diff --git a/assets/semgrep_rules/generated/nonfree/audit.yaml b/assets/semgrep_rules/generated/nonfree/audit.yaml index f48c0758..349b259f 100644 --- a/assets/semgrep_rules/generated/nonfree/audit.yaml +++ b/assets/semgrep_rules/generated/nonfree/audit.yaml @@ -27,13 +27,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/bash.curl.security.curl-pipe-bash.curl-pipe-bash shortlink: https://sg.run/KXz6 semgrep.dev: rule: rule_id: qNUXrw - version_id: GxTpd8 - url: https://semgrep.dev/playground/r/GxTpd8/bash.curl.security.curl-pipe-bash.curl-pipe-bash + version_id: NdTx1B + url: https://semgrep.dev/playground/r/NdTx1B/bash.curl.security.curl-pipe-bash.curl-pipe-bash origin: community patterns: - pattern-either: @@ -68,13 +70,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/bash.lang.security.ifs-tampering.ifs-tampering shortlink: https://sg.run/Q9pq semgrep.dev: rule: rule_id: WAUy9q - version_id: 8KTWnY - url: https://semgrep.dev/playground/r/8KTWnY/bash.lang.security.ifs-tampering.ifs-tampering + version_id: kbTo7O + url: https://semgrep.dev/playground/r/kbTo7O/bash.lang.security.ifs-tampering.ifs-tampering origin: community - id: c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string message: Use %s, %d, %c... to format your variables, otherwise this could leak information. @@ -94,13 +98,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string shortlink: https://sg.run/vzwn semgrep.dev: rule: rule_id: 5rUOlg - version_id: e1TAB7 - url: https://semgrep.dev/playground/r/e1TAB7/c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string + version_id: O9TPyd + url: https://semgrep.dev/playground/r/O9TPyd/c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string origin: community languages: - c @@ -124,13 +130,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn shortlink: https://sg.run/dKqX semgrep.dev: rule: rule_id: GdU7OE - version_id: 5PTB64 - url: https://semgrep.dev/playground/r/5PTB64/c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn + version_id: e1T6xy + url: https://semgrep.dev/playground/r/e1T6xy/c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn origin: community languages: - c @@ -168,13 +176,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/c.lang.security.insecure-use-memset.insecure-use-memset shortlink: https://sg.run/l9GE semgrep.dev: rule: rule_id: d8UK7D - version_id: xyTOO3 - url: https://semgrep.dev/playground/r/xyTOO3/c.lang.security.insecure-use-memset.insecure-use-memset + version_id: vdTZ2X + url: https://semgrep.dev/playground/r/vdTZ2X/c.lang.security.insecure-use-memset.insecure-use-memset origin: community - id: c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn pattern: scanf(...) @@ -195,13 +205,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn shortlink: https://sg.run/nd1g semgrep.dev: rule: rule_id: AbUzPd - version_id: nWTwv8 - url: https://semgrep.dev/playground/r/nWTwv8/c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn + version_id: ZRTLwx + url: https://semgrep.dev/playground/r/ZRTLwx/c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn origin: community languages: - c @@ -228,13 +240,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn shortlink: https://sg.run/EkRP semgrep.dev: rule: rule_id: BYUNjA - version_id: ExTYz2 - url: https://semgrep.dev/playground/r/ExTYz2/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn + version_id: nWT67k + url: https://semgrep.dev/playground/r/nWT67k/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn origin: community languages: - c @@ -264,13 +278,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn shortlink: https://sg.run/7oNk semgrep.dev: rule: rule_id: DbUpo5 - version_id: 7ZTYke - url: https://semgrep.dev/playground/r/7ZTYke/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn + version_id: ExT9nX + url: https://semgrep.dev/playground/r/ExT9nX/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn origin: community languages: - c @@ -295,13 +311,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-strtok-fn.insecure-use-strtok-fn shortlink: https://sg.run/LwqG semgrep.dev: rule: rule_id: WAUo5v - version_id: LjTpvr - url: https://semgrep.dev/playground/r/LjTpvr/c.lang.security.insecure-use-strtok-fn.insecure-use-strtok-fn + version_id: 7ZTLOY + url: https://semgrep.dev/playground/r/7ZTLOY/c.lang.security.insecure-use-strtok-fn.insecure-use-strtok-fn origin: community languages: - c @@ -342,13 +360,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/c.lang.security.random-fd-exhaustion.random-fd-exhaustion shortlink: https://sg.run/8yNj semgrep.dev: rule: rule_id: 0oU5k4 - version_id: 8KTLwz - url: https://semgrep.dev/playground/r/8KTLwz/c.lang.security.random-fd-exhaustion.random-fd-exhaustion + version_id: LjT10x + url: https://semgrep.dev/playground/r/LjT10x/c.lang.security.random-fd-exhaustion.random-fd-exhaustion origin: community languages: - c @@ -377,13 +397,15 @@ rules: technology: - node.js license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/contrib.nodejsscan.crypto_node.node_md5 shortlink: https://sg.run/dKBX semgrep.dev: rule: rule_id: GdU75E - version_id: zyTdbN - url: https://semgrep.dev/playground/r/zyTdbN/contrib.nodejsscan.crypto_node.node_md5 + version_id: yeT6L5 + url: https://semgrep.dev/playground/r/yeT6L5/contrib.nodejsscan.crypto_node.node_md5 origin: community languages: - javascript @@ -424,13 +446,15 @@ rules: technology: - node.js license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/contrib.nodejsscan.crypto_node.node_sha1 shortlink: https://sg.run/ZvEx semgrep.dev: rule: rule_id: ReUgYx - version_id: pZTo0A - url: https://semgrep.dev/playground/r/pZTo0A/contrib.nodejsscan.crypto_node.node_sha1 + version_id: rxT5Y8 + url: https://semgrep.dev/playground/r/rxT5Y8/contrib.nodejsscan.crypto_node.node_sha1 origin: community languages: - javascript @@ -473,13 +497,15 @@ rules: - ".net" - mvc license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/csharp.dotnet.security.mvc-missing-antiforgery.mvc-missing-antiforgery shortlink: https://sg.run/Y0Jy semgrep.dev: rule: rule_id: ZqUlxE - version_id: JdTre1 - url: https://semgrep.dev/playground/r/JdTre1/csharp.dotnet.security.mvc-missing-antiforgery.mvc-missing-antiforgery + version_id: xyT4Lo + url: https://semgrep.dev/playground/r/xyT4Lo/csharp.dotnet.security.mvc-missing-antiforgery.mvc-missing-antiforgery origin: community languages: - csharp @@ -527,13 +553,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/csharp.dotnet.security.net-webconfig-debug.net-webconfig-debug shortlink: https://sg.run/yPWx semgrep.dev: rule: rule_id: 0oUrvj - version_id: 5PTl7J - url: https://semgrep.dev/playground/r/5PTl7J/csharp.dotnet.security.net-webconfig-debug.net-webconfig-debug + version_id: O9Tyje + url: https://semgrep.dev/playground/r/O9Tyje/csharp.dotnet.security.net-webconfig-debug.net-webconfig-debug origin: community languages: - generic @@ -568,13 +596,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/csharp.dotnet.security.net-webconfig-trace-enabled.net-webconfig-trace-enabled shortlink: https://sg.run/6bP1 semgrep.dev: rule: rule_id: nJUyJq - version_id: PkTXbE - url: https://semgrep.dev/playground/r/PkTXbE/csharp.dotnet.security.net-webconfig-trace-enabled.net-webconfig-trace-enabled + version_id: e1TxR6 + url: https://semgrep.dev/playground/r/e1TxR6/csharp.dotnet.security.net-webconfig-trace-enabled.net-webconfig-trace-enabled origin: community languages: - generic @@ -613,13 +643,15 @@ rules: - asp - webforms license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/csharp.dotnet.security.web-config-insecure-cookie-settings.web-config-insecure-cookie-settings shortlink: https://sg.run/z1jd semgrep.dev: rule: rule_id: 7KUxPg - version_id: GxTEJj - url: https://semgrep.dev/playground/r/GxTEJj/csharp.dotnet.security.web-config-insecure-cookie-settings.web-config-insecure-cookie-settings + version_id: 7ZTOgD + url: https://semgrep.dev/playground/r/7ZTOgD/csharp.dotnet.security.web-config-insecure-cookie-settings.web-config-insecure-cookie-settings origin: community languages: - generic @@ -679,13 +711,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/csharp.lang.security.ad.jwt-tokenvalidationparameters-no-expiry-validation.jwt-tokenvalidationparameters-no-expiry-validation shortlink: https://sg.run/KA0d semgrep.dev: rule: rule_id: bwU5kK - version_id: 1QTqdb - url: https://semgrep.dev/playground/r/1QTqdb/csharp.lang.security.ad.jwt-tokenvalidationparameters-no-expiry-validation.jwt-tokenvalidationparameters-no-expiry-validation + version_id: gETq3W + url: https://semgrep.dev/playground/r/gETq3W/csharp.lang.security.ad.jwt-tokenvalidationparameters-no-expiry-validation.jwt-tokenvalidationparameters-no-expiry-validation origin: community languages: - csharp @@ -714,13 +748,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/csharp.lang.security.injections.os-command.os-command-injection shortlink: https://sg.run/Ze6p semgrep.dev: rule: rule_id: 9AUOjg - version_id: o5TWJ5 - url: https://semgrep.dev/playground/r/o5TWJ5/csharp.lang.security.injections.os-command.os-command-injection + version_id: 5PT6d9 + url: https://semgrep.dev/playground/r/5PT6d9/csharp.lang.security.injections.os-command.os-command-injection origin: community message: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes @@ -795,13 +831,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.data-contract-resolver.data-contract-resolver shortlink: https://sg.run/yXjP semgrep.dev: rule: rule_id: PeUxb0 - version_id: pZTqAJ - url: https://semgrep.dev/playground/r/pZTqAJ/csharp.lang.security.insecure-deserialization.data-contract-resolver.data-contract-resolver + version_id: RGTbDR + url: https://semgrep.dev/playground/r/RGTbDR/csharp.lang.security.insecure-deserialization.data-contract-resolver.data-contract-resolver origin: community message: Only use DataContractResolver if you are completely sure of what information is being serialized. Malicious types can cause unexpected behavior. @@ -832,13 +870,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.fast-json.insecure-fastjson-deserialization shortlink: https://sg.run/nqnd semgrep.dev: rule: rule_id: NbUAwk - version_id: 2KTAEn - url: https://semgrep.dev/playground/r/2KTAEn/csharp.lang.security.insecure-deserialization.fast-json.insecure-fastjson-deserialization + version_id: A8TR9g + url: https://semgrep.dev/playground/r/A8TR9g/csharp.lang.security.insecure-deserialization.fast-json.insecure-fastjson-deserialization origin: community message: "$type extension has the potential to be unsafe, so use it with common sense and known json sources and not public facing ones to be safe" @@ -875,13 +915,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.insecure-typefilterlevel-full.insecure-typefilterlevel-full shortlink: https://sg.run/rere semgrep.dev: rule: rule_id: JDUlKl - version_id: jQTLJA - url: https://semgrep.dev/playground/r/jQTLJA/csharp.lang.security.insecure-deserialization.insecure-typefilterlevel-full.insecure-typefilterlevel-full + version_id: GxTwen + url: https://semgrep.dev/playground/r/GxTwen/csharp.lang.security.insecure-deserialization.insecure-typefilterlevel-full.insecure-typefilterlevel-full origin: community message: Using a .NET remoting service can lead to RCE, even if you try to configure TypeFilterLevel. Recommended to switch from .NET Remoting to WCF https://docs.microsoft.com/en-us/dotnet/framework/wcf/migrating-from-net-remoting-to-wcf @@ -929,13 +971,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.javascript-serializer.insecure-javascriptserializer-deserialization shortlink: https://sg.run/0nJq semgrep.dev: rule: rule_id: PeUkrK - version_id: 1QT0Qw - url: https://semgrep.dev/playground/r/1QT0Qw/csharp.lang.security.insecure-deserialization.javascript-serializer.insecure-javascriptserializer-deserialization + version_id: WrTbWG + url: https://semgrep.dev/playground/r/WrTbWG/csharp.lang.security.insecure-deserialization.javascript-serializer.insecure-javascriptserializer-deserialization origin: community message: The SimpleTypeResolver class is insecure and should not be used. Using SimpleTypeResolver to deserialize JSON could allow the remote client to execute @@ -992,13 +1036,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.newtonsoft.insecure-newtonsoft-deserialization shortlink: https://sg.run/8n2g semgrep.dev: rule: rule_id: OrUGgl - version_id: A8T7Lz - url: https://semgrep.dev/playground/r/A8T7Lz/csharp.lang.security.insecure-deserialization.newtonsoft.insecure-newtonsoft-deserialization + version_id: qkTN2K + url: https://semgrep.dev/playground/r/qkTN2K/csharp.lang.security.insecure-deserialization.newtonsoft.insecure-newtonsoft-deserialization origin: community - id: csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span severity: WARNING @@ -1023,13 +1069,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span shortlink: https://sg.run/b4eW semgrep.dev: rule: rule_id: 5rUyEN - version_id: NdT5J4 - url: https://semgrep.dev/playground/r/NdT5J4/csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span + version_id: YDTopx + url: https://semgrep.dev/playground/r/YDTopx/csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span origin: community message: MemoryMarshal.CreateSpan and MemoryMarshal.CreateReadOnlySpan should be used with caution, as the length argument is not checked. @@ -1057,13 +1105,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/csharp.lang.security.regular-expression-dos.regular-expression-dos-infinite-timeout.regular-expression-dos-infinite-timeout shortlink: https://sg.run/NgRy semgrep.dev: rule: rule_id: GdUDBP - version_id: yeT7Pv - url: https://semgrep.dev/playground/r/yeT7Pv/csharp.lang.security.regular-expression-dos.regular-expression-dos-infinite-timeout.regular-expression-dos-infinite-timeout + version_id: zyT5Kv + url: https://semgrep.dev/playground/r/zyT5Kv/csharp.lang.security.regular-expression-dos.regular-expression-dos-infinite-timeout.regular-expression-dos-infinite-timeout origin: community message: 'Specifying the regex timeout leaves the system vulnerable to a regex-based Denial of Service (DoS) attack. Consider setting the timeout to a short amount @@ -1103,13 +1153,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/csharp.lang.security.regular-expression-dos.regular-expression-dos.regular-expression-dos shortlink: https://sg.run/RPyY semgrep.dev: rule: rule_id: 4bU2gd - version_id: RGTzvG - url: https://semgrep.dev/playground/r/RGTzvG/csharp.lang.security.regular-expression-dos.regular-expression-dos.regular-expression-dos + version_id: pZTr14 + url: https://semgrep.dev/playground/r/pZTr14/csharp.lang.security.regular-expression-dos.regular-expression-dos.regular-expression-dos origin: community message: An attacker can then cause a program using a regular expression to enter these extreme situations and then hang for a very long time. @@ -1171,7 +1223,7 @@ rules: - pattern: | $S = String.Format(...); ... - $PATTERN $SQL = new PATTERN($S,...); + $PATTERN $SQL = new $PATTERN($S,...); - pattern: | $S = String.Concat(...); ... @@ -1225,13 +1277,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/csharp.lang.security.sqli.csharp-sqli.csharp-sqli shortlink: https://sg.run/d2Xd semgrep.dev: rule: rule_id: x8UxeP - version_id: A8T4Yl - url: https://semgrep.dev/playground/r/A8T4Yl/csharp.lang.security.sqli.csharp-sqli.csharp-sqli + version_id: RGTvL8 + url: https://semgrep.dev/playground/r/RGTvL8/csharp.lang.security.sqli.csharp-sqli.csharp-sqli origin: community languages: - csharp @@ -1258,13 +1312,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.http-client.ssrf shortlink: https://sg.run/4eB9 semgrep.dev: rule: rule_id: 10UdbE - version_id: BjTPYZ - url: https://semgrep.dev/playground/r/BjTPYZ/csharp.lang.security.ssrf.http-client.ssrf + version_id: X0TPQ1 + url: https://semgrep.dev/playground/r/X0TPQ1/csharp.lang.security.ssrf.http-client.ssrf origin: community message: SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself. @@ -1331,13 +1387,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.rest-client.ssrf shortlink: https://sg.run/Pb9v semgrep.dev: rule: rule_id: 9AURoq - version_id: DkT58j - url: https://semgrep.dev/playground/r/DkT58j/csharp.lang.security.ssrf.rest-client.ssrf + version_id: jQTKgW + url: https://semgrep.dev/playground/r/jQTKgW/csharp.lang.security.ssrf.rest-client.ssrf origin: community message: SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself. @@ -1382,13 +1440,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.web-client.ssrf shortlink: https://sg.run/JxqP semgrep.dev: rule: rule_id: yyUPBe - version_id: WrT1x1 - url: https://semgrep.dev/playground/r/WrT1x1/csharp.lang.security.ssrf.web-client.ssrf + version_id: 1QTjO6 + url: https://semgrep.dev/playground/r/1QTjO6/csharp.lang.security.ssrf.web-client.ssrf origin: community message: SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself. @@ -1474,13 +1534,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.web-request.ssrf shortlink: https://sg.run/5DWj semgrep.dev: rule: rule_id: r6UwoG - version_id: nWTdk6 - url: https://semgrep.dev/playground/r/nWTdk6/csharp.lang.security.ssrf.web-request.ssrf + version_id: 9lTzdp + url: https://semgrep.dev/playground/r/9lTzdp/csharp.lang.security.ssrf.web-request.ssrf origin: community message: The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that @@ -1543,13 +1605,15 @@ rules: impact: LOW confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/csharp.lang.security.stacktrace-disclosure.stacktrace-disclosure shortlink: https://sg.run/XvkA semgrep.dev: rule: rule_id: lBU6Dv - version_id: ExTd6n - url: https://semgrep.dev/playground/r/ExTd6n/csharp.lang.security.stacktrace-disclosure.stacktrace-disclosure + version_id: yeTXRK + url: https://semgrep.dev/playground/r/yeTXRK/csharp.lang.security.stacktrace-disclosure.stacktrace-disclosure origin: community languages: - csharp @@ -1584,13 +1648,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/csharp.razor.security.html-raw-json.html-raw-json shortlink: https://sg.run/P86E semgrep.dev: rule: rule_id: lBUzPw - version_id: gETLn3 - url: https://semgrep.dev/playground/r/gETLn3/csharp.razor.security.html-raw-json.html-raw-json + version_id: kbT7dG + url: https://semgrep.dev/playground/r/kbT7dG/csharp.razor.security.html-raw-json.html-raw-json origin: community paths: include: @@ -1637,13 +1703,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/dockerfile.security.last-user-is-root.last-user-is-root shortlink: https://sg.run/5Z43 semgrep.dev: rule: rule_id: ReU2n5 - version_id: 8KTDkl - url: https://semgrep.dev/playground/r/8KTDkl/dockerfile.security.last-user-is-root.last-user-is-root + version_id: w8T39L + url: https://semgrep.dev/playground/r/w8T39L/dockerfile.security.last-user-is-root.last-user-is-root origin: community - id: dockerfile.security.missing-user-entrypoint.missing-user-entrypoint patterns: @@ -1679,13 +1747,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/dockerfile.security.missing-user-entrypoint.missing-user-entrypoint shortlink: https://sg.run/k281 semgrep.dev: rule: rule_id: ReUW9E - version_id: QkTPnP - url: https://semgrep.dev/playground/r/QkTPnP/dockerfile.security.missing-user-entrypoint.missing-user-entrypoint + version_id: xyT4Ko + url: https://semgrep.dev/playground/r/xyT4Ko/dockerfile.security.missing-user-entrypoint.missing-user-entrypoint origin: community - id: dockerfile.security.missing-user.missing-user patterns: @@ -1721,13 +1791,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/dockerfile.security.missing-user.missing-user shortlink: https://sg.run/Gbvn semgrep.dev: rule: rule_id: AbUN06 - version_id: 3ZTq68 - url: https://semgrep.dev/playground/r/3ZTq68/dockerfile.security.missing-user.missing-user + version_id: O9TyNe + url: https://semgrep.dev/playground/r/O9TyNe/dockerfile.security.missing-user.missing-user origin: community - id: generic.ci.security.bash-reverse-shell.bash_reverse_shell metadata: @@ -1747,13 +1819,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/generic.ci.security.bash-reverse-shell.bash_reverse_shell shortlink: https://sg.run/4l9l semgrep.dev: rule: rule_id: gxUJrJ - version_id: DkT3lr - url: https://semgrep.dev/playground/r/DkT3lr/generic.ci.security.bash-reverse-shell.bash_reverse_shell + version_id: d6TDrR + url: https://semgrep.dev/playground/r/d6TDrR/generic.ci.security.bash-reverse-shell.bash_reverse_shell origin: community message: Semgrep found a bash reverse shell severity: ERROR @@ -1799,13 +1873,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/generic.dockerfile.security.last-user-is-root.last-user-is-root shortlink: https://sg.run/N461 semgrep.dev: rule: rule_id: L1UyO5 - version_id: 9lT29Q - url: https://semgrep.dev/playground/r/9lT29Q/generic.dockerfile.security.last-user-is-root.last-user-is-root + version_id: LjT072 + url: https://semgrep.dev/playground/r/LjT072/generic.dockerfile.security.last-user-is-root.last-user-is-root origin: community - id: generic.nginx.security.alias-path-traversal.alias-path-traversal patterns: @@ -1852,13 +1928,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/generic.nginx.security.alias-path-traversal.alias-path-traversal shortlink: https://sg.run/ZvNL semgrep.dev: rule: rule_id: 5rUOjq - version_id: BjTQRX - url: https://semgrep.dev/playground/r/BjTQRX/generic.nginx.security.alias-path-traversal.alias-path-traversal + version_id: 44To7g + url: https://semgrep.dev/playground/r/44To7g/generic.nginx.security.alias-path-traversal.alias-path-traversal origin: community - id: generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host paths: @@ -1891,13 +1969,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host shortlink: https://sg.run/ndpb semgrep.dev: rule: rule_id: GdU7yl - version_id: DkT3Eq - url: https://semgrep.dev/playground/r/DkT3Eq/generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host + version_id: PkTYDx + url: https://semgrep.dev/playground/r/PkTYDx/generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host origin: community pattern-either: - pattern: proxy_pass $SCHEME://$$HOST ...; @@ -1932,13 +2012,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/generic.nginx.security.dynamic-proxy-scheme.dynamic-proxy-scheme shortlink: https://sg.run/EkAo semgrep.dev: rule: rule_id: ReUg7n - version_id: WrTkLl - url: https://semgrep.dev/playground/r/WrTkLl/generic.nginx.security.dynamic-proxy-scheme.dynamic-proxy-scheme + version_id: JdTq5o + url: https://semgrep.dev/playground/r/JdTq5o/generic.nginx.security.dynamic-proxy-scheme.dynamic-proxy-scheme origin: community pattern: proxy_pass $$SCHEME:// ...; - id: generic.nginx.security.header-injection.header-injection @@ -1979,13 +2061,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/generic.nginx.security.header-injection.header-injection shortlink: https://sg.run/7oj4 semgrep.dev: rule: rule_id: AbUz8p - version_id: 0bTQn5 - url: https://semgrep.dev/playground/r/0bTQn5/generic.nginx.security.header-injection.header-injection + version_id: 5PT6k9 + url: https://semgrep.dev/playground/r/5PT6k9/generic.nginx.security.header-injection.header-injection origin: community - id: generic.nginx.security.header-redefinition.header-redefinition patterns: @@ -2033,13 +2117,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/generic.nginx.security.header-redefinition.header-redefinition shortlink: https://sg.run/Lwl7 semgrep.dev: rule: rule_id: BYUN58 - version_id: K3TPx4 - url: https://semgrep.dev/playground/r/K3TPx4/generic.nginx.security.header-redefinition.header-redefinition + version_id: GxT2j6 + url: https://semgrep.dev/playground/r/GxT2j6/generic.nginx.security.header-redefinition.header-redefinition origin: community - id: generic.nginx.security.insecure-redirect.insecure-redirect patterns: @@ -2077,13 +2163,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/generic.nginx.security.insecure-redirect.insecure-redirect shortlink: https://sg.run/8y14 semgrep.dev: rule: rule_id: DbUpJe - version_id: qkT9Db - url: https://semgrep.dev/playground/r/qkT9Db/generic.nginx.security.insecure-redirect.insecure-redirect + version_id: RGTbeR + url: https://semgrep.dev/playground/r/RGTbeR/generic.nginx.security.insecure-redirect.insecure-redirect origin: community - id: generic.nginx.security.insecure-ssl-version.insecure-ssl-version patterns: @@ -2122,13 +2210,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/generic.nginx.security.insecure-ssl-version.insecure-ssl-version shortlink: https://sg.run/gLKy semgrep.dev: rule: rule_id: WAUo9k - version_id: l4TeE8 - url: https://semgrep.dev/playground/r/l4TeE8/generic.nginx.security.insecure-ssl-version.insecure-ssl-version + version_id: A8TRkg + url: https://semgrep.dev/playground/r/A8TRkg/generic.nginx.security.insecure-ssl-version.insecure-ssl-version origin: community - id: generic.nginx.security.missing-ssl-version.missing-ssl-version patterns: @@ -2165,13 +2255,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/generic.nginx.security.missing-ssl-version.missing-ssl-version shortlink: https://sg.run/3xzl semgrep.dev: rule: rule_id: KxUbeA - version_id: 6xTABD - url: https://semgrep.dev/playground/r/6xTABD/generic.nginx.security.missing-ssl-version.missing-ssl-version + version_id: DkTQqw + url: https://semgrep.dev/playground/r/DkTQqw/generic.nginx.security.missing-ssl-version.missing-ssl-version origin: community - id: generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling patterns: @@ -2230,13 +2322,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling shortlink: https://sg.run/ploZ semgrep.dev: rule: rule_id: 6JUq0Z - version_id: qkTz55 - url: https://semgrep.dev/playground/r/qkTz55/generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling + version_id: WrTbOG + url: https://semgrep.dev/playground/r/WrTbOG/generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling origin: community - id: generic.nginx.security.request-host-used.request-host-used pattern-either: @@ -2272,13 +2366,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/generic.nginx.security.request-host-used.request-host-used shortlink: https://sg.run/4x3Z semgrep.dev: rule: rule_id: qNUjGg - version_id: l4Twlr - url: https://semgrep.dev/playground/r/l4Twlr/generic.nginx.security.request-host-used.request-host-used + version_id: 0bTvyq + url: https://semgrep.dev/playground/r/0bTvyq/generic.nginx.security.request-host-used.request-host-used origin: community - id: generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token pattern-regex: amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} @@ -2306,13 +2402,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token shortlink: https://sg.run/PJzE semgrep.dev: rule: rule_id: lBU9bw - version_id: pZTqEy - url: https://semgrep.dev/playground/r/pZTqEy/generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token + version_id: 44TozP + url: https://semgrep.dev/playground/r/44TozP/generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token origin: community - id: generic.secrets.security.detected-artifactory-password.detected-artifactory-password options: @@ -2351,6 +2449,9 @@ rules: metavariable: "$ITEM" languages: - generic + paths: + exclude: + - "*.svg" message: Artifactory token detected severity: ERROR metadata: @@ -2373,13 +2474,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-artifactory-password.detected-artifactory-password shortlink: https://sg.run/J9KZ semgrep.dev: rule: rule_id: YGUR5K - version_id: gETw8D - url: https://semgrep.dev/playground/r/gETw8D/generic.secrets.security.detected-artifactory-password.detected-artifactory-password + version_id: 44T34B + url: https://semgrep.dev/playground/r/44T34B/generic.secrets.security.detected-artifactory-password.detected-artifactory-password origin: community - id: generic.secrets.security.detected-artifactory-token.detected-artifactory-token patterns: @@ -2412,13 +2515,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-artifactory-token.detected-artifactory-token shortlink: https://sg.run/5Q2l semgrep.dev: rule: rule_id: 6JUj3l - version_id: 3ZTwyk - url: https://semgrep.dev/playground/r/3ZTwyk/generic.secrets.security.detected-artifactory-token.detected-artifactory-token + version_id: JdTqPx + url: https://semgrep.dev/playground/r/JdTqPx/generic.secrets.security.detected-artifactory-token.detected-artifactory-token origin: community - id: generic.secrets.security.detected-aws-account-id.detected-aws-account-id patterns: @@ -2479,13 +2584,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-account-id.detected-aws-account-id shortlink: https://sg.run/Ro22 semgrep.dev: rule: rule_id: zdUkdd - version_id: gETK27 - url: https://semgrep.dev/playground/r/gETK27/generic.secrets.security.detected-aws-account-id.detected-aws-account-id + version_id: GxT20A + url: https://semgrep.dev/playground/r/GxT20A/generic.secrets.security.detected-aws-account-id.detected-aws-account-id origin: community - id: generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key pattern-regex: da2-[a-z0-9]{26} @@ -2513,18 +2620,20 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key shortlink: https://sg.run/AvJ6 semgrep.dev: rule: rule_id: pKUOoZ - version_id: 9lTEpq - url: https://semgrep.dev/playground/r/9lTEpq/generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key + version_id: RGTbP5 + url: https://semgrep.dev/playground/r/RGTbP5/generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key origin: community - id: generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key patterns: - pattern-regex: (("|'|`)?((?i)aws)_?\w*((?i)secret)_?\w*("|'|`)?\s{0,50}(:|=>|=)\s{0,50}("|'|`)?[A-Za-z0-9/+=]{40}("|'|`)?) - - pattern-not-regex: "(?i)example|sample|test|fake" + - pattern-not-regex: "(?i)example|sample|test|fake|xxxxxx" languages: - regex message: AWS Secret Access Key detected @@ -2549,21 +2658,23 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key shortlink: https://sg.run/Bk39 semgrep.dev: rule: rule_id: 2ZUbe8 - version_id: yeTQoe - url: https://semgrep.dev/playground/r/yeTQoe/generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key + version_id: PkTL4v + url: https://semgrep.dev/playground/r/PkTL4v/generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key origin: community - id: generic.secrets.security.detected-aws-session-token.detected-aws-session-token patterns: - - pattern-regex: "((?i)AWS_SESSION_TOKEN)\\s*(:|=>|=)\\s*([A-Za-z0-9/+=]{16,})" + - pattern-regex: "((?i)AWS_SESSION_TOKEN)\\s*(:|=>|=)\\s*(?P[A-Za-z0-9/+=]{16,})" - pattern-not-regex: "(?i)example|sample|test|fake" - metavariable-analysis: analyzer: entropy - metavariable: "$3" + metavariable: "$TOKEN" languages: - regex message: AWS Session Token detected @@ -2588,13 +2699,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-session-token.detected-aws-session-token shortlink: https://sg.run/DoRW semgrep.dev: rule: rule_id: X5U8Er - version_id: RGT4LN - url: https://semgrep.dev/playground/r/RGT4LN/generic.secrets.security.detected-aws-session-token.detected-aws-session-token + version_id: BjTEBE + url: https://semgrep.dev/playground/r/BjTEBE/generic.secrets.security.detected-aws-session-token.detected-aws-session-token origin: community - id: generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash pattern-regex: "\\$2[aby]?\\$[\\d]+\\$[./A-Za-z0-9]{53}" @@ -2621,13 +2734,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash shortlink: https://sg.run/3A8G semgrep.dev: rule: rule_id: PeUk0Q - version_id: bZTxy4 - url: https://semgrep.dev/playground/r/bZTxy4/generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash + version_id: DkTQW8 + url: https://semgrep.dev/playground/r/DkTQW8/generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash origin: community - id: generic.secrets.security.detected-codeclimate.detected-codeclimate pattern-regex: (?i)codeclima.{0,50}["|'|`]?[0-9a-f]{64}["|'|`]? @@ -2655,13 +2770,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-codeclimate.detected-codeclimate shortlink: https://sg.run/W8yz semgrep.dev: rule: rule_id: j2UvW7 - version_id: NdT545 - url: https://semgrep.dev/playground/r/NdT545/generic.secrets.security.detected-codeclimate.detected-codeclimate + version_id: WrTbZr + url: https://semgrep.dev/playground/r/WrTbZr/generic.secrets.security.detected-codeclimate.detected-codeclimate origin: community - id: generic.secrets.security.detected-etc-shadow.detected-etc-shadow pattern-regex: root:[x!*]*:[0-9]*:[0-9]* @@ -2687,13 +2804,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-etc-shadow.detected-etc-shadow shortlink: https://sg.run/4ylL semgrep.dev: rule: rule_id: JDUP6p - version_id: kbTrJ9 - url: https://semgrep.dev/playground/r/kbTrJ9/generic.secrets.security.detected-etc-shadow.detected-etc-shadow + version_id: 0bTvJx + url: https://semgrep.dev/playground/r/0bTvJx/generic.secrets.security.detected-etc-shadow.detected-etc-shadow origin: community - id: generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token pattern-either: @@ -2724,13 +2843,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token shortlink: https://sg.run/0QYJ semgrep.dev: rule: rule_id: 10UKBL - version_id: w8T4Yq - url: https://semgrep.dev/playground/r/w8T4Yq/generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token + version_id: K3TlYv + url: https://semgrep.dev/playground/r/K3TlYv/generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token origin: community - id: generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth pattern-regex: '[fF][aA][cC][eE][bB][oO][oO][kK].*[tT][oO][kK][eE][nN].*[''|"]?[0-9a-f]{32}[''|"]?' @@ -2758,13 +2879,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth shortlink: https://sg.run/Klq6 semgrep.dev: rule: rule_id: 9AU127 - version_id: xyT96b - url: https://semgrep.dev/playground/r/xyT96b/generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth + version_id: qkTNb5 + url: https://semgrep.dev/playground/r/qkTNb5/generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth origin: community - id: generic.secrets.security.detected-generic-api-key.detected-generic-api-key pattern-regex: '[aA][pP][iI]_?[kK][eE][yY][=_:\s-]+[''|"]?[0-9a-zA-Z]{32,45}[''|"]?' @@ -2791,13 +2914,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-generic-api-key.detected-generic-api-key shortlink: https://sg.run/qxj8 semgrep.dev: rule: rule_id: yyUn8p - version_id: O9T41K - url: https://semgrep.dev/playground/r/O9T41K/generic.secrets.security.detected-generic-api-key.detected-generic-api-key + version_id: l4T5zr + url: https://semgrep.dev/playground/r/l4T5zr/generic.secrets.security.detected-generic-api-key.detected-generic-api-key origin: community - id: generic.secrets.security.detected-generic-secret.detected-generic-secret pattern-regex: '[sS][eE][cC][rR][eE][tT][:= \t]*[''|\"]?[0-9a-zA-Z]{32,45}[''|\"]?' @@ -2824,13 +2949,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-generic-secret.detected-generic-secret shortlink: https://sg.run/l2o5 semgrep.dev: rule: rule_id: r6Urqe - version_id: e1TEB2 - url: https://semgrep.dev/playground/r/e1TEB2/generic.secrets.security.detected-generic-secret.detected-generic-secret + version_id: YDToQR + url: https://semgrep.dev/playground/r/YDToQR/generic.secrets.security.detected-generic-secret.detected-generic-secret origin: community - id: generic.secrets.security.detected-github-token.detected-github-token patterns: @@ -2874,13 +3001,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-github-token.detected-github-token shortlink: https://sg.run/PpOv semgrep.dev: rule: rule_id: eqUv7b - version_id: vdTDlw - url: https://semgrep.dev/playground/r/vdTDlw/generic.secrets.security.detected-github-token.detected-github-token + version_id: 6xTe6q + url: https://semgrep.dev/playground/r/6xTe6q/generic.secrets.security.detected-github-token.detected-github-token origin: community - id: generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account pattern-regex: (("|'|`)?type("|'|`)?\s{0,50}(:|=>|=)\s{0,50}("|'|`)?service_account("|'|`)?,?) @@ -2908,13 +3037,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account shortlink: https://sg.run/6nXj semgrep.dev: rule: rule_id: NbUkL8 - version_id: nWTd3X - url: https://semgrep.dev/playground/r/nWTd3X/generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account + version_id: pZTrwz + url: https://semgrep.dev/playground/r/pZTrwz/generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account origin: community - id: generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token pattern-regex: ya29\.[0-9A-Za-z\-_]+ @@ -2942,13 +3073,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token shortlink: https://sg.run/ox2n semgrep.dev: rule: rule_id: kxUkpo - version_id: ExTdZZ - url: https://semgrep.dev/playground/r/ExTdZZ/generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token + version_id: 2KT1K7 + url: https://semgrep.dev/playground/r/2KT1K7/generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token origin: community - id: generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key pattern-regex: "[hH][eE][rR][oO][kK][uU].*[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}" @@ -2976,13 +3109,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key shortlink: https://sg.run/pxXR semgrep.dev: rule: rule_id: x8UnOB - version_id: LjTxj8 - url: https://semgrep.dev/playground/r/LjTxj8/generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key + version_id: jQTKRz + url: https://semgrep.dev/playground/r/jQTKRz/generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key origin: community - id: generic.secrets.security.detected-hockeyapp.detected-hockeyapp pattern-regex: (?i)hockey.{0,50}(\\\"|'|`)?[0-9a-f]{32}(\\\"|'|`)? @@ -3010,13 +3145,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-hockeyapp.detected-hockeyapp shortlink: https://sg.run/2xoY semgrep.dev: rule: rule_id: OrU3zo - version_id: 8KTWDk - url: https://semgrep.dev/playground/r/8KTWDk/generic.secrets.security.detected-hockeyapp.detected-hockeyapp + version_id: 1QTjeY + url: https://semgrep.dev/playground/r/1QTjeY/generic.secrets.security.detected-hockeyapp.detected-hockeyapp origin: community - id: generic.secrets.security.detected-jwt-token.detected-jwt-token pattern-regex: eyJ[A-Za-z0-9-_=]{14,}\.[A-Za-z0-9-_=]{13,}\.?[A-Za-z0-9-_.+/=]*? @@ -3032,7 +3169,7 @@ rules: - jwt confidence: LOW references: - - https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + - https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ cwe: - 'CWE-321: Use of Hard-coded Cryptographic Key' owasp: @@ -3042,13 +3179,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/generic.secrets.security.detected-jwt-token.detected-jwt-token shortlink: https://sg.run/05N5 semgrep.dev: rule: rule_id: kxU8E8 - version_id: gETLKX - url: https://semgrep.dev/playground/r/gETLKX/generic.secrets.security.detected-jwt-token.detected-jwt-token + version_id: 9lTzk5 + url: https://semgrep.dev/playground/r/9lTzk5/generic.secrets.security.detected-jwt-token.detected-jwt-token origin: community - id: generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key pattern-regex: k2sk_v[0-9]_[0-9a-zA-Z]{24} @@ -3075,13 +3214,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key shortlink: https://sg.run/d2YQ semgrep.dev: rule: rule_id: JDULYW - version_id: QkTB9q - url: https://semgrep.dev/playground/r/QkTB9q/generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key + version_id: yeTXyx + url: https://semgrep.dev/playground/r/yeTXyx/generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key origin: community - id: generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key pattern-regex: "[0-9a-f]{32}-us[0-9]{1,2}" @@ -3109,13 +3250,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key shortlink: https://sg.run/XBde semgrep.dev: rule: rule_id: eqU8QR - version_id: 3ZT781 - url: https://semgrep.dev/playground/r/3ZT781/generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key + version_id: rxTx91 + url: https://semgrep.dev/playground/r/rxTx91/generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key origin: community - id: generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key pattern-regex: key-[0-9a-zA-Z]{32} @@ -3143,13 +3286,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key shortlink: https://sg.run/jRL2 semgrep.dev: rule: rule_id: v8UneY - version_id: 44TxDO - url: https://semgrep.dev/playground/r/44TxDO/generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key + version_id: bZTGNE + url: https://semgrep.dev/playground/r/bZTGNE/generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key origin: community - id: generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token patterns: @@ -3184,13 +3329,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token shortlink: https://sg.run/Ppg3 semgrep.dev: rule: rule_id: 5rU4pe - version_id: 6xT7RJ - url: https://semgrep.dev/playground/r/6xT7RJ/generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token + version_id: NdT1YG + url: https://semgrep.dev/playground/r/NdT1YG/generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token origin: community - id: generic.secrets.security.detected-outlook-team.detected-outlook-team pattern-regex: https://outlook\.office\.com/webhook/[0-9a-f-]{36} @@ -3218,13 +3365,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-outlook-team.detected-outlook-team shortlink: https://sg.run/1ZwQ semgrep.dev: rule: rule_id: d8UjXq - version_id: 5PTBZ6 - url: https://semgrep.dev/playground/r/5PTBZ6/generic.secrets.security.detected-outlook-team.detected-outlook-team + version_id: w8T3Gy + url: https://semgrep.dev/playground/r/w8T3Gy/generic.secrets.security.detected-outlook-team.detected-outlook-team origin: community - id: generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token pattern-regex: access_token\$production\$[0-9a-z]{16}\$[0-9a-z]{32} @@ -3253,13 +3402,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token shortlink: https://sg.run/9oBR semgrep.dev: rule: rule_id: ZqU507 - version_id: GxT41w - url: https://semgrep.dev/playground/r/GxT41w/generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token + version_id: xyT423 + url: https://semgrep.dev/playground/r/xyT423/generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token origin: community - id: generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block pattern-regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----" @@ -3288,13 +3439,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block shortlink: https://sg.run/ydKd semgrep.dev: rule: rule_id: nJUzXz - version_id: pZTJeG - url: https://semgrep.dev/playground/r/pZTJeG/generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block + version_id: O9TyD4 + url: https://semgrep.dev/playground/r/O9TyD4/generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block origin: community - id: generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key pattern-regex: sk_live_[0-9a-z]{32} @@ -3322,13 +3475,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key shortlink: https://sg.run/rdGA semgrep.dev: rule: rule_id: EwU274 - version_id: A8Tywj - url: https://semgrep.dev/playground/r/A8Tywj/generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key + version_id: e1Txpw + url: https://semgrep.dev/playground/r/e1Txpw/generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key origin: community - id: generic.secrets.security.detected-private-key.detected-private-key patterns: @@ -3369,13 +3524,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-private-key.detected-private-key shortlink: https://sg.run/b7dr semgrep.dev: rule: rule_id: 7KUQ0p - version_id: BjTQ6X - url: https://semgrep.dev/playground/r/BjTQ6X/generic.secrets.security.detected-private-key.detected-private-key + version_id: vdT2jK + url: https://semgrep.dev/playground/r/vdT2jK/generic.secrets.security.detected-private-key.detected-private-key origin: community - id: generic.secrets.security.detected-sauce-token.detected-sauce-token pattern-regex: (?i)sauce.{0,50}(\\\"|'|`)?[0-9a-f-]{36}(\\\"|'|`)? @@ -3403,13 +3560,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-sauce-token.detected-sauce-token shortlink: https://sg.run/N4k1 semgrep.dev: rule: rule_id: L1UyZ5 - version_id: DkT3Aq - url: https://semgrep.dev/playground/r/DkT3Aq/generic.secrets.security.detected-sauce-token.detected-sauce-token + version_id: d6TDlN + url: https://semgrep.dev/playground/r/d6TDlN/generic.secrets.security.detected-sauce-token.detected-sauce-token origin: community - id: generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key pattern-regex: SG\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9-]{43}\b @@ -3437,13 +3596,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key shortlink: https://sg.run/qqOy semgrep.dev: rule: rule_id: x8U2EG - version_id: WrTk0l - url: https://semgrep.dev/playground/r/WrTk0l/generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key + version_id: ZRTwg1 + url: https://semgrep.dev/playground/r/ZRTwg1/generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key origin: community - id: generic.secrets.security.detected-slack-token.detected-slack-token pattern-either: @@ -3473,13 +3634,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-slack-token.detected-slack-token shortlink: https://sg.run/kXdz semgrep.dev: rule: rule_id: 8GUjRA - version_id: 0bTQj5 - url: https://semgrep.dev/playground/r/0bTQj5/generic.secrets.security.detected-slack-token.detected-slack-token + version_id: nWT7r1 + url: https://semgrep.dev/playground/r/nWT7r1/generic.secrets.security.detected-slack-token.detected-slack-token origin: community - id: generic.secrets.security.detected-slack-webhook.detected-slack-webhook pattern-regex: https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24} @@ -3507,13 +3670,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-slack-webhook.detected-slack-webhook shortlink: https://sg.run/weWX semgrep.dev: rule: rule_id: gxU1dy - version_id: K3TP14 - url: https://semgrep.dev/playground/r/K3TP14/generic.secrets.security.detected-slack-webhook.detected-slack-webhook + version_id: ExTnQL + url: https://semgrep.dev/playground/r/ExTnQL/generic.secrets.security.detected-slack-webhook.detected-slack-webhook origin: community - id: generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key pattern-regex: (?i)snyk.{0,50}['|"|`]?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"\s]? @@ -3540,13 +3705,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key shortlink: https://sg.run/lxO9 semgrep.dev: rule: rule_id: OrUD9J - version_id: qkT93b - url: https://semgrep.dev/playground/r/qkT93b/generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key + version_id: 7ZTOpG + url: https://semgrep.dev/playground/r/7ZTOpG/generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key origin: community - id: generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key pattern-regex: (?i)softlayer.{0,50}["|'|`]?[a-z0-9]{64}["|'|`]? @@ -3574,13 +3741,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key shortlink: https://sg.run/YXq4 semgrep.dev: rule: rule_id: eqUplZ - version_id: l4TeG8 - url: https://semgrep.dev/playground/r/l4TeG8/generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key + version_id: LjT0rO + url: https://semgrep.dev/playground/r/LjT0rO/generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key origin: community - id: generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key pattern-regex: (?i)sonar.{0,50}(\\\"|'|`)?[0-9a-f]{40}(\\\"|'|`)? @@ -3608,13 +3777,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key shortlink: https://sg.run/x10P semgrep.dev: rule: rule_id: QrUzP1 - version_id: YDTzdA - url: https://semgrep.dev/playground/r/YDTzdA/generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key + version_id: 8KTbxR + url: https://semgrep.dev/playground/r/8KTbxR/generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key origin: community - id: generic.secrets.security.detected-sql-dump.detected-sql-dump pattern-regex: Dumping data for table `.*` @@ -3640,13 +3811,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/generic.secrets.security.detected-sql-dump.detected-sql-dump shortlink: https://sg.run/J3eR semgrep.dev: rule: rule_id: GdU0zk - version_id: 6xTAND - url: https://semgrep.dev/playground/r/6xTAND/generic.secrets.security.detected-sql-dump.detected-sql-dump + version_id: gETqYK + url: https://semgrep.dev/playground/r/gETqYK/generic.secrets.security.detected-sql-dump.detected-sql-dump origin: community - id: generic.secrets.security.detected-square-access-token.detected-square-access-token pattern-regex: sq0atp-[0-9A-Za-z\-_]{22} @@ -3674,13 +3847,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-square-access-token.detected-square-access-token shortlink: https://sg.run/OP3b semgrep.dev: rule: rule_id: 3qUPqO - version_id: o5TW6K - url: https://semgrep.dev/playground/r/o5TW6K/generic.secrets.security.detected-square-access-token.detected-square-access-token + version_id: QkTJpx + url: https://semgrep.dev/playground/r/QkTJpx/generic.secrets.security.detected-square-access-token.detected-square-access-token origin: community - id: generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret pattern-regex: sq0csp-[0-9A-Za-z\\\-_]{43} @@ -3708,13 +3883,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret shortlink: https://sg.run/eL7E semgrep.dev: rule: rule_id: 4bUk4l - version_id: zyTXEl - url: https://semgrep.dev/playground/r/zyTXEl/generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret + version_id: 3ZTdE0 + url: https://semgrep.dev/playground/r/3ZTdE0/generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret origin: community - id: generic.secrets.security.detected-ssh-password.detected-ssh-password pattern-regex: sshpass -p.*['|\\\"] @@ -3742,13 +3919,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-ssh-password.detected-ssh-password shortlink: https://sg.run/vzDR semgrep.dev: rule: rule_id: PeUZ4d - version_id: pZTq5y - url: https://semgrep.dev/playground/r/pZTq5y/generic.secrets.security.detected-ssh-password.detected-ssh-password + version_id: 44To2P + url: https://semgrep.dev/playground/r/44To2P/generic.secrets.security.detected-ssh-password.detected-ssh-password origin: community - id: generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key pattern-regex: sk_live_[0-9a-zA-Z]{24} @@ -3776,13 +3955,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key shortlink: https://sg.run/dKd5 semgrep.dev: rule: rule_id: JDUy0z - version_id: 2KTA93 - url: https://semgrep.dev/playground/r/2KTA93/generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key + version_id: PkTYBG + url: https://semgrep.dev/playground/r/PkTYBG/generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key origin: community - id: generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key pattern-regex: rk_live_[0-9a-zA-Z]{24} @@ -3810,13 +3991,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key shortlink: https://sg.run/ZvdL semgrep.dev: rule: rule_id: 5rUOWq - version_id: X0Torz - url: https://semgrep.dev/playground/r/X0Torz/generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key + version_id: JdTqQx + url: https://semgrep.dev/playground/r/JdTqQx/generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key origin: community - id: generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key patterns: @@ -3847,13 +4030,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key shortlink: https://sg.run/nd4b semgrep.dev: rule: rule_id: GdU7Nl - version_id: jQTLoB - url: https://semgrep.dev/playground/r/jQTLoB/generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key + version_id: 5PT68z + url: https://semgrep.dev/playground/r/5PT68z/generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key origin: community - id: generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key pattern-regex: SK[0-9a-fA-F]{32} @@ -3881,13 +4066,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key shortlink: https://sg.run/Ek2o semgrep.dev: rule: rule_id: ReUgJn - version_id: 1QT01E - url: https://semgrep.dev/playground/r/1QT01E/generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key + version_id: GxT2ZA + url: https://semgrep.dev/playground/r/GxT2ZA/generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key origin: community - id: generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token pattern-regex: "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" @@ -3915,13 +4102,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token shortlink: https://sg.run/7oR4 semgrep.dev: rule: rule_id: AbUzDp - version_id: 9lTExq - url: https://semgrep.dev/playground/r/9lTExq/generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token + version_id: RGTbo5 + url: https://semgrep.dev/playground/r/RGTbo5/generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token origin: community - id: generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth patterns: @@ -3951,13 +4140,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth shortlink: https://sg.run/Lwb7 semgrep.dev: rule: rule_id: BYUNq8 - version_id: 7ZT0Jd - url: https://semgrep.dev/playground/r/7ZT0Jd/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth + version_id: A8TRG6 + url: https://semgrep.dev/playground/r/A8TRG6/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth origin: community - id: generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak patterns: @@ -3985,13 +4176,15 @@ rules: technology: - Google Maps license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak shortlink: https://sg.run/DL5d semgrep.dev: rule: rule_id: EwU3kN - version_id: JdT89w - url: https://semgrep.dev/playground/r/JdT89w/generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak + version_id: DkTQK8 + url: https://semgrep.dev/playground/r/DkTQK8/generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak origin: community - id: generic.unicode.security.bidi.contains-bidirectional-characters patterns: @@ -4028,13 +4221,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/generic.unicode.security.bidi.contains-bidirectional-characters shortlink: https://sg.run/nK4r semgrep.dev: rule: rule_id: d8UeX4 - version_id: bZTx24 - url: https://semgrep.dev/playground/r/bZTx24/generic.unicode.security.bidi.contains-bidirectional-characters + version_id: WrTbPr + url: https://semgrep.dev/playground/r/WrTbPr/generic.unicode.security.bidi.contains-bidirectional-characters origin: community languages: - bash @@ -4088,13 +4283,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/go.gorilla.security.audit.session-cookie-missing-httponly.session-cookie-missing-httponly shortlink: https://sg.run/4xJZ semgrep.dev: rule: rule_id: qNUj6g - version_id: w8T4Oq - url: https://semgrep.dev/playground/r/w8T4Oq/go.gorilla.security.audit.session-cookie-missing-httponly.session-cookie-missing-httponly + version_id: l4T58r + url: https://semgrep.dev/playground/r/l4T58r/go.gorilla.security.audit.session-cookie-missing-httponly.session-cookie-missing-httponly origin: community fix-regex: regex: "(HttpOnly\\s*:\\s+)false" @@ -4134,13 +4331,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/go.gorilla.security.audit.session-cookie-missing-secure.session-cookie-missing-secure shortlink: https://sg.run/PJdE semgrep.dev: rule: rule_id: lBU9kw - version_id: YDTjNR - url: https://semgrep.dev/playground/r/YDTjNR/go.gorilla.security.audit.session-cookie-missing-secure.session-cookie-missing-secure + version_id: YDToDR + url: https://semgrep.dev/playground/r/YDToDR/go.gorilla.security.audit.session-cookie-missing-secure.session-cookie-missing-secure origin: community fix-regex: regex: "(Secure\\s*:\\s+)false" @@ -4187,13 +4386,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/go.gorilla.security.audit.websocket-missing-origin-check.websocket-missing-origin-check shortlink: https://sg.run/xXpz semgrep.dev: rule: rule_id: ReUKdz - version_id: w8T7jk - url: https://semgrep.dev/playground/r/w8T7jk/go.gorilla.security.audit.websocket-missing-origin-check.websocket-missing-origin-check + version_id: JdTqLP + url: https://semgrep.dev/playground/r/JdTqLP/go.gorilla.security.audit.websocket-missing-origin-check.websocket-missing-origin-check origin: community - id: go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection metadata: @@ -4212,13 +4413,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection shortlink: https://sg.run/J9yZ semgrep.dev: rule: rule_id: PeUZ4X - version_id: vdTDyw - url: https://semgrep.dev/playground/r/vdTDyw/go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection + version_id: GxT2rr + url: https://semgrep.dev/playground/r/GxT2rr/go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection origin: community message: 'Found an insecure gRPC connection using ''grpc.WithInsecure()''. This creates a connection without encryption to a gRPC server. A malicious attacker @@ -4250,13 +4453,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection shortlink: https://sg.run/5Q5l semgrep.dev: rule: rule_id: JDUy0B - version_id: NdTjwX - url: https://semgrep.dev/playground/r/NdTjwX/go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection + version_id: RGTb3q + url: https://semgrep.dev/playground/r/RGTb3q/go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection origin: community message: Found an insecure gRPC server without 'grpc.Creds()' or options with credentials. This allows for a connection without encryption to this server. A malicious attacker @@ -4291,7 +4496,7 @@ rules: - 'CWE-345: Insufficient Verification of Data Authenticity' owasp: - A08:2021 - Software and Data Integrity Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -4303,13 +4508,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/go.jwt-go.security.audit.jwt-parse-unverified.jwt-go-parse-unverified shortlink: https://sg.run/Av66 semgrep.dev: rule: rule_id: ReUgJJ - version_id: ZRTBon - url: https://semgrep.dev/playground/r/ZRTBon/go.jwt-go.security.audit.jwt-parse-unverified.jwt-go-parse-unverified + version_id: A8TRQ3 + url: https://semgrep.dev/playground/r/A8TRQ3/go.jwt-go.security.audit.jwt-parse-unverified.jwt-go-parse-unverified origin: community languages: - go @@ -4330,7 +4537,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -4342,13 +4549,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.jwt-go.security.jwt-none-alg.jwt-go-none-algorithm shortlink: https://sg.run/Gej1 semgrep.dev: rule: rule_id: 5rUOWQ - version_id: nWTdvX - url: https://semgrep.dev/playground/r/nWTdvX/go.jwt-go.security.jwt-none-alg.jwt-go-none-algorithm + version_id: BjTEdK + url: https://semgrep.dev/playground/r/BjTEdK/go.jwt-go.security.jwt-none-alg.jwt-go-none-algorithm origin: community languages: - go @@ -4384,13 +4593,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.bad_imports.insecure-module-used shortlink: https://sg.run/l2gj semgrep.dev: rule: rule_id: yyUnov - version_id: 0bTzED - url: https://semgrep.dev/playground/r/0bTzED/go.lang.security.audit.crypto.bad_imports.insecure-module-used + version_id: 0bTv2e + url: https://semgrep.dev/playground/r/0bTv2e/go.lang.security.audit.crypto.bad_imports.insecure-module-used origin: community languages: - go @@ -4426,13 +4637,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/go.lang.security.audit.crypto.insecure_ssh.avoid-ssh-insecure-ignore-host-key shortlink: https://sg.run/Yv6X semgrep.dev: rule: rule_id: r6UrW9 - version_id: LjTxv8 - url: https://semgrep.dev/playground/r/LjTxv8/go.lang.security.audit.crypto.insecure_ssh.avoid-ssh-insecure-ignore-host-key + version_id: K3Tl7K + url: https://semgrep.dev/playground/r/K3Tl7K/go.lang.security.audit.crypto.insecure_ssh.avoid-ssh-insecure-ignore-host-key origin: community languages: - go @@ -4461,13 +4674,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.use_of_weak_rsa_key.use-of-weak-rsa-key shortlink: https://sg.run/9oY4 semgrep.dev: rule: rule_id: d8UjY3 - version_id: zyT2y3 - url: https://semgrep.dev/playground/r/zyT2y3/go.lang.security.audit.crypto.use_of_weak_rsa_key.use-of-weak-rsa-key + version_id: X0TPdG + url: https://semgrep.dev/playground/r/X0TPdG/go.lang.security.audit.crypto.use_of_weak_rsa_key.use-of-weak-rsa-key origin: community patterns: - pattern-either: @@ -4535,13 +4750,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-command-write.dangerous-command-write shortlink: https://sg.run/Bko5 semgrep.dev: rule: rule_id: pKUOZ9 - version_id: RGTBj1 - url: https://semgrep.dev/playground/r/RGTBj1/go.lang.security.audit.dangerous-command-write.dangerous-command-write + version_id: jQTK3e + url: https://semgrep.dev/playground/r/jQTK3e/go.lang.security.audit.dangerous-command-write.dangerous-command-write origin: community - id: go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd patterns: @@ -4633,13 +4850,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd shortlink: https://sg.run/Dorj semgrep.dev: rule: rule_id: 2ZUb8l - version_id: A8Tyoj - url: https://semgrep.dev/playground/r/A8Tyoj/go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd + version_id: 1QTjdA + url: https://semgrep.dev/playground/r/1QTjdA/go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd origin: community severity: ERROR languages: @@ -4711,13 +4930,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-exec-command.dangerous-exec-command shortlink: https://sg.run/W8lA semgrep.dev: rule: rule_id: X5U8RQ - version_id: zyTgBb - url: https://semgrep.dev/playground/r/zyTgBb/go.lang.security.audit.dangerous-exec-command.dangerous-exec-command + version_id: 9lTzR9 + url: https://semgrep.dev/playground/r/9lTzR9/go.lang.security.audit.dangerous-exec-command.dangerous-exec-command origin: community severity: ERROR languages: @@ -4822,13 +5043,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-syscall-exec.dangerous-syscall-exec shortlink: https://sg.run/0QRb semgrep.dev: rule: rule_id: j2UvPl - version_id: DkT3rq - url: https://semgrep.dev/playground/r/DkT3rq/go.lang.security.audit.dangerous-syscall-exec.dangerous-syscall-exec + version_id: yeTXP4 + url: https://semgrep.dev/playground/r/yeTXP4/go.lang.security.audit.dangerous-syscall-exec.dangerous-syscall-exec origin: community severity: ERROR languages: @@ -4861,13 +5084,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.lang.security.audit.database.string-formatted-query.string-formatted-query shortlink: https://sg.run/ydEr semgrep.dev: rule: rule_id: ZqU5bD - version_id: zyT256 - url: https://semgrep.dev/playground/r/zyT256/go.lang.security.audit.database.string-formatted-query.string-formatted-query + version_id: rxTxwE + url: https://semgrep.dev/playground/r/rxTxwE/go.lang.security.audit.database.string-formatted-query.string-formatted-query origin: community patterns: - metavariable-regex: @@ -5036,13 +5261,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/go.lang.security.audit.net.bind_all.avoid-bind-to-all-interfaces shortlink: https://sg.run/rdE0 semgrep.dev: rule: rule_id: nJUz3J - version_id: O9Tg6O - url: https://semgrep.dev/playground/r/O9Tg6O/go.lang.security.audit.net.bind_all.avoid-bind-to-all-interfaces + version_id: NdT1NP + url: https://semgrep.dev/playground/r/NdT1NP/go.lang.security.audit.net.bind_all.avoid-bind-to-all-interfaces origin: community pattern-either: - pattern: tls.Listen($NETWORK, "=~/^0.0.0.0:.