thuban 0.4.1 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/dist/cli.js +1 -1
  2. package/dist/package.json +63 -0
  3. package/dist/packages/crucible/banner.js +1 -1
  4. package/dist/packages/crucible/rule-loader.js +1 -1
  5. package/dist/packages/crucible/rules/code-scanner-core.json +147 -0
  6. package/dist/packages/crucible/rules/command-injection.json +411 -0
  7. package/dist/packages/crucible/rules/crypto-misuse.json +35 -0
  8. package/dist/packages/crucible/rules/deserialization.json +152 -0
  9. package/dist/packages/crucible/rules/env-injection.json +46 -0
  10. package/dist/packages/crucible/rules/eval-abuse.json +104 -0
  11. package/dist/packages/crucible/rules/file-upload.json +46 -0
  12. package/dist/packages/crucible/rules/hallucination.json +22 -0
  13. package/dist/packages/crucible/rules/hardcoded-secret.json +397 -0
  14. package/dist/packages/crucible/rules/hardcoded-url.json +13 -0
  15. package/dist/packages/crucible/rules/insecure-crypto.json +302 -0
  16. package/dist/packages/crucible/rules/integer-overflow.json +35 -0
  17. package/dist/packages/crucible/rules/log-injection.json +33 -0
  18. package/dist/packages/crucible/rules/mass-assignment.json +112 -0
  19. package/dist/packages/crucible/rules/open-redirect.json +196 -0
  20. package/dist/packages/crucible/rules/path-traversal.json +422 -0
  21. package/dist/packages/crucible/rules/prototype-pollution.json +22 -0
  22. package/dist/packages/crucible/rules/sql-injection.json +619 -0
  23. package/dist/packages/crucible/rules/ssrf.json +557 -0
  24. package/dist/packages/crucible/rules/timing-attack.json +55 -0
  25. package/dist/packages/crucible/rules/unsafe-block.json +24 -0
  26. package/dist/packages/crucible/rules/xss.json +663 -0
  27. package/dist/packages/crucible/rules/xxe.json +66 -0
  28. package/dist/packages/crucible/rules/yaml-deserialization.json +22 -0
  29. package/dist/packages/crucible/rules/yaml-injection.json +22 -0
  30. package/dist/packages/scanner/drift-detector.js +1 -1
  31. package/dist/packages/scanner/export-verifier.js +1 -1
  32. package/dist/packages/scanner/license-manager.js +1 -1
  33. package/dist/packages/scanner/monitor-service.js +1 -1
  34. package/dist/packages/scanner/taint-tracker.js +1 -1
  35. package/package.json +4 -2
@@ -0,0 +1,302 @@
1
+ [
2
+ {
3
+ "id": "CRYPTO001",
4
+ "pattern": "md5\\s*\\(|hashlib\\.md5|MessageDigest\\.getInstance\\s*\\(\\s*[\"']MD5[\"']\\)",
5
+ "flags": "i",
6
+ "category": "insecure_crypto",
7
+ "description": "Insecure crypto (expanded)",
8
+ "language": [
9
+ "js",
10
+ "ts",
11
+ "python",
12
+ "java",
13
+ "go",
14
+ "csharp",
15
+ "php",
16
+ "ruby",
17
+ "rust",
18
+ "kotlin"
19
+ ],
20
+ "severity": "high"
21
+ },
22
+ {
23
+ "id": "CRYPTO002",
24
+ "pattern": "Math\\.random\\s*\\(\\)",
25
+ "flags": "",
26
+ "category": "insecure_crypto",
27
