diff --git a/AppInspector/rules/default/cryptography/ciphers.json b/AppInspector/rules/default/cryptography/ciphers.json index a3973ebc..e71325d0 100644 --- a/AppInspector/rules/default/cryptography/ciphers.json +++ b/AppInspector/rules/default/cryptography/ciphers.json @@ -6,23 +6,23 @@ "tags": [ "Cryptography.Cipher.AES" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "AES", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "AES-?(128|192|256)|Rijndael", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -33,15 +33,15 @@ "tags": [ "Cryptography.Cipher.3DES" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "3DES|TripleDES", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -52,23 +52,23 @@ "tags": [ "Cryptography.Cipher.RC" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "RC([2456])", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "arc4random", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high", + "confidence": "High", "modifiers": [ "i" ] @@ -82,15 +82,15 @@ "tags": [ "Cryptography.Cipher.Salsa20" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "Salsa20", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high", + "confidence": "High", "modifiers": [ "i" ] @@ -104,15 +104,15 @@ "tags": [ "Cryptography.Cipher.ChaCha" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "ChaCha", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high", + "confidence": "High", "modifiers": [ "i" ] @@ -126,16 +126,37 @@ "tags": [ "Cryptography.Cipher.CipherMode" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "CBC|CTR|ECB|OFB|CFB|CTS|PCBC|GMAC|XCBC|IACBC|IAPM|EAX|OCB|CWC|AEAD|LRW|XEX|XTS|CMC|EME|CBCMAC|OMAC|PMAC", - "type": "regexword", + "pattern": "CipherMode\\.|Mode\\s*[=:]\\s*(CBC|CTR|ECB|OFB|CFB|CTS|PCBC|GMAC|XCBC|IACBC|IAPM|EAX|OCB|CWC|AEAD|LRW|XEX|XTS|CMC|EME|CBCMAC|OMAC|PMAC)", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "low" + "confidence": "High" + }, + { + "pattern": "(AES|DES|3DES|Blowfish|Twofish)[-_](CBC|CTR|ECB|OFB|CFB|GCM)", + "type": "Regex", + "scopes": [ + "Code" + ], + "confidence": "High" } + ], + "must-match": [ + "cipher.Mode = CipherMode.CBC;", + "algorithm = new AesManaged { Mode = CipherMode.ECB };", + "cipher = AES-CBC", + "const mode = 'AES_GCM';", + "enc = new Blowfish-CTR()" + ], + "must-not-match": [ + "// CBC Radio broadcasts at 5pm", + "String cbc_variable = 'test';", + "ecb_module = load_module('ecb');", + "medical_term = 'ECG not ECB';" ] }, { @@ -148,31 +169,31 @@ "tags": [ "Cryptography.Cipher.RSA" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "RSACng|RSACryptoServiceProvider|RSAEncryptionPadding|RSAOAEPKeyExchangeDeformatter|X509AsymmetricSecurityKey", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "RSAOAEPKeyExchangeFormatter|RSAPKCS1KeyExchangeDeformatter|RSAPKCS1", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "RSASignaturePadding|RsaProtectedConfigurationProvider|RSACertificateExtensions", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -183,30 +204,52 @@ "tags": [ "Cryptography.Cipher.RSA" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { - "pattern": "RSA.*encrypt|RSA.*decrypt|public.?key|private.?key|privkey|pubkey", - "type": "regex", + "pattern": "RSA(?:Encrypt|Decrypt|Sign|Verify)\\(|RSA[_\\.](?:encrypt|decrypt)", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high", + "confidence": "High", + "modifiers": [ + "i" + ] + }, + { + "pattern": "\\b(?:public|private)[_\\.-]?key\\b|\\bprivkey\\b|\\bpubkey\\b", + "type": "Regex", + "scopes": [ + "Code" + ], + "confidence": "Medium", "modifiers": [ "i" ] }, { "pattern": "rsa", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "low", + "confidence": "Low", "modifiers": [ "i" ] } + ], + "must-match": [ + "encrypted = RSAEncrypt(plaintext, key);", + "var public_key = cert.PublicKey;", + "const privkey = loadPrivateKey();", + "using RSA rsa = RSA.Create();" + ], + "must-not-match": [ + "// Public key infrastructure documentation", + "var publicly_available = true;", + "String private_method_key = 'test';" ] }, { @@ -216,16 +259,16 @@ "tags": [ "Cryptography.Encryption.General" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "encrypt|decrypt|cipher|crypt|symmmetric|asymmetric", - "type": "regex", + "type": "Regex", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], - "confidence": "medium", + "confidence": "Medium", "modifiers": [ "i" ] diff --git a/AppInspector/rules/default/cryptography/hash_algorithm.json b/AppInspector/rules/default/cryptography/hash_algorithm.json index 590ade48..40a81fd3 100644 --- a/AppInspector/rules/default/cryptography/hash_algorithm.json +++ b/AppInspector/rules/default/cryptography/hash_algorithm.json @@ -6,18 +6,18 @@ "tags": [ "Cryptography.HashAlgorithm.SHA2" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "SHA-?