thuban 0.4.1 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +1 -1
- package/dist/package.json +63 -0
- package/dist/packages/crucible/banner.js +1 -1
- package/dist/packages/crucible/rule-loader.js +1 -1
- package/dist/packages/crucible/rules/code-scanner-core.json +147 -0
- package/dist/packages/crucible/rules/command-injection.json +411 -0
- package/dist/packages/crucible/rules/crypto-misuse.json +35 -0
- package/dist/packages/crucible/rules/deserialization.json +152 -0
- package/dist/packages/crucible/rules/env-injection.json +46 -0
- package/dist/packages/crucible/rules/eval-abuse.json +104 -0
- package/dist/packages/crucible/rules/file-upload.json +46 -0
- package/dist/packages/crucible/rules/hallucination.json +22 -0
- package/dist/packages/crucible/rules/hardcoded-secret.json +397 -0
- package/dist/packages/crucible/rules/hardcoded-url.json +13 -0
- package/dist/packages/crucible/rules/insecure-crypto.json +302 -0
- package/dist/packages/crucible/rules/integer-overflow.json +35 -0
- package/dist/packages/crucible/rules/log-injection.json +33 -0
- package/dist/packages/crucible/rules/mass-assignment.json +112 -0
- package/dist/packages/crucible/rules/open-redirect.json +196 -0
- package/dist/packages/crucible/rules/path-traversal.json +422 -0
- package/dist/packages/crucible/rules/prototype-pollution.json +22 -0
- package/dist/packages/crucible/rules/sql-injection.json +619 -0
- package/dist/packages/crucible/rules/ssrf.json +557 -0
- package/dist/packages/crucible/rules/timing-attack.json +55 -0
- package/dist/packages/crucible/rules/unsafe-block.json +24 -0
- package/dist/packages/crucible/rules/xss.json +663 -0
- package/dist/packages/crucible/rules/xxe.json +66 -0
- package/dist/packages/crucible/rules/yaml-deserialization.json +22 -0
- package/dist/packages/crucible/rules/yaml-injection.json +22 -0
- package/dist/packages/scanner/drift-detector.js +1 -1
- package/dist/packages/scanner/export-verifier.js +1 -1
- package/dist/packages/scanner/license-manager.js +1 -1
- package/dist/packages/scanner/monitor-service.js +1 -1
- package/dist/packages/scanner/taint-tracker.js +1 -1
- package/package.json +4 -2
|
@@ -0,0 +1,302 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "CRYPTO001",
|
|
4
|
+
"pattern": "md5\\s*\\(|hashlib\\.md5|MessageDigest\\.getInstance\\s*\\(\\s*[\"']MD5[\"']\\)",
|
|
5
|
+
"flags": "i",
|
|
6
|
+
"category": "insecure_crypto",
|
|
7
|
+
"description": "Insecure crypto (expanded)",
|
|
8
|
+
"language": [
|
|
9
|
+
"js",
|
|
10
|
+
"ts",
|
|
11
|
+
"python",
|
|
12
|
+
"java",
|
|
13
|
+
"go",
|
|
14
|
+
"csharp",
|
|
15
|
+
"php",
|
|
16
|
+
"ruby",
|
|
17
|
+
"rust",
|
|
18
|
+
"kotlin"
|
|
19
|
+
],
|
|
20
|
+
"severity": "high"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"id": "CRYPTO002",
|
|
24
|
+
"pattern": "Math\\.random\\s*\\(\\)",
|
|
25
|
+
"flags": "",
|
|
26
|
+
"category": "insecure_crypto",
|
|
27
|
+
"description": "Insecure crypto (expanded)",
|
|
28
|
+
"language": [
|
|
29
|
+
"js",
|
|
30
|
+
"ts",