+ "description": "Insecure crypto (expanded)",
28
+ "language": [
29
+ "js",
30
+ "ts",
31
+ "python",
32
+ "java",
33
+ "go",
34
+ "csharp",
35
+ "php",
36
+ "ruby",
37
+ "rust",
38
+ "kotlin"
39
+ ],
40
+ "severity": "high"
41
+ },
42
+ {
43
+ "id": "CRYPTO003",
44
+ "pattern": "MD5\\.Create\\s*\\(\\)|MD5\\.HashData\\s*\\(|createHash\\s*\\(\\s*['\"]md5['\"]\\)",
45
+ "flags": "i",
46
+ "category": "insecure_crypto",
47
+ "description": "MD5/SHA1 via language-specific APIs",
48
+ "language": [
49
+ "js",
50
+ "ts",
51
+ "python",
52
+ "java",
53
+ "go",
54
+ "csharp",
55
+ "php",
56
+ "ruby",
57
+ "rust",
58
+ "kotlin"
59
+ ],
60
+ "severity": "high"
61
+ },
62
+ {
63
+ "id": "CRYPTO004",
64
+ "pattern": "crypto\\/md5|use\\s+md5\\b|md5::compute|crypto\\/sha1|use\\s+sha1\\b",
65
+ "flags": "i",
66
+ "category": "insecure_crypto",
67
+ "description": "MD5/SHA1 via language-specific APIs",
68
+ "language": [
69
+ "js",
70
+ "ts",
71
+ "python",
72
+ "java",
73
+ "go",
74
+ "csharp",
75
+ "php",
76
+ "ruby",
77
+ "rust",
78
+ "kotlin"
79
+ ],
80
+ "severity": "high"
81
+ },
82
+ {
83
+ "id": "CRYPTO005",
84
+ "pattern": "MessageDigest\\.getInstance\\s*\\(\\s*[\"']SHA-?1[\"']\\)|SHA1\\s*\\(\\)|sha1\\s*\\(",
85
+ "flags": "i",
86
+ "category": "insecure_crypto",
87
+ "description": "MD5/SHA1 via language-specific APIs",
88
+ "language": [
89
+ "js",
90
+ "ts",
91
+ "python",
92
+ "java",
93
+ "go",
94
+ "csharp",
95
+ "php",
96
+ "ruby",
97
+ "rust",
98
+ "kotlin"
99
+ ],
100
+ "severity": "high"
101
+ },
102
+ {
103
+ "id": "CRYPTO006",
104
+ "pattern": "MD5\\.Create\\s*\\(\\)",
105
+ "flags": "i",
106
+ "category": "insecure_crypto",
107
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
108
+ "language": [
109
+ "csharp"
110
+ ],
111
+ "severity": "high"
112
+ },
113
+ {
114
+ "id": "CRYPTO007",
115
+ "pattern": "DES\\.Create\\s*\\(\\)|new HMACSHA1\\s*\\(",
116
+ "flags": "i",
117
+ "category": "insecure_crypto",
118
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
119
+ "language": [
120
+ "csharp"
121
+ ],
122
+ "severity": "high"
123
+ },
124
+ {
125
+ "id": "CRYPTO008",
126
+ "pattern": "CipherMode\\.ECB",
127
+ "flags": "i",
128
+ "category": "insecure_crypto",
129
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
130
+ "language": [
131
+ "csharp"
132
+ ],
133
+ "severity": "high"
134
+ },
135
+ {
136
+ "id": "CRYPTO009",
137
+ "pattern": "new Random\\s*\\(\\)",
138
+ "flags": "",
139
+ "category": "insecure_crypto",
140
+ "description": "C# insecure crypto: MD5/DES/SHA1/Random/ECB",
141
+ "language": [
142
+ "csharp"
143
+ ],
144
+ "severity": "high"
145
+ },
146
+ {
147
+ "id": "CRYPTO010",
148
+ "pattern": "md5\\s*\\(\\s*\\$(?:_POST|password|user_pass)\\b",
149
+ "flags": "i",
150
+ "category": "insecure_crypto",
151
+ "description": "PHP insecure crypto",
152
+ "language": [
153
+ "php"
154
+ ],