(2|224|256|384|512)", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -28,19 +28,19 @@ "tags": [ "Cryptography.HashAlgorithm.Legacy" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "MD2|MD4|MD5|SHA-?(0|1)", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -51,18 +51,18 @@ "tags": [ "Cryptography.HashAlgorithm.SHA3" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "SHA-?3|Keccak", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -73,19 +73,19 @@ "tags": [ "Cryptography.HashAlgorithm.Misc" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "RIPEMD|Blowfish|Twofish|Threefish|Serpent|HMAC|KeyedHashAlgorithm|Blake2|Blake3", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -96,18 +96,18 @@ "tags": [ "Cryptography.HashAlgorithm.Other" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "HashAlgorithm|MessageDigest|DigestUtils", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -118,20 +118,32 @@ "tags": [ "Cryptography.HashAlgorithm.General" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { - "pattern": "hash", - "type": "string", + "pattern": "HashAlgorithm|HashFunction|HashCode|Hashing|Hasher|\\.hash\\(|computeHash|getHash", + "type": "Regex", "scopes": [ - "code", - "comment" + "Code" ], "modifiers": [ "i" ], - "confidence": "low" + "confidence": "Medium" } + ], + "must-match": [ + "using System.Security.Cryptography.HashAlgorithm;", + "def hash_data(): return hashlib.sha256().hash(data)", + "hasher = new Hasher();", + "result = computeHash(input);", + "let hashCode = obj.GetHashCode();" + ], + "must-not-match": [ + "var hashtable = new Dictionary();", + "# Use a hash (#) to comment", + "String hashbrown = 'food';", + "Follow us on social media #hashtag" ] }, { @@ -141,19 +153,19 @@ "tags": [ "Cryptography.HashAlgorithm.SHAKE" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "SHAKE(_?)(128|256)", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] } diff --git a/AppInspector/rules/default/data_handling/database.json b/AppInspector/rules/default/data_handling/database.json index d3be7bd8..7c20675d 100644 --- a/AppInspector/rules/default/data_handling/database.json +++ b/AppInspector/rules/default/data_handling/database.json @@ -9,19 +9,19 @@ "tags": [ "Data.DBMS.ORM.SQLAlchemy" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "sqlalchemy", - "type": "string", + "type": "String", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -35,14 +35,14 @@ "tags": [ "Data.DBMS.ORM.Django" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "django", - "type": "string", + "type": "String", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" @@ -60,26 +60,26 @@ "tags": [ "Data.DBMS.SQLite" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "sqlite|python3-apsw", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high", + "confidence": "High", "modifiers": [ "i" ] }, { "pattern": "apsw", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "medium", + "confidence": "Medium", "modifiers": [ "i" ] @@ -96,15 +96,15 @@ "tags": [ "Data.DBMS.SQLite" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "SqliteCommand|SqliteConnection|System\\.Data\\.SQLite|Microsoft\\.Data\\.SQLite", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -122,15 +122,15 @@ "tags": [ "Data.DBMS.SQLite" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "sqlite", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high", + "confidence": "High", "modifiers": [ "i" ] @@ -148,26 +148,26 @@ "tags": [ "Data.DBMS.PostgreSQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "(pgsql|PG)\\.connect|PG::Connection", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "require(['\"]pg['\"]);", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -181,18 +181,18 @@ "tags": [ "Data.DBMS.PostgreSQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "require 'pg'|(pgsql|PG)\\.connect|PG::Connection", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -206,18 +206,18 @@ "tags": [ "Data.DBMS.PostgreSQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "psycopg2", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -231,18 +231,18 @@ "tags": [ "Data.DBMS.PostgreSQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "npgsql", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -253,18 +253,18 @@ "tags": [ "Data.DBMS.NoSQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "mongodb|mongoose|mongoclient|pymongo|redis|hbase|neo4j|cassandra|couchbase|memcached|couchdb|litedb|LiteDatabase|tinydb", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -278,15 +278,15 @@ "tags": [ "Data.DBMS.SQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "import java.sql", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -300,15 +300,15 @@ "tags": [ "Data.DBMS.SQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "using system.data.sqlclient", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -320,27 +320,27 @@ "tags": [ "Data.DBMS.SQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { - "pattern": "['\\\"](select|insert|delete|update)\\s.*", - "type": "regex", + "pattern": "['\\\"](select|insert|delete|update)\\s+[a-zA-Z0-9_*]+", + "type": "Regex", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ], "conditions": [ { "pattern": { - "pattern": "from|where", - "type": "regexword", + "pattern": "from|where|into|values|set", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" @@ -349,6 +349,17 @@ "search_in": "finding-region(-5,5)", "negate_finding": false } + ], + "must-match": [ + "query = \"SELECT * FROM users WHERE id = 1\"", + "sql = 'INSERT INTO table VALUES (1, 2, 3)'", + "cmd = \"DELETE FROM logs WHERE date < '2020-01-01'\"", + "statement = \"UPDATE users SET active = 1\"" + ], + "must-not-match": [ + "text = 'choose an option';", + "var instruction = 'add new item';", + "// Comment about operations" ] }, { @@ -359,18 +370,18 @@ "tags": [ "Data.DBMS.SQL" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "mysql", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -385,26 +396,26 @@ "tags": [ "Data.DBMS.SQL.Oracle" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "oracle\\.jdbc|oracledriver|com.oracle", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "oracle", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "medium" + "confidence": "Medium" } ] }, @@ -418,29 +429,29 @@ "tags": [ "Data.DBMS.SQL.Oracle" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "import cx_Oracle", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "oracle", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "low" + "confidence": "Low" } ] }, @@ -459,16 +470,16 @@ "tags": [ "Data.DBMS.General" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "database", - "type": "string", + "type": "String", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -482,15 +493,15 @@ "tags": [ "Data.DBMS.Connection.ODBC" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "OdbcConnection|OdbcCommand|OdbcDataReader", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -509,15 +520,15 @@ "tags": [ "Data.DBMS.Connection.ODBC" ], - "severity": "moderate", + "severity": "Moderate", "patterns": [ { "pattern": "Odbc", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] } diff --git a/AppInspector/rules/default/data_handling/deserialization.json b/AppInspector/rules/default/data_handling/deserialization.json index ba1f182f..73e20f87 100644 --- a/AppInspector/rules/default/data_handling/deserialization.json +++ b/AppInspector/rules/default/data_handling/deserialization.json @@ -10,19 +10,26 @@ "tags": [ "Data.Serialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "Serialize", - "type": "regex", + "pattern": "#\\[derive\\(.*Serialize.