|
|
31
|
+
"python",
|
|
32
|
+
"java",
|
|
33
|
+
"go",
|
|
34
|
+
"csharp",
|
|
35
|
+
"php",
|
|
36
|
+
"ruby",
|
|
37
|
+
"rust",
|
|
38
|
+
"kotlin"
|
|
39
|
+
],
|
|
40
|
+
"severity": "high"
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
"id": "CRYPTO003",
|
|
44
|
+
"pattern": "MD5\\.Create\\s*\\(\\)|MD5\\.HashData\\s*\\(|createHash\\s*\\(\\s*['\"]md5['\"]\\)",
|
|
45
|
+
"flags": "i",
|
|
46
|
+
"category": "insecure_crypto",
|
|
47
|
+
"description": "MD5/SHA1 via language-specific APIs",
|
|
48
|
+
"language": [
|
|
49
|
+
"js",
|
|
50
|
+
"ts",
|
|
51
|
+
"python",
|
|
52
|
+
"java",
|
|
53
|
+
"go",
|
|
54
|
+
"csharp",
|
|
55
|
+
"php",
|
|
56
|
+
"ruby",
|
|
57
|
+
"rust",
|
|
58
|
+
"kotlin"
|
|
59
|
+
],
|
|
60
|
+
"severity": "high"
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
"id": "CRYPTO004",
|
|
64
|
+
"pattern": "crypto\\/md5|use\\s+md5\\b|md5::compute|crypto\\/sha1|use\\s+sha1\\b",
|
|
65
|
+
"flags": "i",
|
|
66
|
+
"category": "insecure_crypto",
|
|
67
|
+
"description": "MD5/SHA1 via language-specific APIs",
|
|
68
|
+
"language": [
|
|
69
|
+
"js",
|
|
70
|
+
"ts",
|
|
71
|
+
"python",
|
|
72
|
+
"java",
|
|
73
|
+
"go",
|
|
74
|
+
"csharp",
|
|
75
|
+
"php",
|
|
76
|
+
"ruby",
|
|
77
|
+
"rust",
|
|
78
|
+
"kotlin"
|
|
79
|
+
],
|
|
80
|
+
"severity": "high"
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"id": "CRYPTO005",
|
|
84
|
+
"pattern": "MessageDigest\\.getInstance\\s*\\(\\s*[\"']SHA-?1[\"']\\)|SHA1\\s*\\(\\)|sha1\\s*\\(",
|
|
85
|
+
"flags": "i",
|
|
86
|
+
"category": "insecure_crypto",
|
|
87
|
+
"description": "MD5/SHA1 via language-specific APIs",
|
|
88
|
+
"language": [
|
|
89
|
+
"js",
|
|
90
|
+
"ts",
|
|
91
|
+
"python",
|
|
92
|
+
"java",
|
|
93
|
+
"go",
|
|
94
|
+
"csharp",
|
|
95
|
+
"php",
|
|
96
|
+
"ruby",
|
|
97
|
+
"rust",
|
|
98
|
+
"kotlin"
|
|
99
|
+
],
|
|
100
|
+
"severity": "high"
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
"id": "CRYPTO006",
|
|
104
|
+
"pattern": "MD5\\.Create\\s*\\(\\)",
|
|
105
|
+
"flags": "i",
|
|
106
|
+
"category": "insecure_crypto",
|
|
107
|
+
"description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
|
|
108
|
+
"language": [
|
|
109
|
+
"csharp"
|
|
110
|
+
],
|
|
111
|
+
"severity": "high"
|
|
112
|
+
},
|
|
113
|
+
{
|
|
114
|
+
"id": "CRYPTO007",
|
|
115
|
+
"pattern": "DES\\.Create\\s*\\(\\)|new HMACSHA1\\s*\\(",
|
|
116
|
+
"flags": "i",
|
|
117
|
+
"category": "insecure_crypto",
|
|
118
|
+
"description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
|
|
119
|
+
"language": [
|
|
120
|
+
"csharp"
|
|
121
|
+
],
|
|
122
|
+
"severity": "high"
|
|
123
|
+
},
|
|
124
|
+
{
|
|
125
|
+
"id": "CRYPTO008",
|
|
126
|
+
"pattern": "CipherMode\\.ECB",
|
|
127
|
+
"flags": "i",
|
|
128
|
+
"category": "insecure_crypto",
|
|
129
|
+
"description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
|
|
130
|
+
"language": [
|
|
131
|
+
"csharp"
|
|
132
|
+
],
|
|
133
|
+
"severity": "high"
|
|
134
|
+
},
|
|
135
|
+
{
|
|
136
|
+