155
+ "severity": "high"
156
+ },
157
+ {
158
+ "id": "CRYPTO011",
159
+ "pattern": "\\bmd5\\s*\\(\\s*rand\\s*\\(\\s*\\)\\s*\\)|sha1\\s*\\(\\s*\\w+\\s*\\.\\s*time\\s*\\(",
160
+ "flags": "i",
161
+ "category": "insecure_crypto",
162
+ "description": "PHP insecure crypto",
163
+ "language": [
164
+ "php"
165
+ ],
166
+ "severity": "high"
167
+ },
168
+ {
169
+ "id": "CRYPTO012",
170
+ "pattern": "mcrypt_encrypt\\s*\\(\\s*MCRYPT_DES",
171
+ "flags": "i",
172
+ "category": "insecure_crypto",
173
+ "description": "PHP insecure crypto",
174
+ "language": [
175
+ "php"
176
+ ],
177
+ "severity": "high"
178
+ },
179
+ {
180
+ "id": "CRYPTO013",
181
+ "pattern": "\"crypto\\/md5\"|md5\\.Sum\\s*\\(|md5\\.New\\s*\\(",
182
+ "flags": "i",
183
+ "category": "insecure_crypto",
184
+ "description": "Go insecure crypto",
185
+ "language": [
186
+ "go"
187
+ ],
188
+ "severity": "high"
189
+ },
190
+ {
191
+ "id": "CRYPTO014",
192
+ "pattern": "\"math\\/rand\"|rand\\.Intn\\s*\\(|rand\\.Seed\\s*\\(",
193
+ "flags": "i",
194
+ "category": "insecure_crypto",
195
+ "description": "Go insecure crypto",
196
+ "language": [
197
+ "go"
198
+ ],
199
+ "severity": "high"
200
+ },
201
+ {
202
+ "id": "CRYPTO015",
203
+ "pattern": "\"crypto\\/des\"|des\\.NewCipher\\s*\\(",
204
+ "flags": "i",
205
+ "category": "insecure_crypto",
206
+ "description": "Go insecure crypto",
207
+ "language": [
208
+ "go"
209
+ ],
210
+ "severity": "high"
211
+ },
212
+ {
213
+ "id": "CRYPTO016",
214
+ "pattern": "\"crypto\\/sha1\"|sha1\\.New\\s*\\(|hmac\\.New\\s*\\(\\s*sha1\\.New",
215
+ "flags": "i",
216
+ "category": "insecure_crypto",
217
+ "description": "Go insecure crypto",
218
+ "language": [
219
+ "go"
220
+ ],
221
+ "severity": "high"
222
+ },
223
+ {
224
+ "id": "CRYPTO017",
225
+ "pattern": "rsa\\.GenerateKey\\s*\\([^,]+,\\s*(?:512|1024)\\s*\\)",
226
+ "flags": "i",
227
+ "category": "insecure_crypto",
228
+ "description": "Go insecure crypto",
229
+ "language": [
230
+ "go"
231
+ ],
232
+ "severity": "high"
233
+ },
234
+ {
235
+ "id": "CRYPTO018",
236
+ "pattern": "getInstance\\s*\\(\\s*[\"']DES\\b",
237
+ "flags": "i",
238
+ "category": "insecure_crypto",
239
+ "description": "Kotlin/Java: DES cipher usage",
240
+ "language": [
241
+ "kotlin",
242
+ "java"
243
+ ],
244
+ "severity": "high"
245
+ },
246
+ {
247
+ "id": "CRYPTO019",
248
+ "pattern": "private\\s+static\\s+final\\s+String\\s+\\w*(?:ALGORITHM|ALGO|CIPHER)\\w*\\s*=\\s*[\"']DES[\"']|static\\s+final\\s+String\\s+\\w*(?:ALGORITHM|ALGO|CIPHER)\\w*\\s*=\\s*[\"']DES[\"']",
249
+ "flags": "i",
250
+ "category": "insecure_crypto",
251
+ "description": "Kotlin/Java: DES cipher usage",
252
+ "language": [
253
+ "kotlin",
254
+ "java"
255
+ ],
256
+ "severity": "high"
257
+ },
258
+ {
259
+ "id": "CRYPTO020",
260
+ "pattern": "==\\s*received_sig\\b|received_sig\\s*==|provided\\s*==\\s*stored\\b",
261