*\\)]|serde::Serialize", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "modifiers": [ - "i" - ], - "confidence": "medium" + "confidence": "High" } + ], + "must-match": [ + "#[derive(Debug, Serialize, Deserialize)]", + "use serde::Serialize;", + "#[derive(Serialize)]" + ], + "must-not-match": [ + "// Serialize the data to JSON", + "def serialize_data(obj):", + "class MySerializer: pass" ] }, { @@ -35,16 +42,27 @@ "tags": [ "Data.Serialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "import .*c?pickle", - "type": "regex", + "pattern": "^\\s*import\\s+(?:c)?pickle\\s*$|^\\s*from\\s+(?:c)?pickle\\s+import", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } + ], + "must-match": [ + "import pickle", + "import cpickle", + "from pickle import dumps, loads", + "from cpickle import dump" + ], + "must-not-match": [ + "import my_pickle_wrapper", + "# import pickle for serialization", + "from utils.pickle_helper import serialize" ] }, { @@ -57,15 +75,15 @@ "tags": [ "Data.Serialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "c?pickle\\.dump", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -79,15 +97,15 @@ "tags": [ "Data.Deserialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "c?pickle\\.load", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -101,15 +119,15 @@ "tags": [ "Data.Deserialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": ".readObject", - "type": "substring", + "type": "Substring", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -123,15 +141,15 @@ "tags": [ "Data.Deserialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "unserialize\\(", - "type": "substring", + "type": "Substring", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -145,15 +163,15 @@ "tags": [ "Data.Deserialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "(YAML|Syck|Marshal)\\.load", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -167,15 +185,15 @@ "tags": [ "Data.Serialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "SerializeObject|JavaScriptSerializer|Newtonsoft|json\\.net|Utf8Json|MessagePack", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -189,39 +207,39 @@ "tags": [ "Data.Deserialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "DeserializeObject", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "PopulateObject", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "TypeNameHandling", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "(De)?[Ss]erialize", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -235,31 +253,31 @@ "tags": [ "Data.Deserialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "System.Runtime.Serialization", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "BinaryFormatter", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "TypeNameHandling", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -274,19 +292,27 @@ "tags": [ "Data.Deserialization" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "Deserialize", - "type": "regex", + "pattern": "#\\[derive\\(.*Deserialize.*\\)]|serde::Deserialize|from_str\\(|parse\\(", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "modifiers": [ - "i" - ], - "confidence": "medium" + "confidence": "Medium" } + ], + "must-match": [ + "#[derive(Debug, Deserialize)]", + "use serde::Deserialize;", + "let value: MyType = serde_json::from_str(json_str)?;", + "let num = s.parse();" + ], + "must-not-match": [ + "// Deserialize JSON data", + "def deserialize(data):", + "class MyDeserializer: pass" ] }, { @@ -296,19 +322,37 @@ "tags": [ "Data.Deserialization.Signal.Bluetooth" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "Bluetooth", - "type": "string", + "pattern": "BluetoothAdapter|BluetoothDevice|BluetoothGatt|BluetoothSocket|CBCentralManager|CBPeripheral", + "type": "RegexWord", + "scopes": [ + "Code" + ], + "confidence": "High" + }, + { + "pattern": "\\bbluetooth\\b", + "type": "Regex", "modifiers": [ "i" ], "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "Medium" } + ], + "must-match": [ + "BluetoothAdapter adapter = BluetoothAdapter.getDefaultAdapter();", + "var device = new BluetoothDevice();", + "CBCentralManager *manager = [[CBCentralManager alloc] init];", + "const bluetooth = require('bluetooth-serial-port');" + ], + "must-not-match": [ + "var has_bluetooth_support = false;", + "String bluetooth_disabled = 'error';" ] }, { @@ -318,19 +362,37 @@ "tags": [ "Data.Deserialization.Signal.Cellular" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "Cellular", - "type": "string", + "pattern": "CTTelephonyNetworkInfo|CTCarrier|TelephonyManager|CellInfo", + "type": "RegexWord", + "scopes": [ + "Code" + ], + "confidence": "High" + }, + { + "pattern": "\\bcellular\\b", + "type": "Regex", "modifiers": [ "i" ], "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "Medium" } + ], + "must-match": [ + "TelephonyManager telMgr = (TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE);", + "CTTelephonyNetworkInfo *netInfo = [[CTTelephonyNetworkInfo alloc] init];", + "List cellInfos = telephonyManager.getAllCellInfo();", + "const cellular = networkInfo.cellular;" + ], + "must-not-match": [ + "var cellular_enabled = false;", + "String cellular_provider = 'Verizon';" ] }, { @@ -340,19 +402,34 @@ "tags": [ "Data.Deserialization.Signal.USB" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "USB", - "type": "string", - "modifiers": [ - "i" + "pattern": "USBDevice|UsbManager|UsbAccessory|IOUSBDeviceInterface|libusb", + "type": "RegexWord", + "scopes": [ + "Code" ], + "confidence": "High" + }, + { + "pattern": "\\bUSB\\b", + "type": "Regex", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "Medium" } + ], + "must-match": [ + "UsbManager manager = (UsbManager)getSystemService(Context.USB_SERVICE);", + "const device = new USBDevice();", + "IOUSBDeviceInterface **deviceInterface;", + "import libusb" + ], + "must-not-match": [ + "var usb_enabled = false;", + "String usb_port_name = 'COM1';" ] }, { @@ -362,19 +439,37 @@ "tags": [ "Data.Deserialization.Signal.Ethernet" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "Ethernet", - "type": "string", + "pattern": "EthernetClient|EthernetServer|NetworkInterface|getifaddrs|pcap", + "type": "RegexWord", + "scopes": [ + "Code" + ], + "confidence": "High" + }, + { + "pattern": "\\bethernet\\b", + "type": "Regex", "modifiers": [ "i" ], "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "Medium" } + ], + "must-match": [ + "EthernetClient client;", + "NetworkInterface[] interfaces = NetworkInterface.GetAllNetworkInterfaces();", + "if (getifaddrs(&ifaddr) == -1) { }", + "const ethernet = new EthernetServer(80);" + ], + "must-not-match": [ + "var ethernet_connected = false;", + "String ethernet_mac = '00:11:22:33:44:55';" ] }, { @@ -384,19 +479,37 @@ "tags": [ "Data.Deserialization.Signal.Modem" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "Modem", - "type": "string", + "pattern": "ModemManager|ATCommand|SerialPort|TAPI", + "type": "RegexWord", + "scopes": [ + "Code" + ], + "confidence": "High" + }, + { + "pattern": "\\bmodem\\b", + "type": "Regex", "modifiers": [ "i" ], "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "Medium" } + ], + "must-match": [ + "ModemManager *manager = modem_manager_new();", + "SerialPort port = new SerialPort(\"COM1\");", + "sendATCommand(\"AT+CGMI\");", + "const modem = require('modem-js');" + ], + "must-not-match": [ + "var modem_enabled = false;", + "String modem_vendor = 'Qualcomm';" ] } ] \ No newline at end of file diff --git a/AppInspector/rules/default/security_feature/authentication.json b/AppInspector/rules/default/security_feature/authentication.json index b1bb7e08..1bd93bdd 100644 --- a/AppInspector/rules/default/security_feature/authentication.json +++ b/AppInspector/rules/default/security_feature/authentication.json @@ -6,55 +6,55 @@ "tags": [ "Authentication.Microsoft.Online" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "login\\.microsoftonline(-p)*\\.com|SAS.*Token|login\\.live.com|Shared *Access *Signature", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "System\\.IdentityModel|AzureADB2C|SingleAccountPublicClientApplication|MultipleAccountPublicClientApplication", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "microsoft\\.aad|microsoft\\.adal|microsoft\\.msal|AADClient|Microsoft\\.IdentityModel|passport\\.net|ServicePrincipalCredentials", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "AuthenticationResult|MsalServiceException", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -65,31 +65,39 @@ "tags": [ "Authentication.Microsoft.Online" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "AcquireTokenForClient|ConfidentialClientApplicationBuilder", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], - "confidence": "high" + "confidence": "High" } ], "conditions": [ { "pattern": { - "pattern": "\\.WithClientClaims\\(.