*$/", ...) @@ -5073,13 +5300,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string shortlink: https://sg.run/weE0 semgrep.dev: rule: rule_id: 8GUjDW - version_id: e1TNz3 - url: https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string + version_id: O9Ty6W + url: https://semgrep.dev/playground/r/O9Ty6W/go.lang.security.audit.net.formatted-template-string.formatted-template-string origin: community languages: - go @@ -5130,13 +5359,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/go.lang.security.audit.net.pprof.pprof-debug-exposure shortlink: https://sg.run/x1Ep semgrep.dev: rule: rule_id: gxU1Kp - version_id: WrTAJ9 - url: https://semgrep.dev/playground/r/WrTAJ9/go.lang.security.audit.net.pprof.pprof-debug-exposure + version_id: vdT296 + url: https://semgrep.dev/playground/r/vdT296/go.lang.security.audit.net.pprof.pprof-debug-exposure origin: community message: The profiling 'pprof' endpoint is automatically exposed on /debug/pprof. This could leak information about the server. Instead, use `import "net/http/pprof"`. @@ -5185,13 +5416,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.unescaped-data-in-htmlattr.unescaped-data-in-htmlattr shortlink: https://sg.run/OPRp semgrep.dev: rule: rule_id: QrUz9R - version_id: vdT790 - url: https://semgrep.dev/playground/r/vdT790/go.lang.security.audit.net.unescaped-data-in-htmlattr.unescaped-data-in-htmlattr + version_id: d6TDeW + url: https://semgrep.dev/playground/r/d6TDeW/go.lang.security.audit.net.unescaped-data-in-htmlattr.unescaped-data-in-htmlattr origin: community languages: - go @@ -5247,13 +5480,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.unescaped-data-in-js.unescaped-data-in-js shortlink: https://sg.run/eLNl semgrep.dev: rule: rule_id: 3qUP8K - version_id: A8TyoX - url: https://semgrep.dev/playground/r/A8TyoX/go.lang.security.audit.net.unescaped-data-in-js.unescaped-data-in-js + version_id: ZRTwOr + url: https://semgrep.dev/playground/r/ZRTwOr/go.lang.security.audit.net.unescaped-data-in-js.unescaped-data-in-js origin: community languages: - go @@ -5310,13 +5545,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url shortlink: https://sg.run/vzE4 semgrep.dev: rule: rule_id: 4bUkDW - version_id: d6Tde3 - url: https://semgrep.dev/playground/r/d6Tde3/go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url + version_id: nWT7ZB + url: https://semgrep.dev/playground/r/nWT7ZB/go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url origin: community languages: - go @@ -5368,13 +5605,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/go.lang.security.audit.net.use-tls.use-tls shortlink: https://sg.run/dKbY semgrep.dev: rule: rule_id: PeUZ8X - version_id: DkT3rk - url: https://semgrep.dev/playground/r/DkT3rk/go.lang.security.audit.net.use-tls.use-tls + version_id: ExTnK9 + url: https://semgrep.dev/playground/r/ExTnK9/go.lang.security.audit.net.use-tls.use-tls origin: community message: Found an HTTP server without TLS. Use 'http.ListenAndServeTLS' instead. See https://golang.org/pkg/net/http/#ListenAndServeTLS for more information. @@ -5402,13 +5641,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.reflect-makefunc.reflect-makefunc shortlink: https://sg.run/KlPd semgrep.dev: rule: rule_id: 10UKGb - version_id: 0bTQPg - url: https://semgrep.dev/playground/r/0bTQPg/go.lang.security.audit.reflect-makefunc.reflect-makefunc + version_id: LjT05Y + url: https://semgrep.dev/playground/r/LjT05Y/go.lang.security.audit.reflect-makefunc.reflect-makefunc origin: community severity: ERROR pattern: reflect.MakeFunc(...) @@ -5451,13 +5692,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/go.lang.security.audit.unsafe-reflect-by-name.unsafe-reflect-by-name shortlink: https://sg.run/R8Xv semgrep.dev: rule: rule_id: BYUBdJ - version_id: 6xTAPk - url: https://semgrep.dev/playground/r/6xTAPk/go.lang.security.audit.unsafe-reflect-by-name.unsafe-reflect-by-name + version_id: 44TogA + url: https://semgrep.dev/playground/r/44TogA/go.lang.security.audit.unsafe-reflect-by-name.unsafe-reflect-by-name origin: community severity: WARNING languages: @@ -5485,13 +5728,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/go.lang.security.audit.unsafe.use-of-unsafe-block shortlink: https://sg.run/qxEx semgrep.dev: rule: rule_id: 9AU1p1 - version_id: zyTvjY - url: https://semgrep.dev/playground/r/zyTvjY/go.lang.security.audit.unsafe.use-of-unsafe-block + version_id: PkTY0Z + url: https://semgrep.dev/playground/r/PkTY0Z/go.lang.security.audit.unsafe.use-of-unsafe-block origin: community pattern: unsafe.$FUNC(...) - id: go.lang.security.audit.xss.import-text-template.import-text-template @@ -5523,13 +5768,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.import-text-template.import-text-template shortlink: https://sg.run/ndEO semgrep.dev: rule: rule_id: 5rUOZQ - version_id: vdTggK - url: https://semgrep.dev/playground/r/vdTggK/go.lang.security.audit.xss.import-text-template.import-text-template + version_id: JdTq6P + url: https://semgrep.dev/playground/r/JdTq6P/go.lang.security.audit.xss.import-text-template.import-text-template origin: community severity: WARNING patterns: @@ -5571,13 +5818,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter shortlink: https://sg.run/EkbA semgrep.dev: rule: rule_id: GdU71y - version_id: pZTq7v - url: https://semgrep.dev/playground/r/pZTq7v/go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter + version_id: 5PT6p8 + url: https://semgrep.dev/playground/r/5PT6p8/go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter origin: community patterns: - pattern-either: @@ -5622,13 +5871,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-fprintf-to-responsewriter.no-fprintf-to-responsewriter shortlink: https://sg.run/7oqR semgrep.dev: rule: rule_id: ReUgyJ - version_id: 2KTAJo - url: https://semgrep.dev/playground/r/2KTAJo/go.lang.security.audit.xss.no-fprintf-to-responsewriter.no-fprintf-to-responsewriter + version_id: GxT2zr + url: https://semgrep.dev/playground/r/GxT2zr/go.lang.security.audit.xss.no-fprintf-to-responsewriter.no-fprintf-to-responsewriter origin: community severity: WARNING patterns: @@ -5671,13 +5922,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-interpolation-in-tag.no-interpolation-in-tag shortlink: https://sg.run/LwJJ semgrep.dev: rule: rule_id: AbUzBB - version_id: X0To6j - url: https://semgrep.dev/playground/r/X0To6j/go.lang.security.audit.xss.no-interpolation-in-tag.no-interpolation-in-tag + version_id: RGTbqq + url: https://semgrep.dev/playground/r/RGTbqq/go.lang.security.audit.xss.no-interpolation-in-tag.no-interpolation-in-tag origin: community languages: - generic @@ -5717,13 +5970,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-interpolation-js-template-string.no-interpolation-js-template-string shortlink: https://sg.run/8yl7 semgrep.dev: rule: rule_id: BYUNR6 - version_id: jQTL78 - url: https://semgrep.dev/playground/r/jQTL78/go.lang.security.audit.xss.no-interpolation-js-template-string.no-interpolation-js-template-string + version_id: A8TRe3 + url: https://semgrep.dev/playground/r/A8TRe3/go.lang.security.audit.xss.no-interpolation-js-template-string.no-interpolation-js-template-string origin: community languages: - generic @@ -5763,13 +6018,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-io-writestring-to-responsewriter.no-io-writestring-to-responsewriter shortlink: https://sg.run/gLwn semgrep.dev: rule: rule_id: DbUpEr - version_id: 1QT0qB - url: https://semgrep.dev/playground/r/1QT0qB/go.lang.security.audit.xss.no-io-writestring-to-responsewriter.no-io-writestring-to-responsewriter + version_id: BjTEzK + url: https://semgrep.dev/playground/r/BjTEzK/go.lang.security.audit.xss.no-io-writestring-to-responsewriter.no-io-writestring-to-responsewriter origin: community severity: WARNING patterns: @@ -5810,13 +6067,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-printf-in-responsewriter.no-printf-in-responsewriter shortlink: https://sg.run/Q5BP semgrep.dev: rule: rule_id: WAUoLp - version_id: 9lTEPr - url: https://semgrep.dev/playground/r/9lTEPr/go.lang.security.audit.xss.no-printf-in-responsewriter.no-printf-in-responsewriter + version_id: DkTQxN + url: https://semgrep.dev/playground/r/DkTQxN/go.lang.security.audit.xss.no-printf-in-responsewriter.no-printf-in-responsewriter origin: community severity: WARNING patterns: @@ -5859,13 +6118,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type shortlink: https://sg.run/3xDb semgrep.dev: rule: rule_id: 0oU5n3 - version_id: yeTQ7o - url: https://semgrep.dev/playground/r/yeTQ7o/go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type + version_id: WrTbNQ + url: https://semgrep.dev/playground/r/WrTbNQ/go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type origin: community languages: - go @@ -5903,13 +6164,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/go.lang.security.bad_tmp.bad-tmp-file-creation shortlink: https://sg.run/Gejn semgrep.dev: rule: rule_id: 6JUjnL - version_id: bZTxjj - url: https://semgrep.dev/playground/r/bZTxjj/go.lang.security.bad_tmp.bad-tmp-file-creation + version_id: K3Tl5K + url: https://semgrep.dev/playground/r/K3Tl5K/go.lang.security.bad_tmp.bad-tmp-file-creation origin: community pattern-either: - pattern: ioutil.WriteFile("=~//tmp/.*$/", ...) @@ -5978,13 +6241,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb shortlink: https://sg.run/RodK semgrep.dev: rule: rule_id: oqUeqn - version_id: NdT5w2 - url: https://semgrep.dev/playground/r/NdT5w2/go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb + version_id: qkTNWO + url: https://semgrep.dev/playground/r/qkTNWO/go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb origin: community - id: go.lang.security.zip.path-traversal-inside-zip-extraction message: File traversal when extracting zip archive @@ -6009,13 +6274,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/go.lang.security.zip.path-traversal-inside-zip-extraction shortlink: https://sg.run/Av64 semgrep.dev: rule: rule_id: zdUkoR - version_id: e1TENW - url: https://semgrep.dev/playground/r/e1TENW/go.lang.security.zip.path-traversal-inside-zip-extraction + version_id: zyT5ne + url: https://semgrep.dev/playground/r/zyT5ne/go.lang.security.zip.path-traversal-inside-zip-extraction origin: community languages: - go @@ -6050,13 +6317,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.otto.security.audit.dangerous-execution.dangerous-execution shortlink: https://sg.run/4xWE semgrep.dev: rule: rule_id: KxUbxk - version_id: vdTD7Z - url: https://semgrep.dev/playground/r/vdTD7Z/go.otto.security.audit.dangerous-execution.dangerous-execution + version_id: pZTrzq + url: https://semgrep.dev/playground/r/pZTrzq/go.otto.security.audit.dangerous-execution.dangerous-execution origin: community severity: ERROR patterns: @@ -6131,13 +6400,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/html.security.missing-noopener-or-noreferrer.missing-noopener-or-noreferrer shortlink: https://sg.run/Ezqo semgrep.dev: rule: rule_id: 8GUvNg - version_id: 5PTYbo - url: https://semgrep.dev/playground/r/5PTYbo/html.security.missing-noopener-or-noreferrer.missing-noopener-or-noreferrer + version_id: 1QTj5A + url: https://semgrep.dev/playground/r/1QTj5A/html.security.missing-noopener-or-noreferrer.missing-noopener-or-noreferrer origin: community patterns: - pattern: a() @@ -6167,13 +6438,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/html.security.missing-noopener.missing-noopener shortlink: https://sg.run/5Q03 semgrep.dev: rule: rule_id: YGURLJ - version_id: YDTK07 - url: https://semgrep.dev/playground/r/YDTK07/html.security.missing-noopener.missing-noopener + version_id: 9lTzZ9 + url: https://semgrep.dev/playground/r/9lTzZ9/html.security.missing-noopener.missing-noopener origin: community patterns: - pattern: a() @@ -6223,13 +6496,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.jboss.security.seam-log-injection.seam-log-injection shortlink: https://sg.run/3A4o semgrep.dev: rule: rule_id: JDUPQ7 - version_id: zyTX5Q - url: https://semgrep.dev/playground/r/zyTX5Q/java.jboss.security.seam-log-injection.seam-log-injection + version_id: ZRTwGr + url: https://semgrep.dev/playground/r/ZRTwGr/java.jboss.security.seam-log-injection.seam-log-injection origin: community severity: ERROR - id: java.jjwt.security.jwt-none-alg.jjwt-none-alg @@ -6243,7 +6518,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -6260,13 +6535,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.jjwt.security.jwt-none-alg.jjwt-none-alg shortlink: https://sg.run/0Q7b semgrep.dev: rule: rule_id: j2Uvol - version_id: l4TNGq - url: https://semgrep.dev/playground/r/l4TNGq/java.jjwt.security.jwt-none-alg.jjwt-none-alg + version_id: ExTnq9 + url: https://semgrep.dev/playground/r/ExTnq9/java.jjwt.security.jwt-none-alg.jjwt-none-alg origin: community languages: - java @@ -6302,13 +6579,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.lang.security.audit.anonymous-ldap-bind.anonymous-ldap-bind shortlink: https://sg.run/jR6A semgrep.dev: rule: rule_id: eqU8J3 - version_id: YDT8dj - url: https://semgrep.dev/playground/r/YDT8dj/java.lang.security.audit.anonymous-ldap-bind.anonymous-ldap-bind + version_id: 7ZTOWO + url: https://semgrep.dev/playground/r/7ZTOWO/java.lang.security.audit.anonymous-ldap-bind.anonymous-ldap-bind origin: community message: Detected anonymous LDAP bind. This permits anonymous users to execute LDAP statements. Consider enforcing authentication for LDAP. See https://docs.oracle.com/javase/tutorial/jndi/ldap/auth_mechs.html @@ -6337,13 +6616,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.bad-hexa-conversion.bad-hexa-conversion shortlink: https://sg.run/1Z7D semgrep.dev: rule: rule_id: v8Uny0 - version_id: 0bTYqN - url: https://semgrep.dev/playground/r/0bTYqN/java.lang.security.audit.bad-hexa-conversion.bad-hexa-conversion + version_id: LjT0PY + url: https://semgrep.dev/playground/r/LjT0PY/java.lang.security.audit.bad-hexa-conversion.bad-hexa-conversion origin: community message: '''Integer.toHexString()'' strips leading zeroes from each byte if read byte-by-byte. This mistake weakens the hash value computed since it introduces @@ -6384,13 +6665,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.blowfish-insufficient-key-size.blowfish-insufficient-key-size shortlink: https://sg.run/9o74 semgrep.dev: rule: rule_id: d8UjJ3 - version_id: o5T563 - url: https://semgrep.dev/playground/r/o5T563/java.lang.security.audit.blowfish-insufficient-key-size.blowfish-insufficient-key-size + version_id: 8KTbAe + url: https://semgrep.dev/playground/r/8KTbAe/java.lang.security.audit.blowfish-insufficient-key-size.blowfish-insufficient-key-size origin: community message: Using less than 128 bits for Blowfish is considered insecure. Use 128 bits or more, or switch to use AES instead. @@ -6430,13 +6713,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle shortlink: https://sg.run/ydxr semgrep.dev: rule: rule_id: ZqU5oD - version_id: zyTeEO - url: https://semgrep.dev/playground/r/zyTeEO/java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle + version_id: gETqyZ + url: https://semgrep.dev/playground/r/gETqyZ/java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle origin: community severity: WARNING fix: '"AES/GCM/NoPadding" @@ -6544,13 +6829,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.lang.security.audit.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call shortlink: https://sg.run/rd90 semgrep.dev: rule: rule_id: nJUzvJ - version_id: 2KTeLN - url: https://semgrep.dev/playground/r/2KTeLN/java.lang.security.audit.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call + version_id: QkTJkW + url: https://semgrep.dev/playground/r/QkTJkW/java.lang.security.audit.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call origin: community severity: ERROR languages: @@ -6729,13 +7016,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.lang.security.audit.command-injection-process-builder.command-injection-process-builder shortlink: https://sg.run/gJJe semgrep.dev: rule: rule_id: 4bUzzo - version_id: 2KT69y - url: https://semgrep.dev/playground/r/2KT69y/java.lang.security.audit.command-injection-process-builder.command-injection-process-builder + version_id: 3ZTd3l + url: https://semgrep.dev/playground/r/3ZTd3l/java.lang.security.audit.command-injection-process-builder.command-injection-process-builder origin: community severity: ERROR languages: @@ -6763,13 +7052,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/java.lang.security.audit.cookie-missing-httponly.cookie-missing-httponly shortlink: https://sg.run/b7Be semgrep.dev: rule: rule_id: EwU2z6 - version_id: jQTe1J - url: https://semgrep.dev/playground/r/jQTe1J/java.lang.security.audit.cookie-missing-httponly.cookie-missing-httponly + version_id: 44ToQA + url: https://semgrep.dev/playground/r/44ToQA/java.lang.security.audit.cookie-missing-httponly.cookie-missing-httponly origin: community message: A cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading @@ -6809,13 +7100,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/java.lang.security.audit.cookie-missing-samesite.cookie-missing-samesite shortlink: https://sg.run/N427 semgrep.dev: rule: rule_id: 7KUQkX - version_id: A8Tlwe - url: https://semgrep.dev/playground/r/A8Tlwe/java.lang.security.audit.cookie-missing-samesite.cookie-missing-samesite + version_id: PkTYxZ + url: https://semgrep.dev/playground/r/PkTYxZ/java.lang.security.audit.cookie-missing-samesite.cookie-missing-samesite origin: community message: Detected cookie without the SameSite attribute. severity: WARNING @@ -6847,13 +7140,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/java.lang.security.audit.cookie-missing-secure-flag.cookie-missing-secure-flag shortlink: https://sg.run/kXoK semgrep.dev: rule: rule_id: L1Uyvp - version_id: 9lTN3n - url: https://semgrep.dev/playground/r/9lTN3n/java.lang.security.audit.cookie-missing-secure-flag.cookie-missing-secure-flag + version_id: JdTqlP + url: https://semgrep.dev/playground/r/JdTqlP/java.lang.security.audit.cookie-missing-secure-flag.cookie-missing-secure-flag origin: community message: A cookie was detected without setting the 'secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels @@ -6893,13 +7188,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.avoid-implementing-custom-digests.avoid-implementing-custom-digests shortlink: https://sg.run/PJ0p semgrep.dev: rule: rule_id: KxUbW4 - version_id: e1TAJ7 - url: https://semgrep.dev/playground/r/e1TAJ7/java.lang.security.audit.crypto.ssl.avoid-implementing-custom-digests.avoid-implementing-custom-digests + version_id: qkTNQO + url: https://semgrep.dev/playground/r/qkTNQO/java.lang.security.audit.crypto.ssl.avoid-implementing-custom-digests.avoid-implementing-custom-digests origin: community message: 'Cryptographic algorithms are notoriously difficult to get right. By implementing a custom message digest, you risk introducing security issues into your program. @@ -6936,13 +7233,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated shortlink: https://sg.run/J9Gj semgrep.dev: rule: rule_id: qNUj8b - version_id: vdT37r - url: https://semgrep.dev/playground/r/vdT37r/java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated + version_id: l4T5yp + url: https://semgrep.dev/playground/r/l4T5yp/java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated origin: community message: DefaultHttpClient is deprecated. Further, it does not support connections using TLS1.2, which makes using DefaultHttpClient a security hazard. Use HttpClientBuilder @@ -6981,13 +7280,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.insecure-hostname-verifier.insecure-hostname-verifier shortlink: https://sg.run/5QoD semgrep.dev: rule: rule_id: lBU9n8 - version_id: d6Tbdr - url: https://semgrep.dev/playground/r/d6Tbdr/java.lang.security.audit.crypto.ssl.insecure-hostname-verifier.insecure-hostname-verifier + version_id: YDTolk + url: https://semgrep.dev/playground/r/YDTolk/java.lang.security.audit.crypto.ssl.insecure-hostname-verifier.insecure-hostname-verifier origin: community severity: WARNING languages: @@ -7029,13 +7330,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.insecure-trust-manager.insecure-trust-manager shortlink: https://sg.run/GePy semgrep.dev: rule: rule_id: YGUR9A - version_id: ZRTyY6 - url: https://semgrep.dev/playground/r/ZRTyY6/java.lang.security.audit.crypto.ssl.insecure-trust-manager.insecure-trust-manager + version_id: JdTqlK + url: https://semgrep.dev/playground/r/JdTqlK/java.lang.security.audit.crypto.ssl.insecure-trust-manager.insecure-trust-manager origin: community message: Detected empty trust manager implementations. This is dangerous because it accepts any certificate, enabling man-in-the-middle attacks. Consider using @@ -7092,13 +7395,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.weak-random.weak-random shortlink: https://sg.run/NwBp semgrep.dev: rule: rule_id: lBUW5D - version_id: LjTp8r - url: https://semgrep.dev/playground/r/LjTp8r/java.lang.security.audit.crypto.weak-random.weak-random + version_id: qkTNQE + url: https://semgrep.dev/playground/r/qkTNQE/java.lang.security.audit.crypto.weak-random.weak-random origin: community pattern-either: - pattern: 'new java.util.Random(...).$FUNC(...) @@ -7149,13 +7454,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.dangerous-groovy-shell.dangerous-groovy-shell shortlink: https://sg.run/58LK semgrep.dev: rule: rule_id: ReUPKp - version_id: gET5QJ - url: https://semgrep.dev/playground/r/gET5QJ/java.lang.security.audit.dangerous-groovy-shell.dangerous-groovy-shell + version_id: YDTolW + url: https://semgrep.dev/playground/r/YDTolW/java.lang.security.audit.dangerous-groovy-shell.dangerous-groovy-shell origin: community languages: - java @@ -7179,13 +7486,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.el-injection.el-injection shortlink: https://sg.run/x1wp semgrep.dev: rule: rule_id: gxU1Np - version_id: QkTQek - url: https://semgrep.dev/playground/r/QkTQek/java.lang.security.audit.el-injection.el-injection + version_id: 6xTeDB + url: https://semgrep.dev/playground/r/6xTeDB/java.lang.security.audit.el-injection.el-injection origin: community message: An expression is built with a dynamic value. The source of the value(s) should be verified to avoid that unfiltered values fall into this risky code evaluation. @@ -7346,13 +7655,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.lang.security.audit.java-reverse-shell.java-reverse-shell shortlink: https://sg.run/kkrX semgrep.dev: rule: rule_id: KxUY7b - version_id: JdTZ9v - url: https://semgrep.dev/playground/r/JdTZ9v/java.lang.security.audit.java-reverse-shell.java-reverse-shell + version_id: 2KT17O + url: https://semgrep.dev/playground/r/2KT17O/java.lang.security.audit.java-reverse-shell.java-reverse-shell origin: community languages: - java @@ -7383,13 +7694,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.jdbc-sql-formatted-string.jdbc-sql-formatted-string shortlink: https://sg.run/dKWY semgrep.dev: rule: rule_id: PeUZNX - version_id: 5PTYgo - url: https://semgrep.dev/playground/r/5PTYgo/java.lang.security.audit.jdbc-sql-formatted-string.jdbc-sql-formatted-string + version_id: X0TP5y + url: https://semgrep.dev/playground/r/X0TP5y/java.lang.security.audit.jdbc-sql-formatted-string.jdbc-sql-formatted-string origin: community message: 'Possible JDBC injection detected. Use the parameterized query feature available in queryForObject instead of concatenating or formatting strings: ''jdbc.queryForObject("select @@ -7508,13 +7821,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - LDAP Injection source: https://semgrep.dev/r/java.lang.security.audit.ldap-entry-poisoning.ldap-entry-poisoning shortlink: https://sg.run/ZvOn semgrep.dev: rule: rule_id: JDUy8B - version_id: GxTWdq - url: https://semgrep.dev/playground/r/GxTWdq/java.lang.security.audit.ldap-entry-poisoning.ldap-entry-poisoning + version_id: jQTKr2 + url: https://semgrep.dev/playground/r/jQTKr2/java.lang.security.audit.ldap-entry-poisoning.ldap-entry-poisoning origin: community message: An object-returning LDAP search will allow attackers to control the LDAP response. This could lead to Remote Code Execution. @@ -7557,13 +7872,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - LDAP Injection source: https://semgrep.dev/r/java.lang.security.audit.ldap-injection.ldap-injection shortlink: https://sg.run/nd2O semgrep.dev: rule: rule_id: 5rUObQ - version_id: RGTw4E - url: https://semgrep.dev/playground/r/RGTw4E/java.lang.security.audit.ldap-injection.ldap-injection + version_id: 1QTjPl + url: https://semgrep.dev/playground/r/1QTjPl/java.lang.security.audit.ldap-injection.ldap-injection origin: community severity: WARNING languages: @@ -7640,13 +7957,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.lang.security.audit.object-deserialization.object-deserialization shortlink: https://sg.run/Ek0A semgrep.dev: rule: rule_id: GdU7py - version_id: BjTG3v - url: https://semgrep.dev/playground/r/BjTG3v/java.lang.security.audit.object-deserialization.object-deserialization + version_id: yeTXN6 + url: https://semgrep.dev/playground/r/yeTXN6/java.lang.security.audit.object-deserialization.object-deserialization origin: community message: Found object deserialization using ObjectInputStream. Deserializing entire Java objects is dangerous because malicious actors can create Java object streams @@ -7679,13 +7998,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.ognl-injection.ognl-injection shortlink: https://sg.run/7o7R semgrep.dev: rule: rule_id: ReUgjJ - version_id: DkTerv - url: https://semgrep.dev/playground/r/DkTerv/java.lang.security.audit.ognl-injection.ognl-injection + version_id: rxTxDx + url: https://semgrep.dev/playground/r/rxTxDx/java.lang.security.audit.ognl-injection.ognl-injection origin: community severity: WARNING languages: @@ -8533,13 +8854,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission shortlink: https://sg.run/LwzJ semgrep.dev: rule: rule_id: AbUzwB - version_id: jQTpDQ - url: https://semgrep.dev/playground/r/jQTpDQ/java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission + version_id: bZTGBk + url: https://semgrep.dev/playground/r/bZTGBk/java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission origin: community pattern-either: - pattern: java.nio.file.Files.setPosixFilePermissions($FILE, java.nio.file.attribute.PosixFilePermissions.fromString("=~/(^......r..$)|(^.......w.$)|(^........x$)/")); @@ -8584,13 +8907,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.permissive-cors.permissive-cors shortlink: https://sg.run/8y77 semgrep.dev: rule: rule_id: BYUN66 - version_id: o5TOgY - url: https://semgrep.dev/playground/r/o5TOgY/java.lang.security.audit.permissive-cors.permissive-cors + version_id: NdT1Bn + url: https://semgrep.dev/playground/r/NdT1Bn/java.lang.security.audit.permissive-cors.permissive-cors origin: community severity: WARNING languages: @@ -8663,13 +8988,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.script-engine-injection.script-engine-injection shortlink: https://sg.run/gLqn semgrep.dev: rule: rule_id: DbUpAr - version_id: K3TOWR - url: https://semgrep.dev/playground/r/K3TOWR/java.lang.security.audit.script-engine-injection.script-engine-injection + version_id: kbT7OK + url: https://semgrep.dev/playground/r/kbT7OK/java.lang.security.audit.script-engine-injection.script-engine-injection origin: community severity: WARNING languages: @@ -8800,13 +9127,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.hibernate-sqli.hibernate-sqli shortlink: https://sg.run/Roqg semgrep.dev: rule: rule_id: 6JUjPD - version_id: qkTK8A - url: https://semgrep.dev/playground/r/qkTK8A/java.lang.security.audit.sqli.hibernate-sqli.hibernate-sqli + version_id: w8T3k9 + url: https://semgrep.dev/playground/r/w8T3k9/java.lang.security.audit.sqli.hibernate-sqli.hibernate-sqli origin: community languages: - java @@ -8873,13 +9202,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli shortlink: https://sg.run/AvkL semgrep.dev: rule: rule_id: oqUe8K - version_id: l4TNnq - url: https://semgrep.dev/playground/r/l4TNnq/java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli + version_id: xyT4dv + url: https://semgrep.dev/playground/r/xyT4dv/java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli origin: community - id: java.lang.security.audit.sqli.jdo-sqli.jdo-sqli pattern-either: @@ -8975,13 +9306,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.jdo-sqli.jdo-sqli shortlink: https://sg.run/Bkwx semgrep.dev: rule: rule_id: zdUk7l - version_id: YDT89j - url: https://semgrep.dev/playground/r/YDT89j/java.lang.security.audit.sqli.jdo-sqli.jdo-sqli + version_id: O9Tyvn + url: https://semgrep.dev/playground/r/O9Tyvn/java.lang.security.audit.sqli.jdo-sqli.jdo-sqli origin: community - id: java.lang.security.audit.sqli.jpa-sqli.jpa-sqli message: Detected a formatted string in a SQL statement. This could lead to SQL @@ -9045,13 +9378,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.jpa-sqli.jpa-sqli shortlink: https://sg.run/DoOd semgrep.dev: rule: rule_id: pKUO7y - version_id: JdTZ9Y - url: https://semgrep.dev/playground/r/JdTZ9Y/java.lang.security.audit.sqli.jpa-sqli.jpa-sqli + version_id: e1TxZ8 + url: https://semgrep.dev/playground/r/e1TxZ8/java.lang.security.audit.sqli.jpa-sqli.jpa-sqli origin: community - id: java.lang.security.audit.sqli.turbine-sqli.turbine-sqli pattern-either: @@ -9146,13 +9481,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.turbine-sqli.turbine-sqli shortlink: https://sg.run/W8zL semgrep.dev: rule: rule_id: 2ZUbJ3 - version_id: GxTWd3 - url: https://semgrep.dev/playground/r/GxTWd3/java.lang.security.audit.sqli.turbine-sqli.turbine-sqli + version_id: d6TD6l + url: https://semgrep.dev/playground/r/d6TD6l/java.lang.security.audit.sqli.turbine-sqli.turbine-sqli origin: community - id: java.lang.security.audit.sqli.vertx-sqli.vertx-sqli message: Detected a formatted string in a SQL statement. This could lead to SQL @@ -9223,13 +9560,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.vertx-sqli.vertx-sqli shortlink: https://sg.run/0QKB semgrep.dev: rule: rule_id: X5U86z - version_id: RGTw47 - url: https://semgrep.dev/playground/r/RGTw47/java.lang.security.audit.sqli.vertx-sqli.vertx-sqli + version_id: ZRTweO + url: https://semgrep.dev/playground/r/ZRTweO/java.lang.security.audit.sqli.vertx-sqli.vertx-sqli origin: community - id: java.lang.security.audit.unsafe-reflection.unsafe-reflection patterns: @@ -9266,13 +9605,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/java.lang.security.audit.unsafe-reflection.unsafe-reflection shortlink: https://sg.run/R8X8 semgrep.dev: rule: rule_id: DbUW1W - version_id: 0bT6Pb - url: https://semgrep.dev/playground/r/0bT6Pb/java.lang.security.audit.unsafe-reflection.unsafe-reflection + version_id: 8KTbv9 + url: https://semgrep.dev/playground/r/8KTbv9/java.lang.security.audit.unsafe-reflection.unsafe-reflection origin: community severity: WARNING languages: @@ -9297,13 +9638,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.weak-ssl-context.weak-ssl-context shortlink: https://sg.run/4x7E semgrep.dev: rule: rule_id: KxUb1k - version_id: l4TNn0 - url: https://semgrep.dev/playground/r/l4TNn0/java.lang.security.audit.weak-ssl-context.weak-ssl-context + version_id: 3ZTdLR + url: https://semgrep.dev/playground/r/3ZTdLR/java.lang.security.audit.weak-ssl-context.weak-ssl-context origin: community message: An insecure SSL context was detected. TLS versions 1.0, 1.1, and all SSL versions are considered weak encryption and are deprecated. Use SSLContext.getInstance("TLSv1.2") @@ -9345,13 +9688,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xml-decoder.xml-decoder shortlink: https://sg.run/PJjq semgrep.dev: rule: rule_id: qNUj3y - version_id: gEToDQ - url: https://semgrep.dev/playground/r/gEToDQ/java.lang.security.audit.xml-decoder.xml-decoder + version_id: 44Toeb + url: https://semgrep.dev/playground/r/44Toeb/java.lang.security.audit.xml-decoder.xml-decoder origin: community severity: WARNING languages: @@ -9396,13 +9741,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled shortlink: https://sg.run/qxne semgrep.dev: rule: rule_id: 10UKqE - version_id: K3T63x - url: https://semgrep.dev/playground/r/K3T63x/java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled + version_id: PkTYj2 + url: https://semgrep.dev/playground/r/PkTYj2/java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled origin: community pattern-regex: ".*escape.*?=.*?false.*" paths: @@ -9434,13 +9781,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/java.lang.security.audit.xssrequestwrapper-is-insecure.xssrequestwrapper-is-insecure shortlink: https://sg.run/J96Q semgrep.dev: rule: rule_id: lBU9Gj - version_id: X0TJNW - url: https://semgrep.dev/playground/r/X0TJNW/java.lang.security.audit.xssrequestwrapper-is-insecure.xssrequestwrapper-is-insecure + version_id: A8TRNx + url: https://semgrep.dev/playground/r/A8TRNx/java.lang.security.audit.xssrequestwrapper-is-insecure.xssrequestwrapper-is-insecure origin: community message: It looks like you're using an implementation of XSSRequestWrapper from dzone. (https://www.javacodegeeks.com/2012/07/anti-cross-site-scripting-xss-filter.html) @@ -9480,13 +9829,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/java.lang.security.do-privileged-use.do-privileged-use shortlink: https://sg.run/6n76 semgrep.dev: rule: rule_id: bwUw28 - version_id: rxT8zk - url: https://semgrep.dev/playground/r/rxT8zk/java.lang.security.do-privileged-use.do-privileged-use + version_id: l4T5Xb + url: https://semgrep.dev/playground/r/l4T5Xb/java.lang.security.do-privileged-use.do-privileged-use origin: community message: Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called @@ -9568,13 +9919,15 @@ rules: technology: - jackson license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.lang.security.jackson-unsafe-deserialization.jackson-unsafe-deserialization shortlink: https://sg.run/GDop semgrep.dev: rule: rule_id: QrUD20 - version_id: 2KT21B - url: https://semgrep.dev/playground/r/2KT21B/java.lang.security.jackson-unsafe-deserialization.jackson-unsafe-deserialization + version_id: o5TnK6 + url: https://semgrep.dev/playground/r/o5TnK6/java.lang.security.jackson-unsafe-deserialization.jackson-unsafe-deserialization origin: community - id: java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor languages: @@ -9598,13 +9951,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor shortlink: https://sg.run/L8qY semgrep.dev: rule: rule_id: 6JU67x - version_id: w8T0xA - url: https://semgrep.dev/playground/r/w8T0xA/java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor + version_id: pZTrbj + url: https://semgrep.dev/playground/r/pZTrbj/java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor origin: community message: Used SnakeYAML org.yaml.snakeyaml.Yaml() constructor with no arguments, which is vulnerable to deserialization attacks. Use the one-argument Yaml(...) @@ -9643,13 +9998,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.xmlinputfactory-external-entities-enabled.xmlinputfactory-external-entities-enabled shortlink: https://sg.run/2x75 semgrep.dev: rule: rule_id: x8Unkq - version_id: JdTYjW - url: https://semgrep.dev/playground/r/JdTYjW/java.lang.security.xmlinputfactory-external-entities-enabled.xmlinputfactory-external-entities-enabled + version_id: 2KT1dO + url: https://semgrep.dev/playground/r/2KT1dO/java.lang.security.xmlinputfactory-external-entities-enabled.xmlinputfactory-external-entities-enabled origin: community message: XML external entities are enabled for this XMLInputFactory. This is vulnerable to XML external entity attacks. Disable external entities by setting "javax.xml.stream.isSupportingExternalEntities" @@ -9679,13 +10036,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/java.log4j.security.log4j-message-lookup-injection.log4j-message-lookup-injection shortlink: https://sg.run/eX1Z semgrep.dev: rule: rule_id: 9AUZeQ - version_id: RGT5AA - url: https://semgrep.dev/playground/r/RGT5AA/java.log4j.security.log4j-message-lookup-injection.log4j-message-lookup-injection + version_id: jQTKw2 + url: https://semgrep.dev/playground/r/jQTKw2/java.log4j.security.log4j-message-lookup-injection.log4j-message-lookup-injection origin: community message: This rule is deprecated. patterns: @@ -9717,13 +10076,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.rmi.security.server-dangerous-class-deserialization.server-dangerous-class-deserialization shortlink: https://sg.run/oxg6 semgrep.dev: rule: rule_id: bwUwj4 - version_id: vdT3z8 - url: https://semgrep.dev/playground/r/vdT3z8/java.rmi.security.server-dangerous-class-deserialization.server-dangerous-class-deserialization + version_id: 9lTzAg + url: https://semgrep.dev/playground/r/9lTzAg/java.rmi.security.server-dangerous-class-deserialization.server-dangerous-class-deserialization origin: community message: Using a non-primitive class with Java RMI may be an insecure deserialization vulnerability. Depending on the underlying implementation. This object could be @@ -9760,13 +10121,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.rmi.security.server-dangerous-object-deserialization.server-dangerous-object-deserialization shortlink: https://sg.run/zvnl semgrep.dev: rule: rule_id: NbUkw5 - version_id: d6TbGy - url: https://semgrep.dev/playground/r/d6TbGy/java.rmi.security.server-dangerous-object-deserialization.server-dangerous-object-deserialization + version_id: yeTXD6 + url: https://semgrep.dev/playground/r/yeTXD6/java.rmi.security.server-dangerous-object-deserialization.server-dangerous-object-deserialization origin: community message: Using an arbitrary object ('Object $PARAM') with Java RMI is an insecure deserialization vulnerability. This object can be manipulated by a malicious actor @@ -9810,13 +10173,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.servlets.security.cookie-issecure-false.cookie-issecure-false shortlink: https://sg.run/pxn0 semgrep.dev: rule: rule_id: kxUkn9 - version_id: ZRTyP2 - url: https://semgrep.dev/playground/r/ZRTyP2/java.servlets.security.cookie-issecure-false.cookie-issecure-false + version_id: rxTxjx + url: https://semgrep.dev/playground/r/rxTxjx/java.servlets.security.cookie-issecure-false.cookie-issecure-false origin: community languages: - java @@ -9842,13 +10207,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.spring.security.audit.spel-injection.spel-injection shortlink: https://sg.run/XBp4 semgrep.dev: rule: rule_id: x8Un7b - version_id: nWTw4Q - url: https://semgrep.dev/playground/r/nWTw4Q/java.spring.security.audit.spel-injection.spel-injection + version_id: bZTGLk + url: https://semgrep.dev/playground/r/bZTGLk/java.spring.security.audit.spel-injection.spel-injection origin: community severity: WARNING languages: @@ -9956,13 +10323,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/java.spring.security.audit.spring-csrf-disabled.spring-csrf-disabled shortlink: https://sg.run/jRnl semgrep.dev: rule: rule_id: OrU3gK - version_id: X0TEgX - url: https://semgrep.dev/playground/r/X0TEgX/java.spring.security.audit.spring-csrf-disabled.spring-csrf-disabled + version_id: O9TyXn + url: https://semgrep.dev/playground/r/O9TyXn/java.spring.security.audit.spring-csrf-disabled.spring-csrf-disabled origin: community severity: WARNING languages: @@ -9993,13 +10362,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.spring.security.audit.spring-jsp-eval.spring-jsp-eval shortlink: https://sg.run/Q88o semgrep.dev: rule: rule_id: PeUkkL - version_id: QkTQrL - url: https://semgrep.dev/playground/r/QkTQrL/java.spring.security.audit.spring-jsp-eval.spring-jsp-eval + version_id: e1Tx98 + url: https://semgrep.dev/playground/r/e1Tx98/java.spring.security.audit.spring-jsp-eval.spring-jsp-eval origin: community paths: include: @@ -10041,13 +10412,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/java.spring.security.unrestricted-request-mapping.unrestricted-request-mapping shortlink: https://sg.run/2xlq semgrep.dev: rule: rule_id: wdUJ7q - version_id: BjTG0R - url: https://semgrep.dev/playground/r/BjTG0R/java.spring.security.unrestricted-request-mapping.unrestricted-request-mapping + version_id: gETqeO + url: https://semgrep.dev/playground/r/gETqeO/java.spring.security.unrestricted-request-mapping.unrestricted-request-mapping origin: community languages: - java @@ -10071,13 +10444,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true shortlink: https://sg.run/d2jY semgrep.dev: rule: rule_id: PeUo5X - version_id: 5PTGO0 - url: https://semgrep.dev/playground/r/5PTGO0/javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true + version_id: QkTJZG + url: https://semgrep.dev/playground/r/QkTJZG/javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true origin: community languages: - javascript @@ -10123,13 +10498,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-open-redirect.detect-angular-open-redirect shortlink: https://sg.run/rdn1 semgrep.dev: rule: rule_id: ZqU5Yn - version_id: K3TOqL - url: https://semgrep.dev/playground/r/K3TOqL/javascript.angular.security.detect-angular-open-redirect.detect-angular-open-redirect + version_id: PkTYQ2 + url: https://semgrep.dev/playground/r/PkTYQ2/javascript.angular.security.detect-angular-open-redirect.detect-angular-open-redirect origin: community languages: - javascript @@ -10164,13 +10541,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-resource-loading.detect-angular-resource-loading shortlink: https://sg.run/b7kd semgrep.dev: rule: rule_id: nJUzgX - version_id: qkTKn7 - url: https://semgrep.dev/playground/r/qkTKn7/javascript.angular.security.detect-angular-resource-loading.detect-angular-resource-loading + version_id: JdTqDK + url: https://semgrep.dev/playground/r/JdTqDK/javascript.angular.security.detect-angular-resource-loading.detect-angular-resource-loading origin: community languages: - javascript @@ -10207,13 +10586,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-css.detect-angular-trust-as-css-method shortlink: https://sg.run/kXgo semgrep.dev: rule: rule_id: 7KUQ4k - version_id: YDT80y - url: https://semgrep.dev/playground/r/YDT80y/javascript.angular.security.detect-angular-trust-as-css.detect-angular-trust-as-css-method + version_id: GxT2PW + url: https://semgrep.dev/playground/r/GxT2PW/javascript.angular.security.detect-angular-trust-as-css.detect-angular-trust-as-css-method origin: community languages: - javascript @@ -10253,13 +10634,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-html-method.detect-angular-trust-as-html-method shortlink: https://sg.run/wenn semgrep.dev: rule: rule_id: L1Uy88 - version_id: 6xT0gd - url: https://semgrep.dev/playground/r/6xT0gd/javascript.angular.security.detect-angular-trust-as-html-method.detect-angular-trust-as-html-method + version_id: RGTbAB + url: https://semgrep.dev/playground/r/RGTbAB/javascript.angular.security.detect-angular-trust-as-html-method.detect-angular-trust-as-html-method origin: community languages: - javascript @@ -10299,13 +10682,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-js-method.detect-angular-trust-as-js-method shortlink: https://sg.run/x1nA semgrep.dev: rule: rule_id: 8GUj8k - version_id: o5T5E7 - url: https://semgrep.dev/playground/r/o5T5E7/javascript.angular.security.detect-angular-trust-as-js-method.detect-angular-trust-as-js-method + version_id: A8TRJx + url: https://semgrep.dev/playground/r/A8TRJx/javascript.angular.security.detect-angular-trust-as-js-method.detect-angular-trust-as-js-method origin: community languages: - javascript @@ -10345,13 +10730,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-resourceurl-method.detect-angular-trust-as-resourceurl-method shortlink: https://sg.run/eLOd semgrep.dev: rule: rule_id: QrUzeq - version_id: pZTQjl - url: https://semgrep.dev/playground/r/pZTQjl/javascript.angular.security.detect-angular-trust-as-resourceurl-method.detect-angular-trust-as-resourceurl-method + version_id: DkTQNo + url: https://semgrep.dev/playground/r/DkTQNo/javascript.angular.security.detect-angular-trust-as-resourceurl-method.detect-angular-trust-as-resourceurl-method origin: community languages: - javascript @@ -10391,13 +10778,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-url-method.detect-angular-trust-as-url-method shortlink: https://sg.run/vznl semgrep.dev: rule: rule_id: 3qUP01 - version_id: 2KT6xW - url: https://semgrep.dev/playground/r/2KT6xW/javascript.angular.security.detect-angular-trust-as-url-method.detect-angular-trust-as-url-method + version_id: WrTbE2 + url: https://semgrep.dev/playground/r/WrTbE2/javascript.angular.security.detect-angular-trust-as-url-method.detect-angular-trust-as-url-method origin: community languages: - javascript @@ -10438,13 +10827,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-third-party-angular-translate.detect-angular-translateprovider-translations-method shortlink: https://sg.run/ZvXp semgrep.dev: rule: rule_id: PeUZPg - version_id: X0TJKW - url: https://semgrep.dev/playground/r/X0TJKW/javascript.angular.security.detect-third-party-angular-translate.detect-angular-translateprovider-translations-method + version_id: 0bTv1Y + url: https://semgrep.dev/playground/r/0bTv1Y/javascript.angular.security.detect-third-party-angular-translate.detect-angular-translateprovider-translations-method origin: community languages: - javascript @@ -10481,13 +10872,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.apollo.security.apollo-axios-ssrf.apollo-axios-ssrf shortlink: https://sg.run/jkEZ semgrep.dev: rule: rule_id: AbUGBR - version_id: GxTX7K - url: https://semgrep.dev/playground/r/GxTX7K/javascript.apollo.security.apollo-axios-ssrf.apollo-axios-ssrf + version_id: K3TlJD + url: https://semgrep.dev/playground/r/K3TlJD/javascript.apollo.security.apollo-axios-ssrf.apollo-axios-ssrf origin: community languages: - javascript @@ -10534,13 +10927,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.audit.detect-replaceall-sanitization.detect-replaceall-sanitization shortlink: https://sg.run/AzoB semgrep.dev: rule: rule_id: kxUYE9 - version_id: 9lTn7o - url: https://semgrep.dev/playground/r/9lTn7o/javascript.audit.detect-replaceall-sanitization.detect-replaceall-sanitization + version_id: l4T5xb + url: https://semgrep.dev/playground/r/l4T5xb/javascript.audit.detect-replaceall-sanitization.detect-replaceall-sanitization origin: community languages: - javascript @@ -10582,13 +10977,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.browser.security.dom-based-xss.dom-based-xss shortlink: https://sg.run/EkeL semgrep.dev: rule: rule_id: 5rUOg6 - version_id: nWTwNQ - url: https://semgrep.dev/playground/r/nWTwNQ/javascript.browser.security.dom-based-xss.dom-based-xss + version_id: l4T5xP + url: https://semgrep.dev/playground/r/l4T5xP/javascript.browser.security.dom-based-xss.dom-based-xss origin: community languages: - javascript @@ -10624,13 +11021,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.browser.security.eval-detected.eval-detected shortlink: https://sg.run/7ope semgrep.dev: rule: rule_id: GdU7dw - version_id: ExTYWv - url: https://semgrep.dev/playground/r/ExTYWv/javascript.browser.security.eval-detected.eval-detected + version_id: YDTovX + url: https://semgrep.dev/playground/r/YDTovX/javascript.browser.security.eval-detected.eval-detected origin: community languages: - javascript @@ -10662,13 +11061,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.browser.security.insecure-document-method.insecure-document-method shortlink: https://sg.run/LwA9 semgrep.dev: rule: rule_id: ReUg41 - version_id: 7ZTYRP - url: https://semgrep.dev/playground/r/7ZTYRP/javascript.browser.security.insecure-document-method.insecure-document-method + version_id: 6xTeJb + url: https://semgrep.dev/playground/r/6xTeJb/javascript.browser.security.insecure-document-method.insecure-document-method origin: community languages: - javascript @@ -10706,13 +11107,15 @@ rules: references: - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.browser.security.insufficient-postmessage-origin-validation.insufficient-postmessage-origin-validation shortlink: https://sg.run/gL9x semgrep.dev: rule: rule_id: BYUN0X - version_id: 8KTLlL - url: https://semgrep.dev/playground/r/8KTLlL/javascript.browser.security.insufficient-postmessage-origin-validation.insufficient-postmessage-origin-validation + version_id: zyT58j + url: https://semgrep.dev/playground/r/zyT58j/javascript.browser.security.insufficient-postmessage-origin-validation.insufficient-postmessage-origin-validation origin: community languages: - javascript @@ -10768,13 +11171,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.browser.security.new-function-detected.new-function-detected shortlink: https://sg.run/Q5Pk semgrep.dev: rule: rule_id: DbUp0q - version_id: gET5XL - url: https://semgrep.dev/playground/r/gET5XL/javascript.browser.security.new-function-detected.new-function-detected + version_id: pZTry6 + url: https://semgrep.dev/playground/r/pZTry6/javascript.browser.security.new-function-detected.new-function-detected origin: community languages: - javascript @@ -10803,13 +11208,15 @@ rules: references: - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.browser.security.wildcard-postmessage-configuration.wildcard-postmessage-configuration shortlink: https://sg.run/PJ4p semgrep.dev: rule: rule_id: KxUbq4 - version_id: JdTZRY - url: https://semgrep.dev/playground/r/JdTZRY/javascript.browser.security.wildcard-postmessage-configuration.wildcard-postmessage-configuration + version_id: 9lTzWZ + url: https://semgrep.dev/playground/r/9lTzWZ/javascript.browser.security.wildcard-postmessage-configuration.wildcard-postmessage-configuration origin: community languages: - javascript @@ -10836,13 +11243,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-evaluate-injection.chrome-remote-interface-evaluate-injection shortlink: https://sg.run/5QBD semgrep.dev: rule: rule_id: lBU9O8 - version_id: GxTWX3 - url: https://semgrep.dev/playground/r/GxTWX3/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-evaluate-injection.chrome-remote-interface-evaluate-injection + version_id: rxTxLj + url: https://semgrep.dev/playground/r/rxTxLj/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-evaluate-injection.chrome-remote-interface-evaluate-injection origin: community languages: - javascript @@ -10871,13 +11280,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-navigate-injection.chrome-remote-interface-navigate-injection shortlink: https://sg.run/Gery semgrep.dev: rule: rule_id: YGUR0A - version_id: RGTwx7 - url: https://semgrep.dev/playground/r/RGTwx7/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-navigate-injection.chrome-remote-interface-navigate-injection + version_id: bZTG1X + url: https://semgrep.dev/playground/r/bZTG1X/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-navigate-injection.chrome-remote-interface-navigate-injection origin: community languages: - javascript @@ -10906,13 +11317,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-printtopdf-injection.chrome-remote-interface-printtopdf-injection shortlink: https://sg.run/RoJg semgrep.dev: rule: rule_id: 6JUjgD - version_id: A8TnlD - url: https://semgrep.dev/playground/r/A8TnlD/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-printtopdf-injection.chrome-remote-interface-printtopdf-injection + version_id: NdT1dd + url: https://semgrep.dev/playground/r/NdT1dd/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-printtopdf-injection.chrome-remote-interface-printtopdf-injection origin: community languages: - javascript @@ -10941,13 +11354,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-setdocumentcontent-injection.chrome-remote-interface-setdocumentcontent-injection shortlink: https://sg.run/Av2L semgrep.dev: rule: rule_id: oqUeEK - version_id: BjTGLR - url: https://semgrep.dev/playground/r/BjTGLR/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-setdocumentcontent-injection.chrome-remote-interface-setdocumentcontent-injection + version_id: kbT7xL + url: https://semgrep.dev/playground/r/kbT7xL/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-setdocumentcontent-injection.chrome-remote-interface-setdocumentcontent-injection origin: community languages: - javascript @@ -10956,54 +11371,6 @@ rules: patterns: - pattern: a() - pattern: b() -- id: javascript.dompurify.harden-dompurify-usage - message: DOMPurify.sanitize() was called without using RETURN_DOM or RETURN_DOM_FRAGMENT. - This is prone to mutation XSS, which could possibly bypass existing XSS filters. - Adding one of these options will harden against potential future DOMPurify exploits. - metadata: - category: security - cwe: - - 'CWE-79: Improper Neutralization of Input During Web Page Generation (''Cross-site - Scripting'')' - technology: - - javascript - - typescript - references: - - https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ - owasp: - - A07:2017 - Cross-Site Scripting (XSS) - - A03:2021 - Injection - cwe2022-top25: true - cwe2021-top25: true - subcategory: - - audit - likelihood: LOW - impact: MEDIUM - confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] - source: https://semgrep.dev/r/javascript.dompurify.harden-dompurify-usage - shortlink: https://sg.run/XNYA - semgrep.dev: - rule: - rule_id: KxU5xj - version_id: RGTxg6 - url: https://semgrep.dev/playground/r/RGTxg6/javascript.dompurify.harden-dompurify-usage - origin: community - languages: - - javascript - - typescript - severity: ERROR - patterns: - - pattern: DOMPurify.sanitize($X, ...) - - pattern-not: 'DOMPurify.sanitize($X, {RETURN_DOM_FRAGMENT: true}) - - ' - - pattern-not: 'DOMPurify.sanitize($X, {RETURN_DOM: true}) - - ' - fix: 'DOMPurify.sanitize($X, {RETURN_DOM: true}) - - ' - id: javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage message: A CSRF middleware was not detected in your express application. Ensure you are either using one such as `csurf` or `csrf` (see rule references) and/or @@ -11030,13 +11397,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage shortlink: https://sg.run/BxzR semgrep.dev: rule: rule_id: wdUKEq - version_id: BjT3d6 - url: https://semgrep.dev/playground/r/BjT3d6/javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage + version_id: O9TyOQ + url: https://semgrep.dev/playground/r/O9TyOQ/javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage origin: community languages: - javascript @@ -11081,13 +11450,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/javascript.express.security.audit.express-detect-notevil-usage.express-detect-notevil-usage shortlink: https://sg.run/W70E semgrep.dev: rule: rule_id: OrUX9K - version_id: l4TND0 - url: https://semgrep.dev/playground/r/l4TND0/javascript.express.security.audit.express-detect-notevil-usage.express-detect-notevil-usage + version_id: LjT0Qd + url: https://semgrep.dev/playground/r/LjT0Qd/javascript.express.security.audit.express-detect-notevil-usage.express-detect-notevil-usage origin: community languages: - javascript @@ -11143,13 +11514,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.express.security.audit.express-libxml-vm-noent.express-libxml-vm-noent shortlink: https://sg.run/n8Ag semgrep.dev: rule: rule_id: 2ZUY52 - version_id: 5PTYGv - url: https://semgrep.dev/playground/r/5PTYGv/javascript.express.security.audit.express-libxml-vm-noent.express-libxml-vm-noent + version_id: QkTJ0Y + url: https://semgrep.dev/playground/r/QkTJ0Y/javascript.express.security.audit.express-libxml-vm-noent.express-libxml-vm-noent origin: community languages: - javascript @@ -11203,13 +11576,15 @@ rules: references: - https://owasp.org/Top10/A01_2021-Broken_Access_Control license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect shortlink: https://sg.run/OPv2 semgrep.dev: rule: rule_id: gxU12X - version_id: K3TOkb - url: https://semgrep.dev/playground/r/K3TOkb/javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect + version_id: A8TR5l + url: https://semgrep.dev/playground/r/A8TR5l/javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect origin: community languages: - javascript @@ -11252,13 +11627,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.explicit-unescape.template-explicit-unescape shortlink: https://sg.run/dKXQ semgrep.dev: rule: rule_id: 4bUkPO - version_id: 6xT09E - url: https://semgrep.dev/playground/r/6xT09E/javascript.express.security.audit.xss.ejs.explicit-unescape.template-explicit-unescape + version_id: 0bTvlA + url: https://semgrep.dev/playground/r/0bTvlA/javascript.express.security.audit.xss.ejs.explicit-unescape.template-explicit-unescape origin: community languages: - regex @@ -11298,13 +11675,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.var-in-href.var-in-href shortlink: https://sg.run/Zv0p semgrep.dev: rule: rule_id: PeUZrg - version_id: o5T5DB - url: https://semgrep.dev/playground/r/o5T5DB/javascript.express.security.audit.xss.ejs.var-in-href.var-in-href + version_id: K3Tljp + url: https://semgrep.dev/playground/r/K3Tljp/javascript.express.security.audit.xss.ejs.var-in-href.var-in-href origin: community languages: - regex @@ -11342,13 +11721,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.var-in-script-src.var-in-script-src shortlink: https://sg.run/ndxZ semgrep.dev: rule: rule_id: JDUyrJ - version_id: zyTe2G - url: https://semgrep.dev/playground/r/zyTe2G/javascript.express.security.audit.xss.ejs.var-in-script-src.var-in-script-src + version_id: qkTNxN + url: https://semgrep.dev/playground/r/qkTNxN/javascript.express.security.audit.xss.ejs.var-in-script-src.var-in-script-src origin: community languages: - generic @@ -11390,13 +11771,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.var-in-script-tag.var-in-script-tag shortlink: https://sg.run/Ek9L semgrep.dev: rule: rule_id: 5rUOD6 - version_id: pZTQ3N - url: https://semgrep.dev/playground/r/pZTQ3N/javascript.express.security.audit.xss.ejs.var-in-script-tag.var-in-script-tag + version_id: l4T5vP + url: https://semgrep.dev/playground/r/l4T5vP/javascript.express.security.audit.xss.ejs.var-in-script-tag.var-in-script-tag origin: community languages: - generic @@ -11435,13 +11818,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.mustache.escape-function-overwrite.escape-function-overwrite shortlink: https://sg.run/7oWe semgrep.dev: rule: rule_id: GdU7Ew - version_id: 2KT62r - url: https://semgrep.dev/playground/r/2KT62r/javascript.express.security.audit.xss.mustache.escape-function-overwrite.escape-function-overwrite + version_id: YDTo2X + url: https://semgrep.dev/playground/r/YDTo2X/javascript.express.security.audit.xss.mustache.escape-function-overwrite.escape-function-overwrite origin: community languages: - javascript @@ -11480,13 +11865,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.mustache.explicit-unescape.template-explicit-unescape shortlink: https://sg.run/Lwx9 semgrep.dev: rule: rule_id: ReUgG1 - version_id: A8TZ2Y - url: https://semgrep.dev/playground/r/A8TZ2Y/javascript.express.security.audit.xss.mustache.explicit-unescape.template-explicit-unescape + version_id: 6xTeQb + url: https://semgrep.dev/playground/r/6xTeQb/javascript.express.security.audit.xss.mustache.explicit-unescape.template-explicit-unescape origin: community languages: - regex @@ -11523,13 +11910,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.and-attributes.template-and-attributes shortlink: https://sg.run/Q5jk semgrep.dev: rule: rule_id: DbUpyq - version_id: 9lTnb3 - url: https://semgrep.dev/playground/r/9lTnb3/javascript.express.security.audit.xss.pug.and-attributes.template-and-attributes + version_id: pZTrL6 + url: https://semgrep.dev/playground/r/pZTrL6/javascript.express.security.audit.xss.pug.and-attributes.template-and-attributes origin: community languages: - regex @@ -11564,13 +11953,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.explicit-unescape.template-explicit-unescape shortlink: https://sg.run/3xbe semgrep.dev: rule: rule_id: WAUonl - version_id: yeTdpG - url: https://semgrep.dev/playground/r/yeTdpG/javascript.express.security.audit.xss.pug.explicit-unescape.template-explicit-unescape + version_id: 2KT13b + url: https://semgrep.dev/playground/r/2KT13b/javascript.express.security.audit.xss.pug.explicit-unescape.template-explicit-unescape origin: community languages: - regex @@ -11608,13 +11999,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.var-in-href.var-in-href shortlink: https://sg.run/4xNx semgrep.dev: rule: rule_id: 0oU535 - version_id: rxT8KN - url: https://semgrep.dev/playground/r/rxT8KN/javascript.express.security.audit.xss.pug.var-in-href.var-in-href + version_id: X0TP2Z + url: https://semgrep.dev/playground/r/X0TP2Z/javascript.express.security.audit.xss.pug.var-in-href.var-in-href origin: community languages: - regex @@ -11650,13 +12043,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.var-in-script-tag.var-in-script-tag shortlink: https://sg.run/PJXp semgrep.dev: rule: rule_id: KxUbL4 - version_id: bZT436 - url: https://semgrep.dev/playground/r/bZT436/javascript.express.security.audit.xss.pug.var-in-script-tag.var-in-script-tag + version_id: jQTKyR + url: https://semgrep.dev/playground/r/jQTKyR/javascript.express.security.audit.xss.pug.var-in-script-tag.var-in-script-tag origin: community languages: - regex @@ -11693,13 +12088,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/javascript.express.security.express-data-exfiltration.express-data-exfiltration shortlink: https://sg.run/pkpL semgrep.dev: rule: rule_id: ReUo60 - version_id: kbTZGr - url: https://semgrep.dev/playground/r/kbTZGr/javascript.express.security.express-data-exfiltration.express-data-exfiltration + version_id: 9lTz5Z + url: https://semgrep.dev/playground/r/9lTz5Z/javascript.express.security.express-data-exfiltration.express-data-exfiltration origin: community languages: - javascript @@ -11765,13 +12162,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.express.security.express-jwt-hardcoded-secret.express-jwt-hardcoded-secret shortlink: https://sg.run/Do1d semgrep.dev: rule: rule_id: pKUOjy - version_id: WrT4yp - url: https://semgrep.dev/playground/r/WrT4yp/javascript.express.security.express-jwt-hardcoded-secret.express-jwt-hardcoded-secret + version_id: bZTG9X + url: https://semgrep.dev/playground/r/bZTG9X/javascript.express.security.express-jwt-hardcoded-secret.express-jwt-hardcoded-secret origin: community languages: - javascript @@ -11823,13 +12222,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.fbjs.security.audit.insecure-createnodesfrommarkup.insecure-createnodesfrommarkup shortlink: https://sg.run/J9Yj semgrep.dev: rule: rule_id: qNUjwb - version_id: 3ZTxXX - url: https://semgrep.dev/playground/r/3ZTxXX/javascript.fbjs.security.audit.insecure-createnodesfrommarkup.insecure-createnodesfrommarkup + version_id: LjT0Ad + url: https://semgrep.dev/playground/r/LjT0Ad/javascript.fbjs.security.audit.insecure-createnodesfrommarkup.insecure-createnodesfrommarkup origin: community languages: - javascript @@ -11864,13 +12265,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/javascript.grpc.security.grpc-nodejs-insecure-connection.grpc-nodejs-insecure-connection shortlink: https://sg.run/5QkD semgrep.dev: rule: rule_id: lBU9D8 - version_id: 44TYjd - url: https://semgrep.dev/playground/r/44TYjd/javascript.grpc.security.grpc-nodejs-insecure-connection.grpc-nodejs-insecure-connection + version_id: 8KTbyO + url: https://semgrep.dev/playground/r/8KTbyO/javascript.grpc.security.grpc-nodejs-insecure-connection.grpc-nodejs-insecure-connection origin: community languages: - javascript @@ -11906,7 +12309,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.2 Static API keys or secret @@ -11925,13 +12328,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.jose.security.audit.jose-exposed-data.jose-exposed-data shortlink: https://sg.run/BkAx semgrep.dev: rule: rule_id: GdU7XP - version_id: PkTn36 - url: https://semgrep.dev/playground/r/PkTn36/javascript.jose.security.audit.jose-exposed-data.jose-exposed-data + version_id: QkTJwY + url: https://semgrep.dev/playground/r/QkTJwY/javascript.jose.security.audit.jose-exposed-data.jose-exposed-data origin: community languages: - javascript @@ -11973,13 +12378,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.jose.security.jwt-exposed-credentials.jwt-exposed-credentials shortlink: https://sg.run/GeKy semgrep.dev: rule: rule_id: PeUZG0 - version_id: JdTZxd - url: https://semgrep.dev/playground/r/JdTZxd/javascript.jose.security.jwt-exposed-credentials.jwt-exposed-credentials + version_id: 3ZTdrZ + url: https://semgrep.dev/playground/r/3ZTdrZ/javascript.jose.security.jwt-exposed-credentials.jwt-exposed-credentials origin: community languages: - javascript @@ -11998,7 +12405,7 @@ rules: - 'CWE-345: Insufficient Verification of Data Authenticity' owasp: - A08:2021 - Software and Data Integrity Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -12015,13 +12422,15 @@ rules: references: - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.jsonwebtoken.security.audit.jwt-decode-without-verify.jwt-decode-without-verify shortlink: https://sg.run/J9YP semgrep.dev: rule: rule_id: KxUbL3 - version_id: DkTej6 - url: https://semgrep.dev/playground/r/DkTej6/javascript.jsonwebtoken.security.audit.jwt-decode-without-verify.jwt-decode-without-verify + version_id: RGTbRG + url: https://semgrep.dev/playground/r/RGTbRG/javascript.jsonwebtoken.security.audit.jwt-decode-without-verify.jwt-decode-without-verify origin: community languages: - javascript @@ -12049,7 +12458,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -12067,13 +12476,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.jsonwebtoken.security.audit.jwt-exposed-data.jwt-exposed-data shortlink: https://sg.run/5Qkj semgrep.dev: rule: rule_id: qNUjwe - version_id: WrT6wO - url: https://semgrep.dev/playground/r/WrT6wO/javascript.jsonwebtoken.security.audit.jwt-exposed-data.jwt-exposed-data + version_id: A8TRXl + url: https://semgrep.dev/playground/r/A8TRXl/javascript.jsonwebtoken.security.audit.jwt-exposed-data.jwt-exposed-data origin: community languages: - javascript @@ -12113,13 +12524,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.jsonwebtoken.security.jwt-exposed-credentials.jwt-exposed-credentials shortlink: https://sg.run/Kl6L semgrep.dev: rule: rule_id: DbUpyk - version_id: 0bT6X7 - url: https://semgrep.dev/playground/r/0bT6X7/javascript.jsonwebtoken.security.jwt-exposed-credentials.jwt-exposed-credentials + version_id: BjTEpZ + url: https://semgrep.dev/playground/r/BjTEpZ/javascript.jsonwebtoken.security.jwt-exposed-credentials.jwt-exposed-credentials origin: community languages: - javascript @@ -12153,13 +12566,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.lang.security.audit.hardcoded-hmac-key.hardcoded-hmac-key shortlink: https://sg.run/K9bn semgrep.dev: rule: rule_id: v8UGEw - version_id: vdTE4G - url: https://semgrep.dev/playground/r/vdTE4G/javascript.lang.security.audit.hardcoded-hmac-key.hardcoded-hmac-key + version_id: 5PT6od + url: https://semgrep.dev/playground/r/5PT6od/javascript.lang.security.audit.hardcoded-hmac-key.hardcoded-hmac-key origin: community languages: - javascript @@ -12193,13 +12608,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Encoding source: https://semgrep.dev/r/javascript.lang.security.audit.incomplete-sanitization.incomplete-sanitization shortlink: https://sg.run/1GbQ semgrep.dev: rule: rule_id: d8UlRq - version_id: 0bT35j - url: https://semgrep.dev/playground/r/0bT35j/javascript.lang.security.audit.incomplete-sanitization.incomplete-sanitization + version_id: GxT2kj + url: https://semgrep.dev/playground/r/GxT2kj/javascript.lang.security.audit.incomplete-sanitization.incomplete-sanitization origin: community languages: - javascript @@ -12233,13 +12650,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.lang.security.audit.non-constant-sql-query.non-constant-sql-query shortlink: https://sg.run/jRKP semgrep.dev: rule: rule_id: x8Unr5 - version_id: 1QTXv2 - url: https://semgrep.dev/playground/r/1QTXv2/javascript.lang.security.audit.non-constant-sql-query.non-constant-sql-query + version_id: A8TRgz + url: https://semgrep.dev/playground/r/A8TRgz/javascript.lang.security.audit.non-constant-sql-query.non-constant-sql-query origin: community languages: - javascript @@ -12274,13 +12693,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop shortlink: https://sg.run/w1DB semgrep.dev: rule: rule_id: QrUpbJ - version_id: bZT4d6 - url: https://semgrep.dev/playground/r/bZT4d6/javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop + version_id: 0bTvKr + url: https://semgrep.dev/playground/r/0bTvKr/javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop origin: community languages: - typescript @@ -12343,13 +12764,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.lang.security.audit.spawn-shell-true.spawn-shell-true shortlink: https://sg.run/Wgeo semgrep.dev: rule: rule_id: lBUdr5 - version_id: NdTQjQ - url: https://semgrep.dev/playground/r/NdTQjQ/javascript.lang.security.audit.spawn-shell-true.spawn-shell-true + version_id: K3TlKr + url: https://semgrep.dev/playground/r/K3TlKr/javascript.lang.security.audit.spawn-shell-true.spawn-shell-true origin: community languages: - javascript @@ -12398,13 +12821,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag shortlink: https://sg.run/1Zy1 semgrep.dev: rule: rule_id: OrU37Y - version_id: e1TAOX - url: https://semgrep.dev/playground/r/e1TAOX/javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag + version_id: o5Tnbb + url: https://semgrep.dev/playground/r/o5Tnbb/javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag origin: community languages: - javascript @@ -12437,13 +12862,15 @@ rules: references: - https://cwe.mitre.org/data/definitions/134.html license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring shortlink: https://sg.run/7Y5R semgrep.dev: rule: rule_id: ReU3OJ - version_id: rxTQzo - url: https://semgrep.dev/playground/r/rxTQzo/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring + version_id: pZTr02 + url: https://semgrep.dev/playground/r/pZTr02/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring origin: community languages: - javascript @@ -12497,13 +12924,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-compilefunction-code-injection shortlink: https://sg.run/x17y semgrep.dev: rule: rule_id: L1Uyg7 - version_id: 1QTWwR - url: https://semgrep.dev/playground/r/1QTWwR/javascript.lang.security.audit.vm-injection.vm-compilefunction-code-injection + version_id: NdT1z0 + url: https://semgrep.dev/playground/r/NdT1z0/javascript.lang.security.audit.vm-injection.vm-compilefunction-code-injection origin: community patterns: - pattern: a() @@ -12531,13 +12960,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-compilefunction-context-injection shortlink: https://sg.run/rd2J semgrep.dev: rule: rule_id: d8UjgD - version_id: o5TQpW - url: https://semgrep.dev/playground/r/o5TQpW/javascript.lang.security.audit.vm-injection.vm-compilefunction-context-injection + version_id: jQTKnN + url: https://semgrep.dev/playground/r/jQTKnN/javascript.lang.security.audit.vm-injection.vm-compilefunction-context-injection origin: community patterns: - pattern: a() @@ -12565,13 +12996,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runincontext-code-injection shortlink: https://sg.run/N4pN semgrep.dev: rule: rule_id: nJUzNq - version_id: 2KTNoN - url: https://semgrep.dev/playground/r/2KTNoN/javascript.lang.security.audit.vm-injection.vm-runincontext-code-injection + version_id: yeTXxz + url: https://semgrep.dev/playground/r/yeTXxz/javascript.lang.security.audit.vm-injection.vm-runincontext-code-injection origin: community patterns: - pattern: a() @@ -12599,13 +13032,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runincontext-context-injection shortlink: https://sg.run/9oey semgrep.dev: rule: rule_id: eqU8KW - version_id: YDTGKO - url: https://semgrep.dev/playground/r/YDTGKO/javascript.lang.security.audit.vm-injection.vm-runincontext-context-injection + version_id: 2KT1v5 + url: https://semgrep.dev/playground/r/2KT1v5/javascript.lang.security.audit.vm-injection.vm-runincontext-context-injection origin: community mode: taint pattern-sources: @@ -12680,13 +13115,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-code-injection shortlink: https://sg.run/kX7A semgrep.dev: rule: rule_id: EwU2x8 - version_id: X0Te0X - url: https://semgrep.dev/playground/r/X0Te0X/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-code-injection + version_id: rxTxAB + url: https://semgrep.dev/playground/r/rxTxAB/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-code-injection origin: community patterns: - pattern: a() @@ -12714,13 +13151,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-context-injection shortlink: https://sg.run/ydbA semgrep.dev: rule: rule_id: v8UnQZ - version_id: 6xT7w0 - url: https://semgrep.dev/playground/r/6xT7w0/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-context-injection + version_id: X0TPzn + url: https://semgrep.dev/playground/r/X0TPzn/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-context-injection origin: community patterns: - pattern: a() @@ -12748,13 +13187,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runinthiscontext-code-injection shortlink: https://sg.run/we7d semgrep.dev: rule: rule_id: 7KUQ3g - version_id: jQTe00 - url: https://semgrep.dev/playground/r/jQTe00/javascript.lang.security.audit.vm-injection.vm-runinthiscontext-code-injection + version_id: bZTG5W + url: https://semgrep.dev/playground/r/bZTG5W/javascript.lang.security.audit.vm-injection.vm-runinthiscontext-code-injection origin: community patterns: - pattern: a() @@ -12782,13 +13223,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-script-code-injection shortlink: https://sg.run/b75v semgrep.dev: rule: rule_id: ZqU5dE - version_id: zyTg09 - url: https://semgrep.dev/playground/r/zyTg09/javascript.lang.security.audit.vm-injection.vm-script-code-injection + version_id: 1QTjyX + url: https://semgrep.dev/playground/r/1QTjyX/javascript.lang.security.audit.vm-injection.vm-script-code-injection origin: community patterns: - pattern: a() @@ -12816,13 +13259,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-sourcetextmodule-code-injection shortlink: https://sg.run/0ngr semgrep.dev: rule: rule_id: YGUr6P - version_id: pZTg4R - url: https://semgrep.dev/playground/r/pZTg4R/javascript.lang.security.audit.vm-injection.vm-sourcetextmodule-code-injection + version_id: 9lTz4E + url: https://semgrep.dev/playground/r/9lTz4E/javascript.lang.security.audit.vm-injection.vm-sourcetextmodule-code-injection origin: community patterns: - pattern: a() @@ -12848,13 +13293,15 @@ rules: references: - https://cwe.mitre.org/data/definitions/119.html license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/javascript.lang.security.detect-buffer-noassert.detect-buffer-noassert shortlink: https://sg.run/qxpO semgrep.dev: rule: rule_id: j2Uvj8 - version_id: nWTwRj - url: https://semgrep.dev/playground/r/nWTwRj/javascript.lang.security.detect-buffer-noassert.detect-buffer-noassert + version_id: kbT7zy + url: https://semgrep.dev/playground/r/kbT7zy/javascript.lang.security.detect-buffer-noassert.detect-buffer-noassert origin: community languages: - javascript @@ -12891,13 +13338,15 @@ rules: likelihood: LOW impact: HIGH confidence: LOW + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.lang.security.detect-child-process.detect-child-process shortlink: https://sg.run/l2lo semgrep.dev: rule: rule_id: 10UKNB - version_id: JdT9LJ - url: https://semgrep.dev/playground/r/JdT9LJ/javascript.lang.security.detect-child-process.detect-child-process + version_id: w8T3RP + url: https://semgrep.dev/playground/r/w8T3RP/javascript.lang.security.detect-child-process.detect-child-process origin: community languages: - javascript @@ -12972,13 +13421,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Encoding source: https://semgrep.dev/r/javascript.lang.security.detect-disable-mustache-escape.detect-disable-mustache-escape shortlink: https://sg.run/Yvwd semgrep.dev: rule: rule_id: 9AU17r - version_id: 7ZTYy8 - url: https://semgrep.dev/playground/r/7ZTYy8/javascript.lang.security.detect-disable-mustache-escape.detect-disable-mustache-escape + version_id: xyT4jE + url: https://semgrep.dev/playground/r/xyT4jE/javascript.lang.security.detect-disable-mustache-escape.detect-disable-mustache-escape origin: community languages: - javascript @@ -13010,13 +13461,15 @@ rules: references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket shortlink: https://sg.run/GWyz semgrep.dev: rule: rule_id: AbUWeE - version_id: 8KTLZ8 - url: https://semgrep.dev/playground/r/8KTLZ8/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket + version_id: e1TxyQ + url: https://semgrep.dev/playground/r/e1TxyQ/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket origin: community languages: - regex @@ -13046,13 +13499,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/javascript.lang.security.detect-no-csrf-before-method-override.detect-no-csrf-before-method-override shortlink: https://sg.run/oxoX semgrep.dev: rule: rule_id: r6UrvQ - version_id: qkTDwX - url: https://semgrep.dev/playground/r/qkTDwX/javascript.lang.security.detect-no-csrf-before-method-override.detect-no-csrf-before-method-override + version_id: vdT20l + url: https://semgrep.dev/playground/r/vdT20l/javascript.lang.security.detect-no-csrf-before-method-override.detect-no-csrf-before-method-override origin: community languages: - javascript @@ -13082,13 +13537,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.detect-non-literal-require.detect-non-literal-require shortlink: https://sg.run/zvNn semgrep.dev: rule: rule_id: bwUwoj - version_id: QkTQON - url: https://semgrep.dev/playground/r/QkTQON/javascript.lang.security.detect-non-literal-require.detect-non-literal-require + version_id: d6TDyJ + url: https://semgrep.dev/playground/r/d6TDyJ/javascript.lang.security.detect-non-literal-require.detect-non-literal-require origin: community languages: - javascript @@ -13122,13 +13579,15 @@ rules: references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.lang.security.detect-pseudorandombytes.detect-pseudoRandomBytes shortlink: https://sg.run/pxze semgrep.dev: rule: rule_id: NbUkR2 - version_id: 3ZTx1X - url: https://semgrep.dev/playground/r/3ZTx1X/javascript.lang.security.detect-pseudorandombytes.detect-pseudoRandomBytes + version_id: ZRTwKY + url: https://semgrep.dev/playground/r/ZRTwKY/javascript.lang.security.detect-pseudorandombytes.detect-pseudoRandomBytes origin: community languages: - javascript @@ -13160,13 +13619,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.lang.security.spawn-git-clone.spawn-git-clone shortlink: https://sg.run/2xrr semgrep.dev: rule: rule_id: kxUkPP - version_id: JdTZjd - url: https://semgrep.dev/playground/r/JdTZjd/javascript.lang.security.spawn-git-clone.spawn-git-clone + version_id: 7ZTOE3 + url: https://semgrep.dev/playground/r/7ZTOE3/javascript.lang.security.spawn-git-clone.spawn-git-clone origin: community languages: - javascript @@ -13207,13 +13668,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.monaco-editor.security.audit.monaco-hover-htmlsupport.monaco-hover-htmlsupport shortlink: https://sg.run/Jx7R semgrep.dev: rule: rule_id: zdUYQb - version_id: 5PTYzv - url: https://semgrep.dev/playground/r/5PTYzv/javascript.monaco-editor.security.audit.monaco-hover-htmlsupport.monaco-hover-htmlsupport + version_id: LjT0k3 + url: https://semgrep.dev/playground/r/LjT0k3/javascript.monaco-editor.security.audit.monaco-hover-htmlsupport.monaco-hover-htmlsupport origin: community languages: - typescript @@ -13256,13 +13719,15 @@ rules: references: - https://owasp.org/Top10/A05_2021-Security_Misconfiguration license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.node-expat.security.audit.expat-xxe.expat-xxe shortlink: https://sg.run/eLdL semgrep.dev: rule: rule_id: gxU171 - version_id: GxTWR2 - url: https://semgrep.dev/playground/r/GxTWR2/javascript.node-expat.security.audit.expat-xxe.expat-xxe + version_id: 8KTb51 + url: https://semgrep.dev/playground/r/8KTb51/javascript.node-expat.security.audit.expat-xxe.expat-xxe origin: community languages: - javascript @@ -13347,13 +13812,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.phantom.security.audit.phantom-injection.phantom-injection shortlink: https://sg.run/dKv0 semgrep.dev: rule: rule_id: 3qUPXE - version_id: A8Tn2b - url: https://semgrep.dev/playground/r/A8Tn2b/javascript.phantom.security.audit.phantom-injection.phantom-injection + version_id: QkTJG4 + url: https://semgrep.dev/playground/r/QkTJG4/javascript.phantom.security.audit.phantom-injection.phantom-injection origin: community languages: - javascript @@ -13395,13 +13862,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-addinitscript-code-injection.playwright-addinitscript-code-injection shortlink: https://sg.run/Zv94 semgrep.dev: rule: rule_id: 4bUkj1 - version_id: BjTGPW - url: https://semgrep.dev/playground/r/BjTGPW/javascript.playwright.security.audit.playwright-addinitscript-code-injection.playwright-addinitscript-code-injection + version_id: 3ZTd4d + url: https://semgrep.dev/playground/r/3ZTd4d/javascript.playwright.security.audit.playwright-addinitscript-code-injection.playwright-addinitscript-code-injection origin: community languages: - javascript @@ -13438,13 +13907,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-evaluate-arg-injection.playwright-evaluate-arg-injection shortlink: https://sg.run/ndgr semgrep.dev: rule: rule_id: PeUZ30 - version_id: DkTe56 - url: https://semgrep.dev/playground/r/DkTe56/javascript.playwright.security.audit.playwright-evaluate-arg-injection.playwright-evaluate-arg-injection + version_id: 44ToE3 + url: https://semgrep.dev/playground/r/44ToE3/javascript.playwright.security.audit.playwright-evaluate-arg-injection.playwright-evaluate-arg-injection origin: community languages: - javascript @@ -13481,13 +13952,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-evaluate-code-injection.playwright-evaluate-code-injection shortlink: https://sg.run/EkJB semgrep.dev: rule: rule_id: JDUyxl - version_id: WrT61O - url: https://semgrep.dev/playground/r/WrT61O/javascript.playwright.security.audit.playwright-evaluate-code-injection.playwright-evaluate-code-injection + version_id: PkTYRA + url: https://semgrep.dev/playground/r/PkTYRA/javascript.playwright.security.audit.playwright-evaluate-code-injection.playwright-evaluate-code-injection origin: community languages: - javascript @@ -13530,13 +14003,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-exposed-chrome-devtools.playwright-exposed-chrome-devtools shortlink: https://sg.run/7oEQ semgrep.dev: rule: rule_id: 5rUO1N - version_id: 0bT6d7 - url: https://semgrep.dev/playground/r/0bT6d7/javascript.playwright.security.audit.playwright-exposed-chrome-devtools.playwright-exposed-chrome-devtools + version_id: JdTqk1 + url: https://semgrep.dev/playground/r/JdTqk1/javascript.playwright.security.audit.playwright-exposed-chrome-devtools.playwright-exposed-chrome-devtools origin: community languages: - javascript @@ -13572,13 +14047,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-goto-injection.playwright-goto-injection shortlink: https://sg.run/LwWY semgrep.dev: rule: rule_id: GdU7eP - version_id: K3TO0b - url: https://semgrep.dev/playground/r/K3TO0b/javascript.playwright.security.audit.playwright-goto-injection.playwright-goto-injection + version_id: 5PT6qd + url: https://semgrep.dev/playground/r/5PT6qd/javascript.playwright.security.audit.playwright-goto-injection.playwright-goto-injection origin: community languages: - javascript @@ -13617,13 +14094,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-setcontent-injection.playwright-setcontent-injection shortlink: https://sg.run/8yEQ semgrep.dev: rule: rule_id: ReUgLk - version_id: qkTKZo - url: https://semgrep.dev/playground/r/qkTKZo/javascript.playwright.security.audit.playwright-setcontent-injection.playwright-setcontent-injection + version_id: GxT2qj + url: https://semgrep.dev/playground/r/GxT2qj/javascript.playwright.security.audit.playwright-setcontent-injection.playwright-setcontent-injection origin: community languages: - javascript @@ -13662,13 +14141,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-evaluate-arg-injection.puppeteer-evaluate-arg-injection shortlink: https://sg.run/gLQ5 semgrep.dev: rule: rule_id: AbUzdX - version_id: l4TNjz - url: https://semgrep.dev/playground/r/l4TNjz/javascript.puppeteer.security.audit.puppeteer-evaluate-arg-injection.puppeteer-evaluate-arg-injection + version_id: RGTbpQ + url: https://semgrep.dev/playground/r/RGTbpQ/javascript.puppeteer.security.audit.puppeteer-evaluate-arg-injection.puppeteer-evaluate-arg-injection origin: community languages: - javascript @@ -13706,13 +14187,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-evaluate-code-injection.puppeteer-evaluate-code-injection shortlink: https://sg.run/Q5Yq semgrep.dev: rule: rule_id: BYUNZk - version_id: YDT8yD - url: https://semgrep.dev/playground/r/YDT8yD/javascript.puppeteer.security.audit.puppeteer-evaluate-code-injection.puppeteer-evaluate-code-injection + version_id: A8TRqz + url: https://semgrep.dev/playground/r/A8TRqz/javascript.puppeteer.security.audit.puppeteer-evaluate-code-injection.puppeteer-evaluate-code-injection origin: community languages: - javascript @@ -13755,13 +14238,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-exposed-chrome-devtools.puppeteer-exposed-chrome-devtools shortlink: https://sg.run/3xEW semgrep.dev: rule: rule_id: DbUpbk - version_id: JdTZW6 - url: https://semgrep.dev/playground/r/JdTZW6/javascript.puppeteer.security.audit.puppeteer-exposed-chrome-devtools.puppeteer-exposed-chrome-devtools + version_id: BjTEbB + url: https://semgrep.dev/playground/r/BjTEbB/javascript.puppeteer.security.audit.puppeteer-exposed-chrome-devtools.puppeteer-exposed-chrome-devtools origin: community languages: - javascript @@ -13797,13 +14282,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-goto-injection.puppeteer-goto-injection shortlink: https://sg.run/4xE9 semgrep.dev: rule: rule_id: WAUoK7 - version_id: 5PTYwy - url: https://semgrep.dev/playground/r/5PTYwy/javascript.puppeteer.security.audit.puppeteer-goto-injection.puppeteer-goto-injection + version_id: DkTQkK + url: https://semgrep.dev/playground/r/DkTQkK/javascript.puppeteer.security.audit.puppeteer-goto-injection.puppeteer-goto-injection origin: community languages: - javascript @@ -13842,13 +14329,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-setcontent-injection.puppeteer-setcontent-injection shortlink: https://sg.run/PJlv semgrep.dev: rule: rule_id: 0oU5zg - version_id: GxTWAo - url: https://semgrep.dev/playground/r/GxTWAo/javascript.puppeteer.security.audit.puppeteer-setcontent-injection.puppeteer-setcontent-injection + version_id: WrTb8y + url: https://semgrep.dev/playground/r/WrTb8y/javascript.puppeteer.security.audit.puppeteer-setcontent-injection.puppeteer-setcontent-injection origin: community languages: - javascript @@ -13884,13 +14373,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.sandbox.security.audit.sandbox-code-injection.sandbox-code-injection shortlink: https://sg.run/J9BP semgrep.dev: rule: rule_id: KxUbk3 - version_id: RGTwzA - url: https://semgrep.dev/playground/r/RGTwzA/javascript.sandbox.security.audit.sandbox-code-injection.sandbox-code-injection + version_id: 0bTvor + url: https://semgrep.dev/playground/r/0bTvor/javascript.sandbox.security.audit.sandbox-code-injection.sandbox-code-injection origin: community languages: - javascript @@ -13943,13 +14434,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.sax.security.audit.sax-xxe.sax-xxe shortlink: https://sg.run/5QEj semgrep.dev: rule: rule_id: qNUj7e - version_id: A8Tn45 - url: https://semgrep.dev/playground/r/A8Tn45/javascript.sax.security.audit.sax-xxe.sax-xxe + version_id: K3Tlor + url: https://semgrep.dev/playground/r/K3Tlor/javascript.sax.security.audit.sax-xxe.sax-xxe origin: community languages: - javascript @@ -13989,13 +14482,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-enforce-tls.sequelize-enforce-tls shortlink: https://sg.run/yz6Z semgrep.dev: rule: rule_id: NbUAYW - version_id: BjTGPp - url: https://semgrep.dev/playground/r/BjTGPp/javascript.sequelize.security.audit.sequelize-enforce-tls.sequelize-enforce-tls + version_id: qkTNOp + url: https://semgrep.dev/playground/r/qkTNOp/javascript.sequelize.security.audit.sequelize-enforce-tls.sequelize-enforce-tls origin: community languages: - javascript @@ -14057,13 +14552,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-tls-disabled-cert-validation.sequelize-tls-disabled-cert-validation shortlink: https://sg.run/rAkj semgrep.dev: rule: rule_id: kxUR80 - version_id: 0bT6dG - url: https://semgrep.dev/playground/r/0bT6dG/javascript.sequelize.security.audit.sequelize-tls-disabled-cert-validation.sequelize-tls-disabled-cert-validation + version_id: o5Tndb + url: https://semgrep.dev/playground/r/o5Tndb/javascript.sequelize.security.audit.sequelize-tls-disabled-cert-validation.sequelize-tls-disabled-cert-validation origin: community languages: - javascript @@ -14111,13 +14608,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-weak-tls-version.sequelize-weak-tls-version shortlink: https://sg.run/bDrq semgrep.dev: rule: rule_id: wdU8GB - version_id: gETG6K - url: https://semgrep.dev/playground/r/gETG6K/javascript.sequelize.security.audit.sequelize-weak-tls-version.sequelize-weak-tls-version + version_id: zyT5LL + url: https://semgrep.dev/playground/r/zyT5LL/javascript.sequelize.security.audit.sequelize-weak-tls-version.sequelize-weak-tls-version origin: community languages: - javascript @@ -14164,13 +14663,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.serialize-javascript.security.audit.unsafe-serialize-javascript.unsafe-serialize-javascript shortlink: https://sg.run/Ro6N semgrep.dev: rule: rule_id: YGURez - version_id: qkTKZJ - url: https://semgrep.dev/playground/r/qkTKZJ/javascript.serialize-javascript.security.audit.unsafe-serialize-javascript.unsafe-serialize-javascript + version_id: pZTrn2 + url: https://semgrep.dev/playground/r/pZTrn2/javascript.serialize-javascript.security.audit.unsafe-serialize-javascript.unsafe-serialize-javascript origin: community languages: - javascript @@ -14206,13 +14707,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.shelljs.security.shelljs-exec-injection.shelljs-exec-injection shortlink: https://sg.run/AvEB semgrep.dev: rule: rule_id: 6JUj9k - version_id: l4TNj2 - url: https://semgrep.dev/playground/r/l4TNj2/javascript.shelljs.security.shelljs-exec-injection.shelljs-exec-injection + version_id: 2KT1p5 + url: https://semgrep.dev/playground/r/2KT1p5/javascript.shelljs.security.shelljs-exec-injection.shelljs-exec-injection origin: community languages: - javascript @@ -14248,13 +14751,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.thenify.security.audit.multiargs-code-execution.multiargs-code-execution shortlink: https://sg.run/BkER semgrep.dev: rule: rule_id: oqUeDG - version_id: YDT8y8 - url: https://semgrep.dev/playground/r/YDT8y8/javascript.thenify.security.audit.multiargs-code-execution.multiargs-code-execution + version_id: X0TP4n + url: https://semgrep.dev/playground/r/X0TP4n/javascript.thenify.security.audit.multiargs-code-execution.multiargs-code-execution origin: community languages: - javascript @@ -14298,13 +14803,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.vm2.security.audit.vm2-code-injection.vm2-code-injection shortlink: https://sg.run/DoPG semgrep.dev: rule: rule_id: zdUk2g - version_id: 6xT0YA - url: https://semgrep.dev/playground/r/6xT0YA/javascript.vm2.security.audit.vm2-code-injection.vm2-code-injection + version_id: jQTKBN + url: https://semgrep.dev/playground/r/jQTKBN/javascript.vm2.security.audit.vm2-code-injection.vm2-code-injection origin: community languages: - javascript @@ -14374,13 +14881,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.vm2.security.audit.vm2-context-injection.vm2-context-injection shortlink: https://sg.run/W8XE semgrep.dev: rule: rule_id: pKUO3v - version_id: o5T5NP - url: https://semgrep.dev/playground/r/o5T5NP/javascript.vm2.security.audit.vm2-context-injection.vm2-context-injection + version_id: 1QTj2X + url: https://semgrep.dev/playground/r/1QTj2X/javascript.vm2.security.audit.vm2-context-injection.vm2-context-injection origin: community languages: - javascript @@ -14735,13 +15244,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.vue.security.audit.xss.templates.avoid-v-html.avoid-v-html shortlink: https://sg.run/0QEw semgrep.dev: rule: rule_id: 2ZUb2o - version_id: zyTe46 - url: https://semgrep.dev/playground/r/zyTe46/javascript.vue.security.audit.xss.templates.avoid-v-html.avoid-v-html + version_id: 9lTzlE + url: https://semgrep.dev/playground/r/9lTzlE/javascript.vue.security.audit.xss.templates.avoid-v-html.avoid-v-html origin: community languages: - regex @@ -14771,13 +15282,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.wkhtmltoimage.security.audit.wkhtmltoimage-injection.wkhtmltoimage-injection shortlink: https://sg.run/KlDn semgrep.dev: rule: rule_id: X5U8yj - version_id: pZTQWg - url: https://semgrep.dev/playground/r/pZTQWg/javascript.wkhtmltoimage.security.audit.wkhtmltoimage-injection.wkhtmltoimage-injection + version_id: yeTXOz + url: https://semgrep.dev/playground/r/yeTXOz/javascript.wkhtmltoimage.security.audit.wkhtmltoimage-injection.wkhtmltoimage-injection origin: community languages: - javascript @@ -14813,13 +15326,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.wkhtmltopdf.security.audit.wkhtmltopdf-injection.wkhtmltopdf-injection shortlink: https://sg.run/qx8O semgrep.dev: rule: rule_id: j2Uv58 - version_id: 2KT6qB - url: https://semgrep.dev/playground/r/2KT6qB/javascript.wkhtmltopdf.security.audit.wkhtmltopdf-injection.wkhtmltopdf-injection + version_id: rxTx1B + url: https://semgrep.dev/playground/r/rxTx1B/javascript.wkhtmltopdf.security.audit.wkhtmltopdf-injection.wkhtmltopdf-injection origin: community languages: - javascript @@ -14861,13 +15376,15 @@ rules: references: - https://owasp.org/Top10/A05_2021-Security_Misconfiguration license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.xml2json.security.audit.xml2json-xxe.xml2json-xxe shortlink: https://sg.run/l27o semgrep.dev: rule: rule_id: 10UKpB - version_id: X0TJ90 - url: https://semgrep.dev/playground/r/X0TJ90/javascript.xml2json.security.audit.xml2json-xxe.xml2json-xxe + version_id: bZTGZW + url: https://semgrep.dev/playground/r/bZTGZW/javascript.xml2json.security.audit.xml2json-xxe.xml2json-xxe origin: community languages: - javascript @@ -14905,13 +15422,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/kotlin.lang.security.bad-hexa-conversion.bad-hexa-conversion shortlink: https://sg.run/b25p semgrep.dev: rule: rule_id: d8UegG - version_id: zyT0rZ - url: https://semgrep.dev/playground/r/zyT0rZ/kotlin.lang.security.bad-hexa-conversion.bad-hexa-conversion + version_id: e1TxeQ + url: https://semgrep.dev/playground/r/e1TxeQ/kotlin.lang.security.bad-hexa-conversion.bad-hexa-conversion origin: community message: '''Integer.toHexString()'' strips leading zeroes from each byte if read byte-by-byte. This mistake weakens the hash value computed since it introduces @@ -14954,13 +15473,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/kotlin.lang.security.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call shortlink: https://sg.run/6nEK semgrep.dev: rule: rule_id: yyUnpo - version_id: RGTBrK - url: https://semgrep.dev/playground/r/RGTBrK/kotlin.lang.security.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call + version_id: vdT2Xl + url: https://semgrep.dev/playground/r/vdT2Xl/kotlin.lang.security.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call origin: community severity: ERROR languages: @@ -14988,13 +15509,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/kotlin.lang.security.cookie-missing-httponly.cookie-missing-httponly shortlink: https://sg.run/ox7X semgrep.dev: rule: rule_id: r6UrKQ - version_id: A8TyLN - url: https://semgrep.dev/playground/r/A8TyLN/kotlin.lang.security.cookie-missing-httponly.cookie-missing-httponly + version_id: d6TD3J + url: https://semgrep.dev/playground/r/d6TD3J/kotlin.lang.security.cookie-missing-httponly.cookie-missing-httponly origin: community message: A cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading @@ -15031,13 +15554,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/kotlin.lang.security.cookie-missing-secure-flag.cookie-missing-secure-flag shortlink: https://sg.run/zv7n semgrep.dev: rule: rule_id: bwUw3j - version_id: BjTQ81 - url: https://semgrep.dev/playground/r/BjTQ81/kotlin.lang.security.cookie-missing-secure-flag.cookie-missing-secure-flag + version_id: ZRTw2Y + url: https://semgrep.dev/playground/r/ZRTw2Y/kotlin.lang.security.cookie-missing-secure-flag.cookie-missing-secure-flag origin: community message: A cookie was detected without setting the 'secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels @@ -15080,13 +15605,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated shortlink: https://sg.run/RXEK semgrep.dev: rule: rule_id: ReU3Yb - version_id: DkT3vn - url: https://semgrep.dev/playground/r/DkT3vn/kotlin.lang.security.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated + version_id: nWT794 + url: https://semgrep.dev/playground/r/nWT794/kotlin.lang.security.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated origin: community message: DefaultHttpClient is deprecated. Further, it does not support connections using TLS1.2, which makes using DefaultHttpClient a security hazard. Use SystemDefaultHttpClient @@ -15115,13 +15642,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.gcm-detection.gcm-detection shortlink: https://sg.run/WpPA semgrep.dev: rule: rule_id: WAUyAW - version_id: 44TW7P - url: https://semgrep.dev/playground/r/44TW7P/kotlin.lang.security.gcm-detection.gcm-detection + version_id: 7ZTOB3 + url: https://semgrep.dev/playground/r/7ZTOB3/kotlin.lang.security.gcm-detection.gcm-detection origin: community languages: - kt @@ -15163,13 +15692,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/kotlin.lang.security.unencrypted-socket.unencrypted-socket shortlink: https://sg.run/KXZd semgrep.dev: rule: rule_id: KxU76z - version_id: qkT9ev - url: https://semgrep.dev/playground/r/qkT9ev/kotlin.lang.security.unencrypted-socket.unencrypted-socket + version_id: 8KTbN1 + url: https://semgrep.dev/playground/r/8KTbN1/kotlin.lang.security.unencrypted-socket.unencrypted-socket origin: community message: This socket is not encrypted. The traffic could be read by an attacker intercepting the network traffic. Use an SSLSocket created by 'SSLSocketFactory' @@ -15208,13 +15739,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.weak-rsa.use-of-weak-rsa-key shortlink: https://sg.run/krq7 semgrep.dev: rule: rule_id: nJUZNL - version_id: JdT2ee - url: https://semgrep.dev/playground/r/JdT2ee/kotlin.lang.security.weak-rsa.use-of-weak-rsa-key + version_id: 3ZTdRd + url: https://semgrep.dev/playground/r/3ZTdRd/kotlin.lang.security.weak-rsa.use-of-weak-rsa-key origin: community patterns: - pattern-either: @@ -15253,13 +15786,15 @@ rules: likelihood: LOW impact: HIGH confidence: LOW + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.doctrine.security.audit.doctrine-dbal-dangerous-query.doctrine-dbal-dangerous-query shortlink: https://sg.run/KXWn semgrep.dev: rule: rule_id: X5UdZj - version_id: GxTpxW - url: https://semgrep.dev/playground/r/GxTpxW/php.doctrine.security.audit.doctrine-dbal-dangerous-query.doctrine-dbal-dangerous-query + version_id: 44To93 + url: https://semgrep.dev/playground/r/44To93/php.doctrine.security.audit.doctrine-dbal-dangerous-query.doctrine-dbal-dangerous-query origin: community patterns: - pattern-either: @@ -15352,13 +15887,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/php.lang.security.audit.openssl-decrypt-validate.openssl-decrypt-validate shortlink: https://sg.run/kzn7 semgrep.dev: rule: rule_id: YGUAoe - version_id: BjTQ8j - url: https://semgrep.dev/playground/r/BjTQ8j/php.lang.security.audit.openssl-decrypt-validate.openssl-decrypt-validate + version_id: GxT2lj + url: https://semgrep.dev/playground/r/GxT2lj/php.lang.security.audit.openssl-decrypt-validate.openssl-decrypt-validate origin: community - id: php.lang.security.backticks-use.backticks-use pattern: "`...`;" @@ -15381,13 +15918,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.backticks-use.backticks-use shortlink: https://sg.run/4xj9 semgrep.dev: rule: rule_id: WAUow7 - version_id: DkT3v4 - url: https://semgrep.dev/playground/r/DkT3v4/php.lang.security.backticks-use.backticks-use + version_id: RGTbEQ + url: https://semgrep.dev/playground/r/RGTbEQ/php.lang.security.backticks-use.backticks-use origin: community languages: - php @@ -15418,13 +15957,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/php.lang.security.eval-use.eval-use shortlink: https://sg.run/J9AP semgrep.dev: rule: rule_id: KxUbX3 - version_id: K3TPQZ - url: https://semgrep.dev/playground/r/K3TPQZ/php.lang.security.eval-use.eval-use + version_id: DkTQwK + url: https://semgrep.dev/playground/r/DkTQwK/php.lang.security.eval-use.eval-use origin: community languages: - php @@ -15454,13 +15995,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.exec-use.exec-use shortlink: https://sg.run/5Q1j semgrep.dev: rule: rule_id: qNUjye - version_id: qkT9eG - url: https://semgrep.dev/playground/r/qkT9eG/php.lang.security.exec-use.exec-use + version_id: WrTb7y + url: https://semgrep.dev/playground/r/WrTb7y/php.lang.security.exec-use.exec-use origin: community languages: - php @@ -15490,13 +16033,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.file-inclusion.file-inclusion shortlink: https://sg.run/Ge56 semgrep.dev: rule: rule_id: lBU90N - version_id: 8KTo3Z - url: https://semgrep.dev/playground/r/8KTo3Z/php.lang.security.file-inclusion.file-inclusion + version_id: 0bTvGr + url: https://semgrep.dev/playground/r/0bTvGr/php.lang.security.file-inclusion.file-inclusion origin: community languages: - php @@ -15551,13 +16096,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/php.lang.security.ftp-use.ftp-use shortlink: https://sg.run/RoYN semgrep.dev: rule: rule_id: PeUZyE - version_id: YDTzOL - url: https://semgrep.dev/playground/r/YDTzOL/php.lang.security.ftp-use.ftp-use + version_id: K3Tlgr + url: https://semgrep.dev/playground/r/K3Tlgr/php.lang.security.ftp-use.ftp-use origin: community languages: - php @@ -15591,13 +16138,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/php.lang.security.ldap-bind-without-password.ldap-bind-without-password shortlink: https://sg.run/18Rv semgrep.dev: rule: rule_id: wdUjA5 - version_id: K3T0EY - url: https://semgrep.dev/playground/r/K3T0EY/php.lang.security.ldap-bind-without-password.ldap-bind-without-password + version_id: GxT2lq + url: https://semgrep.dev/playground/r/GxT2lq/php.lang.security.ldap-bind-without-password.ldap-bind-without-password origin: community languages: - php @@ -15627,13 +16176,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.mb-ereg-replace-eval.mb-ereg-replace-eval shortlink: https://sg.run/AvdB semgrep.dev: rule: rule_id: JDUyj4 - version_id: jQTLNx - url: https://semgrep.dev/playground/r/jQTLNx/php.lang.security.mb-ereg-replace-eval.mb-ereg-replace-eval + version_id: RGTbEE + url: https://semgrep.dev/playground/r/RGTbEE/php.lang.security.mb-ereg-replace-eval.mb-ereg-replace-eval origin: community languages: - php @@ -15661,13 +16212,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/php.lang.security.mcrypt-use.mcrypt-use shortlink: https://sg.run/BkZR semgrep.dev: rule: rule_id: 5rUOzK - version_id: 1QT0k9 - url: https://semgrep.dev/playground/r/1QT0k9/php.lang.security.mcrypt-use.mcrypt-use + version_id: A8TRE0 + url: https://semgrep.dev/playground/r/A8TRE0/php.lang.security.mcrypt-use.mcrypt-use origin: community languages: - php @@ -15698,13 +16251,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/php.lang.security.md5-loose-equality.md5-loose-equality shortlink: https://sg.run/Do4G semgrep.dev: rule: rule_id: GdU7RO - version_id: 9lTEXj - url: https://semgrep.dev/playground/r/9lTEXj/php.lang.security.md5-loose-equality.md5-loose-equality + version_id: BjTEyv + url: https://semgrep.dev/playground/r/BjTEyv/php.lang.security.md5-loose-equality.md5-loose-equality origin: community languages: - php @@ -15735,13 +16290,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/php.lang.security.non-literal-header.non-literal-header shortlink: https://sg.run/9rL8 semgrep.dev: rule: rule_id: x8UxNQ - version_id: qkTZ6X - url: https://semgrep.dev/playground/r/qkTZ6X/php.lang.security.non-literal-header.non-literal-header + version_id: WrTb76 + url: https://semgrep.dev/playground/r/WrTb76/php.lang.security.non-literal-header.non-literal-header origin: community languages: - php @@ -15775,13 +16332,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/php.lang.security.php-permissive-cors.php-permissive-cors shortlink: https://sg.run/y1XR semgrep.dev: rule: rule_id: OrU6JZ - version_id: NdT5QD - url: https://semgrep.dev/playground/r/NdT5QD/php.lang.security.php-permissive-cors.php-permissive-cors + version_id: K3TlgR + url: https://semgrep.dev/playground/r/K3TlgR/php.lang.security.php-permissive-cors.php-permissive-cors origin: community languages: - php @@ -15811,13 +16370,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.preg-replace-eval.preg-replace-eval shortlink: https://sg.run/0Qzw semgrep.dev: rule: rule_id: AbUz2Z - version_id: BjTnA2 - url: https://semgrep.dev/playground/r/BjTnA2/php.lang.security.preg-replace-eval.preg-replace-eval + version_id: YDTowj + url: https://semgrep.dev/playground/r/YDTowj/php.lang.security.preg-replace-eval.preg-replace-eval origin: community languages: - php @@ -15850,13 +16411,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/php.lang.security.unlink-use.unlink-use shortlink: https://sg.run/rYeR semgrep.dev: rule: rule_id: eqUzDE - version_id: xyT93A - url: https://semgrep.dev/playground/r/xyT93A/php.lang.security.unlink-use.unlink-use + version_id: o5TnL3 + url: https://semgrep.dev/playground/r/o5TnL3/php.lang.security.unlink-use.unlink-use origin: community languages: - php @@ -15888,13 +16451,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/php.lang.security.unserialize-use.unserialize-use shortlink: https://sg.run/b24E semgrep.dev: rule: rule_id: v8U9OJ - version_id: l4TjkW - url: https://semgrep.dev/playground/r/l4TjkW/php.lang.security.unserialize-use.unserialize-use + version_id: zyT5BO + url: https://semgrep.dev/playground/r/zyT5BO/php.lang.security.unserialize-use.unserialize-use origin: community languages: - php @@ -15924,13 +16489,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/php.lang.security.weak-crypto.weak-crypto shortlink: https://sg.run/KlBn semgrep.dev: rule: rule_id: BYUNAg - version_id: e1TEAv - url: https://semgrep.dev/playground/r/e1TEAv/php.lang.security.weak-crypto.weak-crypto + version_id: pZTr2o + url: https://semgrep.dev/playground/r/pZTr2o/php.lang.security.weak-crypto.weak-crypto origin: community languages: - php @@ -15978,13 +16545,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/php.symfony.security.audit.symfony-csrf-protection-disabled.symfony-csrf-protection-disabled shortlink: https://sg.run/N1gz semgrep.dev: rule: rule_id: d8UeKO - version_id: 9lT2Zv - url: https://semgrep.dev/playground/r/9lT2Zv/php.symfony.security.audit.symfony-csrf-protection-disabled.symfony-csrf-protection-disabled + version_id: xyT4R4 + url: https://semgrep.dev/playground/r/xyT4R4/php.symfony.security.audit.symfony-csrf-protection-disabled.symfony-csrf-protection-disabled origin: community languages: - php @@ -16017,13 +16586,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/php.symfony.security.audit.symfony-non-literal-redirect.symfony-non-literal-redirect shortlink: https://sg.run/4ey5 semgrep.dev: rule: rule_id: j2U3q8 - version_id: PkTEnb - url: https://semgrep.dev/playground/r/PkTEnb/php.symfony.security.audit.symfony-non-literal-redirect.symfony-non-literal-redirect + version_id: O9TyQ0 + url: https://semgrep.dev/playground/r/O9TyQ0/php.symfony.security.audit.symfony-non-literal-redirect.symfony-non-literal-redirect origin: community severity: WARNING - id: php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors @@ -16070,13 +16641,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors shortlink: https://sg.run/kr92 semgrep.dev: rule: rule_id: ZqUOlR - version_id: JdT2Ze - url: https://semgrep.dev/playground/r/JdT2Ze/php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors + version_id: e1Tx47 + url: https://semgrep.dev/playground/r/e1Tx47/php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors origin: community languages: - php @@ -16113,13 +16686,15 @@ rules: cwe: - 'CWE-285: Improper Authorization' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-ajax-no-auth-and-auth-hooks-audit.wp-ajax-no-auth-and-auth-hooks-audit shortlink: https://sg.run/B0eA