+ "flags": "",
262
+ "category": "insecure_crypto",
263
+ "description": "Python: timing attack via == comparison, low-iteration PBKDF2",
264
+ "language": [
265
+ "python"
266
+ ],
267
+ "severity": "high"
268
+ },
269
+ {
270
+ "id": "CRYPTO021",
271
+ "pattern": "pbkdf2_hmac\\s*\\(\\s*[\"'](?:sha1|md5)[\"'][^)]*,\\s*1000\\s*\\)",
272
+ "flags": "i",
273
+ "category": "insecure_crypto",
274
+ "description": "Python: timing attack via == comparison, low-iteration PBKDF2",
275
+ "language": [
276
+ "python"
277
+ ],
278
+ "severity": "high"
279
+ },
280
+ {
281
+ "id": "CRYPTO022",
282
+ "pattern": "\\w*(?:Sig|Signature)\\w*\\s*={2,3}\\s*\\w+|={2,3}\\s*\\w*(?:Sig|Signature)\\w*\\b",
283
+ "flags": "",
284
+ "category": "insecure_crypto",
285
+ "description": "(also matches == after loose-equality mutation of ===)",
286
+ "language": [
287
+ "typescript"
288
+ ],
289
+ "severity": "high"
290
+ },
291
+ {
292
+ "id": "CRYPTO023",
293
+ "pattern": "provided\\w*\\s*={2,3}\\s*stored\\w*|stored\\w*\\s*={2,3}\\s*provided\\w*",
294
+ "flags": "i",
295
+ "category": "insecure_crypto",
296
+ "description": "(also matches == after loose-equality mutation of ===)",
297
+ "language": [
298
+ "typescript"
299
+ ],
300
+ "severity": "high"
301
+ }
302
+ ]
@@ -0,0 +1,35 @@
1
+ [
2
+ {
3
+ "id": "INT001",
4
+ "pattern": "\\bas\\s+(?:u8|u16|u32|i8|i16|i32|i64|usize)\\b",
5
+ "flags": "",
6
+ "category": "integer_overflow",
7
+ "description": "Cast truncation: `val as u8/u16/u32/i32/usize` silently drops bits",
8
+ "language": [
9
+ "rust"
10
+ ],
11
+ "severity": "medium"
12
+ },
13
+ {
14
+ "id": "INT002",
15
+ "pattern": "\\w+\\s*\\*\\s*\\w*(?:size|len)\\w*\\b",
16
+ "flags": "i",
17
+ "category": "integer_overflow",
18
+ "description": "Allocation size computed from untrusted multiplication (user_size * element_size)",
19
+ "language": [
20
+ "rust"
21
+ ],
22
+ "severity": "medium"
23
+ },
24
+ {
25
+ "id": "INT003",
26
+ "pattern": "\\[\\s*(?:index|idx|start\\.\\.end)\\s*\\]|\\[\\s*row\\s*\\]\\s*\\[\\s*col\\s*\\]|\\[\\s*n\\s*\\]",
27
+ "flags": "",
28
+ "category": "integer_overflow",
29
+ "description": "Array/slice indexing with named variable index / range (no bounds check)",
30
+ "language": [
31
+ "rust"
32
+ ],
33
+ "severity": "medium"
34
+ }
35
+ ]
@@ -0,0 +1,33 @@
1
+ [
2
+ {
3
+ "id": "LOG001",
4
+ "pattern": "logger\\.(?:info|error|warn|debug)\\s*\\(.*\\+\\s*\\w+",
5
+ "flags": "",
6
+ "category": "log_injection",
7
+ "description": "Log injection",
8
+ "language": [
9
+ "js",
10
+ "ts",
11
+ "python",
12
+ "java",
13
+ "go",
14
+ "csharp",
15
+ "php",
16
+ "ruby",
17
+ "rust",
18
+ "kotlin"
19
+ ],
20
+ "severity": "medium"
21
+ },
22
+ {
23
+ "id": "LOG002",
24
+ "pattern": "\\blog\\.(?:info|error|warn|debug)\\s*\\(.*\\+\\s*\\w+",
25
+ "flags": "",
26
+ "category": "log_injection",
27