*cert.*\\)|\\.WithCertificate\\(", - "type": "regex", + "pattern": "\\.WithClientClaims\\([^)]*cert[^)]*\\)|\\.WithCertificate\\(", + "type": "Regex", "scopes": [ - "code" + "Code" ], "_comment": "negate cases for certificate rule identifying client TLS auth" }, "search_in": "finding-region(-10,10)", "negate_finding": true } + ], + "must-match": [ + "var app = ConfidentialClientApplicationBuilder.Create(clientId).Build();", + "result = app.AcquireTokenForClient(new[] { scope }).ExecuteAsync().Result;" + ], + "must-not-match": [ + "// Using certificate authentication", + "var builder = new ClientApplicationBuilder();" ] }, { @@ -99,29 +107,29 @@ "tags": [ "Authentication.Google" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "using Google\\.Apis\\.Auth|GoogleCredential|AppIdentityCredential|oauth2/google|apis\\.google\\.com/js/api\\.js", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "OIDAuthorizationRequest|accounts\\.google\\.com/o/oauth2|googleapis\\.com/oauth2|GTMAppAuth", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -132,51 +140,51 @@ "tags": [ "Authentication.Oauth" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "oauth", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "auth.?token|access.?token|client.?credentials|client.?id|client.?secret|api.?key", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "low" + "confidence": "Low" }, { "pattern": "Authorization: Bearer", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "bearer", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "low" + "confidence": "Low" } ] }, @@ -187,20 +195,31 @@ "tags": [ "Authentication.OpenIDConnect" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "OpenID", - "type": "string", + "pattern": "\\bOpenID\\b|OpenID\\s+Connect|openid-configuration|\\.openid\\.", + "type": "Regex", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } + ], + "must-match": [ + "const provider = new OpenID.Client();", + "url = 'https://auth.example.com/.well-known/openid-configuration'", + "// Uses OpenID Connect for authentication", + "import openid from '@openid/appauth';" + ], + "must-not-match": [ + "var open_id_variable = 123;", + "function openIdDialog() { }", + "const isOpenIdEnabled = false;" ] }, { @@ -211,62 +230,62 @@ "Authentication.Microsoft.Windows.ActiveDirectory", "Authentication.Microsoft.Windows.Entra" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "active.?directory|ADFS|entra", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "ADsOpenObject|ADObject|ADComputer|ADGroup|ADUser|ADContainer|ADDomain", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "Microsoft\\.IdentityModel\\.ActiveDirectory", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "ManagedIdentityClient|UsernamePasswordCredentialOptions|SharedTokenCacheCredential|EnvironmentalCredential|DeviceCodeCredential|InteractiveBrowserCredential|ClientSecretCredential|ClientCertificateCredential|AuthorizationCodeCredential|DefaultAzureCredential|AzureCliCredential", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "System\\.DirectoryServices|IDirectoryObject|IDirectorySearch", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], - "confidence": "medium" + "confidence": "Medium" }, { "pattern": "AddMicrosoftIdentityUI", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], - "confidence": "medium" + "confidence": "Medium" } ], "must-match": [ @@ -280,19 +299,19 @@ "tags": [ "Authentication.LDAP" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "LDAP|ldaps", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -303,34 +322,34 @@ "tags": [ "Authentication.Microsoft.Windows.NTLM" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "WWW-Authenticate: NTLM|windowsAuthentication|CredentialCache\\.DefaultCredentials|HTTPNtlmAuthHandler", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "LogonUserA|LogonUserEx|LogonUserW", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "NTLM", - "type": "string", + "type": "String", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "medium" + "confidence": "Medium" } ] }, @@ -348,18 +367,18 @@ "tags": [ "Authentication.Microsoft.Windows.Kerberos" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "WindowsIdentity|WindowsPrincipal|Kerberos", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high", + "confidence": "High", "_comment": "possible use for NTLM but default is Kerberos" } ] @@ -371,19 +390,19 @@ "tags": [ "Authentication.JWT" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "jwt|RFC 7519|System\\.IdentityModel\\.Tokens\\.Jwt|JwtSecurityToken|JsonWebToken", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code", - "comment" + "Code", + "Comment" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -394,18 +413,18 @@ "tags": [ "Authentication.HTMLForm" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": " type=['\\\"]password['\\\"] ", - "type": "regex", + "type": "Regex", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -419,18 +438,18 @@ "tags": [ "Authentication.SAML" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "AuthenticationHeaderValue\\(\"SAML\"", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -441,29 +460,29 @@ "tags": [ "Authentication.SAML" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "SAML|saml2", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "federation|sso", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "medium" + "confidence": "Medium" } ] }, @@ -474,18 +493,18 @@ "tags": [ "Authentication.General" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "\"Authorization: Basic|WWW-Authenticate|AuthenticationHeaderValue\\(\"Basic\"", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" } ] }, @@ -496,19 +515,42 @@ "tags": [ "Authentication.General" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "principal|identity|auth|authenticated|authentication|signin|sign-?in|signout|sign-?out|networkcredential|isauthenticated|isloggedin", - "type": "regexword", + "pattern": "\\b(principal|identity|authenticated|authentication|sign-?in|sign-?out|networkcredential|isauthenticated|isloggedin)\\b", + "type": "Regex", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" + }, + { + "pattern": "authenticate\\(|checkAuth|requireAuth|verifyAuth", + "type": "Regex", + "scopes": [ + "Code" + ], + "modifiers": [ + "i" + ], + "confidence": "High" } + ], + "must-match": [ + "if (user.IsAuthenticated) { }", + "var identity = ClaimsPrincipal.Current.Identity;", + "const result = authenticate(username, password);", + "session.checkAuth();", + "app.use(requireAuth);" + ], + "must-not-match": [ + "// The author of this code", + "String authorize = 'permission';", + "function authorizeUser() { }" ] }, { @@ -518,18 +560,18 @@ "tags": [ "Authentication.General" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { "pattern": "log(in|on)|log(off|out)", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "low" + "confidence": "Low" } ] }, @@ -540,30 +582,41 @@ "tags": [ "Authentication.General" ], - "severity": "critical", + "severity": "Critical", "patterns": [ { - "pattern": "(username|userid|password|passphrase|multi-factor|credential|acct)s?", - "type": "regexword", + "pattern": "\\b(usernames?|userids?|passwords?|passphrases?|multi-?factors?|credentials?|accts?)\\b", + "type": "Regex", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "high" + "confidence": "High" }, { "pattern": "connection.?string|conn.?string|DefaultNetworkCredentials", - "type": "regexword", + "type": "RegexWord", "scopes": [ - "code" + "Code" ], "modifiers": [ "i" ], - "confidence": "medium" + "confidence": "Medium" } + ], + "must-match": [ + "String username = request.getParameter('user');", + "const passwords = ['pass1', 'pass2'];", + "var credential = new NetworkCredential(user, pass);", + "string connectionString = 'Server=localhost';" + ], + "must-not-match": [ + "// username_old is deprecated", + "var use_credentials = false;", + "function getPasswordStrength() { }" ] } ] \ No newline at end of file