"id": "CRYPTO009",
|
|
137
|
+
"pattern": "new Random\\s*\\(\\)",
|
|
138
|
+
"flags": "",
|
|
139
|
+
"category": "insecure_crypto",
|
|
140
|
+
"description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
|
|
141
|
+
"language": [
|
|
142
|
+
"csharp"
|
|
143
|
+
],
|
|
144
|
+
"severity": "high"
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"id": "CRYPTO010",
|
|
148
|
+
"pattern": "md5\\s*\\(\\s*\\$(?:_POST|password|user_pass)\\b",
|
|
149
|
+
"flags": "i",
|
|
150
|
+
"category": "insecure_crypto",
|
|
151
|
+
"description": "PHP insecure crypto",
|
|
152
|
+
"language": [
|
|
153
|
+
"php"
|
|
154
|
+
],
|
|
155
|
+
"severity": "high"
|
|
156
|
+
},
|
|
157
|
+
{
|
|
158
|
+
"id": "CRYPTO011",
|
|
159
|
+
"pattern": "\\bmd5\\s*\\(\\s*rand\\s*\\(\\s*\\)\\s*\\)|sha1\\s*\\(\\s*\\w+\\s*\\.\\s*time\\s*\\(",
|
|
160
|
+
"flags": "i",
|
|
161
|
+
"category": "insecure_crypto",
|
|
162
|
+
"description": "PHP insecure crypto",
|
|
163
|
+
"language": [
|
|
164
|
+
"php"
|
|
165
|
+
],
|
|
166
|
+
"severity": "high"
|
|
167
|
+
},
|
|
168
|
+
{
|
|
169
|
+
"id": "CRYPTO012",
|
|
170
|
+
"pattern": "mcrypt_encrypt\\s*\\(\\s*MCRYPT_DES",
|
|
171
|
+
"flags": "i",
|
|
172
|
+
"category": "insecure_crypto",
|
|
173
|
+
"description": "PHP insecure crypto",
|
|
174
|
+
"language": [
|
|
175
|
+
"php"
|
|
176
|
+
],
|
|
177
|
+
"severity": "high"
|
|
178
|
+
},
|
|
179
|
+
{
|
|
180
|
+
"id": "CRYPTO013",
|
|
181
|
+
"pattern": "\"crypto\\/md5\"|md5\\.Sum\\s*\\(|md5\\.New\\s*\\(",
|
|
182
|
+
"flags": "i",
|
|
183
|
+
"category": "insecure_crypto",
|
|
184
|
+
"description": "Go insecure crypto",
|
|
185
|
+
"language": [
|
|
186
|
+
"go"
|
|
187
|
+
],
|
|
188
|
+
"severity": "high"
|
|
189
|
+
},
|
|
190
|
+
{
|
|
191
|
+
"id": "CRYPTO014",
|
|
192
|
+
"pattern": "\"math\\/rand\"|rand\\.Intn\\s*\\(|rand\\.Seed\\s*\\(",
|
|
193
|
+
"flags": "i",
|
|
194
|
+
"category": "insecure_crypto",
|
|
195
|
+
"description": "Go insecure crypto",
|
|
196
|
+
"language": [
|
|
197
|
+
"go"
|
|
198
|
+
],
|
|
199
|
+
"severity": "high"
|
|
200
|
+
},
|
|
201
|
+
{
|
|
202
|
+
"id": "CRYPTO015",
|
|
203
|
+
"pattern": "\"crypto\\/des\"|des\\.NewCipher\\s*\\(",
|
|
204
|
+
"flags": "i",
|
|
205
|
+
"category": "insecure_crypto",
|
|
206
|
+
"description": "Go insecure crypto",
|
|
207
|
+
"language": [
|
|
208
|
+
"go"
|
|
209
|
+
],
|
|
210
|
+
"severity": "high"
|
|
211
|
+
},
|
|
212
|
+
{
|
|
213
|
+
"id": "CRYPTO016",
|
|
214
|
+
"pattern": "\"crypto\\/sha1\"|sha1\\.New\\s*\\(|hmac\\.New\\s*\\(\\s*sha1\\.New",
|
|
215
|
+
"flags": "i",
|
|
216
|
+
"category": "insecure_crypto",
|
|
217
|
+
"description": "Go insecure crypto",
|
|
218
|
+
"language": [
|
|
219
|
+
"go"
|
|
220
|
+
],
|
|
221
|
+
"severity": "high"
|
|
222
|
+
},
|
|
223
|
+
{
|
|
224
|
+
"id": "CRYPTO017",
|
|
225
|
+
"pattern": "rsa\\.GenerateKey\\s*\\([^,]+,\\s*(?:512|1024)\\s*\\)",
|
|
226
|
+
"flags": "i",
|
|
227
|
+
"category": "insecure_crypto",
|
|
228
|
+
"description": "Go insecure crypto",
|
|
229
|