semgrep.dev: rule: rule_id: DbUe2y - version_id: jQT0JK - url: https://semgrep.dev/playground/r/jQT0JK/php.wordpress-plugins.security.audit.wp-ajax-no-auth-and-auth-hooks-audit.wp-ajax-no-auth-and-auth-hooks-audit + version_id: vdT2or + url: https://semgrep.dev/playground/r/vdT2or/php.wordpress-plugins.security.audit.wp-ajax-no-auth-and-auth-hooks-audit.wp-ajax-no-auth-and-auth-hooks-audit origin: community - id: php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit patterns: @@ -16151,13 +16726,15 @@ rules: cwe: - 'CWE-285: Improper Authorization' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit shortlink: https://sg.run/DqeP semgrep.dev: rule: rule_id: WAU6YK - version_id: 1QTwQx - url: https://semgrep.dev/playground/r/1QTwQx/php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit + version_id: d6TD7r + url: https://semgrep.dev/playground/r/d6TD7r/php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit origin: community - id: php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit patterns: @@ -16190,13 +16767,15 @@ rules: cwe: - 'CWE-94: Improper Control of Generation of Code (''Code Injection'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit shortlink: https://sg.run/WKD2 semgrep.dev: rule: rule_id: 0oU6pX - version_id: 9lT96D - url: https://semgrep.dev/playground/r/9lT96D/php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit + version_id: ZRTwx6 + url: https://semgrep.dev/playground/r/ZRTwx6/php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit origin: community - id: php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit patterns: @@ -16231,13 +16810,15 @@ rules: - 'CWE-78: Improper Neutralization of Special Elements used in an OS Command (''OS Command Injection'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit shortlink: https://sg.run/01Wj semgrep.dev: rule: rule_id: KxUOw0 - version_id: yeTW5k - url: https://semgrep.dev/playground/r/yeTW5k/php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit + version_id: nWT7J8 + url: https://semgrep.dev/playground/r/nWT7J8/php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit origin: community - id: php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit pattern: check_ajax_referer(...,...,false) @@ -16266,13 +16847,15 @@ rules: cwe: - 'CWE-352: Cross-Site Request Forgery (CSRF)' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit shortlink: https://sg.run/K2y5 semgrep.dev: rule: rule_id: qNUKpk - version_id: rxTJGy - url: https://semgrep.dev/playground/r/rxTJGy/php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit + version_id: ExTnv2 + url: https://semgrep.dev/playground/r/ExTnv2/php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit origin: community - id: php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit patterns: @@ -16305,13 +16888,15 @@ rules: owasp: - A01:2021 - Broken Access Control license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit shortlink: https://sg.run/4gkz semgrep.dev: rule: rule_id: lBUNXL - version_id: bZTg6R - url: https://semgrep.dev/playground/r/bZTg6R/php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit + version_id: 7ZTOZe + url: https://semgrep.dev/playground/r/7ZTOZe/php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit origin: community - id: php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit patterns: @@ -16352,13 +16937,16 @@ rules: - 'CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (''PHP Remote File Inclusion'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal + - Code Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit shortlink: https://sg.run/PGPW semgrep.dev: rule: rule_id: YGU8Yo - version_id: NdTpr9 - url: https://semgrep.dev/playground/r/NdTpr9/php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit + version_id: ZRTEN7 + url: https://semgrep.dev/playground/r/ZRTEN7/php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit origin: community - id: php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit patterns: @@ -16395,13 +16983,16 @@ rules: - 'CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (''PHP Remote File Inclusion'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal + - Code Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit shortlink: https://sg.run/JpwW semgrep.dev: rule: rule_id: 6JU0yK - version_id: kbTyek - url: https://semgrep.dev/playground/r/kbTyek/php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit + version_id: nWTePz + url: https://semgrep.dev/playground/r/nWTePz/php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit origin: community - id: php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit pattern: wp_redirect(...) @@ -16431,13 +17022,15 @@ rules: owasp: - A05:2021 - Security Misconfiguration license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit shortlink: https://sg.run/5nZX semgrep.dev: rule: rule_id: oqU5KY - version_id: w8TBy8 - url: https://semgrep.dev/playground/r/w8TBy8/php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit + version_id: gETqEJ + url: https://semgrep.dev/playground/r/gETqEJ/php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit origin: community - id: php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit patterns: @@ -16470,13 +17063,15 @@ rules: owasp: - A03:2021 - Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit shortlink: https://sg.run/G6X2 semgrep.dev: rule: rule_id: zdUelq - version_id: xyTDQ2 - url: https://semgrep.dev/playground/r/xyTDQ2/php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit + version_id: QkTJAk + url: https://semgrep.dev/playground/r/QkTJAk/php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit origin: community - id: php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit patterns: @@ -16519,13 +17114,15 @@ rules: - 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command (''SQL Injection'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit shortlink: https://sg.run/RAbe semgrep.dev: rule: rule_id: pKUQN1 - version_id: O9T2R6 - url: https://semgrep.dev/playground/r/O9T2R6/php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit + version_id: 3ZTdWL + url: https://semgrep.dev/playground/r/3ZTdWL/php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit origin: community - id: problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request message: Insecure transport rules to catch socket connections to http, telnet, and @@ -16547,13 +17144,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request shortlink: https://sg.run/2x9L semgrep.dev: rule: rule_id: NbUkl9 - version_id: BjTn8g - url: https://semgrep.dev/playground/r/BjTn8g/problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request + version_id: X0TPkR + url: https://semgrep.dev/playground/r/X0TPkR/problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request origin: community languages: - java @@ -16600,13 +17199,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server shortlink: https://sg.run/x1zL semgrep.dev: rule: rule_id: 7KUQAE - version_id: 0bTk8o - url: https://semgrep.dev/playground/r/0bTk8o/problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server + version_id: O9TyE0 + url: https://semgrep.dev/playground/r/O9TyE0/problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server origin: community languages: - javascript @@ -16643,13 +17244,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.airflow.security.audit.formatted-string-bashoperator.formatted-string-bashoperator shortlink: https://sg.run/ndBY semgrep.dev: rule: rule_id: 4bUkOY - version_id: jQT9x4 - url: https://semgrep.dev/playground/r/jQT9x4/python.airflow.security.audit.formatted-string-bashoperator.formatted-string-bashoperator + version_id: ExTn62 + url: https://semgrep.dev/playground/r/ExTn62/python.airflow.security.audit.formatted-string-bashoperator.formatted-string-bashoperator origin: community languages: - python @@ -16716,13 +17319,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insecure-cipher-mode-ecb.insecure-cipher-mode-ecb shortlink: https://sg.run/4xr5 semgrep.dev: rule: rule_id: DbUp5g - version_id: 3ZTxvB - url: https://semgrep.dev/playground/r/3ZTxvB/python.cryptography.security.insecure-cipher-mode-ecb.insecure-cipher-mode-ecb + version_id: 5PT6ER + url: https://semgrep.dev/playground/r/5PT6ER/python.cryptography.security.insecure-cipher-mode-ecb.insecure-cipher-mode-ecb origin: community severity: WARNING languages: @@ -16762,13 +17367,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insufficient-ec-key-size.insufficient-ec-key-size shortlink: https://sg.run/GeQq semgrep.dev: rule: rule_id: qNUjZ3 - version_id: WrT5GP - url: https://semgrep.dev/playground/r/WrT5GP/python.cryptography.security.insufficient-ec-key-size.insufficient-ec-key-size + version_id: BjTEvR + url: https://semgrep.dev/playground/r/BjTEvR/python.cryptography.security.insufficient-ec-key-size.insufficient-ec-key-size origin: community languages: - python @@ -16803,13 +17410,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insufficient-rsa-key-size.insufficient-rsa-key-size shortlink: https://sg.run/RoQq semgrep.dev: rule: rule_id: lBU9jn - version_id: GxTWQo - url: https://semgrep.dev/playground/r/GxTWQo/python.cryptography.security.insufficient-rsa-key-size.insufficient-rsa-key-size + version_id: DkTQ7A + url: https://semgrep.dev/playground/r/DkTQ7A/python.cryptography.security.insufficient-rsa-key-size.insufficient-rsa-key-size origin: community languages: - python @@ -16838,13 +17447,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.mode-without-authentication.crypto-mode-without-authentication shortlink: https://sg.run/N9JL semgrep.dev: rule: rule_id: lBUpNZ - version_id: o5T82K - url: https://semgrep.dev/playground/r/o5T82K/python.cryptography.security.mode-without-authentication.crypto-mode-without-authentication + version_id: WrTbJ4 + url: https://semgrep.dev/playground/r/WrTbJ4/python.cryptography.security.mode-without-authentication.crypto-mode-without-authentication origin: community patterns: - pattern-either: @@ -16898,13 +17509,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.avoid-mark-safe.avoid-mark-safe shortlink: https://sg.run/yd0P semgrep.dev: rule: rule_id: eqU8Wr - version_id: DkTeDR - url: https://semgrep.dev/playground/r/DkTeDR/python.django.security.audit.avoid-mark-safe.avoid-mark-safe + version_id: qkTNJ7 + url: https://semgrep.dev/playground/r/qkTNJ7/python.django.security.audit.avoid-mark-safe.avoid-mark-safe origin: community languages: - python @@ -16925,7 +17538,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/expressions/#django.db.models.Func.as_sql - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -16937,13 +17550,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.custom-expression-as-sql.custom-expression-as-sql shortlink: https://sg.run/b7bW semgrep.dev: rule: rule_id: d8Ujk6 - version_id: 0bT6AG - url: https://semgrep.dev/playground/r/0bT6AG/python.django.security.audit.custom-expression-as-sql.custom-expression-as-sql + version_id: YDTo4y + url: https://semgrep.dev/playground/r/YDTo4y/python.django.security.audit.custom-expression-as-sql.custom-expression-as-sql origin: community pattern: "$EXPRESSION.as_sql(...)" severity: WARNING @@ -16980,13 +17595,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config shortlink: https://sg.run/vzBY semgrep.dev: rule: rule_id: gxU1wE - version_id: qkTKkJ - url: https://semgrep.dev/playground/r/qkTKkJ/python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config + version_id: o5TnJ7 + url: https://semgrep.dev/playground/r/o5TnJ7/python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config origin: community severity: WARNING languages: @@ -17007,7 +17624,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/expressions/#avoiding-sql-injection - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -17019,13 +17636,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.extends-custom-expression.extends-custom-expression shortlink: https://sg.run/N4Ay semgrep.dev: rule: rule_id: ZqU5z3 - version_id: l4TN72 - url: https://semgrep.dev/playground/r/l4TN72/python.django.security.audit.extends-custom-expression.extends-custom-expression + version_id: zyT5r5 + url: https://semgrep.dev/playground/r/zyT5r5/python.django.security.audit.extends-custom-expression.extends-custom-expression origin: community severity: WARNING pattern-either: @@ -17158,7 +17777,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/querysets/#django.db.models.query.QuerySet.extra - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -17170,13 +17789,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.query-set-extra.avoid-query-set-extra shortlink: https://sg.run/kXZP semgrep.dev: rule: rule_id: nJUzBP - version_id: YDT8J8 - url: https://semgrep.dev/playground/r/YDT8J8/python.django.security.audit.query-set-extra.avoid-query-set-extra + version_id: pZTrAl + url: https://semgrep.dev/playground/r/pZTrAl/python.django.security.audit.query-set-extra.avoid-query-set-extra origin: community languages: - python @@ -17199,7 +17820,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/expressions/#raw-sql-expressions - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -17211,13 +17832,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.raw-query.avoid-raw-sql shortlink: https://sg.run/weDA semgrep.dev: rule: rule_id: EwU2JA - version_id: rxTXz1 - url: https://semgrep.dev/playground/r/rxTXz1/python.django.security.audit.raw-query.avoid-raw-sql + version_id: 2KT1EW + url: https://semgrep.dev/playground/r/2KT1EW/python.django.security.audit.raw-query.avoid-raw-sql origin: community languages: - python @@ -17273,7 +17896,7 @@ rules: version: '4' references: - https://docs.djangoproject.com/en/3.0/ref/request-response/#django.http.HttpResponse.set_cookie - - https://blog.r2c.dev/2020/bento-check-keeping-cookies-safe-in-flask/ + - https://semgrep.dev/blog/2020/bento-check-keeping-cookies-safe-in-flask/ - https://bento.dev/checks/flask/secure-set-cookie/ category: security technology: @@ -17284,13 +17907,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.django.security.audit.secure-cookies.django-secure-set-cookie shortlink: https://sg.run/x1WL semgrep.dev: rule: rule_id: 7KUQ2E - version_id: BjTOxE - url: https://semgrep.dev/playground/r/BjTOxE/python.django.security.audit.secure-cookies.django-secure-set-cookie + version_id: X0TPlW + url: https://semgrep.dev/playground/r/X0TPlW/python.django.security.audit.secure-cookies.django-secure-set-cookie origin: community languages: - python @@ -17320,13 +17945,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.django.security.audit.templates.debug-template-tag.debug-template-tag shortlink: https://sg.run/dK3E semgrep.dev: rule: rule_id: QrUzb2 - version_id: K3T6O2 - url: https://semgrep.dev/playground/r/K3T6O2/python.django.security.audit.templates.debug-template-tag.debug-template-tag + version_id: jQTKNg + url: https://semgrep.dev/playground/r/jQTKNg/python.django.security.audit.templates.debug-template-tag.debug-template-tag origin: community - id: python.django.security.audit.unvalidated-password.unvalidated-password patterns: @@ -17377,13 +18004,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.django.security.audit.unvalidated-password.unvalidated-password shortlink: https://sg.run/OPBL semgrep.dev: rule: rule_id: L1UywG - version_id: pZTQKg - url: https://semgrep.dev/playground/r/pZTQKg/python.django.security.audit.unvalidated-password.unvalidated-password + version_id: 1QTjkz + url: https://semgrep.dev/playground/r/1QTjkz/python.django.security.audit.unvalidated-password.unvalidated-password origin: community languages: - python @@ -17415,13 +18044,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.class-extends-safestring.class-extends-safestring shortlink: https://sg.run/Zvpw semgrep.dev: rule: rule_id: 3qUPve - version_id: 2KT6gB - url: https://semgrep.dev/playground/r/2KT6gB/python.django.security.audit.xss.class-extends-safestring.class-extends-safestring + version_id: 9lTzXo + url: https://semgrep.dev/playground/r/9lTzXo/python.django.security.audit.xss.class-extends-safestring.class-extends-safestring origin: community languages: - python @@ -17461,13 +18092,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.context-autoescape-off.context-autoescape-off shortlink: https://sg.run/nd7Y semgrep.dev: rule: rule_id: 4bUknY - version_id: 0bTkg2 - url: https://semgrep.dev/playground/r/0bTkg2/python.django.security.audit.xss.context-autoescape-off.context-autoescape-off + version_id: yeTX5n + url: https://semgrep.dev/playground/r/yeTX5n/python.django.security.audit.xss.context-autoescape-off.context-autoescape-off origin: community languages: - python @@ -17515,13 +18148,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.direct-use-of-httpresponse.direct-use-of-httpresponse shortlink: https://sg.run/EknN semgrep.dev: rule: rule_id: PeUZgE - version_id: jQT9b4 - url: https://semgrep.dev/playground/r/jQT9b4/python.django.security.audit.xss.direct-use-of-httpresponse.direct-use-of-httpresponse + version_id: rxTxGk + url: https://semgrep.dev/playground/r/rxTxGk/python.django.security.audit.xss.direct-use-of-httpresponse.direct-use-of-httpresponse origin: community languages: - python @@ -17584,13 +18219,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.filter-with-is-safe.filter-with-is-safe shortlink: https://sg.run/7o12 semgrep.dev: rule: rule_id: JDUyd4 - version_id: 1QTX9r - url: https://semgrep.dev/playground/r/1QTX9r/python.django.security.audit.xss.filter-with-is-safe.filter-with-is-safe + version_id: bZTG6N + url: https://semgrep.dev/playground/r/bZTG6N/python.django.security.audit.xss.filter-with-is-safe.filter-with-is-safe origin: community languages: - python @@ -17625,13 +18262,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.formathtml-fstring-parameter.formathtml-fstring-parameter shortlink: https://sg.run/lxQo semgrep.dev: rule: rule_id: v8UjKg - version_id: 9lTng2 - url: https://semgrep.dev/playground/r/9lTng2/python.django.security.audit.xss.formathtml-fstring-parameter.formathtml-fstring-parameter + version_id: NdT1rN + url: https://semgrep.dev/playground/r/NdT1rN/python.django.security.audit.xss.formathtml-fstring-parameter.formathtml-fstring-parameter origin: community languages: - python @@ -17665,13 +18304,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.global-autoescape-off.global-autoescape-off shortlink: https://sg.run/LwG6 semgrep.dev: rule: rule_id: 5rUOXK - version_id: K3T985 - url: https://semgrep.dev/playground/r/K3T985/python.django.security.audit.xss.global-autoescape-off.global-autoescape-off + version_id: kbT7e6 + url: https://semgrep.dev/playground/r/kbT7e6/python.django.security.audit.xss.global-autoescape-off.global-autoescape-off origin: community languages: - python @@ -17715,13 +18356,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.html-magic-method.html-magic-method shortlink: https://sg.run/8y9N semgrep.dev: rule: rule_id: GdU7QO - version_id: rxT8ZW - url: https://semgrep.dev/playground/r/rxT8ZW/python.django.security.audit.xss.html-magic-method.html-magic-method + version_id: w8T3yA + url: https://semgrep.dev/playground/r/w8T3yA/python.django.security.audit.xss.html-magic-method.html-magic-method origin: community languages: - python @@ -17761,13 +18404,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.html-safe.html-safe shortlink: https://sg.run/gLO0 semgrep.dev: rule: rule_id: ReUg5Y - version_id: bZT4q2 - url: https://semgrep.dev/playground/r/bZT4q2/python.django.security.audit.xss.html-safe.html-safe + version_id: xyT4Qd + url: https://semgrep.dev/playground/r/xyT4Qd/python.django.security.audit.xss.html-safe.html-safe origin: community languages: - python @@ -17803,13 +18448,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-autoescape-off.template-autoescape-off shortlink: https://sg.run/Q5WZ semgrep.dev: rule: rule_id: AbUzAZ - version_id: NdTQ8w - url: https://semgrep.dev/playground/r/NdTQ8w/python.django.security.audit.xss.template-autoescape-off.template-autoescape-off + version_id: O9TyRX + url: https://semgrep.dev/playground/r/O9TyRX/python.django.security.audit.xss.template-autoescape-off.template-autoescape-off origin: community languages: - regex @@ -17864,13 +18511,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-blocktranslate-no-escape.template-blocktranslate-no-escape shortlink: https://sg.run/3xpK semgrep.dev: rule: rule_id: BYUNwg - version_id: kbTZql - url: https://semgrep.dev/playground/r/kbTZql/python.django.security.audit.xss.template-blocktranslate-no-escape.template-blocktranslate-no-escape + version_id: e1TxG1 + url: https://semgrep.dev/playground/r/e1TxG1/python.django.security.audit.xss.template-blocktranslate-no-escape.template-blocktranslate-no-escape origin: community - id: python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape languages: @@ -18003,13 +18652,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape shortlink: https://sg.run/PJDz semgrep.dev: rule: rule_id: WAUov9 - version_id: xyT3Xz - url: https://semgrep.dev/playground/r/xyT3Xz/python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape + version_id: d6TDpy + url: https://semgrep.dev/playground/r/d6TDpy/python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape origin: community - id: python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape languages: @@ -18041,13 +18692,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape shortlink: https://sg.run/J9Jy semgrep.dev: rule: rule_id: 0oU5AN - version_id: O9TZeb - url: https://semgrep.dev/playground/r/O9TZeb/python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape + version_id: ZRTwX2 + url: https://semgrep.dev/playground/r/ZRTwX2/python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape origin: community - id: python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq message: Detected a template variable where autoescaping is explicitly disabled @@ -18074,13 +18727,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq shortlink: https://sg.run/5Q30 semgrep.dev: rule: rule_id: KxUbdx - version_id: e1TAWn - url: https://semgrep.dev/playground/r/e1TAWn/python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq + version_id: nWT70Q + url: https://semgrep.dev/playground/r/nWT70Q/python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq origin: community languages: - regex @@ -18118,13 +18773,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.globals-as-template-context.globals-as-template-context shortlink: https://sg.run/7GYv semgrep.dev: rule: rule_id: j2UR3n - version_id: d6TbkB - url: https://semgrep.dev/playground/r/d6TbkB/python.django.security.globals-as-template-context.globals-as-template-context + version_id: 7ZTOXP + url: https://semgrep.dev/playground/r/7ZTOXP/python.django.security.globals-as-template-context.globals-as-template-context origin: community pattern-either: - pattern: django.shortcuts.render(..., globals(...), ...) @@ -18158,13 +18815,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.injection.code.globals-misuse-code-execution.globals-misuse-code-execution shortlink: https://sg.run/Kl55 semgrep.dev: rule: rule_id: AbUzAA - version_id: ZRTyzw - url: https://semgrep.dev/playground/r/ZRTyzw/python.django.security.injection.code.globals-misuse-code-execution.globals-misuse-code-execution + version_id: LjT0ll + url: https://semgrep.dev/playground/r/LjT0ll/python.django.security.injection.code.globals-misuse-code-execution.globals-misuse-code-execution origin: community languages: - python @@ -18392,13 +19051,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/python.django.security.injection.mass-assignment.mass-assignment shortlink: https://sg.run/Ro0q semgrep.dev: rule: rule_id: lBU97n - version_id: PkTnpo - url: https://semgrep.dev/playground/r/PkTnpo/python.django.security.injection.mass-assignment.mass-assignment + version_id: RGTbr7 + url: https://semgrep.dev/playground/r/RGTbr7/python.django.security.injection.mass-assignment.mass-assignment origin: community pattern-either: - pattern: "$MODEL.objects.create(**request.$W)" @@ -18430,13 +19091,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.django.security.injection.path-traversal.path-traversal-join.path-traversal-join shortlink: https://sg.run/Dovo semgrep.dev: rule: rule_id: 6JUjLj - version_id: pZT7zy - url: https://semgrep.dev/playground/r/pZT7zy/python.django.security.injection.path-traversal.path-traversal-join.path-traversal-join + version_id: DkTQvA + url: https://semgrep.dev/playground/r/DkTQvA/python.django.security.injection.path-traversal.path-traversal-join.path-traversal-join origin: community patterns: - pattern-inside: | @@ -18540,13 +19203,15 @@ rules: likelihood: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/python.django.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/PbZp semgrep.dev: rule: rule_id: lBU8Ad - version_id: GxTWGb - url: https://semgrep.dev/playground/r/GxTWGb/python.django.security.injection.tainted-sql-string.tainted-sql-string + version_id: jQTK9g + url: https://semgrep.dev/playground/r/jQTK9g/python.django.security.injection.tainted-sql-string.tainted-sql-string origin: community severity: ERROR languages: @@ -18602,13 +19267,15 @@ rules: impact: MEDIUM likelihood: LOW confidence: LOW + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/python.django.security.injection.tainted-url-host.tainted-url-host shortlink: https://sg.run/oYz6 semgrep.dev: rule: rule_id: 6JU1l0 - version_id: RGTwXW - url: https://semgrep.dev/playground/r/RGTwXW/python.django.security.injection.tainted-url-host.tainted-url-host + version_id: 1QTjXz + url: https://semgrep.dev/playground/r/1QTjXz/python.django.security.injection.tainted-url-host.tainted-url-host origin: community mode: taint pattern-sinks: @@ -18681,13 +19348,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.locals-as-template-context.locals-as-template-context shortlink: https://sg.run/L8XL semgrep.dev: rule: rule_id: 10Ued2 - version_id: A8Tn61 - url: https://semgrep.dev/playground/r/A8Tn61/python.django.security.locals-as-template-context.locals-as-template-context + version_id: 9lTzno + url: https://semgrep.dev/playground/r/9lTzno/python.django.security.locals-as-template-context.locals-as-template-context origin: community pattern-either: - pattern: django.shortcuts.render(..., locals(...), ...) @@ -18737,13 +19406,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/python.docker.security.audit.docker-arbitrary-container-run.docker-arbitrary-container-run shortlink: https://sg.run/pxEL semgrep.dev: rule: rule_id: r6Ur5A - version_id: 0bT64B - url: https://semgrep.dev/playground/r/0bT64B/python.docker.security.audit.docker-arbitrary-container-run.docker-arbitrary-container-run + version_id: NdT1QN + url: https://semgrep.dev/playground/r/NdT1QN/python.docker.security.audit.docker-arbitrary-container-run.docker-arbitrary-container-run origin: community - id: python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG message: Hardcoded variable `DEBUG` detected. Set this by using FLASK_DEBUG environment @@ -18767,13 +19438,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG shortlink: https://sg.run/LwPo semgrep.dev: rule: rule_id: JDUyJR - version_id: o5Tp5z - url: https://semgrep.dev/playground/r/o5Tp5z/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG + version_id: ZRTwy2 + url: https://semgrep.dev/playground/r/ZRTwy2/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG origin: community languages: - python @@ -18804,13 +19477,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_ENV shortlink: https://sg.run/7oXW semgrep.dev: rule: rule_id: PeUZpr - version_id: 6xTw0j - url: https://semgrep.dev/playground/r/6xTw0j/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_ENV + version_id: d6TDby + url: https://semgrep.dev/playground/r/d6TDby/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_ENV origin: community languages: - python @@ -18839,13 +19514,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_SECRET_KEY shortlink: https://sg.run/Ekde semgrep.dev: rule: rule_id: 4bUkX0 - version_id: YDTK86 - url: https://semgrep.dev/playground/r/YDTK86/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_SECRET_KEY + version_id: vdT238 + url: https://semgrep.dev/playground/r/vdT238/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_SECRET_KEY origin: community languages: - python @@ -18874,13 +19551,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_TESTING shortlink: https://sg.run/ndZ2 semgrep.dev: rule: rule_id: 3qUPoy - version_id: l4TANl - url: https://semgrep.dev/playground/r/l4TANl/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_TESTING + version_id: e1TxA1 + url: https://semgrep.dev/playground/r/e1TxA1/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_TESTING origin: community languages: - python @@ -18908,13 +19587,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.flask.security.audit.render-template-string.render-template-string shortlink: https://sg.run/8yjE semgrep.dev: rule: rule_id: 5rUOv1 - version_id: o5T571 - url: https://semgrep.dev/playground/r/o5T571/python.flask.security.audit.render-template-string.render-template-string + version_id: ExTnYv + url: https://semgrep.dev/playground/r/ExTnYv/python.flask.security.audit.render-template-string.render-template-string origin: community message: Found a template created with string formatting. This is susceptible to server-side template injection and cross-site scripting attacks. @@ -18945,7 +19626,7 @@ rules: owasp: - A05:2021 - Security Misconfiguration references: - - https://blog.r2c.dev/2020/bento-check-keeping-cookies-safe-in-flask/ + - https://semgrep.dev/blog/2020/bento-check-keeping-cookies-safe-in-flask/ - https://bento.dev/checks/flask/secure-set-cookie/ - https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options category: security @@ -18957,13 +19638,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.flask.security.audit.secure-set-cookie.secure-set-cookie shortlink: https://sg.run/gLkZ semgrep.dev: rule: rule_id: GdU7GR - version_id: zyTex2 - url: https://semgrep.dev/playground/r/zyTex2/python.flask.security.audit.secure-set-cookie.secure-set-cookie + version_id: 7ZTOYP + url: https://semgrep.dev/playground/r/7ZTOYP/python.flask.security.audit.secure-set-cookie.secure-set-cookie origin: community languages: - python @@ -18988,13 +19671,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/python.flask.security.audit.wtf-csrf-disabled.flask-wtf-csrf-disabled shortlink: https://sg.run/Q5AQ semgrep.dev: rule: rule_id: ReUgXz - version_id: pZTQBY - url: https://semgrep.dev/playground/r/pZTQBY/python.flask.security.audit.wtf-csrf-disabled.flask-wtf-csrf-disabled + version_id: LjT0pl + url: https://semgrep.dev/playground/r/LjT0pl/python.flask.security.audit.wtf-csrf-disabled.flask-wtf-csrf-disabled origin: community severity: WARNING languages: @@ -19050,13 +19735,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.audit.xss.make-response-with-unknown-content.make-response-with-unknown-content shortlink: https://sg.run/3x3p semgrep.dev: rule: rule_id: AbUz6A - version_id: 2KT6Dq - url: https://semgrep.dev/playground/r/2KT6Dq/python.flask.security.audit.xss.make-response-with-unknown-content.make-response-with-unknown-content + version_id: 8KTbLL + url: https://semgrep.dev/playground/r/8KTbLL/python.flask.security.audit.xss.make-response-with-unknown-content.make-response-with-unknown-content origin: community languages: - python @@ -19081,13 +19768,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.flask.security.dangerous-template-string.dangerous-template-string shortlink: https://sg.run/b79E semgrep.dev: rule: rule_id: v8UnZJ - version_id: X0TJvb - url: https://semgrep.dev/playground/r/X0TJvb/python.flask.security.dangerous-template-string.dangerous-template-string + version_id: gETq5L + url: https://semgrep.dev/playground/r/gETq5L/python.flask.security.dangerous-template-string.dangerous-template-string origin: community languages: - python @@ -19165,13 +19854,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.flask.security.flask-api-method-string-format.flask-api-method-string-format shortlink: https://sg.run/bDWr semgrep.dev: rule: rule_id: NbUAeY - version_id: jQT9EE - url: https://semgrep.dev/playground/r/jQT9EE/python.flask.security.flask-api-method-string-format.flask-api-method-string-format + version_id: QkTJQL + url: https://semgrep.dev/playground/r/QkTJQL/python.flask.security.flask-api-method-string-format.flask-api-method-string-format origin: community - id: python.flask.security.injection.os-system-injection.os-system-injection languages: @@ -19200,13 +19891,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.flask.security.injection.os-system-injection.os-system-injection shortlink: https://sg.run/4xzz semgrep.dev: rule: rule_id: BYUN99 - version_id: yeTd6w - url: https://semgrep.dev/playground/r/yeTd6w/python.flask.security.injection.os-system-injection.os-system-injection + version_id: PkTYnq + url: https://semgrep.dev/playground/r/PkTYnq/python.flask.security.injection.os-system-injection.os-system-injection origin: community pattern-either: - patterns: @@ -19278,13 +19971,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.flask.security.injection.path-traversal-open.path-traversal-open shortlink: https://sg.run/PJRW semgrep.dev: rule: rule_id: DbUpOQ - version_id: rxT8xO - url: https://semgrep.dev/playground/r/rxT8xO/python.flask.security.injection.path-traversal-open.path-traversal-open + version_id: JdTqZY + url: https://semgrep.dev/playground/r/JdTqZY/python.flask.security.injection.path-traversal-open.path-traversal-open origin: community pattern-either: - patterns: @@ -19384,13 +20079,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.flask.security.insecure-deserialization.insecure-deserialization shortlink: https://sg.run/N45z semgrep.dev: rule: rule_id: d8UjBO - version_id: vdT324 - url: https://semgrep.dev/playground/r/vdT324/python.flask.security.insecure-deserialization.insecure-deserialization + version_id: 0bTv6b + url: https://semgrep.dev/playground/r/0bTv6b/python.flask.security.insecure-deserialization.insecure-deserialization origin: community message: Detected the use of an insecure deserialization library in a Flask route. These libraries are prone to code execution vulnerabilities. Ensure user data @@ -19472,13 +20169,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/python.flask.security.open-redirect.open-redirect shortlink: https://sg.run/kXe2 semgrep.dev: rule: rule_id: ZqU5LR - version_id: 5PTBYY - url: https://semgrep.dev/playground/r/5PTBYY/python.flask.security.open-redirect.open-redirect + version_id: K3TlOL + url: https://semgrep.dev/playground/r/K3TlOL/python.flask.security.open-redirect.open-redirect origin: community languages: - python @@ -19509,13 +20208,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.flask.security.secure-static-file-serve.avoid_send_file_without_path_sanitization shortlink: https://sg.run/weGP semgrep.dev: rule: rule_id: nJUz6A - version_id: ZRTywe - url: https://semgrep.dev/playground/r/ZRTywe/python.flask.security.secure-static-file-serve.avoid_send_file_without_path_sanitization + version_id: qkTNK7 + url: https://semgrep.dev/playground/r/qkTNK7/python.flask.security.secure-static-file-serve.avoid_send_file_without_path_sanitization origin: community languages: - python @@ -19535,7 +20236,7 @@ rules: source-rule-url: https://pypi.org/project/flake8-flask/ references: - https://flask.palletsprojects.com/en/1.1.x/templating/#jinja-setup - - https://blog.r2c.dev/2020/bento-check-unescaped-template-extensions-in-flask/ + - https://semgrep.dev/blog/2020/bento-check-unescaped-template-extensions-in-flask/ - https://bento.dev/checks/flask/unescaped-file-extension/ category: security technology: @@ -19548,13 +20249,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.unescaped-template-extension.unescaped-template-extension shortlink: https://sg.run/x1Rg semgrep.dev: rule: rule_id: EwU293 - version_id: nWTw7p - url: https://semgrep.dev/playground/r/nWTw7p/python.flask.security.unescaped-template-extension.unescaped-template-extension + version_id: l4T5N0 + url: https://semgrep.dev/playground/r/l4T5N0/python.flask.security.unescaped-template-extension.unescaped-template-extension origin: community patterns: - pattern-not: flask.render_template("=~/.+\.html$/", ...) @@ -19609,13 +20312,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.unsanitized-input.response-contains-unsanitized-input shortlink: https://sg.run/OPGn semgrep.dev: rule: rule_id: 7KUQLl - version_id: ExTYnN - url: https://semgrep.dev/playground/r/ExTYnN/python.flask.security.unsanitized-input.response-contains-unsanitized-input + version_id: YDTo8y + url: https://semgrep.dev/playground/r/YDTo8y/python.flask.security.unsanitized-input.response-contains-unsanitized-input origin: community languages: - python @@ -19662,13 +20367,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 shortlink: https://sg.run/RoKe semgrep.dev: rule: rule_id: qNUjN2 - version_id: 7ZTYOn - url: https://semgrep.dev/playground/r/7ZTYOn/python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 + version_id: JdTqZd + url: https://semgrep.dev/playground/r/JdTqZd/python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 origin: community languages: - python @@ -19711,13 +20418,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.xss.audit.explicit-unescape-with-markup.explicit-unescape-with-markup shortlink: https://sg.run/AvZ8 semgrep.dev: rule: rule_id: lBU95l - version_id: LjTp0k - url: https://semgrep.dev/playground/r/LjTp0k/python.flask.security.xss.audit.explicit-unescape-with-markup.explicit-unescape-with-markup + version_id: 5PT6Yv + url: https://semgrep.dev/playground/r/5PT6Yv/python.flask.security.xss.audit.explicit-unescape-with-markup.explicit-unescape-with-markup origin: community languages: - python @@ -19753,13 +20462,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.xss.audit.template-autoescape-off.template-autoescape-off shortlink: https://sg.run/Bkn2 semgrep.dev: rule: rule_id: YGURo6 - version_id: 8KTLbN - url: https://semgrep.dev/playground/r/8KTLbN/python.flask.security.xss.audit.template-autoescape-off.template-autoescape-off + version_id: GxT2W2 + url: https://semgrep.dev/playground/r/GxT2W2/python.flask.security.xss.audit.template-autoescape-off.template-autoescape-off origin: community languages: - regex @@ -19778,7 +20489,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -19791,13 +20502,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.jwt.security.audit.jwt-exposed-data.jwt-python-exposed-data shortlink: https://sg.run/ox8R semgrep.dev: rule: rule_id: 9AU1zW - version_id: JdTZq2 - url: https://semgrep.dev/playground/r/JdTZq2/python.jwt.security.audit.jwt-exposed-data.jwt-python-exposed-data + version_id: 0bTvQ7 + url: https://semgrep.dev/playground/r/0bTvQ7/python.jwt.security.audit.jwt-exposed-data.jwt-python-exposed-data origin: community languages: - python @@ -19815,7 +20528,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ references: - https://cwe.mitre.org/data/definitions/522.html category: security @@ -19828,13 +20541,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.jwt.security.jwt-exposed-credentials.jwt-python-exposed-credentials shortlink: https://sg.run/qxPy semgrep.dev: rule: rule_id: 2ZUb1L - version_id: 5PTY6x - url: https://semgrep.dev/playground/r/5PTY6x/python.jwt.security.jwt-exposed-credentials.jwt-python-exposed-credentials + version_id: K3TlPb + url: https://semgrep.dev/playground/r/K3TlPb/python.jwt.security.jwt-exposed-credentials.jwt-python-exposed-credentials origin: community message: Password is exposed through JWT token payload. This is not encrypted and the password could be compromised. Do not store passwords in JWT tokens. @@ -19873,13 +20588,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.jwt.security.unverified-jwt-decode.unverified-jwt-decode shortlink: https://sg.run/6nyB semgrep.dev: rule: rule_id: 10UKjo - version_id: A8TnR1 - url: https://semgrep.dev/playground/r/A8TnR1/python.jwt.security.unverified-jwt-decode.unverified-jwt-decode + version_id: YDTozD + url: https://semgrep.dev/playground/r/YDTozD/python.jwt.security.unverified-jwt-decode.unverified-jwt-decode origin: community fix-regex: regex: "(verify\\s*=\\s*)False" @@ -19914,13 +20631,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.audit.conn_recv.multiprocessing-recv shortlink: https://sg.run/x1lz semgrep.dev: rule: rule_id: nJUzeK - version_id: BjTGEn - url: https://semgrep.dev/playground/r/BjTGEn/python.lang.security.audit.conn_recv.multiprocessing-recv + version_id: 6xTeAE + url: https://semgrep.dev/playground/r/6xTeAE/python.lang.security.audit.conn_recv.multiprocessing-recv origin: community pattern-either: - pattern: multiprocessing.connection.Connection.recv(...) @@ -19961,13 +20680,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage shortlink: https://sg.run/8R6J semgrep.dev: rule: rule_id: 9AUkR3 - version_id: DkTeQP - url: https://semgrep.dev/playground/r/DkTeQP/python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage + version_id: o5TnWB + url: https://semgrep.dev/playground/r/o5TnWB/python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage origin: community languages: - python @@ -20024,19 +20745,22 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected shortlink: https://sg.run/dKZZ semgrep.dev: rule: rule_id: 8GUj22 - version_id: X0T0J5 - url: https://semgrep.dev/playground/r/X0T0J5/python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected + version_id: 7ZTO58 + url: https://semgrep.dev/playground/r/7ZTO58/python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected origin: community languages: - python severity: WARNING - id: python.lang.security.audit.eval-detected.eval-detected patterns: + - pattern-not: eval(f"") - pattern-not: eval("...") - pattern: eval(...) message: Detected the use of eval(). eval() can be dangerous if used to evaluate @@ -20066,13 +20790,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.eval-detected.eval-detected shortlink: https://sg.run/ZvrD semgrep.dev: rule: rule_id: gxU149 - version_id: O9TZ0D - url: https://semgrep.dev/playground/r/O9TZ0D/python.lang.security.audit.eval-detected.eval-detected + version_id: X0T3nj + url: https://semgrep.dev/playground/r/X0T3nj/python.lang.security.audit.eval-detected.eval-detected origin: community languages: - python @@ -20108,13 +20834,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.exec-detected.exec-detected shortlink: https://sg.run/ndRX semgrep.dev: rule: rule_id: QrUzKv - version_id: e1TAdz - url: https://semgrep.dev/playground/r/e1TAdz/python.lang.security.audit.exec-detected.exec-detected + version_id: 8KTbW8 + url: https://semgrep.dev/playground/r/8KTbW8/python.lang.security.audit.exec-detected.exec-detected origin: community languages: - python @@ -20141,13 +20869,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.formatted-sql-query.formatted-sql-query shortlink: https://sg.run/EkWw semgrep.dev: rule: rule_id: 3qUP9k - version_id: vdT3k4 - url: https://semgrep.dev/playground/r/vdT3k4/python.lang.security.audit.formatted-sql-query.formatted-sql-query + version_id: gETqL2 + url: https://semgrep.dev/playground/r/gETqL2/python.lang.security.audit.formatted-sql-query.formatted-sql-query origin: community severity: WARNING languages: @@ -20191,13 +20921,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.ftplib.ftplib shortlink: https://sg.run/7oyZ semgrep.dev: rule: rule_id: 4bUkv7 - version_id: d6TbRK - url: https://semgrep.dev/playground/r/d6TbRK/python.lang.security.audit.ftplib.ftplib + version_id: QkTJBN + url: https://semgrep.dev/playground/r/QkTJBN/python.lang.security.audit.ftplib.ftplib origin: community severity: WARNING languages: @@ -20233,13 +20965,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/python.lang.security.audit.hardcoded-password-default-argument.hardcoded-password-default-argument shortlink: https://sg.run/Lw9r semgrep.dev: rule: rule_id: PeUZAW - version_id: 9lTwgD - url: https://semgrep.dev/playground/r/9lTwgD/python.lang.security.audit.hardcoded-password-default-argument.hardcoded-password-default-argument + version_id: 3ZTd7X + url: https://semgrep.dev/playground/r/3ZTd7X/python.lang.security.audit.hardcoded-password-default-argument.hardcoded-password-default-argument origin: community - id: python.lang.security.audit.httpsconnection-detected.httpsconnection-detected message: The HTTPSConnection API has changed frequently with minor releases of Python. @@ -20264,13 +20998,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.lang.security.audit.httpsconnection-detected.httpsconnection-detected shortlink: https://sg.run/8yby semgrep.dev: rule: rule_id: JDUy7y - version_id: nWTwep - url: https://semgrep.dev/playground/r/nWTwep/python.lang.security.audit.httpsconnection-detected.httpsconnection-detected + version_id: 44Toxd + url: https://semgrep.dev/playground/r/44Toxd/python.lang.security.audit.httpsconnection-detected.httpsconnection-detected origin: community severity: WARNING languages: @@ -20303,13 +21039,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls shortlink: https://sg.run/AvPp semgrep.dev: rule: rule_id: qNUjlR - version_id: 7ZTY7n - url: https://semgrep.dev/playground/r/7ZTY7n/python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls + version_id: JdTq2d + url: https://semgrep.dev/playground/r/JdTq2d/python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls origin: community severity: WARNING languages: @@ -20367,13 +21105,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.requests.request-session-http-in-with-context.request-session-http-in-with-context shortlink: https://sg.run/Bk5W semgrep.dev: rule: rule_id: lBU9BZ - version_id: zyTgNb - url: https://semgrep.dev/playground/r/zyTgNb/python.lang.security.audit.insecure-transport.requests.request-session-http-in-with-context.request-session-http-in-with-context + version_id: 5PT6Bv + url: https://semgrep.dev/playground/r/5PT6Bv/python.lang.security.audit.insecure-transport.requests.request-session-http-in-with-context.request-session-http-in-with-context origin: community languages: - python @@ -20431,13 +21171,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.requests.request-session-with-http.request-session-with-http shortlink: https://sg.run/DoBY semgrep.dev: rule: rule_id: YGURXw - version_id: pZTgen - url: https://semgrep.dev/playground/r/pZTgen/python.lang.security.audit.insecure-transport.requests.request-session-with-http.request-session-with-http + version_id: GxT242 + url: https://semgrep.dev/playground/r/GxT242/python.lang.security.audit.insecure-transport.requests.request-session-with-http.request-session-with-http origin: community - id: python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http fix-regex: @@ -20469,13 +21211,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http shortlink: https://sg.run/W8J4 semgrep.dev: rule: rule_id: 6JUjpG - version_id: 2KTN5R - url: https://semgrep.dev/playground/r/2KTN5R/python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http + version_id: RGTbBv + url: https://semgrep.dev/playground/r/RGTbBv/python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http origin: community languages: - python @@ -20530,13 +21274,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.ssl.no-set-ciphers.no-set-ciphers shortlink: https://sg.run/0Q0v semgrep.dev: rule: rule_id: oqUeYJ - version_id: QkTQyA - url: https://semgrep.dev/playground/r/QkTQyA/python.lang.security.audit.insecure-transport.ssl.no-set-ciphers.no-set-ciphers + version_id: A8TRyb + url: https://semgrep.dev/playground/r/A8TRyb/python.lang.security.audit.insecure-transport.ssl.no-set-ciphers.no-set-ciphers origin: community languages: - python @@ -20563,13 +21309,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open-ftp.insecure-openerdirector-open-ftp shortlink: https://sg.run/Klj7 semgrep.dev: rule: rule_id: zdUkPQ - version_id: 3ZTxJb - url: https://semgrep.dev/playground/r/3ZTxJb/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open-ftp.insecure-openerdirector-open-ftp + version_id: BjTEoW + url: https://semgrep.dev/playground/r/BjTEoW/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open-ftp.insecure-openerdirector-open-ftp origin: community severity: WARNING languages: @@ -20624,13 +21372,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open.insecure-openerdirector-open shortlink: https://sg.run/qxKz semgrep.dev: rule: rule_id: pKUO9Q - version_id: 44TY3G - url: https://semgrep.dev/playground/r/44TY3G/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open.insecure-openerdirector-open + version_id: DkTQL6 + url: https://semgrep.dev/playground/r/DkTQL6/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open.insecure-openerdirector-open origin: community severity: WARNING languages: @@ -20692,13 +21442,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-request-object-ftp.insecure-request-object-ftp shortlink: https://sg.run/l2Py semgrep.dev: rule: rule_id: 2ZUbWA - version_id: PkTnLn - url: https://semgrep.dev/playground/r/PkTnLn/python.lang.security.audit.insecure-transport.urllib.insecure-request-object-ftp.insecure-request-object-ftp + version_id: WrTbgO + url: https://semgrep.dev/playground/r/WrTbgO/python.lang.security.audit.insecure-transport.urllib.insecure-request-object-ftp.insecure-request-object-ftp origin: community severity: WARNING languages: @@ -20733,13 +21485,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-request-object.insecure-request-object shortlink: https://sg.run/YvAe semgrep.dev: rule: rule_id: X5U8Bp - version_id: JdTZg2 - url: https://semgrep.dev/playground/r/JdTZg2/python.lang.security.audit.insecure-transport.urllib.insecure-request-object.insecure-request-object + version_id: 0bTvZ7 + url: https://semgrep.dev/playground/r/0bTvZ7/python.lang.security.audit.insecure-transport.urllib.insecure-request-object.insecure-request-object origin: community severity: WARNING languages: @@ -20779,13 +21533,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen-ftp.insecure-urlopen-ftp shortlink: https://sg.run/6n1o semgrep.dev: rule: rule_id: j2UvOG - version_id: 5PTY5x - url: https://semgrep.dev/playground/r/5PTY5x/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen-ftp.insecure-urlopen-ftp + version_id: K3TlRb + url: https://semgrep.dev/playground/r/K3TlRb/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen-ftp.insecure-urlopen-ftp origin: community severity: WARNING languages: @@ -20820,13 +21576,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen.insecure-urlopen shortlink: https://sg.run/oxB9 semgrep.dev: rule: rule_id: 10UKgW - version_id: GxTWwb - url: https://semgrep.dev/playground/r/GxTWwb/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen.insecure-urlopen + version_id: qkTNro + url: https://semgrep.dev/playground/r/qkTNro/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen.insecure-urlopen origin: community severity: WARNING languages: @@ -20865,13 +21623,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open-ftp.insecure-urlopener-open-ftp shortlink: https://sg.run/zvwG semgrep.dev: rule: rule_id: 9AU1DY - version_id: RGTwvW - url: https://semgrep.dev/playground/r/RGTwvW/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open-ftp.insecure-urlopener-open-ftp + version_id: l4T5Yz + url: https://semgrep.dev/playground/r/l4T5Yz/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open-ftp.insecure-urlopener-open-ftp origin: community severity: WARNING languages: @@ -20926,13 +21686,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open.insecure-urlopener-open shortlink: https://sg.run/pxWg semgrep.dev: rule: rule_id: yyUnwW - version_id: A8TnY1 - url: https://semgrep.dev/playground/r/A8TnY1/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open.insecure-urlopener-open + version_id: YDToxD + url: https://semgrep.dev/playground/r/YDToxD/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open.insecure-urlopener-open origin: community severity: WARNING languages: @@ -20992,13 +21754,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve-ftp.insecure-urlopener-retrieve-ftp shortlink: https://sg.run/2xY0 semgrep.dev: rule: rule_id: r6UrPp - version_id: BjTGYn - url: https://semgrep.dev/playground/r/BjTGYn/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve-ftp.insecure-urlopener-retrieve-ftp + version_id: 6xTekE + url: https://semgrep.dev/playground/r/6xTekE/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve-ftp.insecure-urlopener-retrieve-ftp origin: community severity: WARNING languages: @@ -21053,13 +21817,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve.insecure-urlopener-retrieve shortlink: https://sg.run/XBGK semgrep.dev: rule: rule_id: bwUw0n - version_id: DkTe8P - url: https://semgrep.dev/playground/r/DkTe8P/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve.insecure-urlopener-retrieve + version_id: o5TnPB + url: https://semgrep.dev/playground/r/o5TnPB/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve.insecure-urlopener-retrieve origin: community severity: WARNING languages: @@ -21119,13 +21885,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve-ftp.insecure-urlretrieve-ftp shortlink: https://sg.run/jR8Y semgrep.dev: rule: rule_id: NbUknL - version_id: WrT6xD - url: https://semgrep.dev/playground/r/WrT6xD/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve-ftp.insecure-urlretrieve-ftp + version_id: zyT59G + url: https://semgrep.dev/playground/r/zyT59G/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve-ftp.insecure-urlretrieve-ftp origin: community severity: WARNING languages: @@ -21160,13 +21928,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve.insecure-urlretrieve shortlink: https://sg.run/1Zqw semgrep.dev: rule: rule_id: kxUk4N - version_id: 0bT6OB - url: https://semgrep.dev/playground/r/0bT6OB/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve.insecure-urlretrieve + version_id: pZTrJN + url: https://semgrep.dev/playground/r/pZTrJN/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve.insecure-urlretrieve origin: community severity: WARNING languages: @@ -21210,13 +21980,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.logging.listeneval.listen-eval shortlink: https://sg.run/9okY semgrep.dev: rule: rule_id: wdUJQY - version_id: K3TOyE - url: https://semgrep.dev/playground/r/K3TOyE/python.lang.security.audit.logging.listeneval.listen-eval + version_id: 2KT1Xr + url: https://semgrep.dev/playground/r/2KT1Xr/python.lang.security.audit.logging.listeneval.listen-eval origin: community severity: WARNING pattern: logging.config.listen(...) @@ -21248,13 +22020,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.lang.security.audit.mako-templates-detected.mako-templates-detected shortlink: https://sg.run/Q5v4 semgrep.dev: rule: rule_id: GdU79Z - version_id: l4TNPG - url: https://semgrep.dev/playground/r/l4TNPG/python.lang.security.audit.mako-templates-detected.mako-templates-detected + version_id: jQTKpn + url: https://semgrep.dev/playground/r/jQTKpn/python.lang.security.audit.mako-templates-detected.mako-templates-detected origin: community languages: - python @@ -21284,13 +22058,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.audit.marshal.marshal-usage shortlink: https://sg.run/3xor semgrep.dev: rule: rule_id: ReUg13 - version_id: YDT8P9 - url: https://semgrep.dev/playground/r/YDT8P9/python.lang.security.audit.marshal.marshal-usage + version_id: 1QTjn2 + url: https://semgrep.dev/playground/r/1QTjn2/python.lang.security.audit.marshal.marshal-usage origin: community pattern-either: - pattern: marshal.dump(...) @@ -21318,13 +22094,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.network.http-not-https-connection.http-not-https-connection shortlink: https://sg.run/N4Np semgrep.dev: rule: rule_id: v8UnWQ - version_id: RGTwvl - url: https://semgrep.dev/playground/r/RGTwvl/python.lang.security.audit.network.http-not-https-connection.http-not-https-connection + version_id: bZTGJ6 + url: https://semgrep.dev/playground/r/bZTGJ6/python.lang.security.audit.network.http-not-https-connection.http-not-https-connection origin: community languages: - python @@ -21359,13 +22137,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/python.lang.security.audit.non-literal-import.non-literal-import shortlink: https://sg.run/y6Jk semgrep.dev: rule: rule_id: AbUGN5 - version_id: A8TnY4 - url: https://semgrep.dev/playground/r/A8TnY4/python.lang.security.audit.non-literal-import.non-literal-import + version_id: NdT1EQ + url: https://semgrep.dev/playground/r/NdT1EQ/python.lang.security.audit.non-literal-import.non-literal-import origin: community languages: - python @@ -21399,13 +22179,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key shortlink: https://sg.run/4xpl semgrep.dev: rule: rule_id: AbUzbe - version_id: DkTe8O - url: https://semgrep.dev/playground/r/DkTe8O/python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key + version_id: w8T3vv + url: https://semgrep.dev/playground/r/w8T3vv/python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key origin: community languages: - python @@ -21441,13 +22223,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command shortlink: https://sg.run/kXQ7 semgrep.dev: rule: rule_id: d8Uj9x - version_id: BjTGYw - url: https://semgrep.dev/playground/r/BjTGYw/python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command + version_id: kbT79r + url: https://semgrep.dev/playground/r/kbT79r/python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command origin: community severity: ERROR languages: @@ -21482,13 +22266,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.python-reverse-shell.python-reverse-shell shortlink: https://sg.run/gYZJ semgrep.dev: rule: rule_id: nJUZRY - version_id: WrT6xb - url: https://semgrep.dev/playground/r/WrT6xb/python.lang.security.audit.python-reverse-shell.python-reverse-shell + version_id: xyT41l + url: https://semgrep.dev/playground/r/xyT41l/python.lang.security.audit.python-reverse-shell.python-reverse-shell origin: community languages: - python @@ -21521,13 +22307,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.aiopg-sqli.aiopg-sqli shortlink: https://sg.run/WgGL semgrep.dev: rule: rule_id: DbUWRY - version_id: 0bT6OO - url: https://semgrep.dev/playground/r/0bT6OO/python.lang.security.audit.sqli.aiopg-sqli.aiopg-sqli + version_id: e1TxwX + url: https://semgrep.dev/playground/r/e1TxwX/python.lang.security.audit.sqli.aiopg-sqli.aiopg-sqli origin: community patterns: - pattern-either: @@ -21633,13 +22421,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.asyncpg-sqli.asyncpg-sqli shortlink: https://sg.run/0nBB semgrep.dev: rule: rule_id: WAUZqq - version_id: K3T1zD - url: https://semgrep.dev/playground/r/K3T1zD/python.lang.security.audit.sqli.asyncpg-sqli.asyncpg-sqli + version_id: vdT2JA + url: https://semgrep.dev/playground/r/vdT2JA/python.lang.security.audit.sqli.asyncpg-sqli.asyncpg-sqli origin: community patterns: - pattern-either: @@ -21729,13 +22519,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.pg8000-sqli.pg8000-sqli shortlink: https://sg.run/KWAL semgrep.dev: rule: rule_id: 0oUEKo - version_id: qkT31E - url: https://semgrep.dev/playground/r/qkT31E/python.lang.security.audit.sqli.pg8000-sqli.pg8000-sqli + version_id: d6TDE0 + url: https://semgrep.dev/playground/r/d6TDE0/python.lang.security.audit.sqli.pg8000-sqli.pg8000-sqli origin: community patterns: - pattern-either: @@ -21824,13 +22616,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.psycopg-sqli.psycopg-sqli shortlink: https://sg.run/qrLe semgrep.dev: rule: rule_id: KxU4Kg - version_id: l4TGrb - url: https://semgrep.dev/playground/r/l4TGrb/python.lang.security.audit.sqli.psycopg-sqli.psycopg-sqli + version_id: ZRTwJ8 + url: https://semgrep.dev/playground/r/ZRTwJ8/python.lang.security.audit.sqli.psycopg-sqli.psycopg-sqli origin: community patterns: - pattern-either: @@ -21917,13 +22711,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/python.lang.security.audit.system-wildcard-detected.system-wildcard-detected shortlink: https://sg.run/5QXA semgrep.dev: rule: rule_id: WAUorE - version_id: 1QTwXo - url: https://semgrep.dev/playground/r/1QTwXo/python.lang.security.audit.system-wildcard-detected.system-wildcard-detected + version_id: 7ZTOw8 + url: https://semgrep.dev/playground/r/7ZTOw8/python.lang.security.audit.system-wildcard-detected.system-wildcard-detected origin: community languages: - python @@ -21950,13 +22746,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.telnetlib.telnetlib shortlink: https://sg.run/Gelp semgrep.dev: rule: rule_id: 0oU5Wl - version_id: zyTePy - url: https://semgrep.dev/playground/r/zyTePy/python.lang.security.audit.telnetlib.telnetlib + version_id: LjT0Jv + url: https://semgrep.dev/playground/r/LjT0Jv/python.lang.security.audit.telnetlib.telnetlib origin: community severity: WARNING languages: @@ -21990,13 +22788,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.audit.weak-ssl-version.weak-ssl-version shortlink: https://sg.run/RoZO semgrep.dev: rule: rule_id: KxUbNG - version_id: pZTQ9w - url: https://semgrep.dev/playground/r/pZTQ9w/python.lang.security.audit.weak-ssl-version.weak-ssl-version + version_id: 8KTb08 + url: https://semgrep.dev/playground/r/8KTb08/python.lang.security.audit.weak-ssl-version.weak-ssl-version origin: community languages: - python @@ -22062,13 +22862,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.dangerous-globals-use.dangerous-globals-use shortlink: https://sg.run/jNzn semgrep.dev: rule: rule_id: 9AUOZP - version_id: X0TJBg - url: https://semgrep.dev/playground/r/X0TJBg/python.lang.security.dangerous-globals-use.dangerous-globals-use + version_id: QkTJLN + url: https://semgrep.dev/playground/r/QkTJLN/python.lang.security.dangerous-globals-use.dangerous-globals-use origin: community severity: WARNING languages: @@ -22101,13 +22903,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.avoid-jsonpickle.avoid-jsonpickle shortlink: https://sg.run/rkNP semgrep.dev: rule: rule_id: BYU7Kp - version_id: NdTQnZ - url: https://semgrep.dev/playground/r/NdTQnZ/python.lang.security.deserialization.avoid-jsonpickle.avoid-jsonpickle + version_id: RGTbdv + url: https://semgrep.dev/playground/r/RGTbdv/python.lang.security.deserialization.avoid-jsonpickle.avoid-jsonpickle origin: community message: Avoid using `jsonpickle`, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. @@ -22136,13 +22940,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.avoid-pyyaml-load.avoid-pyyaml-load shortlink: https://sg.run/we9Y semgrep.dev: rule: rule_id: ZqU5jZ - version_id: kbTZ4W - url: https://semgrep.dev/playground/r/kbTZ4W/python.lang.security.deserialization.avoid-pyyaml-load.avoid-pyyaml-load + version_id: A8TRxb + url: https://semgrep.dev/playground/r/A8TRxb/python.lang.security.deserialization.avoid-pyyaml-load.avoid-pyyaml-load origin: community languages: - python @@ -22192,13 +22998,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.avoid-unsafe-ruamel.avoid-unsafe-ruamel shortlink: https://sg.run/x1rz semgrep.dev: rule: rule_id: nJUzqK - version_id: w8T0QN - url: https://semgrep.dev/playground/r/w8T0QN/python.lang.security.deserialization.avoid-unsafe-ruamel.avoid-unsafe-ruamel + version_id: BjTE4W + url: https://semgrep.dev/playground/r/BjTE4W/python.lang.security.deserialization.avoid-unsafe-ruamel.avoid-unsafe-ruamel origin: community languages: - python @@ -22229,13 +23037,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-cPickle shortlink: https://sg.run/eLxb semgrep.dev: rule: rule_id: 7KUQNL - version_id: 1QTW3k - url: https://semgrep.dev/playground/r/1QTW3k/python.lang.security.deserialization.pickle.avoid-cPickle + version_id: WrTbeO + url: https://semgrep.dev/playground/r/WrTbeO/python.lang.security.deserialization.pickle.avoid-cPickle origin: community languages: - python @@ -22267,13 +23077,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-dill shortlink: https://sg.run/vzjA semgrep.dev: rule: rule_id: L1Uy60 - version_id: 9lTNqn - url: https://semgrep.dev/playground/r/9lTNqn/python.lang.security.deserialization.pickle.avoid-dill + version_id: 0bTv07 + url: https://semgrep.dev/playground/r/0bTv07/python.lang.security.deserialization.pickle.avoid-dill origin: community languages: - python @@ -22305,13 +23117,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-pickle shortlink: https://sg.run/OPwB semgrep.dev: rule: rule_id: EwU2BJ - version_id: jQTeDJ - url: https://semgrep.dev/playground/r/jQTeDJ/python.lang.security.deserialization.pickle.avoid-pickle + version_id: DkTQB6 + url: https://semgrep.dev/playground/r/DkTQB6/python.lang.security.deserialization.pickle.avoid-pickle origin: community languages: - python @@ -22346,13 +23160,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-shelve shortlink: https://sg.run/dKkZ semgrep.dev: rule: rule_id: 8GUje2 - version_id: yeTbGQ - url: https://semgrep.dev/playground/r/yeTbGQ/python.lang.security.deserialization.pickle.avoid-shelve + version_id: K3TlAb + url: https://semgrep.dev/playground/r/K3TlAb/python.lang.security.deserialization.pickle.avoid-shelve origin: community languages: - python @@ -22391,13 +23207,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.insecure-hash-function.insecure-hash-function shortlink: https://sg.run/rdBn semgrep.dev: rule: rule_id: OrU30g - version_id: vdT3WD - url: https://semgrep.dev/playground/r/vdT3WD/python.lang.security.insecure-hash-function.insecure-hash-function + version_id: YDTogD + url: https://semgrep.dev/playground/r/YDTogD/python.lang.security.insecure-hash-function.insecure-hash-function origin: community languages: - python @@ -22426,13 +23244,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.lang.security.unquoted-csv-writer.unquoted-csv-writer shortlink: https://sg.run/b7vp semgrep.dev: rule: rule_id: eqU8dk - version_id: d6Tb9E - url: https://semgrep.dev/playground/r/d6Tb9E/python.lang.security.unquoted-csv-writer.unquoted-csv-writer + version_id: JdTqO6 + url: https://semgrep.dev/playground/r/JdTqO6/python.lang.security.unquoted-csv-writer.unquoted-csv-writer origin: community fix-regex: regex: "(.*)\\)" @@ -22468,13 +23288,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.lang.security.unverified-ssl-context.unverified-ssl-context shortlink: https://sg.run/N4lp semgrep.dev: rule: rule_id: v8UnkQ - version_id: bZTJeE - url: https://semgrep.dev/playground/r/bZTJeE/python.lang.security.unverified-ssl-context.unverified-ssl-context + version_id: 5PT6Ky + url: https://semgrep.dev/playground/r/5PT6Ky/python.lang.security.unverified-ssl-context.unverified-ssl-context origin: community severity: ERROR languages: @@ -22499,13 +23321,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.requests.security.disabled-cert-validation.disabled-cert-validation shortlink: https://sg.run/AlYp semgrep.dev: rule: rule_id: qNUoYR - version_id: rxTbO4 - url: https://semgrep.dev/playground/r/rxTbO4/python.requests.security.disabled-cert-validation.disabled-cert-validation + version_id: ExTnyB + url: https://semgrep.dev/playground/r/ExTnyB/python.requests.security.disabled-cert-validation.disabled-cert-validation origin: community languages: - python @@ -22538,7 +23362,7 @@ rules: - A02:2021 - Cryptographic Failures source-rule-url: https://pypi.org/project/flake8-flask/ references: - - https://blog.r2c.dev/2020/bento-check-no-auth-over-http/ + - https://semgrep.dev/blog/2020/bento-check-no-auth-over-http/ - https://bento.dev/checks/requests/no-auth-over-http/ category: security technology: @@ -22549,13 +23373,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.requests.security.no-auth-over-http.no-auth-over-http shortlink: https://sg.run/B4NW semgrep.dev: rule: rule_id: lBUdQZ - version_id: bZTxA5 - url: https://semgrep.dev/playground/r/bZTxA5/python.requests.security.no-auth-over-http.no-auth-over-http + version_id: 7ZTO6z + url: https://semgrep.dev/playground/r/7ZTO6z/python.requests.security.no-auth-over-http.no-auth-over-http origin: community languages: - python @@ -22593,13 +23419,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.sh.security.string-concat.string-concat shortlink: https://sg.run/Wg34 semgrep.dev: rule: rule_id: JDUP1G - version_id: NdT5DZ - url: https://semgrep.dev/playground/r/NdT5DZ/python.sh.security.string-concat.string-concat + version_id: LjT0dq + url: https://semgrep.dev/playground/r/LjT0dq/python.sh.security.string-concat.string-concat origin: community pattern-either: - pattern: sh.$BIN($X + $Y) @@ -22633,13 +23461,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.sqlalchemy.security.audit.avoid-sqlalchemy-text.avoid-sqlalchemy-text shortlink: https://sg.run/yP1O semgrep.dev: rule: rule_id: r6U2wE - version_id: kbTrKW - url: https://semgrep.dev/playground/r/kbTrKW/python.sqlalchemy.security.audit.avoid-sqlalchemy-text.avoid-sqlalchemy-text + version_id: 8KTbo4 + url: https://semgrep.dev/playground/r/8KTbo4/python.sqlalchemy.security.audit.avoid-sqlalchemy-text.avoid-sqlalchemy-text origin: community languages: - python @@ -22673,13 +23503,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query shortlink: https://sg.run/2b1L semgrep.dev: rule: rule_id: oqUz5y - version_id: YDTd6W - url: https://semgrep.dev/playground/r/YDTd6W/python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query + version_id: gETq8A + url: https://semgrep.dev/playground/r/gETq8A/python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query origin: community severity: ERROR languages: @@ -22720,7 +23552,7 @@ rules: - 'CWE-345: Insufficient Verification of Data Authenticity' owasp: - A08:2021 - Software and Data Integrity Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -22732,13 +23564,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/ruby.jwt.security.audit.jwt-decode-without-verify.ruby-jwt-decode-without-verify shortlink: https://sg.run/AlYg semgrep.dev: rule: rule_id: KxU426 - version_id: 0bTQ68 - url: https://semgrep.dev/playground/r/0bTQ68/ruby.jwt.security.audit.jwt-decode-without-verify.ruby-jwt-decode-without-verify + version_id: RGTbWA + url: https://semgrep.dev/playground/r/RGTbWA/ruby.jwt.security.audit.jwt-decode-without-verify.ruby-jwt-decode-without-verify origin: community languages: - ruby @@ -22758,7 +23592,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -22771,13 +23605,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.audit.jwt-exposed-data.ruby-jwt-exposed-data shortlink: https://sg.run/B4Nb semgrep.dev: rule: rule_id: qNUoYd - version_id: K3TPOZ - url: https://semgrep.dev/playground/r/K3TPOZ/ruby.jwt.security.audit.jwt-exposed-data.ruby-jwt-exposed-data + version_id: A8TRP5 + url: https://semgrep.dev/playground/r/A8TRP5/ruby.jwt.security.audit.jwt-exposed-data.ruby-jwt-exposed-data origin: community languages: - ruby @@ -22801,7 +23637,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ references: - https://cwe.mitre.org/data/definitions/522.html category: security @@ -22814,13 +23650,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.jwt-exposed-credentials.ruby-jwt-exposed-credentials shortlink: https://sg.run/58Y6 semgrep.dev: rule: rule_id: DbUWdB - version_id: qkT9KG - url: https://semgrep.dev/playground/r/qkT9KG/ruby.jwt.security.jwt-exposed-credentials.ruby-jwt-exposed-credentials + version_id: BjTEjp + url: https://semgrep.dev/playground/r/BjTEjp/ruby.jwt.security.jwt-exposed-credentials.ruby-jwt-exposed-credentials origin: community message: Password is exposed through JWT token payload. This is not encrypted and the password could be compromised. Do not store passwords in JWT tokens. @@ -22844,7 +23682,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -22857,13 +23695,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.jwt-hardcode.ruby-jwt-hardcoded-secret shortlink: https://sg.run/GW2B semgrep.dev: rule: rule_id: WAUZz5 - version_id: l4TeNk - url: https://semgrep.dev/playground/r/l4TeNk/ruby.jwt.security.jwt-hardcode.ruby-jwt-hardcoded-secret + version_id: DkTQoR + url: https://semgrep.dev/playground/r/DkTQoR/ruby.jwt.security.jwt-hardcode.ruby-jwt-hardcoded-secret origin: community patterns: - pattern-inside: | @@ -22904,7 +23744,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -22916,13 +23756,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.jwt-none-alg.ruby-jwt-none-alg shortlink: https://sg.run/R8kE semgrep.dev: rule: rule_id: 0oUExR - version_id: YDTz8L - url: https://semgrep.dev/playground/r/YDTz8L/ruby.jwt.security.jwt-none-alg.ruby-jwt-none-alg + version_id: WrTb58 + url: https://semgrep.dev/playground/r/WrTb58/ruby.jwt.security.jwt-none-alg.ruby-jwt-none-alg origin: community languages: - ruby @@ -22956,13 +23798,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.cookie-serialization.cookie-serialization shortlink: https://sg.run/Wg3y semgrep.dev: rule: rule_id: YGUrq5 - version_id: zyTXeJ - url: https://semgrep.dev/playground/r/zyTXeJ/ruby.lang.security.cookie-serialization.cookie-serialization + version_id: l4T5q2 + url: https://semgrep.dev/playground/r/l4T5q2/ruby.lang.security.cookie-serialization.cookie-serialization origin: community languages: - ruby @@ -23000,13 +23844,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.create-with.create-with shortlink: https://sg.run/0nLk semgrep.dev: rule: rule_id: 6JUqbn - version_id: pZTqQD - url: https://semgrep.dev/playground/r/pZTqQD/ruby.lang.security.create-with.create-with + version_id: YDToG8 + url: https://semgrep.dev/playground/r/YDToG8/ruby.lang.security.create-with.create-with origin: community languages: - ruby @@ -23042,13 +23888,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-open.dangerous-open shortlink: https://sg.run/Al8Q semgrep.dev: rule: rule_id: 0oUEyd - version_id: X0ToJq - url: https://semgrep.dev/playground/r/X0ToJq/ruby.lang.security.dangerous-open.dangerous-open + version_id: o5TnQP + url: https://semgrep.dev/playground/r/o5TnQP/ruby.lang.security.dangerous-open.dangerous-open origin: community severity: WARNING languages: @@ -23084,13 +23932,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-open3-pipeline.dangerous-open3-pipeline shortlink: https://sg.run/B4jv semgrep.dev: rule: rule_id: KxU4nd - version_id: jQTL9x - url: https://semgrep.dev/playground/r/jQTL9x/ruby.lang.security.dangerous-open3-pipeline.dangerous-open3-pipeline + version_id: zyT5g6 + url: https://semgrep.dev/playground/r/zyT5g6/ruby.lang.security.dangerous-open3-pipeline.dangerous-open3-pipeline origin: community severity: WARNING languages: @@ -23124,13 +23974,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-subshell.dangerous-subshell shortlink: https://sg.run/NrxL semgrep.dev: rule: rule_id: OrUGn8 - version_id: 1QT0X9 - url: https://semgrep.dev/playground/r/1QT0X9/ruby.lang.security.dangerous-subshell.dangerous-subshell + version_id: pZTrgg + url: https://semgrep.dev/playground/r/pZTrgg/ruby.lang.security.dangerous-subshell.dangerous-subshell origin: community severity: WARNING languages: @@ -23158,13 +24010,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-syscall.dangerous-syscall shortlink: https://sg.run/DJkv semgrep.dev: rule: rule_id: qNUo50 - version_id: 9lTEnj - url: https://semgrep.dev/playground/r/9lTEnj/ruby.lang.security.dangerous-syscall.dangerous-syscall + version_id: 2KT1NB + url: https://semgrep.dev/playground/r/2KT1NB/ruby.lang.security.dangerous-syscall.dangerous-syscall origin: community severity: WARNING languages: @@ -23194,13 +24048,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.lang.security.file-disclosure.file-disclosure shortlink: https://sg.run/qrR1 semgrep.dev: rule: rule_id: zdUyqE - version_id: rxTb8Y - url: https://semgrep.dev/playground/r/rxTb8Y/ruby.lang.security.file-disclosure.file-disclosure + version_id: jQTKe4 + url: https://semgrep.dev/playground/r/jQTKe4/ruby.lang.security.file-disclosure.file-disclosure origin: community languages: - ruby @@ -23237,13 +24093,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/ruby.lang.security.filter-skipping.filter-skipping shortlink: https://sg.run/ljNL semgrep.dev: rule: rule_id: pKUGP7 - version_id: bZTx40 - url: https://semgrep.dev/playground/r/bZTx40/ruby.lang.security.filter-skipping.filter-skipping + version_id: 1QTjWr + url: https://semgrep.dev/playground/r/1QTjWr/ruby.lang.security.filter-skipping.filter-skipping origin: community languages: - ruby @@ -23280,13 +24138,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/ruby.lang.security.hardcoded-http-auth-in-controller.hardcoded-http-auth-in-controller shortlink: https://sg.run/6r0w semgrep.dev: rule: rule_id: X5UZWK - version_id: bZTWQP - url: https://semgrep.dev/playground/r/bZTWQP/ruby.lang.security.hardcoded-http-auth-in-controller.hardcoded-http-auth-in-controller + version_id: yeTXbl + url: https://semgrep.dev/playground/r/yeTXbl/ruby.lang.security.hardcoded-http-auth-in-controller.hardcoded-http-auth-in-controller origin: community languages: - ruby @@ -23314,13 +24174,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/ruby.lang.security.jruby-xml.jruby-xml shortlink: https://sg.run/ok07 semgrep.dev: rule: rule_id: j2Uqk5 - version_id: l4T72K - url: https://semgrep.dev/playground/r/l4T72K/ruby.lang.security.jruby-xml.jruby-xml + version_id: NdT1Ww + url: https://semgrep.dev/playground/r/NdT1Ww/ruby.lang.security.jruby-xml.jruby-xml origin: community languages: - ruby @@ -23356,13 +24218,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.lang.security.json-entity-escape.json-entity-escape shortlink: https://sg.run/plr3 semgrep.dev: rule: rule_id: 9AUOQB - version_id: vdTDDj - url: https://semgrep.dev/playground/r/vdTDDj/ruby.lang.security.json-entity-escape.json-entity-escape + version_id: w8T3gb + url: https://semgrep.dev/playground/r/w8T3gb/ruby.lang.security.json-entity-escape.json-entity-escape origin: community languages: - ruby @@ -23391,13 +24255,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.mass-assignment-protection-disabled.mass-assignment-protection-disabled shortlink: https://sg.run/2byz semgrep.dev: rule: rule_id: yyUvkJ - version_id: d6Tnne - url: https://semgrep.dev/playground/r/d6Tnne/ruby.lang.security.mass-assignment-protection-disabled.mass-assignment-protection-disabled + version_id: xyT4bz + url: https://semgrep.dev/playground/r/xyT4bz/ruby.lang.security.mass-assignment-protection-disabled.mass-assignment-protection-disabled origin: community severity: WARNING languages: @@ -23441,13 +24307,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/ruby.lang.security.missing-csrf-protection.missing-csrf-protection shortlink: https://sg.run/XLel semgrep.dev: rule: rule_id: r6UkO5 - version_id: nWTddy - url: https://semgrep.dev/playground/r/nWTddy/ruby.lang.security.missing-csrf-protection.missing-csrf-protection + version_id: e1TxPn + url: https://semgrep.dev/playground/r/e1TxPn/ruby.lang.security.missing-csrf-protection.missing-csrf-protection origin: community languages: - ruby @@ -23474,13 +24342,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.model-attr-accessible.model-attr-accessible shortlink: https://sg.run/jNrZ semgrep.dev: rule: rule_id: bwUOAG - version_id: ExTdd1 - url: https://semgrep.dev/playground/r/ExTdd1/ruby.lang.security.model-attr-accessible.model-attr-accessible + version_id: vdT2bq + url: https://semgrep.dev/playground/r/vdT2bq/ruby.lang.security.model-attr-accessible.model-attr-accessible origin: community languages: - ruby @@ -23547,13 +24417,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.model-attributes-attr-accessible.model-attributes-attr-accessible shortlink: https://sg.run/1nrb semgrep.dev: rule: rule_id: NbUADO - version_id: w8TL7k - url: https://semgrep.dev/playground/r/w8TL7k/ruby.lang.security.model-attributes-attr-accessible.model-attributes-attr-accessible + version_id: d6TDNB + url: https://semgrep.dev/playground/r/d6TDNB/ruby.lang.security.model-attributes-attr-accessible.model-attributes-attr-accessible origin: community languages: - ruby @@ -23578,13 +24450,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/ruby.lang.security.model-attributes-attr-protected.model-attributes-attr-protected shortlink: https://sg.run/9qZk semgrep.dev: rule: rule_id: kxURK4 - version_id: 6xTdz3 - url: https://semgrep.dev/playground/r/6xTdz3/ruby.lang.security.model-attributes-attr-protected.model-attributes-attr-protected + version_id: ZRTwRw + url: https://semgrep.dev/playground/r/ZRTwRw/ruby.lang.security.model-attributes-attr-protected.model-attributes-attr-protected origin: community languages: - ruby @@ -23612,13 +24486,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.nested-attributes-bypass.nested-attributes-bypass shortlink: https://sg.run/yzy8 semgrep.dev: rule: rule_id: wdU891 - version_id: A8TAJ5 - url: https://semgrep.dev/playground/r/A8TAJ5/ruby.lang.security.nested-attributes-bypass.nested-attributes-bypass + version_id: nWT7De + url: https://semgrep.dev/playground/r/nWT7De/ruby.lang.security.nested-attributes-bypass.nested-attributes-bypass origin: community languages: - ruby @@ -23647,13 +24523,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.lang.security.nested-attributes.nested-attributes shortlink: https://sg.run/rA66 semgrep.dev: rule: rule_id: x8UWKK - version_id: o5T0Rq - url: https://semgrep.dev/playground/r/o5T0Rq/ruby.lang.security.nested-attributes.nested-attributes + version_id: ExTn5B + url: https://semgrep.dev/playground/r/ExTn5B/ruby.lang.security.nested-attributes.nested-attributes origin: community languages: - ruby @@ -23684,13 +24562,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.no-send.bad-send shortlink: https://sg.run/Nrbx semgrep.dev: rule: rule_id: eqUv0L - version_id: K3TBzv - url: https://semgrep.dev/playground/r/K3TBzv/ruby.lang.security.no-send.bad-send + version_id: LjT0Dq + url: https://semgrep.dev/playground/r/LjT0Dq/ruby.lang.security.no-send.bad-send origin: community languages: - ruby @@ -23729,13 +24609,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.lang.security.timing-attack.timing-attack shortlink: https://sg.run/wxdx semgrep.dev: rule: rule_id: d8Uzrz - version_id: zyTpQz - url: https://semgrep.dev/playground/r/zyTpQz/ruby.lang.security.timing-attack.timing-attack + version_id: gETqGA + url: https://semgrep.dev/playground/r/gETqGA/ruby.lang.security.timing-attack.timing-attack origin: community languages: - ruby @@ -23775,27 +24657,27 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.unprotected-mass-assign.mass-assignment-vuln shortlink: https://sg.run/xY8e semgrep.dev: rule: rule_id: ZqUqQg - version_id: JdT22e - url: https://semgrep.dev/playground/r/JdT22e/ruby.lang.security.unprotected-mass-assign.mass-assignment-vuln + version_id: QkTJlz + url: https://semgrep.dev/playground/r/QkTJlz/ruby.lang.security.unprotected-mass-assign.mass-assignment-vuln origin: community languages: - ruby severity: WARNING - id: ruby.lang.security.yaml-parsing.yaml-parsing - message: Detected enabled YAML parsing. This is vulnerable to remote code execution - in Rails 2.x versions up to 2.3.14. To fix, delete this line. - fix-regex: - regex: ActionController.*:yaml - replacement: " " + message: This rule is deprecated. severity: WARNING languages: - ruby - pattern: ActionController::Base.param_parsers[Mime::YAML] = :yaml + patterns: + - pattern: a() + - pattern: b() metadata: cwe: - 'CWE-94: Improper Control of Generation of Code (''Code Injection'')' @@ -23813,13 +24695,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.yaml-parsing.yaml-parsing shortlink: https://sg.run/v08X semgrep.dev: rule: rule_id: 7KUegx - version_id: RGTBBd - url: https://semgrep.dev/playground/r/RGTBBd/ruby.lang.security.yaml-parsing.yaml-parsing + version_id: jQTZJ8 + url: https://semgrep.dev/playground/r/jQTZJ8/ruby.lang.security.yaml-parsing.yaml-parsing origin: community - id: ruby.rails.security.audit.detailed-exceptions.detailed-exceptions metadata: @@ -23840,13 +24724,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/ruby.rails.security.audit.detailed-exceptions.detailed-exceptions shortlink: https://sg.run/Je0d semgrep.dev: rule: rule_id: 8GUAo4 - version_id: kbTn69 - url: https://semgrep.dev/playground/r/kbTn69/ruby.rails.security.audit.detailed-exceptions.detailed-exceptions + version_id: BjTEOp + url: https://semgrep.dev/playground/r/BjTEOp/ruby.rails.security.audit.detailed-exceptions.detailed-exceptions origin: community message: Found that the setting for providing detailed exception reports in Rails is set to true. This can lead to information exposure, where sensitive system @@ -23899,13 +24785,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.mail-to-erb.mail-to-erb shortlink: https://sg.run/GyBe semgrep.dev: rule: rule_id: QrUn3z - version_id: pZTKx5 - url: https://semgrep.dev/playground/r/pZTKx5/ruby.rails.security.audit.mail-to-erb.mail-to-erb + version_id: WrTb28 + url: https://semgrep.dev/playground/r/WrTb28/ruby.rails.security.audit.mail-to-erb.mail-to-erb origin: community message: This rule is deprecated. languages: @@ -23936,13 +24824,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.mail-to.mail-to shortlink: https://sg.run/Ryp8 semgrep.dev: rule: rule_id: 3qU6KB - version_id: 2KTgwJ - url: https://semgrep.dev/playground/r/2KTgwJ/ruby.rails.security.audit.mail-to.mail-to + version_id: 0bTvRG + url: https://semgrep.dev/playground/r/0bTvRG/ruby.rails.security.audit.mail-to.mail-to origin: community message: This rule is deprecated. languages: @@ -23969,13 +24859,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/ruby.rails.security.audit.mime-type-dos.mime-type-dos shortlink: https://sg.run/Oy3p semgrep.dev: rule: rule_id: 10U56J - version_id: BjTw1p - url: https://semgrep.dev/playground/r/BjTw1p/ruby.rails.security.audit.mime-type-dos.mime-type-dos + version_id: K3TlB8 + url: https://semgrep.dev/playground/r/K3TlB8/ruby.rails.security.audit.mime-type-dos.mime-type-dos origin: community message: This rule is deprecated. languages: @@ -24006,13 +24898,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.number-to-currency-erb.number-to-currency-erb shortlink: https://sg.run/eX7l semgrep.dev: rule: rule_id: 9AUZrN - version_id: X0TblN - url: https://semgrep.dev/playground/r/X0TblN/ruby.rails.security.audit.number-to-currency-erb.number-to-currency-erb + version_id: qkTNzJ + url: https://semgrep.dev/playground/r/qkTNzJ/ruby.rails.security.audit.number-to-currency-erb.number-to-currency-erb origin: community message: This rule is deprecated. languages: @@ -24048,13 +24942,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-header-dos.rails-check-header-dos shortlink: https://sg.run/5LY6 semgrep.dev: rule: rule_id: eqUDRY - version_id: 9lTgXw - url: https://semgrep.dev/playground/r/9lTgXw/ruby.rails.security.audit.rails-check-header-dos.rails-check-header-dos + version_id: JdTqA2 + url: https://semgrep.dev/playground/r/JdTqA2/ruby.rails.security.audit.rails-check-header-dos.rails-check-header-dos origin: community - id: ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve patterns: @@ -24086,13 +24982,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve shortlink: https://sg.run/Gg2B semgrep.dev: rule: rule_id: v8UOrb - version_id: DkTDNR - url: https://semgrep.dev/playground/r/DkTDNR/ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve + version_id: 5PT60x + url: https://semgrep.dev/playground/r/5PT60x/ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve origin: community - id: ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem patterns: @@ -24124,13 +25022,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem shortlink: https://sg.run/RgkE semgrep.dev: rule: rule_id: d8UKw2 - version_id: yeTJ5j - url: https://semgrep.dev/playground/r/yeTJ5j/ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem + version_id: GxT25b + url: https://semgrep.dev/playground/r/GxT25b/ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem origin: community - id: ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos patterns: @@ -24160,13 +25060,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos shortlink: https://sg.run/A5Yg semgrep.dev: rule: rule_id: ZqUl4v - version_id: WrTvE8 - url: https://semgrep.dev/playground/r/WrTvE8/ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos + version_id: RGTbYW + url: https://semgrep.dev/playground/r/RGTbYW/ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos origin: community - id: ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos patterns: @@ -24196,13 +25098,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos shortlink: https://sg.run/BGNb semgrep.dev: rule: rule_id: nJUyWb - version_id: rxTZGZ - url: https://semgrep.dev/playground/r/rxTZGZ/ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos + version_id: A8TR11 + url: https://semgrep.dev/playground/r/A8TR11/ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos origin: community - id: ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting patterns: @@ -24230,13 +25134,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting shortlink: https://sg.run/DAj2 semgrep.dev: rule: rule_id: EwUr8l - version_id: bZTq6Y - url: https://semgrep.dev/playground/r/bZTq6Y/ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting + version_id: BjTEOn + url: https://semgrep.dev/playground/r/BjTEOn/ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting origin: community - id: ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection pattern: skip_forgery_protection @@ -24262,13 +25168,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection shortlink: https://sg.run/PgwY semgrep.dev: rule: rule_id: QrUnEk - version_id: qkT99q - url: https://semgrep.dev/playground/r/qkT99q/ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection + version_id: DkTQ4P + url: https://semgrep.dev/playground/r/DkTQ4P/ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection origin: community - id: ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag metadata: @@ -24293,13 +25201,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag shortlink: https://sg.run/dg8P semgrep.dev: rule: rule_id: L1U4qz - version_id: YDTzxq - url: https://semgrep.dev/playground/r/YDTzxq/ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag + version_id: 0bTvRB + url: https://semgrep.dev/playground/r/0bTvRB/ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag origin: community message: "'content_tag()' bypasses HTML escaping for some portion of the content. If external data can reach here, this exposes your application to cross-site scripting @@ -24329,13 +25239,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-default-routes.avoid-default-routes shortlink: https://sg.run/Pbrq semgrep.dev: rule: rule_id: qNUXYy - version_id: 6xTAkv - url: https://semgrep.dev/playground/r/6xTAkv/ruby.rails.security.audit.xss.avoid-default-routes.avoid-default-routes + version_id: K3TlBE + url: https://semgrep.dev/playground/r/K3TlBE/ruby.rails.security.audit.xss.avoid-default-routes.avoid-default-routes origin: community message: Default routes are enabled in this routes file. This means any public method on a controller can be called as an action. It is very easy to accidentally expose @@ -24374,13 +25286,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-html-safe.avoid-html-safe shortlink: https://sg.run/Zeq7 semgrep.dev: rule: rule_id: 8GUEQK - version_id: o5TWPk - url: https://semgrep.dev/playground/r/o5TWPk/ruby.rails.security.audit.xss.avoid-html-safe.avoid-html-safe + version_id: qkTNzD + url: https://semgrep.dev/playground/r/qkTNzD/ruby.rails.security.audit.xss.avoid-html-safe.avoid-html-safe origin: community message: "'html_safe()' does not make the supplied string safe. 'html_safe()' bypasses HTML escaping. If external data can reach here, this exposes your application @@ -24414,13 +25328,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-raw.avoid-raw shortlink: https://sg.run/nqJG semgrep.dev: rule: rule_id: gxUW3x - version_id: pZTqJO - url: https://semgrep.dev/playground/r/pZTqJO/ruby.rails.security.audit.xss.avoid-raw.avoid-raw + version_id: YDToj9 + url: https://semgrep.dev/playground/r/YDToj9/ruby.rails.security.audit.xss.avoid-raw.avoid-raw origin: community message: "'raw()' bypasses HTML escaping. If external data can reach here, this exposes your application to cross-site scripting (XSS) attacks. If you must do @@ -24452,13 +25368,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-render-inline.avoid-render-inline shortlink: https://sg.run/E5w8 semgrep.dev: rule: rule_id: QrU6Ww - version_id: jQTLp3 - url: https://semgrep.dev/playground/r/jQTLp3/ruby.rails.security.audit.xss.avoid-render-inline.avoid-render-inline + version_id: zyT5v2 + url: https://semgrep.dev/playground/r/zyT5v2/ruby.rails.security.audit.xss.avoid-render-inline.avoid-render-inline origin: community message: "'render inline: ...' renders an entire ERB template inline and is dangerous. If external data can reach here, this exposes your application to server-side @@ -24490,13 +25408,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-render-text.avoid-render-text shortlink: https://sg.run/70Kv semgrep.dev: rule: rule_id: 3qUBk4 - version_id: 1QT0n5 - url: https://semgrep.dev/playground/r/1QT0n5/ruby.rails.security.audit.xss.avoid-render-text.avoid-render-text + version_id: pZTrvY + url: https://semgrep.dev/playground/r/pZTrvY/ruby.rails.security.audit.xss.avoid-render-text.avoid-render-text origin: community message: "'render text: ...' actually sets the content-type to 'text/html'. If external data can reach here, this exposes your application to cross-site scripting (XSS) @@ -24530,13 +25450,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.manual-template-creation.manual-template-creation shortlink: https://sg.run/L01L semgrep.dev: rule: rule_id: 4bUzR9 - version_id: 9lTELJ - url: https://semgrep.dev/playground/r/9lTELJ/ruby.rails.security.audit.xss.manual-template-creation.manual-template-creation + version_id: 2KT1Bq + url: https://semgrep.dev/playground/r/2KT1Bq/ruby.rails.security.audit.xss.manual-template-creation.manual-template-creation origin: community message: Detected manual creation of an ERB template. Manual creation of templates may expose your application to server-side template injection (SSTI) or cross-site @@ -24573,13 +25495,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.alias-for-html-safe.alias-for-html-safe shortlink: https://sg.run/8nGJ semgrep.dev: rule: rule_id: PeUkJe - version_id: yeTQzD - url: https://semgrep.dev/playground/r/yeTQzD/ruby.rails.security.audit.xss.templates.alias-for-html-safe.alias-for-html-safe + version_id: X0TPXb + url: https://semgrep.dev/playground/r/X0TPXb/ruby.rails.security.audit.xss.templates.alias-for-html-safe.alias-for-html-safe origin: community languages: - generic @@ -24617,13 +25541,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.avoid-content-tag.avoid-content-tag shortlink: https://sg.run/gJxo semgrep.dev: rule: rule_id: JDUPNG - version_id: rxTbX6 - url: https://semgrep.dev/playground/r/rxTbX6/ruby.rails.security.audit.xss.templates.avoid-content-tag.avoid-content-tag + version_id: jQTKAE + url: https://semgrep.dev/playground/r/jQTKAE/ruby.rails.security.audit.xss.templates.avoid-content-tag.avoid-content-tag origin: community languages: - generic @@ -24661,13 +25587,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.avoid-html-safe.avoid-html-safe shortlink: https://sg.run/Q8rD semgrep.dev: rule: rule_id: 5rU4dE - version_id: bZTxJ1 - url: https://semgrep.dev/playground/r/bZTxJ1/ruby.rails.security.audit.xss.templates.avoid-html-safe.avoid-html-safe + version_id: 1QTjAj + url: https://semgrep.dev/playground/r/1QTjAj/ruby.rails.security.audit.xss.templates.avoid-html-safe.avoid-html-safe origin: community languages: - generic @@ -24705,13 +25633,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.avoid-raw.avoid-raw shortlink: https://sg.run/3Aqg semgrep.dev: rule: rule_id: GdU0vJ - version_id: NdT5Eo - url: https://semgrep.dev/playground/r/NdT5Eo/ruby.rails.security.audit.xss.templates.avoid-raw.avoid-raw + version_id: 9lTzYK + url: https://semgrep.dev/playground/r/9lTzYK/ruby.rails.security.audit.xss.templates.avoid-raw.avoid-raw origin: community languages: - generic @@ -24747,13 +25677,15 @@ rules: likelihood: LOW impact: MEDIUM confidence: LOW + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute shortlink: https://sg.run/PpeN semgrep.dev: rule: rule_id: AbUW9y - version_id: w8T4vp - url: https://semgrep.dev/playground/r/w8T4vp/ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute + version_id: rxTxJO + url: https://semgrep.dev/playground/r/rxTxJO/ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute origin: community languages: - generic @@ -24798,13 +25730,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.var-in-href.var-in-href shortlink: https://sg.run/J3Do semgrep.dev: rule: rule_id: BYUBXo - version_id: xyT91R - url: https://semgrep.dev/playground/r/xyT91R/ruby.rails.security.audit.xss.templates.var-in-href.var-in-href + version_id: bZTGgb + url: https://semgrep.dev/playground/r/bZTGgb/ruby.rails.security.audit.xss.templates.var-in-href.var-in-href origin: community languages: - generic @@ -24844,13 +25778,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.var-in-script-tag.var-in-script-tag shortlink: https://sg.run/58r6 semgrep.dev: rule: rule_id: DbUW6B - version_id: O9T4rE - url: https://semgrep.dev/playground/r/O9T4rE/ruby.rails.security.audit.xss.templates.var-in-script-tag.var-in-script-tag + version_id: NdT1pg + url: https://semgrep.dev/playground/r/NdT1pg/ruby.rails.security.audit.xss.templates.var-in-script-tag.var-in-script-tag origin: community languages: - generic @@ -24902,13 +25838,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-cookie-store-session-security-attributes.check-cookie-store-session-security-attributes shortlink: https://sg.run/WDYA semgrep.dev: rule: rule_id: KxUw3v - version_id: kbTXXJ - url: https://semgrep.dev/playground/r/kbTXXJ/ruby.rails.security.brakeman.check-cookie-store-session-security-attributes.check-cookie-store-session-security-attributes + version_id: O9Ty2D + url: https://semgrep.dev/playground/r/O9Ty2D/ruby.rails.security.brakeman.check-cookie-store-session-security-attributes.check-cookie-store-session-security-attributes origin: community - id: ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high patterns: @@ -24940,13 +25878,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high shortlink: https://sg.run/4k0Z semgrep.dev: rule: rule_id: 5rUNql - version_id: 7ZT5w6 - url: https://semgrep.dev/playground/r/7ZT5w6/ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high + version_id: d6TD5K + url: https://semgrep.dev/playground/r/d6TD5K/ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high origin: community - id: ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium patterns: @@ -24978,13 +25918,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium shortlink: https://sg.run/PPLE semgrep.dev: rule: rule_id: GdUoq5 - version_id: LjTxJD - url: https://semgrep.dev/playground/r/LjTxJD/ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium + version_id: ZRTwve + url: https://semgrep.dev/playground/r/ZRTwve/ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium origin: community - id: ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml paths: @@ -25029,13 +25971,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml shortlink: https://sg.run/0Wvb semgrep.dev: rule: rule_id: qNUpJ5 - version_id: d6Td4o - url: https://semgrep.dev/playground/r/d6Td4o/ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml + version_id: nWT71p + url: https://semgrep.dev/playground/r/nWT71p/ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml origin: community - id: ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce patterns: @@ -25064,13 +26008,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce shortlink: https://sg.run/Wj3y semgrep.dev: rule: rule_id: 7KUxzd - version_id: NdT8r1 - url: https://semgrep.dev/playground/r/NdT8r1/ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce + version_id: RGTbZW + url: https://semgrep.dev/playground/r/RGTbZW/ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce origin: community - id: rust.lang.security.args-os.args-os message: 'args_os should not be used for security operations. From the docs: "The @@ -25090,13 +26036,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.args-os.args-os shortlink: https://sg.run/G6k6 semgrep.dev: rule: rule_id: DbUeEe - version_id: 0bTkvq - url: https://semgrep.dev/playground/r/0bTkvq/rust.lang.security.args-os.args-os + version_id: l4TPRR + url: https://semgrep.dev/playground/r/l4TPRR/rust.lang.security.args-os.args-os origin: community languages: - rust @@ -25119,13 +26067,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.args.args shortlink: https://sg.run/RADN semgrep.dev: rule: rule_id: WAU6Lk - version_id: K3T9lQ - url: https://semgrep.dev/playground/r/K3T9lQ/rust.lang.security.args.args + version_id: YDTPe7 + url: https://semgrep.dev/playground/r/YDTPe7/rust.lang.security.args.args origin: community languages: - rust @@ -25148,13 +26098,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.current-exe.current-exe shortlink: https://sg.run/AW1B semgrep.dev: rule: rule_id: 0oU6nZ - version_id: qkTgNK - url: https://semgrep.dev/playground/r/qkTgNK/rust.lang.security.current-exe.current-exe + version_id: 6xTK9Y + url: https://semgrep.dev/playground/r/6xTK9Y/rust.lang.security.current-exe.current-exe origin: community languages: - rust @@ -25182,13 +26134,15 @@ rules: impact: MEDIUM subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/rust.lang.security.insecure-hashes.insecure-hashes shortlink: https://sg.run/B09R semgrep.dev: rule: rule_id: KxUOxA - version_id: l4Tq5e - url: https://semgrep.dev/playground/r/l4Tq5e/rust.lang.security.insecure-hashes.insecure-hashes + version_id: qkTNPD + url: https://semgrep.dev/playground/r/qkTNPD/rust.lang.security.insecure-hashes.insecure-hashes origin: community languages: - rust @@ -25236,13 +26190,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.reqwest-set-sensitive.reqwest-set-sensitive shortlink: https://sg.run/WKlE semgrep.dev: rule: rule_id: lBUNEw - version_id: 6xT7e4 - url: https://semgrep.dev/playground/r/6xT7e4/rust.lang.security.reqwest-set-sensitive.reqwest-set-sensitive + version_id: YDToK9 + url: https://semgrep.dev/playground/r/YDToK9/rust.lang.security.reqwest-set-sensitive.reqwest-set-sensitive origin: community languages: - rust @@ -25267,13 +26223,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.temp-dir.temp-dir shortlink: https://sg.run/qzEO semgrep.dev: rule: rule_id: oqU5AO - version_id: pZTgr4 - url: https://semgrep.dev/playground/r/pZTgr4/rust.lang.security.temp-dir.temp-dir + version_id: o5TxD0 + url: https://semgrep.dev/playground/r/o5TxD0/rust.lang.security.temp-dir.temp-dir origin: community languages: - rust @@ -25293,13 +26251,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/rust.lang.security.unsafe-usage.unsafe-usage shortlink: https://sg.run/lqgo semgrep.dev: rule: rule_id: zdUezd - version_id: 2KTN1k - url: https://semgrep.dev/playground/r/2KTN1k/rust.lang.security.unsafe-usage.unsafe-usage + version_id: pZTr4Y + url: https://semgrep.dev/playground/r/pZTr4Y/rust.lang.security.unsafe-usage.unsafe-usage origin: community languages: - rust @@ -25345,13 +26305,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/scala.lang.security.audit.dangerous-seq-run.dangerous-seq-run shortlink: https://sg.run/79b2 semgrep.dev: rule: rule_id: JDUle4 - version_id: e1TExk - url: https://semgrep.dev/playground/r/e1TExk/scala.lang.security.audit.dangerous-seq-run.dangerous-seq-run + version_id: X0TP0b + url: https://semgrep.dev/playground/r/X0TP0b/scala.lang.security.audit.dangerous-seq-run.dangerous-seq-run origin: community - id: scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run patterns: @@ -25397,13 +26359,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run shortlink: https://sg.run/Lg76 semgrep.dev: rule: rule_id: 5rUy3K - version_id: vdTD2Q - url: https://semgrep.dev/playground/r/vdTD2Q/scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run + version_id: jQTK0E + url: https://semgrep.dev/playground/r/jQTK0E/scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run origin: community - id: scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf patterns: @@ -25445,13 +26409,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf shortlink: https://sg.run/gR6J semgrep.dev: rule: rule_id: 5rUyl4 - version_id: d6TnDx - url: https://semgrep.dev/playground/r/d6TnDx/scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf + version_id: 1QTjwj + url: https://semgrep.dev/playground/r/1QTjwj/scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf origin: community languages: - scala @@ -25476,13 +26442,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/scala.lang.security.audit.insecure-random.insecure-random shortlink: https://sg.run/JxAw semgrep.dev: rule: rule_id: gxUgDk - version_id: nWTd7K - url: https://semgrep.dev/playground/r/nWTd7K/scala.lang.security.audit.insecure-random.insecure-random + version_id: yeTXWw + url: https://semgrep.dev/playground/r/yeTXWw/scala.lang.security.audit.insecure-random.insecure-random origin: community message: Flags the use of a predictable random value from `scala.util.Random`. This can lead to vulnerabilities when used in security contexts, such as in a CSRF @@ -25536,13 +26504,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.lang.security.audit.io-source-ssrf.io-source-ssrf shortlink: https://sg.run/Qbz4 semgrep.dev: rule: rule_id: GdUDOZ - version_id: ExTdnJ - url: https://semgrep.dev/playground/r/ExTdnJ/scala.lang.security.audit.io-source-ssrf.io-source-ssrf + version_id: rxTxpO + url: https://semgrep.dev/playground/r/rxTxpO/scala.lang.security.audit.io-source-ssrf.io-source-ssrf origin: community languages: - scala @@ -25570,13 +26540,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/scala.lang.security.audit.path-traversal-fromfile.path-traversal-fromfile shortlink: https://sg.run/5D1A semgrep.dev: rule: rule_id: QrUdOZ - version_id: 7ZT5OL - url: https://semgrep.dev/playground/r/7ZT5OL/scala.lang.security.audit.path-traversal-fromfile.path-traversal-fromfile + version_id: bZTG7b + url: https://semgrep.dev/playground/r/bZTG7b/scala.lang.security.audit.path-traversal-fromfile.path-traversal-fromfile origin: community message: Flags cases of possible path traversal. If an unfiltered parameter is passed into 'fromFile', file from an arbitrary filesystem location could be read. This @@ -25632,13 +26604,15 @@ rules: - audit likelihood: MEDIUM impact: MEDIUM + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/scala.lang.security.audit.rsa-padding-set.rsa-padding-set shortlink: https://sg.run/GO5p semgrep.dev: rule: rule_id: 3qUj1Q - version_id: o5Tjyr - url: https://semgrep.dev/playground/r/o5Tjyr/scala.lang.security.audit.rsa-padding-set.rsa-padding-set + version_id: NdT1Kg + url: https://semgrep.dev/playground/r/NdT1Kg/scala.lang.security.audit.rsa-padding-set.rsa-padding-set origin: community message: Usage of RSA without OAEP (Optimal Asymmetric Encryption Padding) may weaken encryption. This could lead to sensitive data exposure. Instead, use RSA with @@ -25722,13 +26696,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/scala.lang.security.audit.sax-dtd-enabled.sax-dtd-enabled shortlink: https://sg.run/QbYP semgrep.dev: rule: rule_id: KxUrkq - version_id: 8KTWb2 - url: https://semgrep.dev/playground/r/8KTWb2/scala.lang.security.audit.sax-dtd-enabled.sax-dtd-enabled + version_id: kbT7Bj + url: https://semgrep.dev/playground/r/kbT7Bj/scala.lang.security.audit.sax-dtd-enabled.sax-dtd-enabled origin: community - id: scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run patterns: @@ -25789,13 +26765,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run shortlink: https://sg.run/wZBY semgrep.dev: rule: rule_id: 6JUEeo - version_id: gETLq9 - url: https://semgrep.dev/playground/r/gETLq9/scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run + version_id: w8T3PJ + url: https://semgrep.dev/playground/r/w8T3PJ/scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run origin: community - id: scala.lang.security.audit.scalac-debug.scalac-debug patterns: @@ -25827,13 +26805,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/scala.lang.security.audit.scalac-debug.scalac-debug shortlink: https://sg.run/QbGd semgrep.dev: rule: rule_id: JDUlE0 - version_id: bZTg4Z - url: https://semgrep.dev/playground/r/bZTg4Z/scala.lang.security.audit.scalac-debug.scalac-debug + version_id: xyT4gW + url: https://semgrep.dev/playground/r/xyT4gW/scala.lang.security.audit.scalac-debug.scalac-debug origin: community - id: scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf patterns: @@ -25875,13 +26855,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf shortlink: https://sg.run/OgjB semgrep.dev: rule: rule_id: AbU3xA - version_id: 3ZT7Jk - url: https://semgrep.dev/playground/r/3ZT7Jk/scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf + version_id: O9TyqD + url: https://semgrep.dev/playground/r/O9TyqD/scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf origin: community languages: - scala @@ -25923,13 +26905,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/scala.lang.security.audit.xmlinputfactory-dtd-enabled.xmlinputfactory-dtd-enabled shortlink: https://sg.run/3BEb semgrep.dev: rule: rule_id: qNUQ7w - version_id: JdT2gy - url: https://semgrep.dev/playground/r/JdT2gy/scala.lang.security.audit.xmlinputfactory-dtd-enabled.xmlinputfactory-dtd-enabled + version_id: d6TD0K + url: https://semgrep.dev/playground/r/d6TD0K/scala.lang.security.audit.xmlinputfactory-dtd-enabled.xmlinputfactory-dtd-enabled origin: community - id: scala.play.security.webservice-ssrf.webservice-ssrf patterns: @@ -25980,13 +26964,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.play.security.webservice-ssrf.webservice-ssrf shortlink: https://sg.run/reRR semgrep.dev: rule: rule_id: PeUxEE - version_id: WrTkxE - url: https://semgrep.dev/playground/r/WrTkxE/scala.play.security.webservice-ssrf.webservice-ssrf + version_id: gETqRr + url: https://semgrep.dev/playground/r/gETqRr/scala.play.security.webservice-ssrf.webservice-ssrf origin: community languages: - scala @@ -26005,7 +26991,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ technology: - jwt confidence: HIGH @@ -26017,13 +27003,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/scala.scala-jwt.security.jwt-hardcode.scala-jwt-hardcoded-secret shortlink: https://sg.run/Z40o semgrep.dev: rule: rule_id: OrU6W1 - version_id: 0bTQOl - url: https://semgrep.dev/playground/r/0bTQOl/scala.scala-jwt.security.jwt-hardcode.scala-jwt-hardcoded-secret + version_id: QkTJYA + url: https://semgrep.dev/playground/r/QkTJYA/scala.scala-jwt.security.jwt-hardcode.scala-jwt-hardcoded-secret origin: community pattern-either: - pattern: 'com.auth0.jwt.algorithms.Algorithm.HMAC256("..."); @@ -26118,13 +27106,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/scala.slick.security.scala-slick-overridesql-literal.scala-slick-overrideSql-literal shortlink: https://sg.run/PYe0 semgrep.dev: rule: rule_id: wdUA97 - version_id: K3TPyG - url: https://semgrep.dev/playground/r/K3TPyG/scala.slick.security.scala-slick-overridesql-literal.scala-slick-overrideSql-literal + version_id: 3ZTdGb + url: https://semgrep.dev/playground/r/3ZTdGb/scala.slick.security.scala-slick-overridesql-literal.scala-slick-overrideSql-literal origin: community - id: scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal patterns: @@ -26161,13 +27151,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal shortlink: https://sg.run/JgDk semgrep.dev: rule: rule_id: x8UNKe - version_id: qkT9qR - url: https://semgrep.dev/playground/r/qkT9qR/scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal + version_id: 44ToLG + url: https://semgrep.dev/playground/r/44ToLG/scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal origin: community - id: terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted patterns: @@ -26223,13 +27215,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted shortlink: https://sg.run/gX7J semgrep.dev: rule: rule_id: NbUXOA - version_id: e1TBKo - url: https://semgrep.dev/playground/r/e1TBKo/terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted + version_id: RGTb6W + url: https://semgrep.dev/playground/r/RGTb6W/terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted origin: community - id: terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted patterns: @@ -26263,13 +27257,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted shortlink: https://sg.run/18yw semgrep.dev: rule: rule_id: x8UxrP - version_id: vdTlQE - url: https://semgrep.dev/playground/r/vdTlQE/terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted + version_id: A8TRO1 + url: https://semgrep.dev/playground/r/A8TRO1/terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted origin: community - id: terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk patterns: @@ -26302,13 +27298,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk shortlink: https://sg.run/38kr semgrep.dev: rule: rule_id: wdUl2j - version_id: ZRTbd0 - url: https://semgrep.dev/playground/r/ZRTbd0/terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk + version_id: DkTQPP + url: https://semgrep.dev/playground/r/DkTQPP/terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk origin: community languages: - hcl @@ -26350,13 +27348,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-cloudwatch-log-group-unencrypted.aws-cloudwatch-log-group-unencrypted shortlink: https://sg.run/Pg6Y semgrep.dev: rule: rule_id: OrUl0J - version_id: ExTZWz - url: https://semgrep.dev/playground/r/ExTZWz/terraform.aws.security.aws-cloudwatch-log-group-unencrypted.aws-cloudwatch-log-group-unencrypted + version_id: 0bTv8B + url: https://semgrep.dev/playground/r/0bTv8B/terraform.aws.security.aws-cloudwatch-log-group-unencrypted.aws-cloudwatch-log-group-unencrypted origin: community - id: terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted patterns: @@ -26410,13 +27410,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted shortlink: https://sg.run/JeWw semgrep.dev: rule: rule_id: eqUrdZ - version_id: 7ZT8R4 - url: https://semgrep.dev/playground/r/7ZT8R4/terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted + version_id: qkTNdD + url: https://semgrep.dev/playground/r/qkTNdD/terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted origin: community - id: terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions pattern-either: @@ -26463,13 +27465,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions shortlink: https://sg.run/O6A7 semgrep.dev: rule: rule_id: DbUo7v - version_id: 8KTDll - url: https://semgrep.dev/playground/r/8KTDll/terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions + version_id: YDTo19 + url: https://semgrep.dev/playground/r/YDTo19/terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions origin: community - id: terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk patterns: @@ -26502,13 +27506,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk shortlink: https://sg.run/RyzO semgrep.dev: rule: rule_id: ZqUGEp - version_id: QkT9NO - url: https://semgrep.dev/playground/r/QkT9NO/terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk + version_id: 5PT6RG + url: https://semgrep.dev/playground/r/5PT6RG/terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk origin: community languages: - hcl @@ -26549,13 +27555,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.aws.security.aws-documentdb-auditing-disabled.aws-documentdb-auditing-disabled shortlink: https://sg.run/xJYP semgrep.dev: rule: rule_id: AbU1WN - version_id: 3ZT8wN - url: https://semgrep.dev/playground/r/3ZT8wN/terraform.aws.security.aws-documentdb-auditing-disabled.aws-documentdb-auditing-disabled + version_id: GxT2ne + url: https://semgrep.dev/playground/r/GxT2ne/terraform.aws.security.aws-documentdb-auditing-disabled.aws-documentdb-auditing-disabled origin: community - id: terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk patterns: @@ -26591,13 +27599,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk shortlink: https://sg.run/WW14 semgrep.dev: rule: rule_id: L1UPY9 - version_id: RGTyLO - url: https://semgrep.dev/playground/r/RGTyLO/terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk + version_id: 0bTv8O + url: https://semgrep.dev/playground/r/0bTv8O/terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk origin: community languages: - hcl @@ -26640,13 +27650,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted shortlink: https://sg.run/6ZbY semgrep.dev: rule: rule_id: YGUKl1 - version_id: A8TBd9 - url: https://semgrep.dev/playground/r/A8TBd9/terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted + version_id: K3TlDN + url: https://semgrep.dev/playground/r/K3TlDN/terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted origin: community - id: terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled patterns: @@ -26699,13 +27711,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled shortlink: https://sg.run/pg9J semgrep.dev: rule: rule_id: zdU0Wo - version_id: 0bTnzE - url: https://semgrep.dev/playground/r/0bTnzE/terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled + version_id: 6xTer5 + url: https://semgrep.dev/playground/r/6xTer5/terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled origin: community - id: terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags patterns: @@ -26744,13 +27758,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags shortlink: https://sg.run/ZEeL semgrep.dev: rule: rule_id: KxUB4o - version_id: l4TO2x - url: https://semgrep.dev/playground/r/l4TO2x/terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags + version_id: 2KT1ZP + url: https://semgrep.dev/playground/r/2KT1ZP/terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags origin: community - id: terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk patterns: @@ -26786,13 +27802,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk shortlink: https://sg.run/Kk07 semgrep.dev: rule: rule_id: gxUJ4n - version_id: JdTXxo - url: https://semgrep.dev/playground/r/JdTXxo/terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk + version_id: jQTK8r + url: https://semgrep.dev/playground/r/jQTK8r/terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk origin: community languages: - hcl @@ -26819,13 +27837,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-elasticache-replication-group-encrypted-with-cmk.aws-elasticache-replication-group-encrypted-with-cmk shortlink: https://sg.run/qyAz semgrep.dev: rule: rule_id: QrUnyQ - version_id: 5PTZ19 - url: https://semgrep.dev/playground/r/5PTZ19/terraform.aws.security.aws-elasticache-replication-group-encrypted-with-cmk.aws-elasticache-replication-group-encrypted-with-cmk + version_id: 1QTjr4 + url: https://semgrep.dev/playground/r/1QTjr4/terraform.aws.security.aws-elasticache-replication-group-encrypted-with-cmk.aws-elasticache-replication-group-encrypted-with-cmk origin: community languages: - hcl @@ -26863,13 +27883,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-emr-encrypted-with-cmk.aws-emr-encrypted-with-cmk shortlink: https://sg.run/6gOo semgrep.dev: rule: rule_id: PeU0L7 - version_id: BjTRZb - url: https://semgrep.dev/playground/r/BjTRZb/terraform.aws.security.aws-emr-encrypted-with-cmk.aws-emr-encrypted-with-cmk + version_id: bZTGn5 + url: https://semgrep.dev/playground/r/bZTGn5/terraform.aws.security.aws-emr-encrypted-with-cmk.aws-emr-encrypted-with-cmk origin: community languages: - hcl @@ -26907,13 +27929,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-lustre-files-ystem.aws-fsx-lustre-filesystem-encrypted-with-cmk shortlink: https://sg.run/oNG9 semgrep.dev: rule: rule_id: JDU6gw - version_id: d6TnOb - url: https://semgrep.dev/playground/r/d6TnOb/terraform.aws.security.aws-fsx-lustre-files-ystem.aws-fsx-lustre-filesystem-encrypted-with-cmk + version_id: NdT1bZ + url: https://semgrep.dev/playground/r/NdT1bZ/terraform.aws.security.aws-fsx-lustre-files-ystem.aws-fsx-lustre-filesystem-encrypted-with-cmk origin: community languages: - hcl @@ -26950,13 +27974,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-lustre-filesystem-encrypted-with-cmk.aws-fsx-lustre-filesystem-encrypted-with-cmk shortlink: https://sg.run/zJ6G semgrep.dev: rule: rule_id: 5rUp50 - version_id: DkTEbw - url: https://semgrep.dev/playground/r/DkTEbw/terraform.aws.security.aws-fsx-lustre-filesystem-encrypted-with-cmk.aws-fsx-lustre-filesystem-encrypted-with-cmk + version_id: kbT7EW + url: https://semgrep.dev/playground/r/kbT7EW/terraform.aws.security.aws-fsx-lustre-filesystem-encrypted-with-cmk.aws-fsx-lustre-filesystem-encrypted-with-cmk origin: community languages: - hcl @@ -26992,13 +28018,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-ontapfs-encrypted-with-cmk.aws-fsx-ontapfs-encrypted-with-cmk shortlink: https://sg.run/pyRg semgrep.dev: rule: rule_id: GdUzwK - version_id: WrTLKG - url: https://semgrep.dev/playground/r/WrTLKG/terraform.aws.security.aws-fsx-ontapfs-encrypted-with-cmk.aws-fsx-ontapfs-encrypted-with-cmk + version_id: w8T3EN + url: https://semgrep.dev/playground/r/w8T3EN/terraform.aws.security.aws-fsx-ontapfs-encrypted-with-cmk.aws-fsx-ontapfs-encrypted-with-cmk origin: community languages: - hcl @@ -27034,13 +28062,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-windows-encrypted-with-cmk.aws-fsx-windows-encrypted-with-cmk shortlink: https://sg.run/2pN0 semgrep.dev: rule: rule_id: ReUqv6 - version_id: 0bTnzq - url: https://semgrep.dev/playground/r/0bTnzq/terraform.aws.security.aws-fsx-windows-encrypted-with-cmk.aws-fsx-windows-encrypted-with-cmk + version_id: xyT4Ew + url: https://semgrep.dev/playground/r/xyT4Ew/terraform.aws.security.aws-fsx-windows-encrypted-with-cmk.aws-fsx-windows-encrypted-with-cmk origin: community languages: - hcl @@ -27076,13 +28106,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-imagebuilder-component-encrypted-with-cmk.aws-imagebuilder-component-encrypted-with-cmk shortlink: https://sg.run/9vdY semgrep.dev: rule: rule_id: WAUNxL - version_id: YDTLex - url: https://semgrep.dev/playground/r/YDTLex/terraform.aws.security.aws-imagebuilder-component-encrypted-with-cmk.aws-imagebuilder-component-encrypted-with-cmk + version_id: d6TDoE + url: https://semgrep.dev/playground/r/d6TDoE/terraform.aws.security.aws-imagebuilder-component-encrypted-with-cmk.aws-imagebuilder-component-encrypted-with-cmk origin: community languages: - hcl @@ -27118,13 +28150,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-kinesis-stream-encrypted-with-cmk.aws-kinesis-stream-encrypted-with-cmk shortlink: https://sg.run/ryBn semgrep.dev: rule: rule_id: KxU5yW - version_id: zyTz2v - url: https://semgrep.dev/playground/r/zyTz2v/terraform.aws.security.aws-kinesis-stream-encrypted-with-cmk.aws-kinesis-stream-encrypted-with-cmk + version_id: ExTnlP + url: https://semgrep.dev/playground/r/ExTnlP/terraform.aws.security.aws-kinesis-stream-encrypted-with-cmk.aws-kinesis-stream-encrypted-with-cmk origin: community languages: - hcl @@ -27168,13 +28202,15 @@ rules: confidence: MEDIUM rule-origin-note: published from /src/aws-kinesis-stream-unencrypted.yml in None license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-kinesis-stream-unencrypted.aws-kinesis-stream-unencrypted shortlink: https://sg.run/KZ0L semgrep.dev: rule: rule_id: 8GU72N - version_id: DkTA0l - url: https://semgrep.dev/playground/r/DkTA0l/terraform.aws.security.aws-kinesis-stream-unencrypted.aws-kinesis-stream-unencrypted + version_id: 7ZTOGj + url: https://semgrep.dev/playground/r/7ZTOGj/terraform.aws.security.aws-kinesis-stream-unencrypted.aws-kinesis-stream-unencrypted origin: community - id: terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk patterns: @@ -27207,13 +28243,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk shortlink: https://sg.run/bXvp semgrep.dev: rule: rule_id: qNUWqn - version_id: pZTE34 - url: https://semgrep.dev/playground/r/pZTE34/terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk + version_id: LjT0nW + url: https://semgrep.dev/playground/r/LjT0nW/terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk origin: community languages: - hcl @@ -27271,13 +28309,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-lambda-environment-unencrypted.aws-lambda-environment-unencrypted shortlink: https://sg.run/x4lz semgrep.dev: rule: rule_id: 5rUp5w - version_id: 1QTGp6 - url: https://semgrep.dev/playground/r/1QTGp6/terraform.aws.security.aws-lambda-environment-unencrypted.aws-lambda-environment-unencrypted + version_id: 3ZTdZ8 + url: https://semgrep.dev/playground/r/3ZTdZ8/terraform.aws.security.aws-lambda-environment-unencrypted.aws-lambda-environment-unencrypted origin: community - id: terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active patterns: @@ -27321,13 +28361,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active shortlink: https://sg.run/wO2Y semgrep.dev: rule: rule_id: eqUl1O - version_id: 9lT0A5 - url: https://semgrep.dev/playground/r/9lT0A5/terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active + version_id: PkTY9P + url: https://semgrep.dev/playground/r/PkTY9P/terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active origin: community - id: terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk patterns: @@ -27361,13 +28403,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk shortlink: https://sg.run/eXnb semgrep.dev: rule: rule_id: ReUqvX - version_id: bZTy3e - url: https://semgrep.dev/playground/r/bZTy3e/terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk + version_id: A8TRK4 + url: https://semgrep.dev/playground/r/A8TRK4/terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk origin: community languages: - hcl @@ -27403,13 +28447,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-s3-bucket-object-encrypted-with-cmk.aws-s3-bucket-object-encrypted-with-cmk shortlink: https://sg.run/veKA semgrep.dev: rule: rule_id: AbUeYR - version_id: NdT4yR - url: https://semgrep.dev/playground/r/NdT4yR/terraform.aws.security.aws-s3-bucket-object-encrypted-with-cmk.aws-s3-bucket-object-encrypted-with-cmk + version_id: BjTElw + url: https://semgrep.dev/playground/r/BjTElw/terraform.aws.security.aws-s3-bucket-object-encrypted-with-cmk.aws-s3-bucket-object-encrypted-with-cmk origin: community languages: - hcl @@ -27445,13 +28491,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-s3-object-copy-encrypted-with-cmk.aws-s3-object-copy-encrypted-with-cmk shortlink: https://sg.run/d1ZZ semgrep.dev: rule: rule_id: BYUzYY - version_id: kbTJGG - url: https://semgrep.dev/playground/r/kbTJGG/terraform.aws.security.aws-s3-object-copy-encrypted-with-cmk.aws-s3-object-copy-encrypted-with-cmk + version_id: DkTQgO + url: https://semgrep.dev/playground/r/DkTQgO/terraform.aws.security.aws-s3-object-copy-encrypted-with-cmk.aws-s3-object-copy-encrypted-with-cmk origin: community languages: - hcl @@ -27487,13 +28535,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-sagemaker-domain-encrypted-with-cmk.aws-sagemaker-domain-encrypted-with-cmk shortlink: https://sg.run/ZjrD semgrep.dev: rule: rule_id: DbUx8z - version_id: w8TYoL - url: https://semgrep.dev/playground/r/w8TYoL/terraform.aws.security.aws-sagemaker-domain-encrypted-with-cmk.aws-sagemaker-domain-encrypted-with-cmk + version_id: WrTbDb + url: https://semgrep.dev/playground/r/WrTbDb/terraform.aws.security.aws-sagemaker-domain-encrypted-with-cmk.aws-sagemaker-domain-encrypted-with-cmk origin: community languages: - hcl @@ -27536,13 +28586,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-secretsmanager-secret-unencrypted.aws-secretsmanager-secret-unencrypted shortlink: https://sg.run/nrRX semgrep.dev: rule: rule_id: WAUNrz - version_id: xyT6zo - url: https://semgrep.dev/playground/r/xyT6zo/terraform.aws.security.aws-secretsmanager-secret-unencrypted.aws-secretsmanager-secret-unencrypted + version_id: 0bTvDO + url: https://semgrep.dev/playground/r/0bTvDO/terraform.aws.security.aws-secretsmanager-secret-unencrypted.aws-secretsmanager-secret-unencrypted origin: community - id: terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues patterns: @@ -27588,13 +28640,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues shortlink: https://sg.run/EyWw semgrep.dev: rule: rule_id: 0oUrWL - version_id: e1TBj6 - url: https://semgrep.dev/playground/r/e1TBj6/terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues + version_id: 6xTe35 + url: https://semgrep.dev/playground/r/6xTe35/terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues origin: community - id: terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address patterns: @@ -27641,13 +28695,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address shortlink: https://sg.run/XJZw semgrep.dev: rule: rule_id: 2ZUo79 - version_id: vdTl62 - url: https://semgrep.dev/playground/r/vdTl62/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address + version_id: o5Tnve + url: https://semgrep.dev/playground/r/o5Tnve/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address origin: community - id: terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk patterns: @@ -27680,13 +28736,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk shortlink: https://sg.run/7nyZ semgrep.dev: rule: rule_id: KxU5Nn - version_id: d6TYxR - url: https://semgrep.dev/playground/r/d6TYxR/terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk + version_id: zyT5dy + url: https://semgrep.dev/playground/r/zyT5dy/terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk origin: community languages: - hcl @@ -27723,13 +28781,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-transfer-server-is-public.aws-transfer-server-is-public shortlink: https://sg.run/L39r semgrep.dev: rule: rule_id: qNUWl1 - version_id: ZRTbAj - url: https://semgrep.dev/playground/r/ZRTbAj/terraform.aws.security.aws-transfer-server-is-public.aws-transfer-server-is-public + version_id: pZTrow + url: https://semgrep.dev/playground/r/pZTrow/terraform.aws.security.aws-transfer-server-is-public.aws-transfer-server-is-public origin: community languages: - hcl @@ -27770,13 +28830,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-workspaces-root-volume-unencrypted.aws-workspaces-root-volume-unencrypted shortlink: https://sg.run/8gby semgrep.dev: rule: rule_id: lBUWB9 - version_id: nWT3RW - url: https://semgrep.dev/playground/r/nWT3RW/terraform.aws.security.aws-workspaces-root-volume-unencrypted.aws-workspaces-root-volume-unencrypted + version_id: 2KT1eP + url: https://semgrep.dev/playground/r/2KT1eP/terraform.aws.security.aws-workspaces-root-volume-unencrypted.aws-workspaces-root-volume-unencrypted origin: community - id: terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted patterns: @@ -27813,13 +28875,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted shortlink: https://sg.run/gXdJ semgrep.dev: rule: rule_id: YGUAXr - version_id: ExTZwj - url: https://semgrep.dev/playground/r/ExTZwj/terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted + version_id: X0TPEg + url: https://semgrep.dev/playground/r/X0TPEg/terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted origin: community - id: terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption patterns: @@ -27855,13 +28919,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption shortlink: https://sg.run/kzro semgrep.dev: rule: rule_id: wdUljO - version_id: LjTj32 - url: https://semgrep.dev/playground/r/LjTj32/terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption + version_id: 1QTjB4 + url: https://semgrep.dev/playground/r/1QTjB4/terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption origin: community - id: terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered message: Registering the identity used by an App with AD allows it to interact with @@ -27910,13 +28976,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered shortlink: https://sg.run/PbXY semgrep.dev: rule: rule_id: WAUynd - version_id: qkTDZK - url: https://semgrep.dev/playground/r/qkTDZK/terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered + version_id: w8T3rN + url: https://semgrep.dev/playground/r/w8T3rN/terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered origin: community languages: - hcl @@ -27954,13 +29022,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.appservice.azure-appservice-min-tls-version.azure-appservice-min-tls-version shortlink: https://sg.run/rDwn semgrep.dev: rule: rule_id: v8UNL7 - version_id: YDTLyb - url: https://semgrep.dev/playground/r/YDTLyb/terraform.azure.security.appservice.azure-appservice-min-tls-version.azure-appservice-min-tls-version + version_id: 44Topr + url: https://semgrep.dev/playground/r/44Topr/terraform.azure.security.appservice.azure-appservice-min-tls-version.azure-appservice-min-tls-version origin: community languages: - hcl @@ -28016,13 +29086,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.functionapp.functionapp-authentication-enabled.functionapp-authentication-enabled shortlink: https://sg.run/B6AW semgrep.dev: rule: rule_id: 6JU1X8 - version_id: zyTzp4 - url: https://semgrep.dev/playground/r/zyTzp4/terraform.azure.security.functionapp.functionapp-authentication-enabled.functionapp-authentication-enabled + version_id: e1TxQN + url: https://semgrep.dev/playground/r/e1TxQN/terraform.azure.security.functionapp.functionapp-authentication-enabled.functionapp-authentication-enabled origin: community languages: - hcl @@ -28075,13 +29147,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/terraform.azure.security.functionapp.functionapp-enable-http2.functionapp-enable-http2 shortlink: https://sg.run/DzDY semgrep.dev: rule: rule_id: oqU41L - version_id: pZTEKK - url: https://semgrep.dev/playground/r/pZTEKK/terraform.azure.security.functionapp.functionapp-enable-http2.functionapp-enable-http2 + version_id: vdT2ez + url: https://semgrep.dev/playground/r/vdT2ez/terraform.azure.security.functionapp.functionapp-enable-http2.functionapp-enable-http2 origin: community languages: - hcl @@ -28136,13 +29210,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.azure.security.keyvault.keyvault-specify-network-acl.keyvault-specify-network-acl shortlink: https://sg.run/nKgX semgrep.dev: rule: rule_id: 4bU1jy - version_id: 9lTpjQ - url: https://semgrep.dev/playground/r/9lTpjQ/terraform.azure.security.keyvault.keyvault-specify-network-acl.keyvault-specify-network-acl + version_id: ExTn7G + url: https://semgrep.dev/playground/r/ExTn7G/terraform.azure.security.keyvault.keyvault-specify-network-acl.keyvault-specify-network-acl origin: community languages: - hcl @@ -28206,13 +29282,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.azure.security.storage.storage-allow-microsoft-service-bypass.storage-allow-microsoft-service-bypass shortlink: https://sg.run/WpX4 semgrep.dev: rule: rule_id: GdUreY - version_id: yeTo6R - url: https://semgrep.dev/playground/r/yeTo6R/terraform.azure.security.storage.storage-allow-microsoft-service-bypass.storage-allow-microsoft-service-bypass + version_id: 7ZTO02 + url: https://semgrep.dev/playground/r/7ZTO02/terraform.azure.security.storage.storage-allow-microsoft-service-bypass.storage-allow-microsoft-service-bypass origin: community languages: - hcl @@ -28253,13 +29331,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/terraform.azure.security.storage.storage-default-action-deny.storage-default-action-deny shortlink: https://sg.run/WpN4 semgrep.dev: rule: rule_id: zdUY3N - version_id: rxTW50 - url: https://semgrep.dev/playground/r/rxTW50/terraform.azure.security.storage.storage-default-action-deny.storage-default-action-deny + version_id: LjT0Z1 + url: https://semgrep.dev/playground/r/LjT0Z1/terraform.azure.security.storage.storage-default-action-deny.storage-default-action-deny origin: community languages: - hcl @@ -28314,13 +29394,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.azure.security.storage.storage-queue-services-logging.storage-queue-services-logging shortlink: https://sg.run/0yEv semgrep.dev: rule: rule_id: ReU3L9 - version_id: NdT4xk - url: https://semgrep.dev/playground/r/NdT4xk/terraform.azure.security.storage.storage-queue-services-logging.storage-queue-services-logging + version_id: gETqd4 + url: https://semgrep.dev/playground/r/gETqd4/terraform.azure.security.storage.storage-queue-services-logging.storage-queue-services-logging origin: community languages: - hcl @@ -28363,13 +29445,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/terraform.lang.security.ecr-image-scan-on-push.ecr-image-scan-on-push shortlink: https://sg.run/R8eE semgrep.dev: rule: rule_id: 0oUELR - version_id: 8KTD2R - url: https://semgrep.dev/playground/r/8KTD2R/terraform.lang.security.ecr-image-scan-on-push.ecr-image-scan-on-push + version_id: w8T3OQ + url: https://semgrep.dev/playground/r/w8T3OQ/terraform.lang.security.ecr-image-scan-on-push.ecr-image-scan-on-push origin: community - id: terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging patterns: @@ -28417,13 +29501,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging shortlink: https://sg.run/wZ3n semgrep.dev: rule: rule_id: x8UGx7 - version_id: gETK4K - url: https://semgrep.dev/playground/r/gETK4K/terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging + version_id: xyT47L + url: https://semgrep.dev/playground/r/xyT47L/terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging origin: community - id: terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled patterns: @@ -28466,13 +29552,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled shortlink: https://sg.run/Albg semgrep.dev: rule: rule_id: KxU4v6 - version_id: QkT9yx - url: https://semgrep.dev/playground/r/QkT9yx/terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled + version_id: O9TygN + url: https://semgrep.dev/playground/r/O9TygN/terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled origin: community - id: terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest patterns: @@ -28514,13 +29602,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest shortlink: https://sg.run/B4Yb semgrep.dev: rule: rule_id: qNUo2d - version_id: 3ZT8J0 - url: https://semgrep.dev/playground/r/3ZT8J0/terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest + version_id: e1TxNg + url: https://semgrep.dev/playground/r/e1TxNg/terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest origin: community - id: terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges pattern-either: @@ -28620,13 +29710,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges shortlink: https://sg.run/oY0N semgrep.dev: rule: rule_id: NbUNDX - version_id: 44TD3P - url: https://semgrep.dev/playground/r/44TD3P/terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges + version_id: vdT27p + url: https://semgrep.dev/playground/r/vdT27p/terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges origin: community languages: - hcl @@ -28826,13 +29918,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-creds-exposure.no-iam-creds-exposure shortlink: https://sg.run/zxY1 semgrep.dev: rule: rule_id: kxUwK2 - version_id: PkT8LG - url: https://semgrep.dev/playground/r/PkT8LG/terraform.lang.security.iam.no-iam-creds-exposure.no-iam-creds-exposure + version_id: d6TDdj + url: https://semgrep.dev/playground/r/d6TDdj/terraform.lang.security.iam.no-iam-creds-exposure.no-iam-creds-exposure origin: community languages: - hcl @@ -28940,13 +30034,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-data-exfiltration.no-iam-data-exfiltration shortlink: https://sg.run/pYrN semgrep.dev: rule: rule_id: wdUj1k - version_id: JdTXgx - url: https://semgrep.dev/playground/r/JdTXgx/terraform.lang.security.iam.no-iam-data-exfiltration.no-iam-data-exfiltration + version_id: ZRTwYq + url: https://semgrep.dev/playground/r/ZRTwYq/terraform.lang.security.iam.no-iam-data-exfiltration.no-iam-data-exfiltration origin: community languages: - hcl @@ -29053,13 +30149,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-priv-esc-funcs.no-iam-priv-esc-funcs shortlink: https://sg.run/28y5 semgrep.dev: rule: rule_id: x8UxLq - version_id: 5PTZ5z - url: https://semgrep.dev/playground/r/5PTZ5z/terraform.lang.security.iam.no-iam-priv-esc-funcs.no-iam-priv-esc-funcs + version_id: nWT7gr + url: https://semgrep.dev/playground/r/nWT7gr/terraform.lang.security.iam.no-iam-priv-esc-funcs.no-iam-priv-esc-funcs origin: community languages: - hcl @@ -29155,13 +30253,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-priv-esc-other-users.no-iam-priv-esc-other-users shortlink: https://sg.run/XOeA semgrep.dev: rule: rule_id: OrU6jO - version_id: GxT1wA - url: https://semgrep.dev/playground/r/GxT1wA/terraform.lang.security.iam.no-iam-priv-esc-other-users.no-iam-priv-esc-other-users + version_id: ExTn0K + url: https://semgrep.dev/playground/r/ExTn0K/terraform.lang.security.iam.no-iam-priv-esc-other-users.no-iam-priv-esc-other-users origin: community languages: - hcl @@ -29291,13 +30391,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-priv-esc-roles.no-iam-priv-esc-roles shortlink: https://sg.run/jwrA semgrep.dev: rule: rule_id: eqUzR3 - version_id: RGTyv5 - url: https://semgrep.dev/playground/r/RGTyv5/terraform.lang.security.iam.no-iam-priv-esc-roles.no-iam-priv-esc-roles + version_id: 7ZTO4W + url: https://semgrep.dev/playground/r/7ZTO4W/terraform.lang.security.iam.no-iam-priv-esc-roles.no-iam-priv-esc-roles origin: community languages: - hcl @@ -30424,13 +31526,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-resource-exposure.no-iam-resource-exposure shortlink: https://sg.run/18rD semgrep.dev: rule: rule_id: v8U9r0 - version_id: A8TBY6 - url: https://semgrep.dev/playground/r/A8TBY6/terraform.lang.security.iam.no-iam-resource-exposure.no-iam-resource-exposure + version_id: LjT08E + url: https://semgrep.dev/playground/r/LjT08E/terraform.lang.security.iam.no-iam-resource-exposure.no-iam-resource-exposure origin: community languages: - hcl @@ -30503,13 +31607,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-star-actions.no-iam-star-actions shortlink: https://sg.run/9rZ4 semgrep.dev: rule: rule_id: d8Uew3 - version_id: BjTRYE - url: https://semgrep.dev/playground/r/BjTRYE/terraform.lang.security.iam.no-iam-star-actions.no-iam-star-actions + version_id: 8KTb8v + url: https://semgrep.dev/playground/r/8KTb8v/terraform.lang.security.iam.no-iam-star-actions.no-iam-star-actions origin: community languages: - hcl @@ -30544,13 +31650,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.rds-public-access.rds-public-access shortlink: https://sg.run/Oye2 semgrep.dev: rule: rule_id: eqUrzK - version_id: WrTLxr - url: https://semgrep.dev/playground/r/WrTLxr/terraform.lang.security.rds-public-access.rds-public-access + version_id: QkTJe0 + url: https://semgrep.dev/playground/r/QkTJe0/terraform.lang.security.rds-public-access.rds-public-access origin: community - id: terraform.lang.security.s3-cors-all-origins.all-origins-allowed patterns: @@ -30577,13 +31685,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/terraform.lang.security.s3-cors-all-origins.all-origins-allowed shortlink: https://sg.run/DJb2 semgrep.dev: rule: rule_id: lBUd4g - version_id: 0bTnWx - url: https://semgrep.dev/playground/r/0bTnWx/terraform.lang.security.s3-cors-all-origins.all-origins-allowed + version_id: 3ZTd0r + url: https://semgrep.dev/playground/r/3ZTd0r/terraform.lang.security.s3-cors-all-origins.all-origins-allowed origin: community - id: terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket patterns: @@ -30619,13 +31729,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket shortlink: https://sg.run/WgAy semgrep.dev: rule: rule_id: YGUrp5 - version_id: K3TxNv - url: https://semgrep.dev/playground/r/K3TxNv/terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket + version_id: 44To0E + url: https://semgrep.dev/playground/r/44To0E/terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket origin: community - id: trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable message: 'Variable `$X` is likely modified and later used on error. In some cases @@ -30647,13 +31759,15 @@ rules: references: - https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable shortlink: https://sg.run/WWQ2 semgrep.dev: rule: rule_id: kxU6Xb - version_id: WrTXA6 - url: https://semgrep.dev/playground/r/WrTXA6/trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable + version_id: PkTpnL + url: https://semgrep.dev/playground/r/PkTpnL/trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable origin: community patterns: - pattern-either: @@ -30688,13 +31802,15 @@ rules: references: - https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.iterate-over-empty-map.iterate-over-empty-map shortlink: https://sg.run/08jj semgrep.dev: rule: rule_id: wdUlww - version_id: 0bT8YQ - url: https://semgrep.dev/playground/r/0bT8YQ/trailofbits.go.iterate-over-empty-map.iterate-over-empty-map + version_id: JdTJZ7 + url: https://semgrep.dev/playground/r/JdTJZ7/trailofbits.go.iterate-over-empty-map.iterate-over-empty-map origin: community patterns: - pattern: | @@ -30744,13 +31860,15 @@ rules: references: - https://github.com/golang/go/issues/30209 license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.string-to-int-signedness-cast.string-to-int-signedness-cast shortlink: https://sg.run/65WB semgrep.dev: rule: rule_id: 4bU2AZ - version_id: zyTw0O - url: https://semgrep.dev/playground/r/zyTw0O/trailofbits.go.string-to-int-signedness-cast.string-to-int-signedness-cast + version_id: WrTRkP + url: https://semgrep.dev/playground/r/WrTRkP/trailofbits.go.string-to-int-signedness-cast.string-to-int-signedness-cast origin: community pattern-either: - patterns: @@ -30869,13 +31987,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors#configuring-cors-options-for-apollo-server license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v3-cors-audit.v3-potentially-bad-cors shortlink: https://sg.run/ORxR semgrep.dev: rule: rule_id: v8UlNl - version_id: zyT4zv - url: https://semgrep.dev/playground/r/zyT4zv/trailofbits.javascript.apollo-graphql.v3-cors-audit.v3-potentially-bad-cors + version_id: 5PTvBe + url: https://semgrep.dev/playground/r/5PTvBe/trailofbits.javascript.apollo-graphql.v3-cors-audit.v3-potentially-bad-cors origin: community mode: taint pattern-sources: @@ -30913,13 +32033,15 @@ rules: references: - https://pytorch.org/docs/stable/data.html#memory-pinning license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.automatic-memory-pinning.automatic-memory-pinning shortlink: https://sg.run/jz5N semgrep.dev: rule: rule_id: WAUN1Z - version_id: 1QTRwq - url: https://semgrep.dev/playground/r/1QTRwq/trailofbits.python.automatic-memory-pinning.automatic-memory-pinning + version_id: 0bT4Q6 + url: https://semgrep.dev/playground/r/0bT4Q6/trailofbits.python.automatic-memory-pinning.automatic-memory-pinning origin: community pattern-either: - patterns: @@ -30945,13 +32067,15 @@ rules: references: - https://numpy.org/doc/stable/reference/distutils.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.numpy-distutils.numpy-distutils shortlink: https://sg.run/rqGP semgrep.dev: rule: rule_id: GdUgN8 - version_id: yeT4Wg - url: https://semgrep.dev/playground/r/yeT4Wg/trailofbits.python.numpy-distutils.numpy-distutils + version_id: qkT09r + url: https://semgrep.dev/playground/r/qkT09r/trailofbits.python.numpy-distutils.numpy-distutils origin: community patterns: - pattern: 'import numpy.distutils @@ -30977,13 +32101,15 @@ rules: references: - https://numpy.org/doc/stable/f2py/usage.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.numpy-f2py-compile.numpy-f2py-compile shortlink: https://sg.run/bEdP semgrep.dev: rule: rule_id: ReUdJ0 - version_id: rxTpJK - url: https://semgrep.dev/playground/r/rxTpJK/trailofbits.python.numpy-f2py-compile.numpy-f2py-compile + version_id: l4TLe3 + url: https://semgrep.dev/playground/r/l4TLe3/trailofbits.python.numpy-f2py-compile.numpy-f2py-compile origin: community patterns: - pattern: numpy.f2py.compile(...) @@ -31010,47 +32136,15 @@ rules: references: - https://tanelp.github.io/posts/a-bug-that-plagues-thousands-of-open-source-ml-projects license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/trailofbits.python.numpy-in-pytorch-datasets.numpy-in-pytorch-datasets shortlink: https://sg.run/dnR6 semgrep.dev: rule: rule_id: KxURLn - version_id: bZT7gd - url: https://semgrep.dev/playground/r/bZT7gd/trailofbits.python.numpy-in-pytorch-datasets.numpy-in-pytorch-datasets - origin: community - patterns: - - pattern: | - class $X(torch.utils.data.Dataset): - ... - def __getitem__(...): - ... - numpy.random.randint(...) - ... -- id: trailofbits.python.numpy-in-torch-datasets.numpy-in-torch-datasets - message: 'Using the NumPy RNG inside of a Torch dataset can lead to a number of - issues with loading data, including identical augmentations. Instead, use the - random number generators built into Python and PyTorch ' - languages: - - python - severity: WARNING - metadata: - category: security - cwe: 'CWE-330: Use of Insufficiently Random Values' - subcategory: - - audit - confidence: HIGH - likelihood: MEDIUM - impact: LOW - references: - - https://tanelp.github.io/posts/a-bug-that-plagues-thousands-of-open-source-ml-projects - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.numpy-in-torch-datasets.numpy-in-torch-datasets - shortlink: https://sg.run/yPpP - semgrep.dev: - rule: - rule_id: qNUWZW - version_id: NdTKzk - url: https://semgrep.dev/playground/r/NdTKzk/trailofbits.python.numpy-in-torch-datasets.numpy-in-torch-datasets + version_id: YDT3zG + url: https://semgrep.dev/playground/r/YDT3zG/trailofbits.python.numpy-in-pytorch-datasets.numpy-in-pytorch-datasets origin: community patterns: - pattern: | @@ -31079,13 +32173,15 @@ rules: references: - https://numpy.org/doc/stable/reference/routines.ctypeslib.html#numpy.ctypeslib.load_library license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.numpy-load-library.numpy-load-library shortlink: https://sg.run/NXkL semgrep.dev: rule: rule_id: AbUxDq - version_id: kbTByq - url: https://semgrep.dev/playground/r/kbTByq/trailofbits.python.numpy-load-library.numpy-load-library + version_id: 6xTLAO + url: https://semgrep.dev/playground/r/6xTLAO/trailofbits.python.numpy-load-library.numpy-load-library origin: community patterns: - pattern: numpy.ctypeslib.load_library(...) @@ -31109,13 +32205,15 @@ rules: references: - https://onnxruntime.ai/docs/reference/operators/add-custom-op.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.onnx-session-options.onnx-session-options shortlink: https://sg.run/kRd1 semgrep.dev: rule: rule_id: BYUoqy - version_id: w8TPBe - url: https://semgrep.dev/playground/r/w8TPBe/trailofbits.python.onnx-session-options.onnx-session-options + version_id: o5T7Wp + url: https://semgrep.dev/playground/r/o5T7Wp/trailofbits.python.onnx-session-options.onnx-session-options origin: community patterns: - pattern-inside: | @@ -31142,13 +32240,15 @@ rules: references: - https://pytorch.org/tutorials/advanced/torch_script_custom_classes.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.pytorch-classes-load-library.pytorch-classes-load-library shortlink: https://sg.run/nD6d semgrep.dev: rule: rule_id: lBUYD9 - version_id: d6T00r - url: https://semgrep.dev/playground/r/d6T00r/trailofbits.python.pytorch-classes-load-library.pytorch-classes-load-library + version_id: jQTELP + url: https://semgrep.dev/playground/r/jQTELP/trailofbits.python.pytorch-classes-load-library.pytorch-classes-load-library origin: community patterns: - pattern: torch.classes.load_library(...) @@ -31174,13 +32274,15 @@ rules: - https://pytorch.org/docs/1.13/package.html#torch-package - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/trailofbits.python.pytorch-package.pytorch-package shortlink: https://sg.run/EK35 semgrep.dev: rule: rule_id: PeUKGk - version_id: ZRT996 - url: https://semgrep.dev/playground/r/ZRT996/trailofbits.python.pytorch-package.pytorch-package + version_id: 1QTD01 + url: https://semgrep.dev/playground/r/1QTD01/trailofbits.python.pytorch-package.pytorch-package origin: community pattern: import torch.package - id: trailofbits.python.tensorflow-load-library.tensorflow-load-library @@ -31203,13 +32305,15 @@ rules: - https://www.tensorflow.org/api_docs/python/tf/load_library - https://www.tensorflow.org/api_docs/python/tf/load_op_library license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.tensorflow-load-library.tensorflow-load-library shortlink: https://sg.run/xp0j semgrep.dev: rule: rule_id: WAUgBJ - version_id: LjTWWr - url: https://semgrep.dev/playground/r/LjTWWr/trailofbits.python.tensorflow-load-library.tensorflow-load-library + version_id: rxT5bv + url: https://semgrep.dev/playground/r/rxT5bv/trailofbits.python.tensorflow-load-library.tensorflow-load-library origin: community patterns: - pattern-either: @@ -31217,60 +32321,6 @@ rules: - pattern: tensorflow.load_op_library(...) - pattern-not: tensorflow.load_library("...") - pattern-not: tensorflow.load_op_library("...") -- id: trailofbits.python.torch-classes-load-library.torch-classes-load-library - message: Loading custom operator libraries can result in arbitrary code execution - languages: - - python - severity: ERROR - metadata: - category: security - cwe: 'CWE-676: Use of Potentially Dangerous Function' - subcategory: - - audit - confidence: MEDIUM - likelihood: MEDIUM - impact: HIGH - references: - - https://pytorch.org/tutorials/advanced/torch_script_custom_classes.html - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.torch-classes-load-library.torch-classes-load-library - shortlink: https://sg.run/Oj37 - semgrep.dev: - rule: - rule_id: 0oUZN9 - version_id: nWTb2o - url: https://semgrep.dev/playground/r/nWTb2o/trailofbits.python.torch-classes-load-library.torch-classes-load-library - origin: community - patterns: - - pattern: torch.classes.load_library(...) - - pattern-not: torch.classes.load_library("...") -- id: trailofbits.python.torch-package.torch-package - message: Avoid importing torch.package - it can result in arbitrary code execution - via pickle - languages: - - python - severity: WARNING - metadata: - category: security - cwe: 'CWE-502: Deserialization of Untrusted Data' - subcategory: - - audit - confidence: LOW - likelihood: MEDIUM - impact: HIGH - references: - - https://pytorch.org/docs/1.13/package.html#torch-package - - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.torch-package.torch-package - shortlink: https://sg.run/wZoA - semgrep.dev: - rule: - rule_id: GdUzA8 - version_id: ExTLEE - url: https://semgrep.dev/playground/r/ExTLEE/trailofbits.python.torch-package.torch-package - origin: community - pattern: import torch.package - id: trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result message: "`expect` or `unwrap` called in function returning a `Result`" languages: @@ -31290,13 +32340,15 @@ rules: references: - https://doc.rust-lang.org/std/result/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result shortlink: https://sg.run/WpeL semgrep.dev: rule: rule_id: 2ZUPQ3 - version_id: gETRRJ - url: https://semgrep.dev/playground/r/gETRRJ/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result + version_id: NdTx5j + url: https://semgrep.dev/playground/r/NdTx5j/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result origin: community patterns: - pattern-either: @@ -31347,13 +32399,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/typescript.lang.security.audit.cors-regex-wildcard.cors-regex-wildcard shortlink: https://sg.run/w13x semgrep.dev: rule: rule_id: qNUbXo - version_id: o5TWko - url: https://semgrep.dev/playground/r/o5TWko/typescript.lang.security.audit.cors-regex-wildcard.cors-regex-wildcard + version_id: WrTb4e + url: https://semgrep.dev/playground/r/WrTb4e/typescript.lang.security.audit.cors-regex-wildcard.cors-regex-wildcard origin: community languages: - ts @@ -31392,13 +32446,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/typescript.nestjs.security.audit.nestjs-header-cors-any.nestjs-header-cors-any shortlink: https://sg.run/ljBL semgrep.dev: rule: rule_id: pKUG17 - version_id: zyTXjr - url: https://semgrep.dev/playground/r/zyTXjr/typescript.nestjs.security.audit.nestjs-header-cors-any.nestjs-header-cors-any + version_id: 0bTvPk + url: https://semgrep.dev/playground/r/0bTvPk/typescript.nestjs.security.audit.nestjs-header-cors-any.nestjs-header-cors-any origin: community languages: - typescript @@ -31442,13 +32498,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.nestjs.security.audit.nestjs-header-xss-disabled.nestjs-header-xss-disabled shortlink: https://sg.run/YgGW semgrep.dev: rule: rule_id: 2ZU4zx - version_id: pZTqkx - url: https://semgrep.dev/playground/r/pZTqkx/typescript.nestjs.security.audit.nestjs-header-xss-disabled.nestjs-header-xss-disabled + version_id: K3TlWB + url: https://semgrep.dev/playground/r/K3TlWB/typescript.nestjs.security.audit.nestjs-header-xss-disabled.nestjs-header-xss-disabled origin: community languages: - typescript @@ -31480,13 +32538,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/typescript.nestjs.security.audit.nestjs-open-redirect.nestjs-open-redirect shortlink: https://sg.run/6rJw semgrep.dev: rule: rule_id: X5UZQK - version_id: 2KTAG6 - url: https://semgrep.dev/playground/r/2KTAG6/typescript.nestjs.security.audit.nestjs-open-redirect.nestjs-open-redirect + version_id: qkTN8P + url: https://semgrep.dev/playground/r/qkTN8P/typescript.nestjs.security.audit.nestjs-open-redirect.nestjs-open-redirect origin: community languages: - typescript @@ -31528,13 +32588,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-css-injection.react-css-injection shortlink: https://sg.run/yze8 semgrep.dev: rule: rule_id: wdU861 - version_id: X0ToOo - url: https://semgrep.dev/playground/r/X0ToOo/typescript.react.security.audit.react-css-injection.react-css-injection + version_id: l4T5nK + url: https://semgrep.dev/playground/r/l4T5nK/typescript.react.security.audit.react-css-injection.react-css-injection origin: community languages: - typescript @@ -31569,13 +32631,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-href-var.react-href-var shortlink: https://sg.run/bDZZ semgrep.dev: rule: rule_id: OrUGkk - version_id: BjT3ZO - url: https://semgrep.dev/playground/r/BjT3ZO/typescript.react.security.audit.react-href-var.react-href-var + version_id: 6xTeP3 + url: https://semgrep.dev/playground/r/6xTeP3/typescript.react.security.audit.react-href-var.react-href-var origin: community languages: - typescript @@ -31654,13 +32718,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-http-leak.react-http-leak shortlink: https://sg.run/kLbX semgrep.dev: rule: rule_id: v8U51n - version_id: yeTQ39 - url: https://semgrep.dev/playground/r/yeTQ39/typescript.react.security.audit.react-http-leak.react-http-leak + version_id: zyT57z + url: https://semgrep.dev/playground/r/zyT57z/typescript.react.security.audit.react-http-leak.react-http-leak origin: community languages: - typescript @@ -31687,13 +32753,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-jwt-decoded-property.react-jwt-decoded-property shortlink: https://sg.run/wx8x semgrep.dev: rule: rule_id: d8Uzqz - version_id: rxTb0J - url: https://semgrep.dev/playground/r/rxTb0J/typescript.react.security.audit.react-jwt-decoded-property.react-jwt-decoded-property + version_id: pZTr75 + url: https://semgrep.dev/playground/r/pZTr75/typescript.react.security.audit.react-jwt-decoded-property.react-jwt-decoded-property origin: community languages: - typescript @@ -31726,13 +32794,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-jwt-in-localstorage.react-jwt-in-localstorage shortlink: https://sg.run/xYye semgrep.dev: rule: rule_id: ZqUq6g - version_id: bZTxR7 - url: https://semgrep.dev/playground/r/bZTxR7/typescript.react.security.audit.react-jwt-in-localstorage.react-jwt-in-localstorage + version_id: 2KT1JJ + url: https://semgrep.dev/playground/r/2KT1JJ/typescript.react.security.audit.react-jwt-in-localstorage.react-jwt-in-localstorage origin: community languages: - typescript @@ -31772,13 +32842,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-missing-noopener.react-missing-noopener shortlink: https://sg.run/O19e semgrep.dev: rule: rule_id: nJUYOZ - version_id: NdT5gb - url: https://semgrep.dev/playground/r/NdT5gb/typescript.react.security.audit.react-missing-noopener.react-missing-noopener + version_id: X0TP6N + url: https://semgrep.dev/playground/r/X0TP6N/typescript.react.security.audit.react-missing-noopener.react-missing-noopener origin: community languages: - typescript @@ -31810,13 +32882,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-props-injection.react-props-injection shortlink: https://sg.run/dg6P semgrep.dev: rule: rule_id: L1U47z - version_id: xyT9v6 - url: https://semgrep.dev/playground/r/xyT9v6/typescript.react.security.audit.react-props-injection.react-props-injection + version_id: 9lTzPw + url: https://semgrep.dev/playground/r/9lTzPw/typescript.react.security.audit.react-props-injection.react-props-injection origin: community languages: - typescript @@ -31841,7 +32915,7 @@ rules: references: - https://v5.reactrouter.com/web/api/Redirect - https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html - - https://r2c.dev + - https://semgrep.dev cwe2022-top25: true cwe2021-top25: true subcategory: @@ -31850,13 +32924,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-router-redirect.react-router-redirect shortlink: https://sg.run/ZeR7 semgrep.dev: rule: rule_id: 8GUE4K - version_id: O9T4k5 - url: https://semgrep.dev/playground/r/O9T4k5/typescript.react.security.audit.react-router-redirect.react-router-redirect + version_id: yeTX7j + url: https://semgrep.dev/playground/r/yeTX7j/typescript.react.security.audit.react-router-redirect.react-router-redirect origin: community languages: - typescript @@ -31888,13 +32964,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-styled-components-injection.react-styled-components-injection shortlink: https://sg.run/nqWG semgrep.dev: rule: rule_id: gxUW6x - version_id: e1TEgN - url: https://semgrep.dev/playground/r/e1TEgN/typescript.react.security.audit.react-styled-components-injection.react-styled-components-injection + version_id: rxTx7Z + url: https://semgrep.dev/playground/r/rxTx7Z/typescript.react.security.audit.react-styled-components-injection.react-styled-components-injection origin: community languages: - typescript @@ -31917,7 +32995,7 @@ rules: - 'CWE-79: Improper Neutralization of Input During Web Page Generation (''Cross-site Scripting'')' references: - - https://r2c.dev + - https://semgrep.dev cwe2022-top25: true cwe2021-top25: true subcategory: @@ -31926,13 +33004,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.react-controlled-component-password.react-controlled-component-password shortlink: https://sg.run/jN2Z semgrep.dev: rule: rule_id: bwUObG - version_id: ZRTB6A - url: https://semgrep.dev/playground/r/ZRTB6A/typescript.react.security.react-controlled-component-password.react-controlled-component-password + version_id: kbT7nA + url: https://semgrep.dev/playground/r/kbT7nA/typescript.react.security.react-controlled-component-password.react-controlled-component-password origin: community languages: - typescript @@ -31965,13 +33045,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.react-markdown-insecure-html.react-markdown-insecure-html shortlink: https://sg.run/9qAk semgrep.dev: rule: rule_id: kxURd4 - version_id: ExTdRG - url: https://semgrep.dev/playground/r/ExTdRG/typescript.react.security.react-markdown-insecure-html.react-markdown-insecure-html + version_id: xyT4eL + url: https://semgrep.dev/playground/r/xyT4eL/typescript.react.security.react-markdown-insecure-html.react-markdown-insecure-html origin: community languages: - typescript @@ -32067,13 +33149,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.exposing-docker-socket-volume.exposing-docker-socket-volume shortlink: https://sg.run/O14b semgrep.dev: rule: rule_id: eqUvZ9 - version_id: PkTE9d - url: https://semgrep.dev/playground/r/PkTE9d/yaml.docker-compose.security.exposing-docker-socket-volume.exposing-docker-socket-volume + version_id: e1Txkg + url: https://semgrep.dev/playground/r/e1Txkg/yaml.docker-compose.security.exposing-docker-socket-volume.exposing-docker-socket-volume origin: community languages: - yaml @@ -32120,13 +33204,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.no-new-privileges.no-new-privileges shortlink: https://sg.run/0n8q semgrep.dev: rule: rule_id: qNUoWr - version_id: JdT2Ez - url: https://semgrep.dev/playground/r/JdT2Ez/yaml.docker-compose.security.no-new-privileges.no-new-privileges + version_id: vdT2zp + url: https://semgrep.dev/playground/r/vdT2zp/yaml.docker-compose.security.no-new-privileges.no-new-privileges origin: community languages: - yaml @@ -32165,13 +33251,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.seccomp-confinement-disabled.seccomp-confinement-disabled shortlink: https://sg.run/KWkY semgrep.dev: rule: rule_id: lBUdW3 - version_id: GxT43l - url: https://semgrep.dev/playground/r/GxT43l/yaml.docker-compose.security.seccomp-confinement-disabled.seccomp-confinement-disabled + version_id: ZRTwPq + url: https://semgrep.dev/playground/r/ZRTwPq/yaml.docker-compose.security.seccomp-confinement-disabled.seccomp-confinement-disabled origin: community languages: - yaml @@ -32211,13 +33299,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.selinux-separation-disabled.selinux-separation-disabled shortlink: https://sg.run/qryb semgrep.dev: rule: rule_id: YGUrAG - version_id: RGTB8n - url: https://semgrep.dev/playground/r/RGTB8n/yaml.docker-compose.security.selinux-separation-disabled.selinux-separation-disabled + version_id: nWT74r + url: https://semgrep.dev/playground/r/nWT74r/yaml.docker-compose.security.selinux-separation-disabled.selinux-separation-disabled origin: community languages: - yaml @@ -32265,13 +33355,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service shortlink: https://sg.run/e4JE semgrep.dev: rule: rule_id: v8U5vN - version_id: A8TyKp - url: https://semgrep.dev/playground/r/A8TyKp/yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service + version_id: ExTnDK + url: https://semgrep.dev/playground/r/ExTnDK/yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service origin: community languages: - yaml @@ -32306,13 +33398,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/yaml.github-actions.security.curl-eval.curl-eval shortlink: https://sg.run/9r7r semgrep.dev: rule: rule_id: X5Udrd - version_id: DkT3ge - url: https://semgrep.dev/playground/r/DkT3ge/yaml.github-actions.security.curl-eval.curl-eval + version_id: LjT0bE + url: https://semgrep.dev/playground/r/LjT0bE/yaml.github-actions.security.curl-eval.curl-eval origin: community patterns: - pattern-inside: 'steps: [...]' @@ -32361,13 +33455,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/yaml.github-actions.security.pull-request-target-code-checkout.pull-request-target-code-checkout shortlink: https://sg.run/jkdn semgrep.dev: rule: rule_id: d8Ulkd - version_id: 0bTQDZ - url: https://semgrep.dev/playground/r/0bTQDZ/yaml.github-actions.security.pull-request-target-code-checkout.pull-request-target-code-checkout + version_id: gETq2e + url: https://semgrep.dev/playground/r/gETq2e/yaml.github-actions.security.pull-request-target-code-checkout.pull-request-target-code-checkout origin: community patterns: - pattern-either: @@ -32428,13 +33524,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/yaml.kubernetes.security.env.flask-debugging-enabled.flask-debugging-enabled shortlink: https://sg.run/y6x8 semgrep.dev: rule: rule_id: WAUP0z - version_id: e1T2AE - url: https://semgrep.dev/playground/r/e1T2AE/yaml.kubernetes.security.env.flask-debugging-enabled.flask-debugging-enabled + version_id: 5PT6Dr + url: https://semgrep.dev/playground/r/5PT6Dr/yaml.kubernetes.security.env.flask-debugging-enabled.flask-debugging-enabled origin: community patterns: - pattern-inside: 'env: [...] @@ -32471,13 +33569,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.hostipc-pod.hostipc-pod shortlink: https://sg.run/nqGO semgrep.dev: rule: rule_id: nJUYPE - version_id: 5PTBQQ - url: https://semgrep.dev/playground/r/5PTBQQ/yaml.kubernetes.security.hostipc-pod.hostipc-pod + version_id: RGTbGr + url: https://semgrep.dev/playground/r/RGTbGr/yaml.kubernetes.security.hostipc-pod.hostipc-pod origin: community languages: - yaml @@ -32508,13 +33608,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/yaml.kubernetes.security.hostnetwork-pod.hostnetwork-pod shortlink: https://sg.run/E51A semgrep.dev: rule: rule_id: EwU4NO - version_id: GxT43y - url: https://semgrep.dev/playground/r/GxT43y/yaml.kubernetes.security.hostnetwork-pod.hostnetwork-pod + version_id: A8TR7n + url: https://semgrep.dev/playground/r/A8TR7n/yaml.kubernetes.security.hostnetwork-pod.hostnetwork-pod origin: community languages: - yaml @@ -32546,13 +33648,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.hostpid-pod.hostpid-pod shortlink: https://sg.run/708R semgrep.dev: rule: rule_id: 7KUeo0 - version_id: RGTB8J - url: https://semgrep.dev/playground/r/RGTB8J/yaml.kubernetes.security.hostpid-pod.hostpid-pod + version_id: BjTE0Q + url: https://semgrep.dev/playground/r/BjTE0Q/yaml.kubernetes.security.hostpid-pod.hostpid-pod origin: community languages: - yaml @@ -32614,13 +33718,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.run-as-non-root-unsafe-value.run-as-non-root-unsafe-value shortlink: https://sg.run/D9No semgrep.dev: rule: rule_id: L1UAxy - version_id: GxTyyA - url: https://semgrep.dev/playground/r/GxTyyA/yaml.kubernetes.security.run-as-non-root-unsafe-value.run-as-non-root-unsafe-value + version_id: qkTNnP + url: https://semgrep.dev/playground/r/qkTNnP/yaml.kubernetes.security.run-as-non-root-unsafe-value.run-as-non-root-unsafe-value origin: community languages: - yaml @@ -32692,13 +33798,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.run-as-non-root.run-as-non-root shortlink: https://sg.run/dgP5 semgrep.dev: rule: rule_id: ZqUqeK - version_id: RGT775 - url: https://semgrep.dev/playground/r/RGT775/yaml.kubernetes.security.run-as-non-root.run-as-non-root + version_id: l4T5OK + url: https://semgrep.dev/playground/r/l4T5OK/yaml.kubernetes.security.run-as-non-root.run-as-non-root origin: community languages: - yaml @@ -32747,13 +33855,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.writable-filesystem-container.writable-filesystem-container shortlink: https://sg.run/ZePL semgrep.dev: rule: rule_id: nJUYn9 - version_id: l4Tegj - url: https://semgrep.dev/playground/r/l4Tegj/yaml.kubernetes.security.writable-filesystem-container.writable-filesystem-container + version_id: RGTbGj + url: https://semgrep.dev/playground/r/RGTbGj/yaml.kubernetes.security.writable-filesystem-container.writable-filesystem-container origin: community languages: - yaml diff --git a/assets/semgrep_rules/generated/nonfree/others.yaml b/assets/semgrep_rules/generated/nonfree/others.yaml index fd80bba9..efde810c 100644 --- a/assets/semgrep_rules/generated/nonfree/others.yaml +++ b/assets/semgrep_rules/generated/nonfree/others.yaml @@ -49,13 +49,15 @@ rules: license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://chromestatus.com/feature/6140064063029248 + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/html.security.missing-noreferrer.missing-noreferrer shortlink: https://sg.run/Gekn semgrep.dev: rule: rule_id: 6JUjBL - version_id: 6xTrvK - url: https://semgrep.dev/playground/r/6xTrvK/html.security.missing-noreferrer.missing-noreferrer + version_id: yeTXA4 + url: https://semgrep.dev/playground/r/yeTXA4/html.security.missing-noreferrer.missing-noreferrer origin: community patterns: - pattern: a() @@ -810,174 +812,6 @@ rules: languages: - hcl severity: INFO -- id: trailofbits.go.iterate-over-empty-map.iterate-over-empty-collection - patterns: - - pattern: | - $C = make(map[$T1] $T2, ...) - ... - for $K := range $C { ... } - - pattern-not: | - $C = make(map[$T1] $T2, ...) - ... - $C[$X] = $V - ... - for $K := range $C { ... } - - pattern-not: | - $C = make(map[$T1] $T2, ...) - ... - $C[$X]++ - ... - for $K := range $C { ... } - - pattern-not: | - $C = make(map[$T1] $T2, ...) - ... - $C[$X]-- - ... - for $K := range $C { ... } - - pattern-not: | - $C = make(map[$T1] $T2, ...) - ... - $CODEC.Unmarshal($C) - ... - for $K := range $C { ... } - message: 'Iteration over a possibly empty map `$C`. This is likely a bug or redundant - code. - - ' - languages: - - go - severity: ERROR - metadata: - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.go.iterate-over-empty-map.iterate-over-empty-collection - shortlink: https://sg.run/WOeg - semgrep.dev: - rule: - rule_id: 7KUp1e - version_id: GxTZ6g - url: https://semgrep.dev/playground/r/GxTZ6g/trailofbits.go.iterate-over-empty-map.iterate-over-empty-collection - origin: community -- id: trailofbits.go.nondeterministic-select.nondeterministic-select - patterns: - - pattern: | - $TICKER := time.NewTicker(...) - ... - for { - ... - select { - case <- $DONECHAN: return - case <- $TICKER.C: ... - } - } - - pattern-not: | - $TICKER := time.NewTicker(...) - ... - for { - select { - case <-$DONECHAN: return - default: - } - ... - select { - case <- $DONECHAN: return - case <- $TICKER.C: ... - } - } - message: | - Logic executed as a result of ticker `$TICKER` may execute more times than desired. - When both `$TICKER` and `$DONECHAN` are written to at the same time, the scheduler randomly picks a - case to execute. As a result, the `$TICKER.C` may excute one more time than expected. - severity: WARNING - languages: - - go - metadata: - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.go.nondeterministic-select.nondeterministic-select - shortlink: https://sg.run/K8dX - semgrep.dev: - rule: - rule_id: 8GUxqz - version_id: A8TG5P - url: https://semgrep.dev/playground/r/A8TG5P/trailofbits.go.nondeterministic-select.nondeterministic-select - origin: community -- id: trailofbits.go.questionable-assignment.questionable-assignment - patterns: - - pattern-either: - - pattern: "..., $X . $Y, ..., err = ..." - - pattern: "..., $X . $Y, ..., err := ..." - message: Should `$X` be modified when an error could be returned? - languages: - - go - severity: WARNING - metadata: - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.go.questionable-assignment.questionable-assignment - shortlink: https://sg.run/qq6y - semgrep.dev: - rule: - rule_id: gxUYAJ - version_id: BjT7rO - url: https://semgrep.dev/playground/r/BjT7rO/trailofbits.go.questionable-assignment.questionable-assignment - origin: community -- id: trailofbits.go.sleep-used-for-synchronizations.sleep-used-for-synchronizations - patterns: - - pattern-either: - - pattern: | - ... - go func(...) { - ... - }(...) - time.Sleep(...) - ... - - pattern: | - ... - go $FOO(...) - time.Sleep(...) - ... - - pattern-inside: func $FUNC(...){ ... } - message: Using `time.Sleep` for synchronizations is generally considered bad practice. - languages: - - go - severity: WARNING - metadata: - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.go.sleep-used-for-synchronizations.sleep-used-for-synchronizations - shortlink: https://sg.run/YXK4 - semgrep.dev: - rule: - rule_id: 3qUEpL - version_id: K3TYje - url: https://semgrep.dev/playground/r/K3TYje/trailofbits.go.sleep-used-for-synchronizations.sleep-used-for-synchronizations - origin: community -- id: trailofbits.go.unchecked-type-assertion.unchecked-type-assertion - patterns: - - pattern-either: - - patterns: - - pattern: "$FOO, $A := <... $X.