+ "description": "Java: log4j log.* injection (lowercase `log` logger variable)",
28
+ "language": [
29
+ "java"
30
+ ],
31
+ "severity": "medium"
32
+ }
33
+ ]
@@ -0,0 +1,112 @@
1
+ [
2
+ {
3
+ "id": "MASS001",
4
+ "pattern": "params\\[:\\w+\\]\\.permit!",
5
+ "flags": "i",
6
+ "category": "mass_assignment",
7
+ "description": "Ruby mass assignment",
8
+ "language": [
9
+ "ruby"
10
+ ],
11
+ "severity": "medium"
12
+ },
13
+ {
14
+ "id": "MASS002",
15
+ "pattern": "\\.update_attributes\\s*\\(\\s*params",
16
+ "flags": "i",
17
+ "category": "mass_assignment",
18
+ "description": "Ruby mass assignment",
19
+ "language": [
20
+ "ruby"
21
+ ],
22
+ "severity": "medium"
23
+ },
24
+ {
25
+ "id": "MASS003",
26
+ "pattern": "\\.update\\s*\\(\\s*params\\[:\\w+\\]\\s*\\)",
27
+ "flags": "i",
28
+ "category": "mass_assignment",
29
+ "description": "Ruby mass assignment",
30
+ "language": [
31
+ "ruby"
32
+ ],
33
+ "severity": "medium"
34
+ },
35
+ {
36
+ "id": "MASS004",
37
+ "pattern": "\\.create\\s*\\(\\s*params\\b(?!\\s*[.\\[])|User\\.create_from_params",
38
+ "flags": "i",
39
+ "category": "mass_assignment",
40
+ "description": "Ruby mass assignment: create/new/update with unfiltered params hash",
41
+ "language": [
42
+ "ruby"
43
+ ],
44
+ "severity": "medium"
45
+ },
46
+ {
47
+ "id": "MASS005",
48
+ "pattern": "\\.new\\s*\\(\\s*registration_params\\b",
49
+ "flags": "i",
50
+ "category": "mass_assignment",
51
+ "description": "Ruby mass assignment: create/new/update with unfiltered params hash",
52
+ "language": [
53
+ "ruby"
54
+ ],
55
+ "severity": "medium"
56
+ },
57
+ {
58
+ "id": "MASS006",
59
+ "pattern": "params\\.require\\s*\\([^)]+\\)\\.permit!",
60
+ "flags": "i",
61
+ "category": "mass_assignment",
62
+ "description": "Ruby mass assignment: create/new/update with unfiltered params hash",
63
+ "language": [
64
+ "ruby"
65
+ ],
66
+ "severity": "medium"
67
+ },
68
+ {
69
+ "id": "MASS007",
70
+ "pattern": "update_attributes!\\s*\\(\\s*\\w*(?:request_params|attrs|hash)",
71
+ "flags": "i",
72
+ "category": "mass_assignment",
73
+ "description": "Ruby mass assignment: create/new/update with unfiltered params hash",
74
+ "language": [
75
+ "ruby"
76
+ ],
77
+ "severity": "medium"
78
+ },
79
+ {
80
+ "id": "MASS008",
81
+ "pattern": "\\.create!\\s*\\(\\s*attrs\\s*\\)",
82
+ "flags": "i",
83
+ "category": "mass_assignment",
84
+ "description": "Ruby mass assignment: create/new/update with unfiltered params hash",
85
+ "language": [
86
+ "ruby"
87
+ ],
88
+ "severity": "medium"
89
+ },
90
+ {
91
+ "id": "MASS009",
92
+ "pattern": "\\bcreate\\s*\\(\\s*params\\s*\\)",
93
+ "flags": "",
94
+ "category": "mass_assignment",
95
+ "description": "Ruby mass assignment: bare create(params)/new(registration_params) call (no receiver dot)",
96
+ "language": [
97
+ "ruby"
98
+ ],
99
+ "severity": "medium"
100
+ },
101
+ {
102
+ "id": "MASS010",
103