+
"language": [
|
|
230
|
+
"go"
|
|
231
|
+
],
|
|
232
|
+
"severity": "high"
|
|
233
|
+
},
|
|
234
|
+
{
|
|
235
|
+
"id": "CRYPTO018",
|
|
236
|
+
"pattern": "getInstance\\s*\\(\\s*[\"']DES\\b",
|
|
237
|
+
"flags": "i",
|
|
238
|
+
"category": "insecure_crypto",
|
|
239
|
+
"description": "Kotlin/Java: DES cipher usage",
|
|
240
|
+
"language": [
|
|
241
|
+
"kotlin",
|
|
242
|
+
"java"
|
|
243
|
+
],
|
|
244
|
+
"severity": "high"
|
|
245
|
+
},
|
|
246
|
+
{
|
|
247
|
+
"id": "CRYPTO019",
|
|
248
|
+
"pattern": "private\\s+static\\s+final\\s+String\\s+\\w*(?:ALGORITHM|ALGO|CIPHER)\\w*\\s*=\\s*[\"']DES[\"']|static\\s+final\\s+String\\s+\\w*(?:ALGORITHM|ALGO|CIPHER)\\w*\\s*=\\s*[\"']DES[\"']",
|
|
249
|
+
"flags": "i",
|
|
250
|
+
"category": "insecure_crypto",
|
|
251
|
+
"description": "Kotlin/Java: DES cipher usage",
|
|
252
|
+
"language": [
|
|
253
|
+
"kotlin",
|
|
254
|
+
"java"
|
|
255
|
+
],
|
|
256
|
+
"severity": "high"
|
|
257
|
+
},
|
|
258
|
+
{
|
|
259
|
+
"id": "CRYPTO020",
|
|
260
|
+
"pattern": "==\\s*received_sig\\b|received_sig\\s*==|provided\\s*==\\s*stored\\b",
|
|
261
|
+
"flags": "",
|
|
262
|
+
"category": "insecure_crypto",
|
|
263
|
+
"description": "Python: timing attack via == comparison, low-iteration PBKDF2",
|
|
264
|
+
"language": [
|
|
265
|
+
"python"
|
|
266
|
+
],
|
|
267
|
+
"severity": "high"
|
|
268
|
+
},
|
|
269
|
+
{
|
|
270
|
+
"id": "CRYPTO021",
|
|
271
|
+
"pattern": "pbkdf2_hmac\\s*\\(\\s*[\"'](?:sha1|md5)[\"'][^)]*,\\s*1000\\s*\\)",
|
|
272
|
+
"flags": "i",
|
|
273
|
+
"category": "insecure_crypto",
|
|
274
|
+
"description": "Python: timing attack via == comparison, low-iteration PBKDF2",
|
|
275
|
+
"language": [
|
|
276
|
+
"python"
|
|
277
|
+
],
|
|
278
|
+
"severity": "high"
|
|
279
|
+
},
|
|
280
|
+
{
|
|
281
|
+
"id": "CRYPTO022",
|
|
282
|
+
"pattern": "\\w*(?:Sig|Signature)\\w*\\s*={2,3}\\s*\\w+|={2,3}\\s*\\w*(?:Sig|Signature)\\w*\\b",
|
|
283
|
+
"flags": "",
|
|
284
|
+
"category": "insecure_crypto",
|
|
285
|
+
"description": "(also matches == after loose-equality mutation of ===)",
|
|
286
|
+
"language": [
|
|
287
|
+
"typescript"
|
|
288
|
+
],
|
|
289
|
+
"severity": "high"
|
|
290
|
+
},
|
|
291
|
+
{
|
|
292
|
+
"id": "CRYPTO023",
|
|
293
|
+
"pattern": "provided\\w*\\s*={2,3}\\s*stored\\w*|stored\\w*\\s*={2,3}\\s*provided\\w*",
|
|
294
|
+
"flags": "i",
|
|
295
|
+
"category": "insecure_crypto",
|
|
296
|
+
"description": "(also matches == after loose-equality mutation of ===)",
|
|
297
|
+
"language": [
|
|
298
|
+
"typescript"
|
|
299
|
+
],
|
|
300
|
+
"severity": "high"
|
|
301
|
+
}
|
|
302
|
+
]
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "INT001",
|
|
4
|
+
"pattern": "\\bas\\s+(?:u8|u16|u32|i8|i16|i32|i64|usize)\\b",
|
|
5
|
+
"flags": "",
|
|
6
|
+
"category": "integer_overflow",
|
|
7
|
+
"description": "Cast truncation: `val as u8/u16/u32/i32/usize` silently drops bits",
|
|
8
|
+
"language": [
|
|
9
|
+
"rust"
|
|
10
|
+
],
|
|
11
|
+