($TYPE) ...>\n" - - metavariable-regex: - metavariable: "$A" - regex: "^_$" - - patterns: - - pattern: "$FOO := <... $X.($TYPE) ...>\n" - - metavariable-regex: - metavariable: "$FOO" - regex: "^[^,]*$" - message: 'Unchecked type assertion. - - ' - severity: ERROR - languages: - - go - metadata: - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.go.unchecked-type-assertion.unchecked-type-assertion - shortlink: https://sg.run/054W - semgrep.dev: - rule: - rule_id: ZqUgpe - version_id: zyT183 - url: https://semgrep.dev/playground/r/zyT183/trailofbits.go.unchecked-type-assertion.unchecked-type-assertion - origin: community - id: trailofbits.python.numpy-in-pytorch-modules.numpy-in-pytorch-modules message: Usage of NumPy library inside PyTorch `$MODULE` module was found. Avoid mixing these libraries for efficiency and proper ONNX loading @@ -1035,29 +869,6 @@ rules: url: https://semgrep.dev/playground/r/nWTbb8/trailofbits.python.pytorch-tensor.pytorch-tensor origin: community pattern: torch.Tensor(...) -- id: trailofbits.python.torch-tensor.torch-tensor - message: Avoid using `torch.Tensor()` to directly create a tensor for efficiency - and proper parsing - languages: - - python - severity: WARNING - metadata: - category: performance - subcategory: - - audit - confidence: HIGH - references: - - https://pytorch.org/docs/stable/tensors.html - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.torch-tensor.torch-tensor - shortlink: https://sg.run/x4zL - semgrep.dev: - rule: - rule_id: ReUqz0 - version_id: 7ZTq5z - url: https://semgrep.dev/playground/r/7ZTq5z/trailofbits.python.torch-tensor.torch-tensor - origin: community - pattern: torch.Tensor(...) - id: typescript.react.best-practice.define-styled-components-on-module-level.define-styled-components-on-module-level patterns: - pattern-inside: | diff --git a/assets/semgrep_rules/generated/nonfree/security_noaudit_novuln.yaml b/assets/semgrep_rules/generated/nonfree/security_noaudit_novuln.yaml index 828e6779..54b8f918 100644 --- a/assets/semgrep_rules/generated/nonfree/security_noaudit_novuln.yaml +++ b/assets/semgrep_rules/generated/nonfree/security_noaudit_novuln.yaml @@ -18,13 +18,15 @@ rules: cwe: - 'CWE-611: Improper Restriction of XML External Entity Reference' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/contrib.dlint.dlint-equivalent.insecure-xml-use shortlink: https://sg.run/5QOW semgrep.dev: rule: rule_id: zdUkvA - version_id: 0bToER - url: https://semgrep.dev/playground/r/0bToER/contrib.dlint.dlint-equivalent.insecure-xml-use + version_id: BjT9E3 + url: https://semgrep.dev/playground/r/BjT9E3/contrib.dlint.dlint-equivalent.insecure-xml-use origin: community pattern-either: - patterns: @@ -62,13 +64,15 @@ rules: likelihood: MEDIUM impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.missing-ssl-minversion.missing-ssl-minversion shortlink: https://sg.run/oxEN semgrep.dev: rule: rule_id: NbUk4X - version_id: qkT7o6 - url: https://semgrep.dev/playground/r/qkT7o6/go.lang.security.audit.crypto.missing-ssl-minversion.missing-ssl-minversion + version_id: l4T58p + url: https://semgrep.dev/playground/r/l4T58p/go.lang.security.audit.crypto.missing-ssl-minversion.missing-ssl-minversion origin: community languages: - go @@ -201,13 +205,15 @@ rules: references: - https://www.intercom.com/help/en/articles/183-set-up-identity-verification-for-web-and-mobile license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.intercom.security.audit.intercom-settings-user-identifier-without-user-hash.intercom-settings-user-identifier-without-user-hash shortlink: https://sg.run/Eb5w semgrep.dev: rule: rule_id: QrU96W - version_id: BjTPr2 - url: https://semgrep.dev/playground/r/BjTPr2/javascript.intercom.security.audit.intercom-settings-user-identifier-without-user-hash.intercom-settings-user-identifier-without-user-hash + version_id: gETqOo + url: https://semgrep.dev/playground/r/gETqOo/javascript.intercom.security.audit.intercom-settings-user-identifier-without-user-hash.intercom-settings-user-identifier-without-user-hash origin: community - id: python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-blowfish pattern: cryptography.hazmat.primitives.ciphers.algorithms.Blowfish(...) diff --git a/assets/semgrep_rules/generated/nonfree/vulns.yaml b/assets/semgrep_rules/generated/nonfree/vulns.yaml index e3cc4b09..d58b7f08 100644 --- a/assets/semgrep_rules/generated/nonfree/vulns.yaml +++ b/assets/semgrep_rules/generated/nonfree/vulns.yaml @@ -27,13 +27,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/bash.curl.security.curl-eval.curl-eval shortlink: https://sg.run/0yqJ semgrep.dev: rule: rule_id: KxU7Rq - version_id: 7ZT5Z7 - url: https://semgrep.dev/playground/r/7ZT5Z7/bash.curl.security.curl-eval.curl-eval + version_id: bZTYGz + url: https://semgrep.dev/playground/r/bZTYGz/bash.curl.security.curl-eval.curl-eval origin: community mode: taint pattern-sources: @@ -82,13 +84,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/c.lang.security.double-free.double-free shortlink: https://sg.run/eLl0 semgrep.dev: rule: rule_id: JDUyw8 - version_id: O9TZ10 - url: https://semgrep.dev/playground/r/O9TZ10/c.lang.security.double-free.double-free + version_id: w8Te3K + url: https://semgrep.dev/playground/r/w8Te3K/c.lang.security.double-free.double-free origin: community languages: - c @@ -125,13 +129,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/c.lang.security.function-use-after-free.function-use-after-free shortlink: https://sg.run/eWyZ semgrep.dev: rule: rule_id: WAU9Dz - version_id: o5TN8w - url: https://semgrep.dev/playground/r/o5TN8w/c.lang.security.function-use-after-free.function-use-after-free + version_id: xyTY4Z + url: https://semgrep.dev/playground/r/xyTY4Z/c.lang.security.function-use-after-free.function-use-after-free origin: community languages: - c @@ -155,13 +161,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/c.lang.security.insecure-use-printf-fn.insecure-use-printf-fn shortlink: https://sg.run/ZvJx semgrep.dev: rule: rule_id: ReUgWx - version_id: A8TO9G - url: https://semgrep.dev/playground/r/A8TO9G/c.lang.security.insecure-use-printf-fn.insecure-use-printf-fn + version_id: YDTPeG + url: https://semgrep.dev/playground/r/YDTPeG/c.lang.security.insecure-use-printf-fn.insecure-use-printf-fn origin: community languages: - c @@ -214,13 +222,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/c.lang.security.use-after-free.use-after-free shortlink: https://sg.run/gL6e semgrep.dev: rule: rule_id: KxUb9l - version_id: A8TdjY - url: https://semgrep.dev/playground/r/A8TdjY/c.lang.security.use-after-free.use-after-free + version_id: 8KTdb0 + url: https://semgrep.dev/playground/r/8KTdb0/c.lang.security.use-after-free.use-after-free origin: community languages: - c @@ -252,13 +262,16 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm + - Cryptographic Issues source: https://semgrep.dev/r/clojure.lang.security.use-of-md5.use-of-md5 shortlink: https://sg.run/BgPx semgrep.dev: rule: rule_id: nJU1ep - version_id: A8Twoq - url: https://semgrep.dev/playground/r/A8Twoq/clojure.lang.security.use-of-md5.use-of-md5 + version_id: d6TRAq + url: https://semgrep.dev/playground/r/d6TRAq/clojure.lang.security.use-of-md5.use-of-md5 origin: community pattern-either: - pattern: (MessageDigest/getInstance "MD5") @@ -291,13 +304,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - LDAP Injection source: https://semgrep.dev/r/csharp.dotnet.security.audit.ldap-injection.ldap-injection shortlink: https://sg.run/GJ9z semgrep.dev: rule: rule_id: 2ZUv3R - version_id: BjT63y - url: https://semgrep.dev/playground/r/BjT63y/csharp.dotnet.security.audit.ldap-injection.ldap-injection + version_id: 9lTzQp + url: https://semgrep.dev/playground/r/9lTzQp/csharp.dotnet.security.audit.ldap-injection.ldap-injection origin: community languages: - csharp @@ -342,13 +357,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/csharp.dotnet.security.audit.mass-assignment.mass-assignment shortlink: https://sg.run/7B3e semgrep.dev: rule: rule_id: x8Up5B - version_id: WrT58w - url: https://semgrep.dev/playground/r/WrT58w/csharp.dotnet.security.audit.mass-assignment.mass-assignment + version_id: yeTXkK + url: https://semgrep.dev/playground/r/yeTXkK/csharp.dotnet.security.audit.mass-assignment.mass-assignment origin: community languages: - csharp @@ -405,13 +422,15 @@ rules: - ".net" - mvc license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/csharp.dotnet.security.audit.missing-or-broken-authorization.missing-or-broken-authorization shortlink: https://sg.run/Z8GA semgrep.dev: rule: rule_id: eqU32Y - version_id: K3T9od - url: https://semgrep.dev/playground/r/K3T9od/csharp.dotnet.security.audit.missing-or-broken-authorization.missing-or-broken-authorization + version_id: bZTGAe + url: https://semgrep.dev/playground/r/bZTGAe/csharp.dotnet.security.audit.missing-or-broken-authorization.missing-or-broken-authorization origin: community languages: - csharp @@ -463,13 +482,15 @@ rules: - ".net" - mvc license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/csharp.dotnet.security.audit.open-directory-listing.open-directory-listing shortlink: https://sg.run/n0y1 semgrep.dev: rule: rule_id: v8U8Ab - version_id: qkTgO0 - url: https://semgrep.dev/playground/r/qkTgO0/csharp.dotnet.security.audit.open-directory-listing.open-directory-listing + version_id: NdT1DR + url: https://semgrep.dev/playground/r/NdT1DR/csharp.dotnet.security.audit.open-directory-listing.open-directory-listing origin: community languages: - csharp @@ -503,13 +524,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XPath Injection source: https://semgrep.dev/r/csharp.dotnet.security.audit.xpath-injection.xpath-injection shortlink: https://sg.run/4KP7 semgrep.dev: rule: rule_id: x8Uj2k - version_id: YDTGEP - url: https://semgrep.dev/playground/r/YDTGEP/csharp.dotnet.security.audit.xpath-injection.xpath-injection + version_id: 5PT512 + url: https://semgrep.dev/playground/r/5PT512/csharp.dotnet.security.audit.xpath-injection.xpath-injection origin: community languages: - csharp @@ -520,7 +543,7 @@ rules: - pattern: | $T $M(...) { ... - string $INPUT + string $INPUT; } pattern-sinks: - pattern-either: @@ -553,13 +576,15 @@ rules: - razor - asp license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/csharp.dotnet.security.razor-template-injection.razor-template-injection shortlink: https://sg.run/oyj0 semgrep.dev: rule: rule_id: EwUr68 - version_id: 5PTD3d - url: https://semgrep.dev/playground/r/5PTD3d/csharp.dotnet.security.razor-template-injection.razor-template-injection + version_id: vdT2r2 + url: https://semgrep.dev/playground/r/vdT2r2/csharp.dotnet.security.razor-template-injection.razor-template-injection origin: community languages: - csharp @@ -600,13 +625,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/csharp.dotnet.security.use_deprecated_cipher_algorithm.use_deprecated_cipher_algorithm shortlink: https://sg.run/k8Qo semgrep.dev: rule: rule_id: WAUJr0 - version_id: A8TPEr - url: https://semgrep.dev/playground/r/A8TPEr/csharp.dotnet.security.use_deprecated_cipher_algorithm.use_deprecated_cipher_algorithm + version_id: d6TDwR + url: https://semgrep.dev/playground/r/d6TDwR/csharp.dotnet.security.use_deprecated_cipher_algorithm.use_deprecated_cipher_algorithm origin: community languages: - csharp @@ -640,13 +667,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/csharp.dotnet.security.use_ecb_mode.use_ecb_mode shortlink: https://sg.run/wj9n semgrep.dev: rule: rule_id: 0oUqWP - version_id: BjTjyN - url: https://semgrep.dev/playground/r/BjTjyN/csharp.dotnet.security.use_ecb_mode.use_ecb_mode + version_id: ZRTw4j + url: https://semgrep.dev/playground/r/ZRTw4j/csharp.dotnet.security.use_ecb_mode.use_ecb_mode origin: community languages: - csharp @@ -688,13 +717,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/csharp.dotnet.security.use_weak_rng_for_keygeneration.use_weak_rng_for_keygeneration shortlink: https://sg.run/xjrA semgrep.dev: rule: rule_id: KxU3Nq - version_id: WrT04J - url: https://semgrep.dev/playground/r/WrT04J/csharp.dotnet.security.use_weak_rng_for_keygeneration.use_weak_rng_for_keygeneration + version_id: nWT7xW + url: https://semgrep.dev/playground/r/nWT7xW/csharp.dotnet.security.use_weak_rng_for_keygeneration.use_weak_rng_for_keygeneration origin: community languages: - csharp @@ -743,13 +774,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/csharp.dotnet.security.use_weak_rsa_encryption_padding.use_weak_rsa_encryption_padding shortlink: https://sg.run/GoJ1 semgrep.dev: rule: rule_id: QrU2G5 - version_id: WrT57P - url: https://semgrep.dev/playground/r/WrT57P/csharp.dotnet.security.use_weak_rsa_encryption_padding.use_weak_rsa_encryption_padding + version_id: ExTnjj + url: https://semgrep.dev/playground/r/ExTnjj/csharp.dotnet.security.use_weak_rsa_encryption_padding.use_weak_rsa_encryption_padding origin: community languages: - csharp @@ -785,13 +818,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/csharp.lang.security.cryptography.unsigned-security-token.unsigned-security-token shortlink: https://sg.run/pqzN semgrep.dev: rule: rule_id: KxUGLw - version_id: l4Te1o - url: https://semgrep.dev/playground/r/l4Te1o/csharp.lang.security.cryptography.unsigned-security-token.unsigned-security-token + version_id: 44ToRg + url: https://semgrep.dev/playground/r/44ToRg/csharp.lang.security.cryptography.unsigned-security-token.unsigned-security-token origin: community languages: - csharp @@ -817,13 +852,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/csharp.lang.security.cryptography.x509-subject-name-validation.X509-subject-name-validation shortlink: https://sg.run/XZ6B semgrep.dev: rule: rule_id: gxUy01 - version_id: K3TP3o - url: https://semgrep.dev/playground/r/K3TP3o/csharp.lang.security.cryptography.x509-subject-name-validation.X509-subject-name-validation + version_id: QkTJWp + url: https://semgrep.dev/playground/r/QkTJWp/csharp.lang.security.cryptography.x509-subject-name-validation.X509-subject-name-validation origin: community message: Validating certificates based on subject name is bad practice. Use the X509Certificate2.Verify() method instead. @@ -943,13 +980,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/csharp.lang.security.filesystem.unsafe-path-combine.unsafe-path-combine shortlink: https://sg.run/1RvG semgrep.dev: rule: rule_id: 3qU3bE - version_id: RGTGrQ - url: https://semgrep.dev/playground/r/RGTGrQ/csharp.lang.security.filesystem.unsafe-path-combine.unsafe-path-combine + version_id: PkTYJx + url: https://semgrep.dev/playground/r/PkTYJx/csharp.lang.security.filesystem.unsafe-path-combine.unsafe-path-combine origin: community - id: csharp.lang.security.http.http-listener-wildcard-bindings.http-listener-wildcard-bindings severity: WARNING @@ -971,13 +1010,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/csharp.lang.security.http.http-listener-wildcard-bindings.http-listener-wildcard-bindings shortlink: https://sg.run/9LJr semgrep.dev: rule: rule_id: 4bUQ81 - version_id: A8TyRe - url: https://semgrep.dev/playground/r/A8TyRe/csharp.lang.security.http.http-listener-wildcard-bindings.http-listener-wildcard-bindings + version_id: JdTqNo + url: https://semgrep.dev/playground/r/JdTqNo/csharp.lang.security.http.http-listener-wildcard-bindings.http-listener-wildcard-bindings origin: community message: The top level wildcard bindings $PREFIX leaves your application open to security vulnerabilities and give attackers more control over where traffic is @@ -1014,13 +1055,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.binary-formatter.insecure-binaryformatter-deserialization shortlink: https://sg.run/ZeXW semgrep.dev: rule: rule_id: bwUOjK - version_id: zyTXrX - url: https://semgrep.dev/playground/r/zyTXrX/csharp.lang.security.insecure-deserialization.binary-formatter.insecure-binaryformatter-deserialization + version_id: GxT2v6 + url: https://semgrep.dev/playground/r/GxT2v6/csharp.lang.security.insecure-deserialization.binary-formatter.insecure-binaryformatter-deserialization origin: community message: The BinaryFormatter type is dangerous and is not recommended for data processing. Applications should stop using BinaryFormatter as soon as possible, even if they @@ -1056,13 +1099,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.fs-pickler.insecure-fspickler-deserialization shortlink: https://sg.run/E5e5 semgrep.dev: rule: rule_id: kxURnR - version_id: BjTQEe - url: https://semgrep.dev/playground/r/BjTQEe/csharp.lang.security.insecure-deserialization.fs-pickler.insecure-fspickler-deserialization + version_id: BjTEXb + url: https://semgrep.dev/playground/r/BjTEXb/csharp.lang.security.insecure-deserialization.fs-pickler.insecure-fspickler-deserialization origin: community message: The FsPickler is dangerous and is not recommended for data processing. Default configuration tend to insecure deserialization vulnerability. @@ -1096,13 +1141,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.los-formatter.insecure-losformatter-deserialization shortlink: https://sg.run/70pG semgrep.dev: rule: rule_id: wdU87G - version_id: 9lTE6G - url: https://semgrep.dev/playground/r/9lTE6G/csharp.lang.security.insecure-deserialization.los-formatter.insecure-losformatter-deserialization + version_id: 0bTvLq + url: https://semgrep.dev/playground/r/0bTvLq/csharp.lang.security.insecure-deserialization.los-formatter.insecure-losformatter-deserialization origin: community message: The LosFormatter type is dangerous and is not recommended for data processing. Applications should stop using LosFormatter as soon as possible, even if they @@ -1138,13 +1185,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.net-data-contract.insecure-netdatacontract-deserialization shortlink: https://sg.run/L0AX semgrep.dev: rule: rule_id: x8UW7x - version_id: yeTQeE - url: https://semgrep.dev/playground/r/yeTQeE/csharp.lang.security.insecure-deserialization.net-data-contract.insecure-netdatacontract-deserialization + version_id: K3TlvQ + url: https://semgrep.dev/playground/r/K3TlvQ/csharp.lang.security.insecure-deserialization.net-data-contract.insecure-netdatacontract-deserialization origin: community message: The NetDataContractSerializer type is dangerous and is not recommended for data processing. Applications should stop using NetDataContractSerializer @@ -1180,13 +1229,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.soap-formatter.insecure-soapformatter-deserialization shortlink: https://sg.run/gJnR semgrep.dev: rule: rule_id: eqUvND - version_id: bZTxlp - url: https://semgrep.dev/playground/r/bZTxlp/csharp.lang.security.insecure-deserialization.soap-formatter.insecure-soapformatter-deserialization + version_id: l4T54e + url: https://semgrep.dev/playground/r/l4T54e/csharp.lang.security.insecure-deserialization.soap-formatter.insecure-soapformatter-deserialization origin: community message: The SoapFormatter type is dangerous and is not recommended for data processing. Applications should stop using SoapFormatter as soon as possible, even if they @@ -1240,13 +1291,15 @@ rules: likelihood: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/csharp.lang.security.xxe.xmldocument-unsafe-parser-override.xmldocument-unsafe-parser-override shortlink: https://sg.run/k98P semgrep.dev: rule: rule_id: ReUK9k - version_id: BjT08B - url: https://semgrep.dev/playground/r/BjT08B/csharp.lang.security.xxe.xmldocument-unsafe-parser-override.xmldocument-unsafe-parser-override + version_id: rxTxy7 + url: https://semgrep.dev/playground/r/rxTxy7/csharp.lang.security.xxe.xmldocument-unsafe-parser-override.xmldocument-unsafe-parser-override origin: community - id: csharp.lang.security.xxe.xmlreadersettings-unsafe-parser-override.xmlreadersettings-unsafe-parser-override mode: taint @@ -1291,13 +1344,15 @@ rules: likelihood: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/csharp.lang.security.xxe.xmlreadersettings-unsafe-parser-override.xmlreadersettings-unsafe-parser-override shortlink: https://sg.run/wXjA semgrep.dev: rule: rule_id: AbU3pX - version_id: DkT0vK - url: https://semgrep.dev/playground/r/DkT0vK/csharp.lang.security.xxe.xmlreadersettings-unsafe-parser-override.xmlreadersettings-unsafe-parser-override + version_id: bZTGbe + url: https://semgrep.dev/playground/r/bZTGbe/csharp.lang.security.xxe.xmlreadersettings-unsafe-parser-override.xmlreadersettings-unsafe-parser-override origin: community - id: csharp.lang.security.xxe.xmltextreader-unsafe-defaults.xmltextreader-unsafe-defaults mode: taint @@ -1344,13 +1399,15 @@ rules: likelihood: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/csharp.lang.security.xxe.xmltextreader-unsafe-defaults.xmltextreader-unsafe-defaults shortlink: https://sg.run/xXjL semgrep.dev: rule: rule_id: BYUevk - version_id: WrTpjy - url: https://semgrep.dev/playground/r/WrTpjy/csharp.lang.security.xxe.xmltextreader-unsafe-defaults.xmltextreader-unsafe-defaults + version_id: NdT13R + url: https://semgrep.dev/playground/r/NdT13R/csharp.lang.security.xxe.xmltextreader-unsafe-defaults.xmltextreader-unsafe-defaults origin: community - id: generic.secrets.gitleaks.adafruit-api-key.adafruit-api-key message: A gitleaks adafruit-api-key was detected which attempts to identify hard-coded @@ -1381,13 +1438,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.adafruit-api-key.adafruit-api-key shortlink: https://sg.run/rQZe semgrep.dev: rule: rule_id: kxUQj2 - version_id: yeT4J2 - url: https://semgrep.dev/playground/r/yeT4J2/generic.secrets.gitleaks.adafruit-api-key.adafruit-api-key + version_id: K3TlnQ + url: https://semgrep.dev/playground/r/K3TlnQ/generic.secrets.gitleaks.adafruit-api-key.adafruit-api-key origin: community patterns: - pattern-regex: (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1420,13 +1479,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.adobe-client-id.adobe-client-id shortlink: https://sg.run/bYoW semgrep.dev: rule: rule_id: wdUqzk - version_id: rxTpZ4 - url: https://semgrep.dev/playground/r/rxTpZ4/generic.secrets.gitleaks.adobe-client-id.adobe-client-id + version_id: qkTN5K + url: https://semgrep.dev/playground/r/qkTN5K/generic.secrets.gitleaks.adobe-client-id.adobe-client-id origin: community patterns: - pattern-regex: (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1459,13 +1520,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.adobe-client-secret.adobe-client-secret shortlink: https://sg.run/Nzxy semgrep.dev: rule: rule_id: x8UlAq - version_id: bZT7q5 - url: https://semgrep.dev/playground/r/bZT7q5/generic.secrets.gitleaks.adobe-client-secret.adobe-client-secret + version_id: l4T5le + url: https://semgrep.dev/playground/r/l4T5le/generic.secrets.gitleaks.adobe-client-secret.adobe-client-secret origin: community patterns: - pattern-regex: (?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1498,13 +1561,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.age-secret-key.age-secret-key shortlink: https://sg.run/k3WP semgrep.dev: rule: rule_id: OrUAnO - version_id: NdTK8Z - url: https://semgrep.dev/playground/r/NdTK8Z/generic.secrets.gitleaks.age-secret-key.age-secret-key + version_id: YDToNx + url: https://semgrep.dev/playground/r/YDToNx/generic.secrets.gitleaks.age-secret-key.age-secret-key origin: community patterns: - pattern-regex: AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58} @@ -1537,13 +1602,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.airtable-api-key.airtable-api-key shortlink: https://sg.run/wQpA semgrep.dev: rule: rule_id: eqUYL3 - version_id: kbTBqW - url: https://semgrep.dev/playground/r/kbTBqW/generic.secrets.gitleaks.airtable-api-key.airtable-api-key + version_id: JdTq5O + url: https://semgrep.dev/playground/r/JdTq5O/generic.secrets.gitleaks.airtable-api-key.airtable-api-key origin: community patterns: - pattern-regex: (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1576,13 +1643,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.algolia-api-key.algolia-api-key shortlink: https://sg.run/xQxL semgrep.dev: rule: rule_id: v8UKp0 - version_id: w8TPZN - url: https://semgrep.dev/playground/r/w8TPZN/generic.secrets.gitleaks.algolia-api-key.algolia-api-key + version_id: 5PT6kl + url: https://semgrep.dev/playground/r/5PT6kl/generic.secrets.gitleaks.algolia-api-key.algolia-api-key origin: community patterns: - pattern-regex: (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1615,13 +1684,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.alibaba-access-key-id.alibaba-access-key-id shortlink: https://sg.run/OpkL semgrep.dev: rule: rule_id: d8UOQ3 - version_id: xyTgXw - url: https://semgrep.dev/playground/r/xyTgXw/generic.secrets.gitleaks.alibaba-access-key-id.alibaba-access-key-id + version_id: GxT2j5 + url: https://semgrep.dev/playground/r/GxT2j5/generic.secrets.gitleaks.alibaba-access-key-id.alibaba-access-key-id origin: community patterns: - pattern-regex: (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1654,13 +1725,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.alibaba-secret-key.alibaba-secret-key shortlink: https://sg.run/ezr8 semgrep.dev: rule: rule_id: ZqUk7D - version_id: O9TqeR - url: https://semgrep.dev/playground/r/O9TqeR/generic.secrets.gitleaks.alibaba-secret-key.alibaba-secret-key + version_id: RGTbeZ + url: https://semgrep.dev/playground/r/RGTbeZ/generic.secrets.gitleaks.alibaba-secret-key.alibaba-secret-key origin: community patterns: - pattern-regex: (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1693,13 +1766,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.asana-client-id.asana-client-id shortlink: https://sg.run/vQZY semgrep.dev: rule: rule_id: nJU58J - version_id: e1ToWA - url: https://semgrep.dev/playground/r/e1ToWA/generic.secrets.gitleaks.asana-client-id.asana-client-id + version_id: A8TRkO + url: https://semgrep.dev/playground/r/A8TRkO/generic.secrets.gitleaks.asana-client-id.asana-client-id origin: community patterns: - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1732,13 +1807,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.asana-client-secret.asana-client-secret shortlink: https://sg.run/do7E semgrep.dev: rule: rule_id: EwUyp6 - version_id: vdTwqD - url: https://semgrep.dev/playground/r/vdTwqD/generic.secrets.gitleaks.asana-client-secret.asana-client-secret + version_id: BjTExl + url: https://semgrep.dev/playground/r/BjTExl/generic.secrets.gitleaks.asana-client-secret.asana-client-secret origin: community patterns: - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1771,13 +1848,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.atlassian-api-token.atlassian-api-token shortlink: https://sg.run/ZAWw semgrep.dev: rule: rule_id: 7KUJ1X - version_id: d6T0kE - url: https://semgrep.dev/playground/r/d6T0kE/generic.secrets.gitleaks.atlassian-api-token.atlassian-api-token + version_id: DkTQqJ + url: https://semgrep.dev/playground/r/DkTQqJ/generic.secrets.gitleaks.atlassian-api-token.atlassian-api-token origin: community patterns: - pattern-regex: (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1810,13 +1889,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.beamer-api-token.beamer-api-token shortlink: https://sg.run/EDrN semgrep.dev: rule: rule_id: 8GUPqW - version_id: nWTbBD - url: https://semgrep.dev/playground/r/nWTbBD/generic.secrets.gitleaks.beamer-api-token.beamer-api-token + version_id: 0bTvyn + url: https://semgrep.dev/playground/r/0bTvyn/generic.secrets.gitleaks.beamer-api-token.beamer-api-token origin: community patterns: - pattern-regex: (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1849,13 +1930,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.bitbucket-client-id.bitbucket-client-id shortlink: https://sg.run/7zg2 semgrep.dev: rule: rule_id: gxUvAp - version_id: ExTLJP - url: https://semgrep.dev/playground/r/ExTLJP/generic.secrets.gitleaks.bitbucket-client-id.bitbucket-client-id + version_id: K3Tln1 + url: https://semgrep.dev/playground/r/K3Tln1/generic.secrets.gitleaks.bitbucket-client-id.bitbucket-client-id origin: community patterns: - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1888,13 +1971,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.bitbucket-client-secret.bitbucket-client-secret shortlink: https://sg.run/L6r6 semgrep.dev: rule: rule_id: QrUR7R - version_id: 7ZTl2j - url: https://semgrep.dev/playground/r/7ZTl2j/generic.secrets.gitleaks.bitbucket-client-secret.bitbucket-client-secret + version_id: qkTN58 + url: https://semgrep.dev/playground/r/qkTN58/generic.secrets.gitleaks.bitbucket-client-secret.bitbucket-client-secret origin: community patterns: - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1927,13 +2012,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.bittrex-access-key.bittrex-access-key shortlink: https://sg.run/8pxN semgrep.dev: rule: rule_id: 3qU5pK - version_id: LjTWwW - url: https://semgrep.dev/playground/r/LjTWwW/generic.secrets.gitleaks.bittrex-access-key.bittrex-access-key + version_id: l4T5lO + url: https://semgrep.dev/playground/r/l4T5lO/generic.secrets.gitleaks.bittrex-access-key.bittrex-access-key origin: community patterns: - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -1966,13 +2053,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.bittrex-secret-key.bittrex-secret-key shortlink: https://sg.run/g2p0 semgrep.dev: rule: rule_id: 4bUKAW - version_id: 8KTJp6 - url: https://semgrep.dev/playground/r/8KTJp6/generic.secrets.gitleaks.bittrex-secret-key.bittrex-secret-key + version_id: YDToNb + url: https://semgrep.dev/playground/r/YDToNb/generic.secrets.gitleaks.bittrex-secret-key.bittrex-secret-key origin: community patterns: - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2005,13 +2094,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.clojars-api-token.clojars-api-token shortlink: https://sg.run/QXwZ semgrep.dev: rule: rule_id: PeU7WX - version_id: gETRwj - url: https://semgrep.dev/playground/r/gETRwj/generic.secrets.gitleaks.clojars-api-token.clojars-api-token + version_id: 6xTeZ9 + url: https://semgrep.dev/playground/r/6xTeZ9/generic.secrets.gitleaks.clojars-api-token.clojars-api-token origin: community patterns: - pattern-regex: "(?i)(CLOJARS_)[a-z0-9]{60}" @@ -2044,13 +2135,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.codecov-access-token.codecov-access-token shortlink: https://sg.run/3leK semgrep.dev: rule: rule_id: JDUO3B - version_id: QkTYbP - url: https://semgrep.dev/playground/r/QkTYbP/generic.secrets.gitleaks.codecov-access-token.codecov-access-token + version_id: o5Tnkw + url: https://semgrep.dev/playground/r/o5Tnkw/generic.secrets.gitleaks.codecov-access-token.codecov-access-token origin: community patterns: - pattern-regex: (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2083,13 +2176,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.coinbase-access-token.coinbase-access-token shortlink: https://sg.run/4YB5 semgrep.dev: rule: rule_id: 5rUKPQ - version_id: 3ZTGv8 - url: https://semgrep.dev/playground/r/3ZTGv8/generic.secrets.gitleaks.coinbase-access-token.coinbase-access-token + version_id: zyT5j4 + url: https://semgrep.dev/playground/r/zyT5j4/generic.secrets.gitleaks.coinbase-access-token.coinbase-access-token origin: community patterns: - pattern-regex: (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2122,13 +2217,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.confluent-access-token.confluent-access-token shortlink: https://sg.run/P29z semgrep.dev: rule: rule_id: GdUbxy - version_id: 44TLnr - url: https://semgrep.dev/playground/r/44TLnr/generic.secrets.gitleaks.confluent-access-token.confluent-access-token + version_id: pZTrkK + url: https://semgrep.dev/playground/r/pZTrkK/generic.secrets.gitleaks.confluent-access-token.confluent-access-token origin: community patterns: - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2161,13 +2258,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.confluent-secret-key.confluent-secret-key shortlink: https://sg.run/Jlqy semgrep.dev: rule: rule_id: ReUNQJ - version_id: PkTlgP - url: https://semgrep.dev/playground/r/PkTlgP/generic.secrets.gitleaks.confluent-secret-key.confluent-secret-key + version_id: 2KT1GD + url: https://semgrep.dev/playground/r/2KT1GD/generic.secrets.gitleaks.confluent-secret-key.confluent-secret-key origin: community patterns: - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2200,13 +2299,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.contentful-delivery-api-token.contentful-delivery-api-token shortlink: https://sg.run/56W0 semgrep.dev: rule: rule_id: AbUvrB - version_id: JdTBdr - url: https://semgrep.dev/playground/r/JdTBdr/generic.secrets.gitleaks.contentful-delivery-api-token.contentful-delivery-api-token + version_id: X0TPOP + url: https://semgrep.dev/playground/r/X0TPOP/generic.secrets.gitleaks.contentful-delivery-api-token.contentful-delivery-api-token origin: community patterns: - pattern-regex: (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2239,13 +2340,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.databricks-api-token.databricks-api-token shortlink: https://sg.run/G0Rq semgrep.dev: rule: rule_id: BYU4D6 - version_id: 5PTRXG - url: https://semgrep.dev/playground/r/5PTRXG/generic.secrets.gitleaks.databricks-api-token.databricks-api-token + version_id: jQTKlZ + url: https://semgrep.dev/playground/r/jQTKlZ/generic.secrets.gitleaks.databricks-api-token.databricks-api-token origin: community patterns: - pattern-regex: (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2278,13 +2381,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.datadog-access-token.datadog-access-token shortlink: https://sg.run/Rjrq semgrep.dev: rule: rule_id: DbUB9r - version_id: GxTnQe - url: https://semgrep.dev/playground/r/GxTnQe/generic.secrets.gitleaks.datadog-access-token.datadog-access-token + version_id: 1QTjzg + url: https://semgrep.dev/playground/r/1QTjzg/generic.secrets.gitleaks.datadog-access-token.datadog-access-token origin: community patterns: - pattern-regex: (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2317,13 +2422,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.digitalocean-access-token.digitalocean-access-token shortlink: https://sg.run/AGj2 semgrep.dev: rule: rule_id: WAUelp - version_id: RGT65l - url: https://semgrep.dev/playground/r/RGT65l/generic.secrets.gitleaks.digitalocean-access-token.digitalocean-access-token + version_id: 9lTzoQ + url: https://semgrep.dev/playground/r/9lTzoQ/generic.secrets.gitleaks.digitalocean-access-token.digitalocean-access-token origin: community patterns: - pattern-regex: (?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2356,13 +2463,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.digitalocean-pat.digitalocean-pat shortlink: https://sg.run/BR2A semgrep.dev: rule: rule_id: 0oU073 - version_id: A8TOA4 - url: https://semgrep.dev/playground/r/A8TOA4/generic.secrets.gitleaks.digitalocean-pat.digitalocean-pat + version_id: yeTXBR + url: https://semgrep.dev/playground/r/yeTXBR/generic.secrets.gitleaks.digitalocean-pat.digitalocean-pat origin: community patterns: - pattern-regex: (?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2395,13 +2504,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.digitalocean-refresh-token.digitalocean-refresh-token shortlink: https://sg.run/D38P semgrep.dev: rule: rule_id: KxUAzk - version_id: BjTgww - url: https://semgrep.dev/playground/r/BjTgww/generic.secrets.gitleaks.digitalocean-refresh-token.digitalocean-refresh-token + version_id: rxTxo0 + url: https://semgrep.dev/playground/r/rxTxo0/generic.secrets.gitleaks.digitalocean-refresh-token.digitalocean-refresh-token origin: community patterns: - pattern-regex: (?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2434,13 +2545,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.discord-api-token.discord-api-token shortlink: https://sg.run/W5e2 semgrep.dev: rule: rule_id: qNUA1y - version_id: DkTPDO - url: https://semgrep.dev/playground/r/DkTPDO/generic.secrets.gitleaks.discord-api-token.discord-api-token + version_id: bZTGKK + url: https://semgrep.dev/playground/r/bZTGKK/generic.secrets.gitleaks.discord-api-token.discord-api-token origin: community patterns: - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2473,13 +2586,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.discord-client-id.discord-client-id shortlink: https://sg.run/03gj semgrep.dev: rule: rule_id: lBU3rj - version_id: WrTXvb - url: https://semgrep.dev/playground/r/WrTXvb/generic.secrets.gitleaks.discord-client-id.discord-client-id + version_id: NdT19k + url: https://semgrep.dev/playground/r/NdT19k/generic.secrets.gitleaks.discord-client-id.discord-client-id origin: community patterns: - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2512,13 +2627,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.discord-client-secret.discord-client-secret shortlink: https://sg.run/KYd5 semgrep.dev: rule: rule_id: YGUg6J - version_id: 0bT8AO - url: https://semgrep.dev/playground/r/0bT8AO/generic.secrets.gitleaks.discord-client-secret.discord-client-secret + version_id: kbT7jR + url: https://semgrep.dev/playground/r/kbT7jR/generic.secrets.gitleaks.discord-client-secret.discord-client-secret origin: community patterns: - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2551,13 +2668,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.doppler-api-token.doppler-api-token shortlink: https://sg.run/4YBz semgrep.dev: rule: rule_id: 6JU45L - version_id: K3TDdN - url: https://semgrep.dev/playground/r/K3TDdN/generic.secrets.gitleaks.doppler-api-token.doppler-api-token + version_id: w8T3zG + url: https://semgrep.dev/playground/r/w8T3zG/generic.secrets.gitleaks.doppler-api-token.doppler-api-token origin: community patterns: - pattern-regex: "(dp\\.pt\\.)(?i)[a-z0-9]{43}" @@ -2590,13 +2709,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.droneci-access-token.droneci-access-token shortlink: https://sg.run/P29W semgrep.dev: rule: rule_id: oqUGyn - version_id: qkTd0Y - url: https://semgrep.dev/playground/r/qkTd0Y/generic.secrets.gitleaks.droneci-access-token.droneci-access-token + version_id: xyT4Ax + url: https://semgrep.dev/playground/r/xyT4Ax/generic.secrets.gitleaks.droneci-access-token.droneci-access-token origin: community patterns: - pattern-regex: (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2629,13 +2750,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.dropbox-api-token.dropbox-api-token shortlink: https://sg.run/JlqW semgrep.dev: rule: rule_id: zdU6AR - version_id: l4TKL4 - url: https://semgrep.dev/playground/r/l4TKL4/generic.secrets.gitleaks.dropbox-api-token.dropbox-api-token + version_id: O9Tynl + url: https://semgrep.dev/playground/r/O9Tynl/generic.secrets.gitleaks.dropbox-api-token.dropbox-api-token origin: community patterns: - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2668,13 +2791,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.dropbox-long-lived-api-token.dropbox-long-lived-api-token shortlink: https://sg.run/56WX semgrep.dev: rule: rule_id: pKUR69 - version_id: YDT13N - url: https://semgrep.dev/playground/r/YDT13N/generic.secrets.gitleaks.dropbox-long-lived-api-token.dropbox-long-lived-api-token + version_id: e1TxLD + url: https://semgrep.dev/playground/r/e1TxLD/generic.secrets.gitleaks.dropbox-long-lived-api-token.dropbox-long-lived-api-token origin: community patterns: - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2707,13 +2832,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.dropbox-short-lived-api-token.dropbox-short-lived-api-token shortlink: https://sg.run/G0e2 semgrep.dev: rule: rule_id: 2ZUnbl - version_id: JdTBJ3 - url: https://semgrep.dev/playground/r/JdTBJ3/generic.secrets.gitleaks.dropbox-short-lived-api-token.dropbox-short-lived-api-token + version_id: vdT2pv + url: https://semgrep.dev/playground/r/vdT2pv/generic.secrets.gitleaks.dropbox-short-lived-api-token.dropbox-short-lived-api-token origin: community patterns: - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2746,13 +2873,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.duffel-api-token.duffel-api-token shortlink: https://sg.run/Rjoe semgrep.dev: rule: rule_id: X5UG8Q - version_id: 5PTRvO - url: https://semgrep.dev/playground/r/5PTRvO/generic.secrets.gitleaks.duffel-api-token.duffel-api-token + version_id: d6TDQP + url: https://semgrep.dev/playground/r/d6TDQP/generic.secrets.gitleaks.duffel-api-token.duffel-api-token origin: community patterns: - pattern-regex: duffel_(test|live)_(?i)[a-z0-9_\-=]{43} @@ -2785,13 +2914,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.dynatrace-api-token.dynatrace-api-token shortlink: https://sg.run/AGv8 semgrep.dev: rule: rule_id: j2UGvl - version_id: GxTnG0 - url: https://semgrep.dev/playground/r/GxTnG0/generic.secrets.gitleaks.dynatrace-api-token.dynatrace-api-token + version_id: ZRTw7N + url: https://semgrep.dev/playground/r/ZRTw7N/generic.secrets.gitleaks.dynatrace-api-token.dynatrace-api-token origin: community patterns: - pattern-regex: dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64} @@ -2824,13 +2955,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.easypost-api-token.easypost-api-token shortlink: https://sg.run/BRk2 semgrep.dev: rule: rule_id: 10UJKb - version_id: RGT6Xo - url: https://semgrep.dev/playground/r/RGT6Xo/generic.secrets.gitleaks.easypost-api-token.easypost-api-token + version_id: nWT78o + url: https://semgrep.dev/playground/r/nWT78o/generic.secrets.gitleaks.easypost-api-token.easypost-api-token origin: community patterns: - pattern-regex: EZAK(?i)[a-z0-9]{54} @@ -2863,13 +2996,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.easypost-test-api-token.easypost-test-api-token shortlink: https://sg.run/D3oo semgrep.dev: rule: rule_id: 9AU811 - version_id: A8TO6Q - url: https://semgrep.dev/playground/r/A8TO6Q/generic.secrets.gitleaks.easypost-test-api-token.easypost-test-api-token + version_id: ExTnpE + url: https://semgrep.dev/playground/r/ExTnpE/generic.secrets.gitleaks.easypost-test-api-token.easypost-test-api-token origin: community patterns: - pattern-regex: EZTK(?i)[a-z0-9]{54} @@ -2902,13 +3037,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.etsy-access-token.etsy-access-token shortlink: https://sg.run/W58g semgrep.dev: rule: rule_id: yyUYnv - version_id: BjTg9z - url: https://semgrep.dev/playground/r/BjTg9z/generic.secrets.gitleaks.etsy-access-token.etsy-access-token + version_id: 7ZTO1B + url: https://semgrep.dev/playground/r/7ZTO1B/generic.secrets.gitleaks.etsy-access-token.etsy-access-token origin: community patterns: - pattern-regex: (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2941,13 +3078,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.facebook.facebook shortlink: https://sg.run/03Q5 semgrep.dev: rule: rule_id: r6UBr9 - version_id: DkTPOG - url: https://semgrep.dev/playground/r/DkTPOG/generic.secrets.gitleaks.facebook.facebook + version_id: LjT02R + url: https://semgrep.dev/playground/r/LjT02R/generic.secrets.gitleaks.facebook.facebook origin: community patterns: - pattern-regex: (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -2980,13 +3119,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.fastly-api-token.fastly-api-token shortlink: https://sg.run/KYlX semgrep.dev: rule: rule_id: bwUPw8 - version_id: WrTXRY - url: https://semgrep.dev/playground/r/WrTXRY/generic.secrets.gitleaks.fastly-api-token.fastly-api-token + version_id: 8KTbqg + url: https://semgrep.dev/playground/r/8KTbqg/generic.secrets.gitleaks.fastly-api-token.fastly-api-token origin: community patterns: - pattern-regex: (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3019,13 +3160,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.finicity-api-token.finicity-api-token shortlink: https://sg.run/qQxy semgrep.dev: rule: rule_id: NbUvkX - version_id: 0bT841 - url: https://semgrep.dev/playground/r/0bT841/generic.secrets.gitleaks.finicity-api-token.finicity-api-token + version_id: gETqA0 + url: https://semgrep.dev/playground/r/gETqA0/generic.secrets.gitleaks.finicity-api-token.finicity-api-token origin: community patterns: - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3058,13 +3201,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.finicity-client-secret.finicity-client-secret shortlink: https://sg.run/lQ29 semgrep.dev: rule: rule_id: kxUQk2 - version_id: K3TDpj - url: https://semgrep.dev/playground/r/K3TDpj/generic.secrets.gitleaks.finicity-client-secret.finicity-client-secret + version_id: QkTJ7g + url: https://semgrep.dev/playground/r/QkTJ7g/generic.secrets.gitleaks.finicity-client-secret.finicity-client-secret origin: community patterns: - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3097,13 +3242,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.finnhub-access-token.finnhub-access-token shortlink: https://sg.run/YRv4 semgrep.dev: rule: rule_id: wdUqJk - version_id: qkTd0B - url: https://semgrep.dev/playground/r/qkTd0B/generic.secrets.gitleaks.finnhub-access-token.finnhub-access-token + version_id: 3ZTdpx + url: https://semgrep.dev/playground/r/3ZTdpx/generic.secrets.gitleaks.finnhub-access-token.finnhub-access-token origin: community patterns: - pattern-regex: (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3136,13 +3283,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.flickr-access-token.flickr-access-token shortlink: https://sg.run/6onB semgrep.dev: rule: rule_id: x8Ulnq - version_id: l4TKLJ - url: https://semgrep.dev/playground/r/l4TKLJ/generic.secrets.gitleaks.flickr-access-token.flickr-access-token + version_id: 44ToAx + url: https://semgrep.dev/playground/r/44ToAx/generic.secrets.gitleaks.flickr-access-token.flickr-access-token origin: community patterns: - pattern-regex: (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3175,13 +3324,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.flutterwave-encryption-key.flutterwave-encryption-key shortlink: https://sg.run/oQxR semgrep.dev: rule: rule_id: OrUA3O - version_id: YDT13E - url: https://semgrep.dev/playground/r/YDT13E/generic.secrets.gitleaks.flutterwave-encryption-key.flutterwave-encryption-key + version_id: PkTYWK + url: https://semgrep.dev/playground/r/PkTYWK/generic.secrets.gitleaks.flutterwave-encryption-key.flutterwave-encryption-key origin: community patterns: - pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{12} @@ -3214,13 +3365,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.flutterwave-public-key.flutterwave-public-key shortlink: https://sg.run/zQvW semgrep.dev: rule: rule_id: eqUY83 - version_id: 6xTlLR - url: https://semgrep.dev/playground/r/6xTlLR/generic.secrets.gitleaks.flutterwave-public-key.flutterwave-public-key + version_id: JdTq3O + url: https://semgrep.dev/playground/r/JdTq3O/generic.secrets.gitleaks.flutterwave-public-key.flutterwave-public-key origin: community patterns: - pattern-regex: FLWPUBK_TEST-(?i)[a-h0-9]{32}-X @@ -3253,13 +3406,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.flutterwave-secret-key.flutterwave-secret-key shortlink: https://sg.run/pQxL semgrep.dev: rule: rule_id: v8UKn0 - version_id: o5T37o - url: https://semgrep.dev/playground/r/o5T37o/generic.secrets.gitleaks.flutterwave-secret-key.flutterwave-secret-key + version_id: 5PT6Pl + url: https://semgrep.dev/playground/r/5PT6Pl/generic.secrets.gitleaks.flutterwave-secret-key.flutterwave-secret-key origin: community patterns: - pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{32}-X @@ -3292,13 +3447,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.frameio-api-token.frameio-api-token shortlink: https://sg.run/2qxD semgrep.dev: rule: rule_id: d8UOj3 - version_id: zyTwxr - url: https://semgrep.dev/playground/r/zyTwxr/generic.secrets.gitleaks.frameio-api-token.frameio-api-token + version_id: GxT2x5 + url: https://semgrep.dev/playground/r/GxT2x5/generic.secrets.gitleaks.frameio-api-token.frameio-api-token origin: community patterns: - pattern-regex: fio-u-(?i)[a-z0-9\-_=]{64} @@ -3331,13 +3488,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.freshbooks-access-token.freshbooks-access-token shortlink: https://sg.run/X3Bb semgrep.dev: rule: rule_id: ZqUk5D - version_id: pZTdBx - url: https://semgrep.dev/playground/r/pZTdBx/generic.secrets.gitleaks.freshbooks-access-token.freshbooks-access-token + version_id: RGTbQZ + url: https://semgrep.dev/playground/r/RGTbQZ/generic.secrets.gitleaks.freshbooks-access-token.freshbooks-access-token origin: community patterns: - pattern-regex: (?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3370,13 +3529,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.gcp-api-key.gcp-api-key shortlink: https://sg.run/j1RJ semgrep.dev: rule: rule_id: nJU5zJ - version_id: 2KTkD6 - url: https://semgrep.dev/playground/r/2KTkD6/generic.secrets.gitleaks.gcp-api-key.gcp-api-key + version_id: A8TRrO + url: https://semgrep.dev/playground/r/A8TRrO/generic.secrets.gitleaks.gcp-api-key.gcp-api-key origin: community patterns: - pattern-regex: (?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3409,13 +3570,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.github-app-token.github-app-token shortlink: https://sg.run/92o8 semgrep.dev: rule: rule_id: 7KUJQX - version_id: jQT4Ep - url: https://semgrep.dev/playground/r/jQT4Ep/generic.secrets.gitleaks.github-app-token.github-app-token + version_id: DkTQ9J + url: https://semgrep.dev/playground/r/DkTQ9J/generic.secrets.gitleaks.github-app-token.github-app-token origin: community patterns: - pattern-regex: "(ghu|ghs)_[0-9a-zA-Z]{36}" @@ -3448,13 +3611,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.github-fine-grained-pat.github-fine-grained-pat shortlink: https://sg.run/yQdR semgrep.dev: rule: rule_id: L1ULyp - version_id: 1QTRDJ - url: https://semgrep.dev/playground/r/1QTRDJ/generic.secrets.gitleaks.github-fine-grained-pat.github-fine-grained-pat + version_id: WrTblB + url: https://semgrep.dev/playground/r/WrTblB/generic.secrets.gitleaks.github-fine-grained-pat.github-fine-grained-pat origin: community patterns: - pattern-regex: github_pat_[0-9a-zA-Z_]{82} @@ -3487,13 +3652,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.github-oauth.github-oauth shortlink: https://sg.run/rQdR semgrep.dev: rule: rule_id: 8GUPjW - version_id: 9lTGjN - url: https://semgrep.dev/playground/r/9lTGjN/generic.secrets.gitleaks.github-oauth.github-oauth + version_id: 0bTv7n + url: https://semgrep.dev/playground/r/0bTv7n/generic.secrets.gitleaks.github-oauth.github-oauth origin: community patterns: - pattern-regex: gho_[0-9a-zA-Z]{36} @@ -3526,13 +3693,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.github-pat.github-pat shortlink: https://sg.run/bY7E semgrep.dev: rule: rule_id: gxUv1p - version_id: yeT469 - url: https://semgrep.dev/playground/r/yeT469/generic.secrets.gitleaks.github-pat.github-pat + version_id: K3Tlz1 + url: https://semgrep.dev/playground/r/K3Tlz1/generic.secrets.gitleaks.github-pat.github-pat origin: community patterns: - pattern-regex: ghp_[0-9a-zA-Z]{36} @@ -3565,13 +3734,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.github-refresh-token.github-refresh-token shortlink: https://sg.run/Nz4z semgrep.dev: rule: rule_id: QrURzR - version_id: rxTp5J - url: https://semgrep.dev/playground/r/rxTp5J/generic.secrets.gitleaks.github-refresh-token.github-refresh-token + version_id: qkTN18 + url: https://semgrep.dev/playground/r/qkTN18/generic.secrets.gitleaks.github-refresh-token.github-refresh-token origin: community patterns: - pattern-regex: ghr_[0-9a-zA-Z]{36} @@ -3604,13 +3775,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.gitlab-pat.gitlab-pat shortlink: https://sg.run/k3X2 semgrep.dev: rule: rule_id: 3qU5PK - version_id: bZT7Y7 - url: https://semgrep.dev/playground/r/bZT7Y7/generic.secrets.gitleaks.gitlab-pat.gitlab-pat + version_id: l4T5rO + url: https://semgrep.dev/playground/r/l4T5rO/generic.secrets.gitleaks.gitlab-pat.gitlab-pat origin: community patterns: - pattern-regex: glpat-[0-9a-zA-Z\-\_]{20} @@ -3643,13 +3816,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.gitlab-ptt.gitlab-ptt shortlink: https://sg.run/wQeP semgrep.dev: rule: rule_id: 4bUKkW - version_id: NdTKxb - url: https://semgrep.dev/playground/r/NdTKxb/generic.secrets.gitleaks.gitlab-ptt.gitlab-ptt + version_id: YDTo6b + url: https://semgrep.dev/playground/r/YDTo6b/generic.secrets.gitleaks.gitlab-ptt.gitlab-ptt origin: community patterns: - pattern-regex: glptt-[0-9a-f]{40} @@ -3682,13 +3857,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.gitlab-rrt.gitlab-rrt shortlink: https://sg.run/xQ1g semgrep.dev: rule: rule_id: PeU7ZX - version_id: kbTBop - url: https://semgrep.dev/playground/r/kbTBop/generic.secrets.gitleaks.gitlab-rrt.gitlab-rrt + version_id: 6xTe59 + url: https://semgrep.dev/playground/r/6xTe59/generic.secrets.gitleaks.gitlab-rrt.gitlab-rrt origin: community patterns: - pattern-regex: GR1348941[0-9a-zA-Z\-\_]{20} @@ -3721,13 +3898,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.gitter-access-token.gitter-access-token shortlink: https://sg.run/OpPn semgrep.dev: rule: rule_id: JDUOyB - version_id: w8TPeX - url: https://semgrep.dev/playground/r/w8TPeX/generic.secrets.gitleaks.gitter-access-token.gitter-access-token + version_id: o5Tnyw + url: https://semgrep.dev/playground/r/o5Tnyw/generic.secrets.gitleaks.gitter-access-token.gitter-access-token origin: community patterns: - pattern-regex: (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3760,13 +3939,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.gocardless-api-token.gocardless-api-token shortlink: https://sg.run/ezLy semgrep.dev: rule: rule_id: 5rUKOQ - version_id: xyTgY6 - url: https://semgrep.dev/playground/r/xyTgY6/generic.secrets.gitleaks.gocardless-api-token.gocardless-api-token + version_id: zyT5A4 + url: https://semgrep.dev/playground/r/zyT5A4/generic.secrets.gitleaks.gocardless-api-token.gocardless-api-token origin: community patterns: - pattern-regex: (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3799,13 +3980,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.grafana-api-key.grafana-api-key shortlink: https://sg.run/vQzb semgrep.dev: rule: rule_id: GdUb7y - version_id: O9TqP5 - url: https://semgrep.dev/playground/r/O9TqP5/generic.secrets.gitleaks.grafana-api-key.grafana-api-key + version_id: pZTr6K + url: https://semgrep.dev/playground/r/pZTr6K/generic.secrets.gitleaks.grafana-api-key.grafana-api-key origin: community patterns: - pattern-regex: (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3838,13 +4021,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.grafana-cloud-api-token.grafana-cloud-api-token shortlink: https://sg.run/doKd semgrep.dev: rule: rule_id: ReUNgJ - version_id: e1To6N - url: https://semgrep.dev/playground/r/e1To6N/generic.secrets.gitleaks.grafana-cloud-api-token.grafana-cloud-api-token + version_id: 2KT1QD + url: https://semgrep.dev/playground/r/2KT1QD/generic.secrets.gitleaks.grafana-cloud-api-token.grafana-cloud-api-token origin: community patterns: - pattern-regex: (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3877,13 +4062,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.grafana-service-account-token.grafana-service-account-token shortlink: https://sg.run/ZAvo semgrep.dev: rule: rule_id: AbUvzB - version_id: vdTwZz - url: https://semgrep.dev/playground/r/vdTwZz/generic.secrets.gitleaks.grafana-service-account-token.grafana-service-account-token + version_id: X0TPwP + url: https://semgrep.dev/playground/r/X0TPwP/generic.secrets.gitleaks.grafana-service-account-token.grafana-service-account-token origin: community patterns: - pattern-regex: (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3916,13 +4103,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.hashicorp-tf-api-token.hashicorp-tf-api-token shortlink: https://sg.run/nQd2 semgrep.dev: rule: rule_id: BYU4N6 - version_id: d6T0Bg - url: https://semgrep.dev/playground/r/d6T0Bg/generic.secrets.gitleaks.hashicorp-tf-api-token.hashicorp-tf-api-token + version_id: jQTK6Z + url: https://semgrep.dev/playground/r/jQTK6Z/generic.secrets.gitleaks.hashicorp-tf-api-token.hashicorp-tf-api-token origin: community patterns: - pattern-regex: "(?i)[a-z0-9]{14}\\.atlasv1\\.