|
1 | 1 | { |
2 | 2 | "version": "2.2", |
3 | 3 | "metadata": { |
4 | | - "rules_version": "1.14.2" |
| 4 | + "rules_version": "1.15.0" |
5 | 5 | }, |
6 | 6 | "rules": [ |
7 | 7 | { |
|
2985 | 2985 | "address": "graphql.server.resolver" |
2986 | 2986 | } |
2987 | 2987 | ], |
2988 | | - "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)", |
| 2988 | + "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main\\b|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)", |
2989 | 2989 | "options": { |
2990 | 2990 | "case_sensitive": true, |
2991 | 2991 | "min_length": 3 |
|
5656 | 5656 | ], |
5657 | 5657 | "transformers": [] |
5658 | 5658 | }, |
| 5659 | + { |
| 5660 | + "id": "dog-932-110", |
| 5661 | + "name": "Python: Subprocess-based command injection", |
| 5662 | + "tags": { |
| 5663 | + "type": "command_injection", |
| 5664 | + "category": "attack_attempt", |
| 5665 | + "confidence": "0", |
| 5666 | + "module": "waf" |
| 5667 | + }, |
| 5668 | + "conditions": [ |
| 5669 | + { |
| 5670 | + "parameters": { |
| 5671 | + "inputs": [ |
| 5672 | + { |
| 5673 | + "address": "server.request.query" |
| 5674 | + }, |
| 5675 | + { |
| 5676 | + "address": "server.request.body" |
| 5677 | + }, |
| 5678 | + { |
| 5679 | + "address": "server.request.path_params" |
| 5680 | + }, |
| 5681 | + { |
| 5682 | + "address": "server.request.headers.no_cookies" |
| 5683 | + }, |
| 5684 | + { |
| 5685 | + "address": "grpc.server.request.message" |
| 5686 | + }, |
| 5687 | + { |
| 5688 | + "address": "graphql.server.all_resolvers" |
| 5689 | + }, |
| 5690 | + { |
| 5691 | + "address": "graphql.server.resolver" |
| 5692 | + } |
| 5693 | + ], |
| 5694 | + "regex": "(?s)\\bsubprocess\\b.*\\b(?:check_output|run|Popen|call|check_call)\\b", |
| 5695 | + "options": { |
| 5696 | + "case_sensitive": true, |
| 5697 | + "min_length": 14 |
| 5698 | + } |
| 5699 | + }, |
| 5700 | + "operator": "match_regex" |
| 5701 | + } |
| 5702 | + ], |
| 5703 | + "transformers": [] |
| 5704 | + }, |
5659 | 5705 | { |
5660 | 5706 | "id": "dog-934-001", |
5661 | 5707 | "name": "XXE - XML file loads external entity", |
|
9074 | 9120 | "evaluate": true, |
9075 | 9121 | "output": true |
9076 | 9122 | }, |
| 9123 | + { |
| 9124 | + "id": "decode-auth-jwt", |
| 9125 | + "generator": "jwt_decode", |
| 9126 | + "min_version": "1.25.0", |
| 9127 | + "parameters": { |
| 9128 | + "mappings": [ |
| 9129 | + { |
| 9130 | + "inputs": [ |
| 9131 | + { |
| 9132 | + "address": "server.request.headers.no_cookies", |
| 9133 | + "key_path": [ |
| 9134 | + "authorization" |
| 9135 | + ] |
| 9136 | + } |
| 9137 | + ], |
| 9138 | + "output": "server.request.jwt" |
| 9139 | + } |
| 9140 | + ] |
| 9141 | + }, |
| 9142 | + "evaluate": true, |
| 9143 | + "output": false |
| 9144 | + }, |
9077 | 9145 | { |
9078 | 9146 | "id": "http-network-fingerprint", |
9079 | 9147 | "generator": "http_network_fingerprint", |
|
9918 | 9986 | "category": "payment" |
9919 | 9987 | } |
9920 | 9988 | }, |
| 9989 | + { |
| 9990 | + "id": "c542c147-3883-43d6-a067-178e4a7bd65d", |
| 9991 | + "name": "Password", |
| 9992 | + "key": { |
| 9993 | + "operator": "match_regex", |
| 9994 | + "parameters": { |
| 9995 | + "regex": "\\bpass(?:[_-]?word|wd)?\\b|\\bpwd\\b", |
| 9996 | + "options": { |
| 9997 | + "case_sensitive": false, |
| 9998 | + "min_length": 3 |
| 9999 | + } |
| 10000 | + } |
| 10001 | + }, |
| 10002 | + "tags": { |
| 10003 | + "type": "password", |
| 10004 | + "category": "credentials" |
| 10005 | + } |
| 10006 | + }, |
9921 | 10007 | { |
9922 | 10008 | "id": "18b608bd7a764bff5b2344c0", |
9923 | 10009 | "name": "Phone number", |
|
0 commit comments