"severity": "medium"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"id": "INT002",
|
|
15
|
+
"pattern": "\\w+\\s*\\*\\s*\\w*(?:size|len)\\w*\\b",
|
|
16
|
+
"flags": "i",
|
|
17
|
+
"category": "integer_overflow",
|
|
18
|
+
"description": "Allocation size computed from untrusted multiplication (user_size * element_size)",
|
|
19
|
+
"language": [
|
|
20
|
+
"rust"
|
|
21
|
+
],
|
|
22
|
+
"severity": "medium"
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"id": "INT003",
|
|
26
|
+
"pattern": "\\[\\s*(?:index|idx|start\\.\\.end)\\s*\\]|\\[\\s*row\\s*\\]\\s*\\[\\s*col\\s*\\]|\\[\\s*n\\s*\\]",
|
|
27
|
+
"flags": "",
|
|
28
|
+
"category": "integer_overflow",
|
|
29
|
+
"description": "Array/slice indexing with named variable index / range (no bounds check)",
|
|
30
|
+
"language": [
|
|
31
|
+
"rust"
|
|
32
|
+
],
|
|
33
|
+
"severity": "medium"
|
|
34
|
+
}
|
|
35
|
+
]
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "LOG001",
|
|
4
|
+
"pattern": "logger\\.(?:info|error|warn|debug)\\s*\\(.*\\+\\s*\\w+",
|
|
5
|
+
"flags": "",
|
|
6
|
+
"category": "log_injection",
|
|
7
|
+
"description": "Log injection",
|
|
8
|
+
"language": [
|
|
9
|
+
"js",
|
|
10
|
+
"ts",
|
|
11
|
+
"python",
|
|
12
|
+
"java",
|
|
13
|
+
"go",
|
|
14
|
+
"csharp",
|
|
15
|
+
"php",
|
|
16
|
+
"ruby",
|
|
17
|
+
"rust",
|
|
18
|
+
"kotlin"
|
|
19
|
+
],
|
|
20
|
+
"severity": "medium"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"id": "LOG002",
|
|
24
|
+
"pattern": "\\blog\\.(?:info|error|warn|debug)\\s*\\(.*\\+\\s*\\w+",
|
|
25
|
+
"flags": "",
|
|
26
|
+
"category": "log_injection",
|
|
27
|
+
"description": "Java: log4j log.* injection (lowercase `log` logger variable)",
|
|
28
|
+
"language": [
|
|
29
|
+
"java"
|
|
30
|
+
],
|
|
31
|
+
"severity": "medium"
|
|
32
|
+
}
|
|
33
|
+
]
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "MASS001",
|
|
4
|
+
"pattern": "params\\[:\\w+\\]\\.permit!",
|
|
5
|
+
"flags": "i",
|
|
6
|
+
"category": "mass_assignment",
|
|
7
|
+
"description": "Ruby mass assignment",
|
|
8
|
+
"language": [
|
|
9
|
+
"ruby"
|
|
10
|
+
],
|
|
11
|
+
"severity": "medium"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"id": "MASS002",
|
|
15
|
+
"pattern": "\\.update_attributes\\s*\\(\\s*params",
|
|
16
|
+
"flags": "i",
|
|
17
|
+
"category": "mass_assignment",
|
|
18
|
+
"description": "Ruby mass assignment",
|
|
19
|
+
"language": [
|
|
20
|
+
"ruby"
|
|
21
|
+
],
|
|
22
|
+
"severity": "medium"
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"id": "MASS003",
|
|
26
|
+
"pattern": "\\.update\\s*\\(\\s*params\\[:\\w+\\]\\s*\\)",
|
|
27
|
+
"flags": "i",
|
|
28
|
+
"category": "mass_assignment",
|
|
29
|
+
"description": "Ruby mass assignment",
|
|
30
|
+
"language": [
|
|
31
|
+
"ruby"
|
|
32
|
+
],
|
|
33
|
+
"severity": "medium"
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
"id": "MASS004",
|
|
37
|
+
"pattern": "\\.create\\s*\\(\\s*params\\b(?!\\s*[.\\[])|User\\.create_from_params",
|
|
38
|
+
"flags": "i",
|
|
39
|
+
"category": "mass_assignment",
|
|