+ "pattern": "\\bnew\\s*\\(\\s*registration_params\\b",
104
+ "flags": "i",
105
+ "category": "mass_assignment",
106
+ "description": "Ruby mass assignment: bare create(params)/new(registration_params) call (no receiver dot)",
107
+ "language": [
108
+ "ruby"
109
+ ],
110
+ "severity": "medium"
111
+ }
112
+ ]
@@ -0,0 +1,196 @@
1
+ [
2
+ {
3
+ "id": "REDIR001",
4
+ "pattern": "redirect_to\\s+params\\[|redirect_to\\s+\\w+\\s*\\|\\||http\\.Redirect\\s*\\([^)]*r\\.Header|Response\\.Redirect\\s*\\(\\s*\\w*[Uu]rl",
5
+ "flags": "i",
6
+ "category": "open_redirect",
7
+ "description": "Open redirect (various frameworks)",
8
+ "language": [
9
+ "js",
10
+ "ts",
11
+ "python",
12
+ "java",
13
+ "go",
14
+ "csharp",
15
+ "php",
16
+ "ruby",
17
+ "rust",
18
+ "kotlin"
19
+ ],
20
+ "severity": "medium"
21
+ },
22
+ {
23
+ "id": "REDIR002",
24
+ "pattern": "http\\.Redirect\\s*\\([^,]+,\\s*[^,]+,\\s*(?:returnURL|redirectTo|returnUrl|returnTo|referer|destination)",
25
+ "flags": "i",
26
+ "category": "open_redirect",
27
+ "description": "Go open redirect: http.Redirect with user-controlled variable (returnURL etc.)",
28
+ "language": [
29
+ "go"
30
+ ],
31
+ "severity": "medium"
32
+ },
33
+ {
34
+ "id": "REDIR003",
35
+ "pattern": "r\\.URL\\.Query\\(\\)\\.Get\\s*\\(\\s*[\"']return",
36
+ "flags": "i",
37
+ "category": "open_redirect",
38
+ "description": "Go open redirect: r.URL.Query() used as redirect target",
39
+ "language": [
40
+ "go"
41
+ ],
42
+ "severity": "medium"
43
+ },
44
+ {
45
+ "id": "REDIR004",
46
+ "pattern": "Redirect\\s*\\(\\s*(?:\\w*[Uu]rl|returnUrl)\\b",
47
+ "flags": "",
48
+ "category": "open_redirect",
49
+ "description": "Open redirect",
50
+ "language": [
51
+ "js",
52
+ "ts",
53
+ "python",
54
+ "java",
55
+ "go",
56
+ "csharp",
57
+ "php",
58
+ "ruby",
59
+ "rust",
60
+ "kotlin"
61
+ ],
62
+ "severity": "medium"
63
+ },
64
+ {
65
+ "id": "REDIR005",
66
+ "pattern": "context\\.Response\\.Redirect\\s*\\(\\s*(?:next|url|returnUrl|redirect)",
67
+ "flags": "i",
68
+ "category": "open_redirect",
69
+ "description": "C# open redirect",
70
+ "language": [
71
+ "csharp"
72
+ ],
73
+ "severity": "medium"
74
+ },
75
+ {
76
+ "id": "REDIR006",
77
+ "pattern": "return Redirect\\s*\\(\\s*(?:returnUrl|destination|state|next)\\s*\\)",
78
+ "flags": "i",
79
+ "category": "open_redirect",
80
+ "description": "C# open redirect",
81
+ "language": [
82
+ "csharp"
83
+ ],
84
+ "severity": "medium"
85
+ },
86
+ {
87
+ "id": "REDIR007",
88
+ "pattern": "redirect_to\\s+params\\[:\\w+\\]",
89
+ "flags": "i",
90
+ "category": "open_redirect",
91
+ "description": "Ruby open redirect",
92
+ "language": [
93
+ "ruby"
94
+ ],
95
+ "severity": "medium"
96
+ },
97
+ {
98
+ "id": "REDIR008",
99
+ "pattern": "redirect_to\\s+(?:next_url|callback|destination|target)",
100
+ "flags": "i",
101
+ "category": "open_redirect",
102
+ "description": "Ruby open redirect",
