\\(\"[^\"]*\"\\s*\\+",
555
+ "flags": "i",
556
+ "category": "xss",
557
+ "description": "C# XSS: Response.Write with user input",
558
+ "language": [
559
+ "csharp"
560
+ ],
561
+ "severity": "high"
562
+ },
563
+ {
564
+ "id": "XSS043",
565
+ "pattern": "render\\s+html:\\s*\\w+\\.html_safe",
566
+ "flags": "i",
567
+ "category": "xss",
568
+ "description": "Ruby XSS: html_safe / raw()",
569
+ "language": [
570
+ "ruby"
571
+ ],
572
+ "severity": "high"
573
+ },
574
+ {
575
+ "id": "XSS044",
576
+ "pattern": "echo\\s+[\"'][^\"']*[\"']\\s*\\.\\s*\\$(?:_GET|_POST|name|query|msg|error|comment)",
577
+ "flags": "i",
578
+ "category": "xss",
579
+ "description": "PHP XSS: echo without htmlspecialchars",
580
+ "language": [
581
+ "php"
582
+ ],
583
+ "severity": "high"
584
+ },
585
+ {
586
+ "id": "XSS045",
587
+ "pattern": "<\\?=\\s*\\$(?:username|profile|bio|color|font|theme|src|href)",
588
+ "flags": "i",
589
+ "category": "xss",
590
+ "description": "PHP XSS: echo without htmlspecialchars",
591
+ "language": [
592
+ "php"
593
+ ],
594
+ "severity": "high"
595
+ },
596
+ {
597
+ "id": "XSS046",
598
+ "pattern": "fmt\\.Fprintf\\s*\\(\\s*w[^)]*r\\.URL\\.Query\\(\\)\\.Get\\b",
599
+ "flags": "i",
600
+ "category": "xss",
601
+ "description": "Go XSS",
602
+ "language": [
603
+ "go"
604
+ ],
605
+ "severity": "high"
606
+ },
607
+ {
608
+ "id": "XSS047",
609
+ "pattern": "fmt\\.Fprintf\\s*\\(\\s*w[^)]*r\\.FormValue\\b",
610
+ "flags": "i",
611
+ "category": "xss",
612
+ "description": "Go XSS",
613
+ "language": [
614
+ "go"
615
+ ],
616
+ "severity": "high"
617
+ },
618
+ {
619
+ "id": "XSS048",
620
+ "pattern": "template\\.HTML\\s*\\([^)]*\\+\\s*\\w",
621
+ "flags": "i",
622
+ "category": "xss",
623
+ "description": "Go XSS",
624
+ "language": [
625
+ "go"
626
+ ],
627
+ "severity": "high"
628
+ },
629
+ {
630
+ "id": "XSS049",
631
+ "pattern": "res\\s*\\.\\s*send\\s*\\(\\s*['\"`].*\\+",
632
+ "flags": "",
633
+ "category": "xss",
634
+ "description": "XSS — Express res.send() with string concatenation containing user input",
635
+ "language": [
636
+ "js",
637
+ "ts"
638
+ ],
639
+ "severity": "high"
640
+ }
641
+ ]
@@ -0,0 +1,66 @@
1
+ [
2
+ {
3
+ "id": "XXE001",
4
+ "pattern": "XMLReaderFactory|DocumentBuilderFactory|XmlReader.*DtdProcessing",
5
+ "flags": "",
6
+ "category": "xxe",
7
+ "description": "XXE",
8
+ "language": [
9
+ "js",
10
+ "ts",
11
+ "python",
12
+ "java",
13
+ "go",
14
+ "csharp",
15
+ "php",
16
+ "ruby",
17
+ "rust",
18
+ "kotlin"
19
+ ],
20
+ "severity": "critical"
21
+ },
22
+ {
23
+ "id": "XXE002",
24
+ "pattern": "DtdProcessing\\s*=\\s*DtdProcessing\\.Parse",
25
+ "flags": "i",
26
+ "category": "xxe",
27
+ "description": "C# XXE: XmlDocument/XmlReader",
28
+ "language": [
29
+ "csharp"
30
+ ],
31
+ "severity": "critical"
32
+ },
33
+ {
34
+ "id": "XXE003",
35
+ "pattern": "XmlResolver\\s*=\\s*new XmlUrlResolver\\s*\\(\\)",
36
+ "flags": "i",
37
+ "category": "xxe",
38
+ "description": "C# XXE: XmlDocument/XmlReader",
39
+ "language": [
40
+ "csharp"
41
+ ],
42
+ "severity": "critical"
43
+ },
44
+ {
45
+ "id": "XXE004",
46
+ "pattern": "new XPathDocument\\s*\\(",
47
+ "flags": "i",
48
+ "category": "xxe",
49
+ "description": "C# XXE: XPathDocument (no resolver set = default unsafe on older .NET)",
50
+ "language": [
51
+ "csharp"
52
+ ],
53
+ "severity": "critical"
54
+ },
55
+ {
56
+ "id": "XXE005",
57
+ "pattern": "SAXParserFactory\\.newInstance\\s*\\(\\s*\\)",
58
+ "flags": "",
59
+ "category": "xxe",
60
+ "description": "Java: XXE via SAXParserFactory without secure processing",
61
+ "language": [
62
+ "java"
63
+ ],
64
+ "severity": "critical"
65
+ }
66
+ ]