40
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
41
|
+
"language": [
|
|
42
|
+
"ruby"
|
|
43
|
+
],
|
|
44
|
+
"severity": "medium"
|
|
45
|
+
},
|
|
46
|
+
{
|
|
47
|
+
"id": "MASS005",
|
|
48
|
+
"pattern": "\\.new\\s*\\(\\s*registration_params\\b",
|
|
49
|
+
"flags": "i",
|
|
50
|
+
"category": "mass_assignment",
|
|
51
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
52
|
+
"language": [
|
|
53
|
+
"ruby"
|
|
54
|
+
],
|
|
55
|
+
"severity": "medium"
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
"id": "MASS006",
|
|
59
|
+
"pattern": "params\\.require\\s*\\([^)]+\\)\\.permit!",
|
|
60
|
+
"flags": "i",
|
|
61
|
+
"category": "mass_assignment",
|
|
62
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
63
|
+
"language": [
|
|
64
|
+
"ruby"
|
|
65
|
+
],
|
|
66
|
+
"severity": "medium"
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
"id": "MASS007",
|
|
70
|
+
"pattern": "update_attributes!\\s*\\(\\s*\\w*(?:request_params|attrs|hash)",
|
|
71
|
+
"flags": "i",
|
|
72
|
+
"category": "mass_assignment",
|
|
73
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
74
|
+
"language": [
|
|
75
|
+
"ruby"
|
|
76
|
+
],
|
|
77
|
+
"severity": "medium"
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
"id": "MASS008",
|
|
81
|
+
"pattern": "\\.create!\\s*\\(\\s*attrs\\s*\\)",
|
|
82
|
+
"flags": "i",
|
|
83
|
+
"category": "mass_assignment",
|
|
84
|
+
"description": "Ruby mass assignment: create/new/update with unfiltered params hash",
|
|
85
|
+
"language": [
|
|
86
|
+
"ruby"
|
|
87
|
+
],
|
|
88
|
+
"severity": "medium"
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
"id": "MASS009",
|
|
92
|
+
"pattern": "\\bcreate\\s*\\(\\s*params\\s*\\)",
|
|
93
|
+
"flags": "",
|
|
94
|
+
"category": "mass_assignment",
|
|
95
|
+
"description": "Ruby mass assignment: bare create(params)/new(registration_params) call (no receiver dot)",
|
|
96
|
+
"language": [
|
|
97
|
+
"ruby"
|
|
98
|
+
],
|
|
99
|
+
"severity": "medium"
|
|
100
|
+
},
|
|
101
|
+
{
|
|
102
|
+
"id": "MASS010",
|
|
103
|
+
"pattern": "\\bnew\\s*\\(\\s*registration_params\\b",
|
|
104
|
+
"flags": "i",
|
|
105
|
+
"category": "mass_assignment",
|
|
106
|
+
"description": "Ruby mass assignment: bare create(params)/new(registration_params) call (no receiver dot)",
|
|
107
|
+
"language": [
|
|
108
|
+
"ruby"
|
|
109
|
+
],
|
|
110
|
+
"severity": "medium"
|
|
111
|
+
}
|
|
112
|
+
]
|
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "REDIR001",
|
|
4
|
+
"pattern": "redirect_to\\s+params\\[|redirect_to\\s+\\w+\\s*\\|\\||http\\.Redirect\\s*\\([^)]*r\\.Header|Response\\.Redirect\\s*\\(\\s*\\w*[Uu]rl",
|
|
5
|
+
"flags": "i",
|
|
6
|
+
"category": "open_redirect",
|
|
7
|
+
"description": "Open redirect (various frameworks)",
|
|
8
|
+
"language": [
|
|
9
|
+
"js",
|
|
10
|
+
"ts",
|
|
11
|
+
"python",
|
|
12
|
+
"java",
|
|
13
|
+
"go",
|
|
14
|
+
"csharp",
|
|
15
|
+
"php",
|
|
16
|
+
"ruby",
|
|
17
|
+
"rust",
|
|
18
|
+
"kotlin"
|
|
19
|
+
],
|
|
20
|
+