103
+ "language": [
104
+ "ruby"
105
+ ],
106
+ "severity": "medium"
107
+ },
108
+ {
109
+ "id": "REDIR009",
110
+ "pattern": "header\\s*\\(\\s*[\"']Location:[\"']\\s*\\.\\s*\\$(?:_GET|_POST|url|next|redirect)",
111
+ "flags": "i",
112
+ "category": "open_redirect",
113
+ "description": "PHP open redirect: header Location",
114
+ "language": [
115
+ "php"
116
+ ],
117
+ "severity": "medium"
118
+ },
119
+ {
120
+ "id": "REDIR010",
121
+ "pattern": "header\\s*\\(\\s*[\"']Location:[\"']\\s*\\.\\s*\\$",
122
+ "flags": "i",
123
+ "category": "open_redirect",
124
+ "description": "PHP open redirect: header Location",
125
+ "language": [
126
+ "php"
127
+ ],
128
+ "severity": "medium"
129
+ },
130
+ {
131
+ "id": "REDIR011",
132
+ "pattern": "header\\s*\\(\\s*['\"]Location:\\s*['\"]\\s*\\.\\s*\\$(?:url|next|redirect|return_to|target|to)\\b",
133
+ "flags": "i",
134
+ "category": "open_redirect",
135
+ "description": "PHP open redirect: header('Location') with user-controlled variable",
136
+ "language": [
137
+ "php"
138
+ ],
139
+ "severity": "medium"
140
+ },
141
+ {
142
+ "id": "REDIR012",
143
+ "pattern": "header\\s*\\(\\s*['\"]Location:\\s*['\"]\\s*\\.\\s*\\$(?:_GET|_POST|_REQUEST)",
144
+ "flags": "i",
145
+ "category": "open_redirect",
146
+ "description": "PHP open redirect: header('Location') with user-controlled variable",
147
+ "language": [
148
+ "php"
149
+ ],
150
+ "severity": "medium"
151
+ },
152
+ {
153
+ "id": "REDIR013",
154
+ "pattern": "header\\s*\\(\\s*\"Location:\\s*\\$(?:url|next|redirect|target|return)",
155
+ "flags": "i",
156
+ "category": "open_redirect",
157
+ "description": "PHP open redirect: header('Location') with user-controlled variable",
158
+ "language": [
159
+ "php"
160
+ ],
161
+ "severity": "medium"
162
+ },
163
+ {
164
+ "id": "REDIR014",
165
+ "pattern": "header\\s*\\(\\s*\"Location:\\s*\"\\.\\s*\\$\\w",
166
+ "flags": "i",
167
+ "category": "open_redirect",
168
+ "description": "PHP open redirect: header('Location') with user-controlled variable",
169
+ "language": [
170
+ "php"
171
+ ],
172
+ "severity": "medium"
173
+ },
174
+ {
175
+ "id": "REDIR015",
176
+ "pattern": "http\\.Redirect\\s*\\(\\s*w\\s*,\\s*r\\s*,\\s*(?:returnURL|returnUrl|destination|state|next|returnTo|referer)",
177
+ "flags": "i",
178
+ "category": "open_redirect",
179
+ "description": "Go open redirect",
180
+ "language": [
181
+ "go"
182
+ ],
183
+ "severity": "medium"
184
+ },
185
+ {
186
+ "id": "REDIR016",
187
+ "pattern": "http\\.Redirect\\s*\\(\\s*w\\s*,\\s*r\\s*,\\s*(?:string\\()?\\s*(?:returnURL|returnUrl|destination|state|next|returnTo|referer)",
188
+ "flags": "i",
189
+ "category": "open_redirect",
190
+ "description": "Go: timing attack via != comparison of tokens; open redirect via decoded state",
191
+ "language": [
192
+ "go"
193
+ ],
194
+ "severity": "medium"
195
+ }
196
+ ]