"severity": "medium"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"id": "REDIR002",
|
|
24
|
+
"pattern": "http\\.Redirect\\s*\\([^,]+,\\s*[^,]+,\\s*(?:returnURL|redirectTo|returnUrl|returnTo|referer|destination)",
|
|
25
|
+
"flags": "i",
|
|
26
|
+
"category": "open_redirect",
|
|
27
|
+
"description": "Go open redirect: http.Redirect with user-controlled variable (returnURL etc.)",
|
|
28
|
+
"language": [
|
|
29
|
+
"go"
|
|
30
|
+
],
|
|
31
|
+
"severity": "medium"
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
"id": "REDIR003",
|
|
35
|
+
"pattern": "r\\.URL\\.Query\\(\\)\\.Get\\s*\\(\\s*[\"']return",
|
|
36
|
+
"flags": "i",
|
|
37
|
+
"category": "open_redirect",
|
|
38
|
+
"description": "Go open redirect: r.URL.Query() used as redirect target",
|
|
39
|
+
"language": [
|
|
40
|
+
"go"
|
|
41
|
+
],
|
|
42
|
+
"severity": "medium"
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"id": "REDIR004",
|
|
46
|
+
"pattern": "Redirect\\s*\\(\\s*(?:\\w*[Uu]rl|returnUrl)\\b",
|
|
47
|
+
"flags": "",
|
|
48
|
+
"category": "open_redirect",
|
|
49
|
+
"description": "Open redirect",
|
|
50
|
+
"language": [
|
|
51
|
+
"js",
|
|
52
|
+
"ts",
|
|
53
|
+
"python",
|
|
54
|
+
"java",
|
|
55
|
+
"go",
|
|
56
|
+
"csharp",
|
|
57
|
+
"php",
|
|
58
|
+
"ruby",
|
|
59
|
+
"rust",
|
|
60
|
+
"kotlin"
|
|
61
|
+
],
|
|
62
|
+
"severity": "medium"
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"id": "REDIR005",
|
|
66
|
+
"pattern": "context\\.Response\\.Redirect\\s*\\(\\s*(?:next|url|returnUrl|redirect)",
|
|
67
|
+
"flags": "i",
|
|
68
|
+
"category": "open_redirect",
|
|
69
|
+
"description": "C# open redirect",
|
|
70
|
+
"language": [
|
|
71
|
+
"csharp"
|
|
72
|
+
],
|
|
73
|
+
"severity": "medium"
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
"id": "REDIR006",
|
|
77
|
+
"pattern": "return Redirect\\s*\\(\\s*(?:returnUrl|destination|state|next)\\s*\\)",
|
|
78
|
+
"flags": "i",
|
|
79
|
+
"category": "open_redirect",
|
|
80
|
+
"description": "C# open redirect",
|
|
81
|
+
"language": [
|
|
82
|
+
"csharp"
|
|
83
|
+
],
|
|
84
|
+
"severity": "medium"
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
"id": "REDIR007",
|
|
88
|
+
"pattern": "redirect_to\\s+params\\[:\\w+\\]",
|
|
89
|
+
"flags": "i",
|
|
90
|
+
"category": "open_redirect",
|
|
91
|
+
"description": "Ruby open redirect",
|
|
92
|
+
"language": [
|
|
93
|
+
"ruby"
|
|
94
|
+
],
|
|
95
|
+
"severity": "medium"
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"id": "REDIR008",
|
|
99
|
+
"pattern": "redirect_to\\s+(?:next_url|callback|destination|target)",
|
|
100
|
+
"flags": "i",
|
|
101
|
+
"category": "open_redirect",
|
|
102
|
+
"description": "Ruby open redirect",
|
|
103
|
+
"language": [
|
|
104
|
+
"ruby"
|
|
105
|
+
],
|
|
106
|
+
"severity": "medium"
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
"id": "REDIR009",
|
|
110
|
+
"pattern": "header\\s*\\(\\s*[\"']Location:[\"']\\s*\\.\\s*\\$(?:_GET|_POST|url|next|redirect)",
|
|
111
|
+
"flags": "i",
|
|
112
|
+
"category": "open_redirect",
|
|
113
|
+
"description": "PHP open redirect: header Location",
|
|
114
|
+
"language": [
|
|
115
|
+
"php"
|
|
116
|
+
],
|
|
117
|
+
"severity": "medium"
|
|
118
|
+
},
|
|
119
|
+
{
|
|
120
|
+
"id": "REDIR010",
|
|
121
|
+
"pattern": "header\\s*\\(\\s*[\"']Location:[\"']\\s*\\.\\s*\\$",
|
|
122
|
+
"flags": "i",
|
|
123
|
+
"category": "open_redirect",
|
|
124
|
+
"description": "PHP open redirect: header Location",
|
|
125
|
+
"language": [
|
|
126
|
+
"php"
|
|
127
|
+
],
|
|
128
|
+
"severity": "medium"
|
|
129
|
+
},
|
|
130
|
+
{
|
|
131
|
+
"id": "REDIR011",
|
|
132
|
+
"pattern": "header\\s*\\(\\s*['\"]Location:\\s*['\"]\\s*\\.\\s*\\$(?:url|next|redirect|return_to|target|to)\\b",
|
|
133
|
+
"flags": "i",
|
|
134
|
+
"category": "open_redirect",
|
|
135
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
136
|
+
"language": [
|
|
137
|
+
"php"
|
|
138
|
+
],
|
|
139
|
+
"severity": "medium"
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
"id": "REDIR012",
|
|
143
|
+
"pattern": "header\\s*\\(\\s*['\"]Location:\\s*['\"]\\s*\\.\\s*\\$(?:_GET|_POST|_REQUEST)",
|
|
144
|
+
"flags": "i",
|
|
145
|
+
"category": "open_redirect",
|
|
146
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
147
|
+
"language": [
|
|
148
|
+
"php"
|
|
149
|
+
],
|
|
150
|
+
"severity": "medium"
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
"id": "REDIR013",
|
|
154
|
+
"pattern": "header\\s*\\(\\s*\"Location:\\s*\\$(?:url|next|redirect|target|return)",
|
|
155
|
+
"flags": "i",
|
|
156
|
+
"category": "open_redirect",
|
|
157
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
158
|
+
"language": [
|
|
159
|
+
"php"
|
|
160
|
+
],
|
|
161
|
+
"severity": "medium"
|
|
162
|
+
},
|
|
163
|
+
{
|
|
164
|
+
"id": "REDIR014",
|
|
165
|
+
"pattern": "header\\s*\\(\\s*\"Location:\\s*\"\\.\\s*\\$\\w",
|
|
166
|
+
"flags": "i",
|
|
167
|
+
"category": "open_redirect",
|
|
168
|
+
"description": "PHP open redirect: header('Location') with user-controlled variable",
|
|
169
|
+
"language": [
|
|
170
|
+
"php"
|
|
171
|
+
],
|
|
172
|
+
"severity": "medium"
|
|
173
|
+
},
|
|
174
|
+
{
|
|
175
|
+
"id": "REDIR015",
|
|
176
|
+
"pattern": "http\\.Redirect\\s*\\(\\s*w\\s*,\\s*r\\s*,\\s*(?:returnURL|returnUrl|destination|state|next|returnTo|referer)",
|
|
177
|
+
"flags": "i",
|
|
178
|
+
"category": "open_redirect",
|
|
179
|
+
"description": "Go open redirect",
|
|
180
|
+
"language": [
|
|
181
|
+
"go"
|
|
182
|
+
],
|
|
183
|
+
"severity": "medium"
|
|
184
|
+
},
|
|
185
|
+
{
|
|
186
|
+
"id": "REDIR016",
|
|
187
|
+
"pattern": "http\\.Redirect\\s*\\(\\s*w\\s*,\\s*r\\s*,\\s*(?:string\\()?\\s*(?:returnURL|returnUrl|destination|state|next|returnTo|referer)",
|
|
188
|
+
"flags": "i",
|
|
189
|
+
"category": "open_redirect",
|
|
190
|
+
"description": "Go: timing attack via != comparison of tokens; open redirect via decoded state",
|
|
191
|
+
"language": [
|
|
192
|
+
"go"
|
|
193
|
+
],
|
|
194
|
+
"severity": "medium"
|
|
195
|
+
}
|
|
196
|
+
]
|