[a-z0-9\\-_=]{60,70}" @@ -3955,13 +4144,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.heroku-api-key.heroku-api-key shortlink: https://sg.run/EDke semgrep.dev: rule: rule_id: DbUBpr - version_id: ZRT9LA - url: https://semgrep.dev/playground/r/ZRT9LA/generic.secrets.gitleaks.heroku-api-key.heroku-api-key + version_id: 1QTjbg + url: https://semgrep.dev/playground/r/1QTjbg/generic.secrets.gitleaks.heroku-api-key.heroku-api-key origin: community patterns: - pattern-regex: (?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -3994,13 +4185,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.hubspot-api-key.hubspot-api-key shortlink: https://sg.run/7zoW semgrep.dev: rule: rule_id: WAUeop - version_id: nWTb6R - url: https://semgrep.dev/playground/r/nWTb6R/generic.secrets.gitleaks.hubspot-api-key.hubspot-api-key + version_id: 9lTz1Q + url: https://semgrep.dev/playground/r/9lTz1Q/generic.secrets.gitleaks.hubspot-api-key.hubspot-api-key origin: community patterns: - pattern-regex: (?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4033,13 +4226,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.intercom-api-key.intercom-api-key shortlink: https://sg.run/L6wo semgrep.dev: rule: rule_id: 0oU053 - version_id: ExTL9G - url: https://semgrep.dev/playground/r/ExTL9G/generic.secrets.gitleaks.intercom-api-key.intercom-api-key + version_id: yeTXnR + url: https://semgrep.dev/playground/r/yeTXnR/generic.secrets.gitleaks.intercom-api-key.intercom-api-key origin: community patterns: - pattern-regex: (?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4071,13 +4266,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.jwt.jwt shortlink: https://sg.run/8pyE semgrep.dev: rule: rule_id: KxUAbk - version_id: 7ZTlL2 - url: https://semgrep.dev/playground/r/7ZTlL2/generic.secrets.gitleaks.jwt.jwt + version_id: rxTxr0 + url: https://semgrep.dev/playground/r/rxTxr0/generic.secrets.gitleaks.jwt.jwt origin: community patterns: - pattern-regex: (?i)\b(ey[0-9a-z]{30,34}\.ey[0-9a-z-\/_]{30,500}\.[0-9a-zA-Z-\/_]{10,200}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4110,13 +4307,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.kraken-access-token.kraken-access-token shortlink: https://sg.run/g2LZ semgrep.dev: rule: rule_id: qNUAjy - version_id: LjTW11 - url: https://semgrep.dev/playground/r/LjTW11/generic.secrets.gitleaks.kraken-access-token.kraken-access-token + version_id: bZTGwK + url: https://semgrep.dev/playground/r/bZTGwK/generic.secrets.gitleaks.kraken-access-token.kraken-access-token origin: community patterns: - pattern-regex: (?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4149,13 +4348,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.kucoin-access-token.kucoin-access-token shortlink: https://sg.run/QX5Q semgrep.dev: rule: rule_id: lBU39j - version_id: 8KTJdb - url: https://semgrep.dev/playground/r/8KTJdb/generic.secrets.gitleaks.kucoin-access-token.kucoin-access-token + version_id: NdT1kk + url: https://semgrep.dev/playground/r/NdT1kk/generic.secrets.gitleaks.kucoin-access-token.kucoin-access-token origin: community patterns: - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4188,13 +4389,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.kucoin-secret-key.kucoin-secret-key shortlink: https://sg.run/3lxp semgrep.dev: rule: rule_id: PeU7Zg - version_id: gETRb4 - url: https://semgrep.dev/playground/r/gETRb4/generic.secrets.gitleaks.kucoin-secret-key.kucoin-secret-key + version_id: kbT7kR + url: https://semgrep.dev/playground/r/kbT7kR/generic.secrets.gitleaks.kucoin-secret-key.kucoin-secret-key origin: community patterns: - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4227,13 +4430,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.launchdarkly-access-token.launchdarkly-access-token shortlink: https://sg.run/4Yxz semgrep.dev: rule: rule_id: JDUOyJ - version_id: QkTY4K - url: https://semgrep.dev/playground/r/QkTY4K/generic.secrets.gitleaks.launchdarkly-access-token.launchdarkly-access-token + version_id: w8T3JG + url: https://semgrep.dev/playground/r/w8T3JG/generic.secrets.gitleaks.launchdarkly-access-token.launchdarkly-access-token origin: community patterns: - pattern-regex: (?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4266,13 +4471,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.linear-api-key.linear-api-key shortlink: https://sg.run/P2JW semgrep.dev: rule: rule_id: 5rUKO6 - version_id: 3ZTGdY - url: https://semgrep.dev/playground/r/3ZTGdY/generic.secrets.gitleaks.linear-api-key.linear-api-key + version_id: xyT4nx + url: https://semgrep.dev/playground/r/xyT4nx/generic.secrets.gitleaks.linear-api-key.linear-api-key origin: community patterns: - pattern-regex: lin_api_(?i)[a-z0-9]{40} @@ -4305,13 +4512,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.linear-client-secret.linear-client-secret shortlink: https://sg.run/Jl9W semgrep.dev: rule: rule_id: GdUb7w - version_id: 44TLoR - url: https://semgrep.dev/playground/r/44TLoR/generic.secrets.gitleaks.linear-client-secret.linear-client-secret + version_id: O9Ty3l + url: https://semgrep.dev/playground/r/O9Ty3l/generic.secrets.gitleaks.linear-client-secret.linear-client-secret origin: community patterns: - pattern-regex: (?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4344,13 +4553,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.linkedin-client-id.linkedin-client-id shortlink: https://sg.run/56QX semgrep.dev: rule: rule_id: ReUNg1 - version_id: PkTlYD - url: https://semgrep.dev/playground/r/PkTlYD/generic.secrets.gitleaks.linkedin-client-id.linkedin-client-id + version_id: e1Tx8D + url: https://semgrep.dev/playground/r/e1Tx8D/generic.secrets.gitleaks.linkedin-client-id.linkedin-client-id origin: community patterns: - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4383,13 +4594,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.linkedin-client-secret.linkedin-client-secret shortlink: https://sg.run/G0W2 semgrep.dev: rule: rule_id: AbUvWj - version_id: JdTBq3 - url: https://semgrep.dev/playground/r/JdTBq3/generic.secrets.gitleaks.linkedin-client-secret.linkedin-client-secret + version_id: vdT2nv + url: https://semgrep.dev/playground/r/vdT2nv/generic.secrets.gitleaks.linkedin-client-secret.linkedin-client-secret origin: community patterns: - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4422,13 +4635,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.lob-api-key.lob-api-key shortlink: https://sg.run/Rj8e semgrep.dev: rule: rule_id: BYU4BX - version_id: 5PTR6O - url: https://semgrep.dev/playground/r/5PTR6O/generic.secrets.gitleaks.lob-api-key.lob-api-key + version_id: d6TDjP + url: https://semgrep.dev/playground/r/d6TDjP/generic.secrets.gitleaks.lob-api-key.lob-api-key origin: community patterns: - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4461,13 +4676,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.lob-pub-api-key.lob-pub-api-key shortlink: https://sg.run/AGl8 semgrep.dev: rule: rule_id: DbUBWq - version_id: GxTn20 - url: https://semgrep.dev/playground/r/GxTn20/generic.secrets.gitleaks.lob-pub-api-key.lob-pub-api-key + version_id: ZRTw5N + url: https://semgrep.dev/playground/r/ZRTw5N/generic.secrets.gitleaks.lob-pub-api-key.lob-pub-api-key origin: community patterns: - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4500,13 +4717,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.mailchimp-api-key.mailchimp-api-key shortlink: https://sg.run/BR42 semgrep.dev: rule: rule_id: WAUeZl - version_id: RGT6bo - url: https://semgrep.dev/playground/r/RGT6bo/generic.secrets.gitleaks.mailchimp-api-key.mailchimp-api-key + version_id: nWT7zo + url: https://semgrep.dev/playground/r/nWT7zo/generic.secrets.gitleaks.mailchimp-api-key.mailchimp-api-key origin: community patterns: - pattern-regex: (?i)(?:mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us20)(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4539,13 +4758,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.mailgun-private-api-token.mailgun-private-api-token shortlink: https://sg.run/D3Jo semgrep.dev: rule: rule_id: 0oU0E5 - version_id: A8TORQ - url: https://semgrep.dev/playground/r/A8TORQ/generic.secrets.gitleaks.mailgun-private-api-token.mailgun-private-api-token + version_id: ExTn2E + url: https://semgrep.dev/playground/r/ExTn2E/generic.secrets.gitleaks.mailgun-private-api-token.mailgun-private-api-token origin: community patterns: - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4578,13 +4799,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.mailgun-pub-key.mailgun-pub-key shortlink: https://sg.run/W5gg semgrep.dev: rule: rule_id: KxUA44 - version_id: BjTgEz - url: https://semgrep.dev/playground/r/BjTgEz/generic.secrets.gitleaks.mailgun-pub-key.mailgun-pub-key + version_id: 7ZTOQB + url: https://semgrep.dev/playground/r/7ZTOQB/generic.secrets.gitleaks.mailgun-pub-key.mailgun-pub-key origin: community patterns: - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4617,13 +4840,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.mailgun-signing-key.mailgun-signing-key shortlink: https://sg.run/03n5 semgrep.dev: rule: rule_id: qNUAob - version_id: DkTPQG - url: https://semgrep.dev/playground/r/DkTPQG/generic.secrets.gitleaks.mailgun-signing-key.mailgun-signing-key + version_id: LjT0yR + url: https://semgrep.dev/playground/r/LjT0yR/generic.secrets.gitleaks.mailgun-signing-key.mailgun-signing-key origin: community patterns: - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4656,13 +4881,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.mapbox-api-token.mapbox-api-token shortlink: https://sg.run/KYWX semgrep.dev: rule: rule_id: lBU3d8 - version_id: WrTXbY - url: https://semgrep.dev/playground/r/WrTXbY/generic.secrets.gitleaks.mapbox-api-token.mapbox-api-token + version_id: 8KTbjg + url: https://semgrep.dev/playground/r/8KTbjg/generic.secrets.gitleaks.mapbox-api-token.mapbox-api-token origin: community patterns: - pattern-regex: (?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4695,13 +4922,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.mattermost-access-token.mattermost-access-token shortlink: https://sg.run/qQry semgrep.dev: rule: rule_id: YGUgrA - version_id: 0bT8v1 - url: https://semgrep.dev/playground/r/0bT8v1/generic.secrets.gitleaks.mattermost-access-token.mattermost-access-token + version_id: gETq10 + url: https://semgrep.dev/playground/r/gETq10/generic.secrets.gitleaks.mattermost-access-token.mattermost-access-token origin: community patterns: - pattern-regex: (?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4734,13 +4963,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.messagebird-api-token.messagebird-api-token shortlink: https://sg.run/lQj9 semgrep.dev: rule: rule_id: 6JU4qD - version_id: K3TDlj - url: https://semgrep.dev/playground/r/K3TDlj/generic.secrets.gitleaks.messagebird-api-token.messagebird-api-token + version_id: QkTJzg + url: https://semgrep.dev/playground/r/QkTJzg/generic.secrets.gitleaks.messagebird-api-token.messagebird-api-token origin: community patterns: - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4773,13 +5004,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.messagebird-client-id.messagebird-client-id shortlink: https://sg.run/YRg4 semgrep.dev: rule: rule_id: oqUGzK - version_id: qkTdNB - url: https://semgrep.dev/playground/r/qkTdNB/generic.secrets.gitleaks.messagebird-client-id.messagebird-client-id + version_id: 3ZTdPx + url: https://semgrep.dev/playground/r/3ZTdPx/generic.secrets.gitleaks.messagebird-client-id.messagebird-client-id origin: community patterns: - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4812,13 +5045,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.microsoft-teams-webhook.microsoft-teams-webhook shortlink: https://sg.run/6orB semgrep.dev: rule: rule_id: zdU6yl - version_id: l4TK5J - url: https://semgrep.dev/playground/r/l4TK5J/generic.secrets.gitleaks.microsoft-teams-webhook.microsoft-teams-webhook + version_id: 44Tokx + url: https://semgrep.dev/playground/r/44Tokx/generic.secrets.gitleaks.microsoft-teams-webhook.microsoft-teams-webhook origin: community patterns: - pattern-regex: https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12} @@ -4851,13 +5086,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.netlify-access-token.netlify-access-token shortlink: https://sg.run/oQkR semgrep.dev: rule: rule_id: pKURGy - version_id: YDT1oE - url: https://semgrep.dev/playground/r/YDT1oE/generic.secrets.gitleaks.netlify-access-token.netlify-access-token + version_id: PkTYZK + url: https://semgrep.dev/playground/r/PkTYZK/generic.secrets.gitleaks.netlify-access-token.netlify-access-token origin: community patterns: - pattern-regex: (?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4890,13 +5127,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.new-relic-browser-api-token.new-relic-browser-api-token shortlink: https://sg.run/zQkW semgrep.dev: rule: rule_id: 2ZUn43 - version_id: 6xTleR - url: https://semgrep.dev/playground/r/6xTleR/generic.secrets.gitleaks.new-relic-browser-api-token.new-relic-browser-api-token + version_id: JdTqyO + url: https://semgrep.dev/playground/r/JdTqyO/generic.secrets.gitleaks.new-relic-browser-api-token.new-relic-browser-api-token origin: community patterns: - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4929,13 +5168,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.new-relic-user-api-id.new-relic-user-api-id shortlink: https://sg.run/pQlL semgrep.dev: rule: rule_id: X5UGZz - version_id: o5T3no - url: https://semgrep.dev/playground/r/o5T3no/generic.secrets.gitleaks.new-relic-user-api-id.new-relic-user-api-id + version_id: 5PT6Ol + url: https://semgrep.dev/playground/r/5PT6Ol/generic.secrets.gitleaks.new-relic-user-api-id.new-relic-user-api-id origin: community patterns: - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -4968,13 +5209,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.new-relic-user-api-key.new-relic-user-api-key shortlink: https://sg.run/2qbD semgrep.dev: rule: rule_id: j2UGqB - version_id: zyTw5r - url: https://semgrep.dev/playground/r/zyTw5r/generic.secrets.gitleaks.new-relic-user-api-key.new-relic-user-api-key + version_id: GxT275 + url: https://semgrep.dev/playground/r/GxT275/generic.secrets.gitleaks.new-relic-user-api-key.new-relic-user-api-key origin: community patterns: - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5007,13 +5250,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.npm-access-token.npm-access-token shortlink: https://sg.run/X3Lb semgrep.dev: rule: rule_id: 10UJZE - version_id: pZTdrx - url: https://semgrep.dev/playground/r/pZTdrx/generic.secrets.gitleaks.npm-access-token.npm-access-token + version_id: RGTbgZ + url: https://semgrep.dev/playground/r/RGTbgZ/generic.secrets.gitleaks.npm-access-token.npm-access-token origin: community patterns: - pattern-regex: (?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5046,13 +5291,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.nytimes-access-token.nytimes-access-token shortlink: https://sg.run/j1NJ semgrep.dev: rule: rule_id: 9AU8Oq - version_id: 2KTk16 - url: https://semgrep.dev/playground/r/2KTk16/generic.secrets.gitleaks.nytimes-access-token.nytimes-access-token + version_id: A8TRzO + url: https://semgrep.dev/playground/r/A8TRzO/generic.secrets.gitleaks.nytimes-access-token.nytimes-access-token origin: community patterns: - pattern-regex: (?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5085,13 +5332,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.okta-access-token.okta-access-token shortlink: https://sg.run/1Knv semgrep.dev: rule: rule_id: yyUYve - version_id: X0TjPo - url: https://semgrep.dev/playground/r/X0TjPo/generic.secrets.gitleaks.okta-access-token.okta-access-token + version_id: BjTENl + url: https://semgrep.dev/playground/r/BjTENl/generic.secrets.gitleaks.okta-access-token.okta-access-token origin: community patterns: - pattern-regex: (?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5124,13 +5373,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.plaid-api-token.plaid-api-token shortlink: https://sg.run/92q8 semgrep.dev: rule: rule_id: r6UBkG - version_id: jQT4Kp - url: https://semgrep.dev/playground/r/jQT4Kp/generic.secrets.gitleaks.plaid-api-token.plaid-api-token + version_id: DkTQpJ + url: https://semgrep.dev/playground/r/DkTQpJ/generic.secrets.gitleaks.plaid-api-token.plaid-api-token origin: community patterns: - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5163,13 +5414,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.plaid-client-id.plaid-client-id shortlink: https://sg.run/yQzR semgrep.dev: rule: rule_id: bwUPO4 - version_id: 1QTRjJ - url: https://semgrep.dev/playground/r/1QTRjJ/generic.secrets.gitleaks.plaid-client-id.plaid-client-id + version_id: WrTboB + url: https://semgrep.dev/playground/r/WrTboB/generic.secrets.gitleaks.plaid-client-id.plaid-client-id origin: community patterns: - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5202,13 +5455,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.plaid-secret-key.plaid-secret-key shortlink: https://sg.run/rQAR semgrep.dev: rule: rule_id: NbUvA5 - version_id: 9lTGzN - url: https://semgrep.dev/playground/r/9lTGzN/generic.secrets.gitleaks.plaid-secret-key.plaid-secret-key + version_id: 0bTv5n + url: https://semgrep.dev/playground/r/0bTv5n/generic.secrets.gitleaks.plaid-secret-key.plaid-secret-key origin: community patterns: - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5241,13 +5496,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.planetscale-api-token.planetscale-api-token shortlink: https://sg.run/bYDE semgrep.dev: rule: rule_id: kxUQR9 - version_id: yeT4X9 - url: https://semgrep.dev/playground/r/yeT4X9/generic.secrets.gitleaks.planetscale-api-token.planetscale-api-token + version_id: K3Tlb1 + url: https://semgrep.dev/playground/r/K3Tlb1/generic.secrets.gitleaks.planetscale-api-token.planetscale-api-token origin: community patterns: - pattern-regex: (?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5280,13 +5537,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.planetscale-oauth-token.planetscale-oauth-token shortlink: https://sg.run/Nzrz semgrep.dev: rule: rule_id: wdUq8q - version_id: rxTpxJ - url: https://semgrep.dev/playground/r/rxTpxJ/generic.secrets.gitleaks.planetscale-oauth-token.planetscale-oauth-token + version_id: qkTNj8 + url: https://semgrep.dev/playground/r/qkTNj8/generic.secrets.gitleaks.planetscale-oauth-token.planetscale-oauth-token origin: community patterns: - pattern-regex: (?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5319,13 +5578,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.planetscale-password.planetscale-password shortlink: https://sg.run/k3L2 semgrep.dev: rule: rule_id: x8UlWb - version_id: bZT7G7 - url: https://semgrep.dev/playground/r/bZT7G7/generic.secrets.gitleaks.planetscale-password.planetscale-password + version_id: l4T59O + url: https://semgrep.dev/playground/r/l4T59O/generic.secrets.gitleaks.planetscale-password.planetscale-password origin: community patterns: - pattern-regex: (?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5358,13 +5619,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.postman-api-token.postman-api-token shortlink: https://sg.run/wQxP semgrep.dev: rule: rule_id: OrUAGK - version_id: NdTK1b - url: https://semgrep.dev/playground/r/NdTK1b/generic.secrets.gitleaks.postman-api-token.postman-api-token + version_id: YDToRb + url: https://semgrep.dev/playground/r/YDToRb/generic.secrets.gitleaks.postman-api-token.postman-api-token origin: community patterns: - pattern-regex: (?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5397,13 +5660,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.prefect-api-token.prefect-api-token shortlink: https://sg.run/xQYg semgrep.dev: rule: rule_id: eqUYv2 - version_id: kbTB7p - url: https://semgrep.dev/playground/r/kbTB7p/generic.secrets.gitleaks.prefect-api-token.prefect-api-token + version_id: JdTqyx + url: https://semgrep.dev/playground/r/JdTqyx/generic.secrets.gitleaks.prefect-api-token.prefect-api-token origin: community patterns: - pattern-regex: (?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5436,13 +5701,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.private-key.private-key shortlink: https://sg.run/Op1n semgrep.dev: rule: rule_id: v8UK5w - version_id: w8TP3X - url: https://semgrep.dev/playground/r/w8TP3X/generic.secrets.gitleaks.private-key.private-key + version_id: 5PT6Oz + url: https://semgrep.dev/playground/r/5PT6Oz/generic.secrets.gitleaks.private-key.private-key origin: community patterns: - pattern-regex: "(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\\s\\S-]*KEY( @@ -5476,13 +5743,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.pulumi-api-token.pulumi-api-token shortlink: https://sg.run/ez4y semgrep.dev: rule: rule_id: d8UOzo - version_id: xyTg46 - url: https://semgrep.dev/playground/r/xyTg46/generic.secrets.gitleaks.pulumi-api-token.pulumi-api-token + version_id: GxT27A + url: https://semgrep.dev/playground/r/GxT27A/generic.secrets.gitleaks.pulumi-api-token.pulumi-api-token origin: community patterns: - pattern-regex: (?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5515,13 +5784,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.pypi-upload-token.pypi-upload-token shortlink: https://sg.run/vQ0b semgrep.dev: rule: rule_id: ZqUkqn - version_id: O9Tqy5 - url: https://semgrep.dev/playground/r/O9Tqy5/generic.secrets.gitleaks.pypi-upload-token.pypi-upload-token + version_id: RGTbg5 + url: https://semgrep.dev/playground/r/RGTbg5/generic.secrets.gitleaks.pypi-upload-token.pypi-upload-token origin: community patterns: - pattern-regex: pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000} @@ -5554,13 +5825,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.rapidapi-access-token.rapidapi-access-token shortlink: https://sg.run/dogd semgrep.dev: rule: rule_id: nJU5YX - version_id: e1ToxN - url: https://semgrep.dev/playground/r/e1ToxN/generic.secrets.gitleaks.rapidapi-access-token.rapidapi-access-token + version_id: A8TRz6 + url: https://semgrep.dev/playground/r/A8TRz6/generic.secrets.gitleaks.rapidapi-access-token.rapidapi-access-token origin: community patterns: - pattern-regex: (?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5593,13 +5866,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.readme-api-token.readme-api-token shortlink: https://sg.run/ZAeo semgrep.dev: rule: rule_id: EwUy4Z - version_id: vdTw2z - url: https://semgrep.dev/playground/r/vdTw2z/generic.secrets.gitleaks.readme-api-token.readme-api-token + version_id: BjTENE + url: https://semgrep.dev/playground/r/BjTENE/generic.secrets.gitleaks.readme-api-token.readme-api-token origin: community patterns: - pattern-regex: (?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5632,13 +5907,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.rubygems-api-token.rubygems-api-token shortlink: https://sg.run/nQq2 semgrep.dev: rule: rule_id: 7KUJek - version_id: d6T0Dg - url: https://semgrep.dev/playground/r/d6T0Dg/generic.secrets.gitleaks.rubygems-api-token.rubygems-api-token + version_id: DkTQp8 + url: https://semgrep.dev/playground/r/DkTQp8/generic.secrets.gitleaks.rubygems-api-token.rubygems-api-token origin: community patterns: - pattern-regex: (?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5671,13 +5948,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sendbird-access-id.sendbird-access-id shortlink: https://sg.run/ED5e semgrep.dev: rule: rule_id: L1UL48 - version_id: ZRT9wA - url: https://semgrep.dev/playground/r/ZRT9wA/generic.secrets.gitleaks.sendbird-access-id.sendbird-access-id + version_id: WrTbor + url: https://semgrep.dev/playground/r/WrTbor/generic.secrets.gitleaks.sendbird-access-id.sendbird-access-id origin: community patterns: - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5710,13 +5989,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sendbird-access-token.sendbird-access-token shortlink: https://sg.run/7z0W semgrep.dev: rule: rule_id: 8GUPEk - version_id: nWTb7R - url: https://semgrep.dev/playground/r/nWTb7R/generic.secrets.gitleaks.sendbird-access-token.sendbird-access-token + version_id: 0bTvEx + url: https://semgrep.dev/playground/r/0bTvEx/generic.secrets.gitleaks.sendbird-access-token.sendbird-access-token origin: community patterns: - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5749,13 +6030,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sendgrid-api-token.sendgrid-api-token shortlink: https://sg.run/L60o semgrep.dev: rule: rule_id: gxUvWX - version_id: ExTLnG - url: https://semgrep.dev/playground/r/ExTLnG/generic.secrets.gitleaks.sendgrid-api-token.sendgrid-api-token + version_id: K3Tl4v + url: https://semgrep.dev/playground/r/K3Tl4v/generic.secrets.gitleaks.sendgrid-api-token.sendgrid-api-token origin: community patterns: - pattern-regex: (?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5788,13 +6071,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sendinblue-api-token.sendinblue-api-token shortlink: https://sg.run/8pnE semgrep.dev: rule: rule_id: QrUR6q - version_id: 7ZTlO2 - url: https://semgrep.dev/playground/r/7ZTlO2/generic.secrets.gitleaks.sendinblue-api-token.sendinblue-api-token + version_id: qkTNo5 + url: https://semgrep.dev/playground/r/qkTNo5/generic.secrets.gitleaks.sendinblue-api-token.sendinblue-api-token origin: community patterns: - pattern-regex: (?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5827,13 +6112,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sentry-access-token.sentry-access-token shortlink: https://sg.run/g2JZ semgrep.dev: rule: rule_id: 3qU5B1 - version_id: LjTW01 - url: https://semgrep.dev/playground/r/LjTW01/generic.secrets.gitleaks.sentry-access-token.sentry-access-token + version_id: l4T5dr + url: https://semgrep.dev/playground/r/l4T5dr/generic.secrets.gitleaks.sentry-access-token.sentry-access-token origin: community patterns: - pattern-regex: (?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5866,13 +6153,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.shippo-api-token.shippo-api-token shortlink: https://sg.run/QX8Q semgrep.dev: rule: rule_id: 4bUKzO - version_id: 8KTJbb - url: https://semgrep.dev/playground/r/8KTJbb/generic.secrets.gitleaks.shippo-api-token.shippo-api-token + version_id: YDTorR + url: https://semgrep.dev/playground/r/YDTorR/generic.secrets.gitleaks.shippo-api-token.shippo-api-token origin: community patterns: - pattern-regex: (?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -5905,13 +6194,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.shopify-access-token.shopify-access-token shortlink: https://sg.run/3lAp semgrep.dev: rule: rule_id: PeU7kg - version_id: gETRq4 - url: https://semgrep.dev/playground/r/gETRq4/generic.secrets.gitleaks.shopify-access-token.shopify-access-token + version_id: 6xTeqq + url: https://semgrep.dev/playground/r/6xTeqq/generic.secrets.gitleaks.shopify-access-token.shopify-access-token origin: community patterns: - pattern-regex: shpat_[a-fA-F0-9]{32} @@ -5944,13 +6235,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.shopify-custom-access-token.shopify-custom-access-token shortlink: https://sg.run/4Yyz semgrep.dev: rule: rule_id: JDUOPJ - version_id: QkTYJK - url: https://semgrep.dev/playground/r/QkTYJK/generic.secrets.gitleaks.shopify-custom-access-token.shopify-custom-access-token + version_id: o5Tnzr + url: https://semgrep.dev/playground/r/o5Tnzr/generic.secrets.gitleaks.shopify-custom-access-token.shopify-custom-access-token origin: community patterns: - pattern-regex: shpca_[a-fA-F0-9]{32} @@ -5983,13 +6276,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.shopify-private-app-access-token.shopify-private-app-access-token shortlink: https://sg.run/P2pW semgrep.dev: rule: rule_id: 5rUK46 - version_id: 3ZTGJY - url: https://semgrep.dev/playground/r/3ZTGJY/generic.secrets.gitleaks.shopify-private-app-access-token.shopify-private-app-access-token + version_id: zyT5yY + url: https://semgrep.dev/playground/r/zyT5yY/generic.secrets.gitleaks.shopify-private-app-access-token.shopify-private-app-access-token origin: community patterns: - pattern-regex: shppa_[a-fA-F0-9]{32} @@ -6022,13 +6317,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.shopify-shared-secret.shopify-shared-secret shortlink: https://sg.run/Jl3W semgrep.dev: rule: rule_id: GdUb0w - version_id: 44TL3R - url: https://semgrep.dev/playground/r/44TL3R/generic.secrets.gitleaks.shopify-shared-secret.shopify-shared-secret + version_id: pZTrGz + url: https://semgrep.dev/playground/r/pZTrGz/generic.secrets.gitleaks.shopify-shared-secret.shopify-shared-secret origin: community patterns: - pattern-regex: shpss_[a-fA-F0-9]{32} @@ -6061,13 +6358,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sidekiq-secret.sidekiq-secret shortlink: https://sg.run/568X semgrep.dev: rule: rule_id: ReUNP1 - version_id: PkTlLD - url: https://semgrep.dev/playground/r/PkTlLD/generic.secrets.gitleaks.sidekiq-secret.sidekiq-secret + version_id: 2KT147 + url: https://semgrep.dev/playground/r/2KT147/generic.secrets.gitleaks.sidekiq-secret.sidekiq-secret origin: community patterns: - pattern-regex: (?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t @@ -6101,13 +6400,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sidekiq-sensitive-url.sidekiq-sensitive-url shortlink: https://sg.run/G0w2 semgrep.dev: rule: rule_id: AbUvGj - version_id: JdTBg3 - url: https://semgrep.dev/playground/r/JdTBg3/generic.secrets.gitleaks.sidekiq-sensitive-url.sidekiq-sensitive-url + version_id: X0TPZA + url: https://semgrep.dev/playground/r/X0TPZA/generic.secrets.gitleaks.sidekiq-sensitive-url.sidekiq-sensitive-url origin: community patterns: - pattern-regex: "(?i)\\b(http(?:s??):\\/\\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\\/|\\#|\\?|:]|$)" @@ -6140,13 +6441,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.slack-access-token.slack-access-token shortlink: https://sg.run/RjPe semgrep.dev: rule: rule_id: BYU47X - version_id: 5PTR5O - url: https://semgrep.dev/playground/r/5PTR5O/generic.secrets.gitleaks.slack-access-token.slack-access-token + version_id: jQTKqz + url: https://semgrep.dev/playground/r/jQTKqz/generic.secrets.gitleaks.slack-access-token.slack-access-token origin: community patterns: - pattern-regex: xox[baprs]-([0-9a-zA-Z]{10,48}) @@ -6179,13 +6482,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.slack-web-hook.slack-web-hook shortlink: https://sg.run/AGw8 semgrep.dev: rule: rule_id: DbUBKq - version_id: GxTnw0 - url: https://semgrep.dev/playground/r/GxTnw0/generic.secrets.gitleaks.slack-web-hook.slack-web-hook + version_id: 1QTjZY + url: https://semgrep.dev/playground/r/1QTjZY/generic.secrets.gitleaks.slack-web-hook.slack-web-hook origin: community patterns: - pattern-regex: https:\/\/hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{44,46} @@ -6218,13 +6523,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.square-access-token.square-access-token shortlink: https://sg.run/BRL2 semgrep.dev: rule: rule_id: WAUePl - version_id: RGT6vo - url: https://semgrep.dev/playground/r/RGT6vo/generic.secrets.gitleaks.square-access-token.square-access-token + version_id: 9lTzO5 + url: https://semgrep.dev/playground/r/9lTzO5/generic.secrets.gitleaks.square-access-token.square-access-token origin: community patterns: - pattern-regex: (?i)\b(sq0atp-[0-9A-Za-z\-_]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6257,13 +6564,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.squarespace-access-token.squarespace-access-token shortlink: https://sg.run/D3wo semgrep.dev: rule: rule_id: 0oU0J5 - version_id: A8TOYQ - url: https://semgrep.dev/playground/r/A8TOYQ/generic.secrets.gitleaks.squarespace-access-token.squarespace-access-token + version_id: yeTXvx + url: https://semgrep.dev/playground/r/yeTXvx/generic.secrets.gitleaks.squarespace-access-token.squarespace-access-token origin: community patterns: - pattern-regex: (?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6296,13 +6605,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.stripe-access-token.stripe-access-token shortlink: https://sg.run/W5Og semgrep.dev: rule: rule_id: KxUAY4 - version_id: BjTgYz - url: https://semgrep.dev/playground/r/BjTgYz/generic.secrets.gitleaks.stripe-access-token.stripe-access-token + version_id: rxTxk1 + url: https://semgrep.dev/playground/r/rxTxk1/generic.secrets.gitleaks.stripe-access-token.stripe-access-token origin: community patterns: - pattern-regex: "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}" @@ -6335,13 +6646,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sumologic-access-id.sumologic-access-id shortlink: https://sg.run/0355 semgrep.dev: rule: rule_id: qNUAbb - version_id: DkTP8G - url: https://semgrep.dev/playground/r/DkTP8G/generic.secrets.gitleaks.sumologic-access-id.sumologic-access-id + version_id: bZTGOE + url: https://semgrep.dev/playground/r/bZTGOE/generic.secrets.gitleaks.sumologic-access-id.sumologic-access-id origin: community patterns: - pattern-regex: (?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6374,13 +6687,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.sumologic-access-token.sumologic-access-token shortlink: https://sg.run/KY8X semgrep.dev: rule: rule_id: lBU3z8 - version_id: WrTXxY - url: https://semgrep.dev/playground/r/WrTXxY/generic.secrets.gitleaks.sumologic-access-token.sumologic-access-token + version_id: NdT1AG + url: https://semgrep.dev/playground/r/NdT1AG/generic.secrets.gitleaks.sumologic-access-token.sumologic-access-token origin: community patterns: - pattern-regex: (?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6413,13 +6728,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.telegram-bot-api-token.telegram-bot-api-token shortlink: https://sg.run/4YPl semgrep.dev: rule: rule_id: YGUgQA - version_id: 0bT8O1 - url: https://semgrep.dev/playground/r/0bT8O1/generic.secrets.gitleaks.telegram-bot-api-token.telegram-bot-api-token + version_id: kbT7R5 + url: https://semgrep.dev/playground/r/kbT7R5/generic.secrets.gitleaks.telegram-bot-api-token.telegram-bot-api-token origin: community patterns: - pattern-regex: "(?i)(?:^|[^0-9])([0-9]{5,16}:A[a-zA-Z0-9_\\-]{34})(?:$|[^a-zA-Z0-9_\\-])" @@ -6452,13 +6769,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.travisci-access-token.travisci-access-token shortlink: https://sg.run/P28Y semgrep.dev: rule: rule_id: 6JU46D - version_id: K3TDyj - url: https://semgrep.dev/playground/r/K3TDyj/generic.secrets.gitleaks.travisci-access-token.travisci-access-token + version_id: w8T38y + url: https://semgrep.dev/playground/r/w8T38y/generic.secrets.gitleaks.travisci-access-token.travisci-access-token origin: community patterns: - pattern-regex: (?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6491,13 +6810,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.twilio-api-key.twilio-api-key shortlink: https://sg.run/Jljw semgrep.dev: rule: rule_id: oqUGrK - version_id: qkTdqB - url: https://semgrep.dev/playground/r/qkTdqB/generic.secrets.gitleaks.twilio-api-key.twilio-api-key + version_id: xyT4W3 + url: https://semgrep.dev/playground/r/xyT4W3/generic.secrets.gitleaks.twilio-api-key.twilio-api-key origin: community patterns: - pattern-regex: SK[0-9a-fA-F]{32} @@ -6530,13 +6851,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.twitch-api-token.twitch-api-token shortlink: https://sg.run/56JA semgrep.dev: rule: rule_id: zdU61l - version_id: l4TKPJ - url: https://semgrep.dev/playground/r/l4TKPJ/generic.secrets.gitleaks.twitch-api-token.twitch-api-token + version_id: O9TyG4 + url: https://semgrep.dev/playground/r/O9TyG4/generic.secrets.gitleaks.twitch-api-token.twitch-api-token origin: community patterns: - pattern-regex: (?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6569,13 +6892,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.twitter-access-secret.twitter-access-secret shortlink: https://sg.run/G0wp semgrep.dev: rule: rule_id: pKURwy - version_id: YDT1PE - url: https://semgrep.dev/playground/r/YDT1PE/generic.secrets.gitleaks.twitter-access-secret.twitter-access-secret + version_id: e1Txvw + url: https://semgrep.dev/playground/r/e1Txvw/generic.secrets.gitleaks.twitter-access-secret.twitter-access-secret origin: community patterns: - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6608,13 +6933,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.twitter-access-token.twitter-access-token shortlink: https://sg.run/RjPO semgrep.dev: rule: rule_id: 2ZUnK3 - version_id: JdTBgn - url: https://semgrep.dev/playground/r/JdTBgn/generic.secrets.gitleaks.twitter-access-token.twitter-access-token + version_id: vdT25K + url: https://semgrep.dev/playground/r/vdT25K/generic.secrets.gitleaks.twitter-access-token.twitter-access-token origin: community patterns: - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6647,13 +6974,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.twitter-api-key.twitter-api-key shortlink: https://sg.run/AGwp semgrep.dev: rule: rule_id: X5UG7z - version_id: 5PTR5r - url: https://semgrep.dev/playground/r/5PTR5r/generic.secrets.gitleaks.twitter-api-key.twitter-api-key + version_id: d6TDzN + url: https://semgrep.dev/playground/r/d6TDzN/generic.secrets.gitleaks.twitter-api-key.twitter-api-key origin: community patterns: - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6686,13 +7015,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.twitter-api-secret.twitter-api-secret shortlink: https://sg.run/BRLW semgrep.dev: rule: rule_id: j2UGRB - version_id: GxTnwB - url: https://semgrep.dev/playground/r/GxTnwB/generic.secrets.gitleaks.twitter-api-secret.twitter-api-secret + version_id: ZRTwq1 + url: https://semgrep.dev/playground/r/ZRTwq1/generic.secrets.gitleaks.twitter-api-secret.twitter-api-secret origin: community patterns: - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6725,13 +7056,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.twitter-bearer-token.twitter-bearer-token shortlink: https://sg.run/D3wY semgrep.dev: rule: rule_id: 10UJeE - version_id: RGT6vr - url: https://semgrep.dev/playground/r/RGT6vr/generic.secrets.gitleaks.twitter-bearer-token.twitter-bearer-token + version_id: nWT7Y1 + url: https://semgrep.dev/playground/r/nWT7Y1/generic.secrets.gitleaks.twitter-bearer-token.twitter-bearer-token origin: community patterns: - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6764,13 +7097,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.typeform-api-token.typeform-api-token shortlink: https://sg.run/W5O4 semgrep.dev: rule: rule_id: 9AU8kq - version_id: A8TOYn - url: https://semgrep.dev/playground/r/A8TOYn/generic.secrets.gitleaks.typeform-api-token.typeform-api-token + version_id: ExTn4L + url: https://semgrep.dev/playground/r/ExTn4L/generic.secrets.gitleaks.typeform-api-token.typeform-api-token origin: community patterns: - pattern-regex: (?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6803,13 +7138,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.vault-batch-token.vault-batch-token shortlink: https://sg.run/035v semgrep.dev: rule: rule_id: yyUYye - version_id: BjTgYQ - url: https://semgrep.dev/playground/r/BjTgYQ/generic.secrets.gitleaks.vault-batch-token.vault-batch-token + version_id: 7ZTOeG + url: https://semgrep.dev/playground/r/7ZTOeG/generic.secrets.gitleaks.vault-batch-token.vault-batch-token origin: community patterns: - pattern-regex: (?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6842,13 +7179,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.vault-service-token.vault-service-token shortlink: https://sg.run/KY87 semgrep.dev: rule: rule_id: r6UB9G - version_id: DkTP8L - url: https://semgrep.dev/playground/r/DkTP8L/generic.secrets.gitleaks.vault-service-token.vault-service-token + version_id: LjT04O + url: https://semgrep.dev/playground/r/LjT04O/generic.secrets.gitleaks.vault-service-token.vault-service-token origin: community patterns: - pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6881,13 +7220,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.yandex-access-token.yandex-access-token shortlink: https://sg.run/qQqz semgrep.dev: rule: rule_id: bwUPN4 - version_id: WrTXxe - url: https://semgrep.dev/playground/r/WrTXxe/generic.secrets.gitleaks.yandex-access-token.yandex-access-token + version_id: 8KTbER + url: https://semgrep.dev/playground/r/8KTbER/generic.secrets.gitleaks.yandex-access-token.yandex-access-token origin: community patterns: - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6920,13 +7261,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.yandex-api-key.yandex-api-key shortlink: https://sg.run/lQxy semgrep.dev: rule: rule_id: NbUvY5 - version_id: 0bT8Ok - url: https://semgrep.dev/playground/r/0bT8Ok/generic.secrets.gitleaks.yandex-api-key.yandex-api-key + version_id: gETqWK + url: https://semgrep.dev/playground/r/gETqWK/generic.secrets.gitleaks.yandex-api-key.yandex-api-key origin: community patterns: - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6959,13 +7302,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.yandex-aws-access-token.yandex-aws-access-token shortlink: https://sg.run/YRXe semgrep.dev: rule: rule_id: kxUQ89 - version_id: K3TDyB - url: https://semgrep.dev/playground/r/K3TDyB/generic.secrets.gitleaks.yandex-aws-access-token.yandex-aws-access-token + version_id: QkTJ6x + url: https://semgrep.dev/playground/r/QkTJ6x/generic.secrets.gitleaks.yandex-aws-access-token.yandex-aws-access-token origin: community patterns: - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -6998,13 +7343,15 @@ rules: technology: - gitleaks license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.gitleaks.zendesk-secret-key.zendesk-secret-key shortlink: https://sg.run/6o5o semgrep.dev: rule: rule_id: wdUqGq - version_id: qkTdqP - url: https://semgrep.dev/playground/r/qkTdqP/generic.secrets.gitleaks.zendesk-secret-key.zendesk-secret-key + version_id: 3ZTdB0 + url: https://semgrep.dev/playground/r/3ZTdB0/generic.secrets.gitleaks.zendesk-secret-key.zendesk-secret-key origin: community patterns: - pattern-regex: (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) @@ -7042,13 +7389,15 @@ rules: - vuln likelihood: MEDIUM impact: MEDIUM + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-username-and-password-in-uri.detected-username-and-password-in-uri shortlink: https://sg.run/8yA4 semgrep.dev: rule: rule_id: DbUple - version_id: rxTbQG - url: https://semgrep.dev/playground/r/rxTbQG/generic.secrets.security.detected-username-and-password-in-uri.detected-username-and-password-in-uri + version_id: BjTE7E + url: https://semgrep.dev/playground/r/BjTE7E/generic.secrets.security.detected-username-and-password-in-uri.detected-username-and-password-in-uri origin: community - id: go.aws-lambda.security.database-sqli.database-sqli languages: @@ -7081,13 +7430,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.aws-lambda.security.database-sqli.database-sqli shortlink: https://sg.run/e5e8 semgrep.dev: rule: rule_id: WAUdJ7 - version_id: ExTzpr - url: https://semgrep.dev/playground/r/ExTzpr/go.aws-lambda.security.database-sqli.database-sqli + version_id: 0bTv2x + url: https://semgrep.dev/playground/r/0bTv2x/go.aws-lambda.security.database-sqli.database-sqli origin: community pattern-sinks: - patterns: @@ -7150,13 +7501,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.aws-lambda.security.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/vX3Y semgrep.dev: rule: rule_id: 0oUwqg - version_id: 3ZT8AN - url: https://semgrep.dev/playground/r/3ZT8AN/go.aws-lambda.security.tainted-sql-string.tainted-sql-string + version_id: K3Tl7v + url: https://semgrep.dev/playground/r/K3Tl7v/go.aws-lambda.security.tainted-sql-string.tainted-sql-string origin: community mode: taint pattern-sources: @@ -7262,13 +7615,15 @@ rules: impact: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.gorm.security.audit.gorm-dangerous-methods-usage.gorm-dangerous-method-usage shortlink: https://sg.run/R4qg semgrep.dev: rule: rule_id: AbU5o3 - version_id: YDT7J0 - url: https://semgrep.dev/playground/r/YDT7J0/go.gorm.security.audit.gorm-dangerous-methods-usage.gorm-dangerous-method-usage + version_id: 5PT6L8 + url: https://semgrep.dev/playground/r/5PT6L8/go.gorm.security.audit.gorm-dangerous-methods-usage.gorm-dangerous-method-usage origin: community - id: go.jwt-go.security.jwt.hardcoded-jwt-key message: A hard-coded credential was detected. It is not recommended to store credentials @@ -7296,13 +7651,15 @@ rules: impact: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/go.jwt-go.security.jwt.hardcoded-jwt-key shortlink: https://sg.run/Rod2 semgrep.dev: rule: rule_id: GdU7Ny - version_id: PkTGNW - url: https://semgrep.dev/playground/r/PkTGNW/go.jwt-go.security.jwt.hardcoded-jwt-key + version_id: DkTQ1N + url: https://semgrep.dev/playground/r/DkTQ1N/go.jwt-go.security.jwt.hardcoded-jwt-key origin: community severity: WARNING languages: @@ -7335,13 +7692,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.math_random.math-random-used shortlink: https://sg.run/6nK6 semgrep.dev: rule: rule_id: bwUwy8 - version_id: K3Tk4e - url: https://semgrep.dev/playground/r/K3Tk4e/go.lang.security.audit.crypto.math_random.math-random-used + version_id: qkTNXO + url: https://semgrep.dev/playground/r/qkTNXO/go.lang.security.audit.crypto.math_random.math-random-used origin: community message: Do not use `math/rand`. Use `crypto/rand` instead. languages: @@ -7392,13 +7751,15 @@ rules: likelihood: MEDIUM impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.ssl.ssl-v3-is-insecure shortlink: https://sg.run/zvE1 semgrep.dev: rule: rule_id: kxUkJ2 - version_id: QkTBxq - url: https://semgrep.dev/playground/r/QkTBxq/go.lang.security.audit.crypto.ssl.ssl-v3-is-insecure + version_id: YDToDk + url: https://semgrep.dev/playground/r/YDToDk/go.lang.security.audit.crypto.ssl.ssl-v3-is-insecure origin: community languages: - go @@ -7430,13 +7791,15 @@ rules: likelihood: HIGH impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.tls.tls-with-insecure-cipher shortlink: https://sg.run/px8N semgrep.dev: rule: rule_id: wdUJYk - version_id: 3ZT7y1 - url: https://semgrep.dev/playground/r/3ZT7y1/go.lang.security.audit.crypto.tls.tls-with-insecure-cipher + version_id: 6xTe1W + url: https://semgrep.dev/playground/r/6xTe1W/go.lang.security.audit.crypto.tls.tls-with-insecure-cipher origin: community languages: - go @@ -7522,13 +7885,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-DES shortlink: https://sg.run/jREA semgrep.dev: rule: rule_id: eqU8B3 - version_id: 6xT9qP - url: https://semgrep.dev/playground/r/6xT9qP/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-DES + version_id: pZTrpq + url: https://semgrep.dev/playground/r/pZTrpq/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-DES origin: community patterns: - pattern-inside: | @@ -7566,13 +7931,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-md5 shortlink: https://sg.run/2xB5 semgrep.dev: rule: rule_id: x8Un6q - version_id: l4TRdE - url: https://semgrep.dev/playground/r/l4TRdE/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-md5 + version_id: o5Tn4R + url: https://semgrep.dev/playground/r/o5Tn4R/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-md5 origin: community patterns: - pattern-inside: | @@ -7609,13 +7976,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-rc4 shortlink: https://sg.run/1ZAD semgrep.dev: rule: rule_id: v8Unl0 - version_id: o5TDzE - url: https://semgrep.dev/playground/r/o5TDzE/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-rc4 + version_id: 2KT1PX + url: https://semgrep.dev/playground/r/2KT1PX/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-rc4 origin: community patterns: - pattern-inside: | @@ -7647,13 +8016,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-sha1 shortlink: https://sg.run/XBYA semgrep.dev: rule: rule_id: OrU31O - version_id: YDTerd - url: https://semgrep.dev/playground/r/YDTerd/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-sha1 + version_id: zyT5Ye + url: https://semgrep.dev/playground/r/zyT5Ye/go.lang.security.audit.crypto.use_of_weak_crypto.use-of-sha1 origin: community patterns: - pattern-inside: | @@ -7695,13 +8066,15 @@ rules: impact: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.md5-used-as-password.md5-used-as-password shortlink: https://sg.run/4eOE semgrep.dev: rule: rule_id: 4bU1Wj - version_id: JdTR8y - url: https://semgrep.dev/playground/r/JdTR8y/go.lang.security.audit.md5-used-as-password.md5-used-as-password + version_id: bZTG8r + url: https://semgrep.dev/playground/r/bZTG8r/go.lang.security.audit.md5-used-as-password.md5-used-as-password origin: community mode: taint pattern-sources: @@ -7748,13 +8121,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/go.lang.security.audit.net.cookie-missing-httponly.cookie-missing-httponly shortlink: https://sg.run/b73e semgrep.dev: rule: rule_id: EwU2Z6 - version_id: qkT98b - url: https://semgrep.dev/playground/r/qkT98b/go.lang.security.audit.net.cookie-missing-httponly.cookie-missing-httponly + version_id: kbT7wJ + url: https://semgrep.dev/playground/r/kbT7wJ/go.lang.security.audit.net.cookie-missing-httponly.cookie-missing-httponly origin: community fix-regex: regex: "(HttpOnly\\s*:\\s+)false" @@ -7795,13 +8170,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/go.lang.security.audit.net.cookie-missing-secure.cookie-missing-secure shortlink: https://sg.run/N4G7 semgrep.dev: rule: rule_id: 7KUQ8X - version_id: o5Tjkr - url: https://semgrep.dev/playground/r/o5Tjkr/go.lang.security.audit.net.cookie-missing-secure.cookie-missing-secure + version_id: w8T3jO + url: https://semgrep.dev/playground/r/w8T3jO/go.lang.security.audit.net.cookie-missing-secure.cookie-missing-secure origin: community fix-regex: regex: "(Secure\\s*:\\s+)false" @@ -7831,13 +8208,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.net.dynamic-httptrace-clienttrace.dynamic-httptrace-clienttrace shortlink: https://sg.run/kXEK semgrep.dev: rule: rule_id: L1Uyjp - version_id: YDTz9A - url: https://semgrep.dev/playground/r/YDTz9A/go.lang.security.audit.net.dynamic-httptrace-clienttrace.dynamic-httptrace-clienttrace + version_id: xyT4x7 + url: https://semgrep.dev/playground/r/xyT4x7/go.lang.security.audit.net.dynamic-httptrace-clienttrace.dynamic-httptrace-clienttrace origin: community patterns: - pattern-not-inside: | @@ -7900,13 +8279,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/go.lang.security.audit.net.fs-directory-listing.fs-directory-listing shortlink: https://sg.run/4R8x semgrep.dev: rule: rule_id: 5rU9JO - version_id: 5PTBgN - url: https://semgrep.dev/playground/r/5PTBgN/go.lang.security.audit.net.fs-directory-listing.fs-directory-listing + version_id: e1TxzK + url: https://semgrep.dev/playground/r/e1TxzK/go.lang.security.audit.net.fs-directory-listing.fs-directory-listing origin: community - id: go.lang.security.audit.net.wip-xss-using-responsewriter-and-printf.wip-xss-using-responsewriter-and-printf patterns: @@ -7976,13 +8357,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.wip-xss-using-responsewriter-and-printf.wip-xss-using-responsewriter-and-printf shortlink: https://sg.run/Zvon semgrep.dev: rule: rule_id: JDUyXB - version_id: WrTk47 - url: https://semgrep.dev/playground/r/WrTk47/go.lang.security.audit.net.wip-xss-using-responsewriter-and-printf.wip-xss-using-responsewriter-and-printf + version_id: 7ZTOvO + url: https://semgrep.dev/playground/r/7ZTOvO/go.lang.security.audit.net.wip-xss-using-responsewriter-and-printf.wip-xss-using-responsewriter-and-printf origin: community severity: WARNING languages: @@ -8049,13 +8432,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.lang.security.audit.sqli.gosql-sqli.gosql-sqli shortlink: https://sg.run/YgOX semgrep.dev: rule: rule_id: YGUrnQ - version_id: 7ZTk1b - url: https://semgrep.dev/playground/r/7ZTk1b/go.lang.security.audit.sqli.gosql-sqli.gosql-sqli + version_id: 8KTbze + url: https://semgrep.dev/playground/r/8KTbze/go.lang.security.audit.sqli.gosql-sqli.gosql-sqli origin: community severity: ERROR - id: go.lang.security.audit.sqli.pg-orm-sqli.pg-orm-sqli @@ -8146,13 +8531,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.lang.security.audit.sqli.pg-orm-sqli.pg-orm-sqli shortlink: https://sg.run/6rA6 semgrep.dev: rule: rule_id: 6JUqQ1 - version_id: 44TDPn - url: https://semgrep.dev/playground/r/44TDPn/go.lang.security.audit.sqli.pg-orm-sqli.pg-orm-sqli + version_id: gETqJZ + url: https://semgrep.dev/playground/r/gETqJZ/go.lang.security.audit.sqli.pg-orm-sqli.pg-orm-sqli origin: community severity: ERROR - id: go.lang.security.audit.sqli.pg-sqli.pg-sqli @@ -8184,13 +8571,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.lang.security.audit.sqli.pg-sqli.pg-sqli shortlink: https://sg.run/Al94 semgrep.dev: rule: rule_id: AbUWXY - version_id: LjTv2X - url: https://semgrep.dev/playground/r/LjTv2X/go.lang.security.audit.sqli.pg-sqli.pg-sqli + version_id: QkTJnW + url: https://semgrep.dev/playground/r/QkTJnW/go.lang.security.audit.sqli.pg-sqli.pg-sqli origin: community severity: ERROR patterns: @@ -8256,13 +8645,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.lang.security.audit.sqli.pgx-sqli.pgx-sqli shortlink: https://sg.run/okKN semgrep.dev: rule: rule_id: oqUz92 - version_id: 8KTwq9 - url: https://semgrep.dev/playground/r/8KTwq9/go.lang.security.audit.sqli.pgx-sqli.pgx-sqli + version_id: 3ZTd6l + url: https://semgrep.dev/playground/r/3ZTd6l/go.lang.security.audit.sqli.pgx-sqli.pgx-sqli origin: community patterns: - pattern-either: @@ -8361,13 +8752,15 @@ rules: confidence: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/go.lang.security.filepath-clean-misuse.filepath-clean-misuse shortlink: https://sg.run/ZKzw semgrep.dev: rule: rule_id: qNUQJe - version_id: 5PTGb4 - url: https://semgrep.dev/playground/r/5PTGb4/go.lang.security.filepath-clean-misuse.filepath-clean-misuse + version_id: l4T5Wp + url: https://semgrep.dev/playground/r/l4T5Wp/go.lang.security.filepath-clean-misuse.filepath-clean-misuse origin: community - id: go.lang.security.injection.raw-html-format.raw-html-format languages: @@ -8398,13 +8791,15 @@ rules: - vuln likelihood: HIGH impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.injection.raw-html-format.raw-html-format shortlink: https://sg.run/3r1G semgrep.dev: rule: rule_id: PeUonQ - version_id: w8T47o - url: https://semgrep.dev/playground/r/w8T47o/go.lang.security.injection.raw-html-format.raw-html-format + version_id: YDToAk + url: https://semgrep.dev/playground/r/YDToAk/go.lang.security.injection.raw-html-format.raw-html-format origin: community mode: taint pattern-sources: @@ -8459,13 +8854,15 @@ rules: impact: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.lang.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/PbEq semgrep.dev: rule: rule_id: PeUoqy - version_id: 6xTodX - url: https://semgrep.dev/playground/r/6xTodX/go.lang.security.injection.tainted-sql-string.tainted-sql-string + version_id: 6xTeEW + url: https://semgrep.dev/playground/r/6xTeEW/go.lang.security.injection.tainted-sql-string.tainted-sql-string origin: community mode: taint severity: ERROR @@ -8542,13 +8939,15 @@ rules: impact: MEDIUM likelihood: MEDIUM interfile: true + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/go.lang.security.injection.tainted-url-host.tainted-url-host shortlink: https://sg.run/5DjW semgrep.dev: rule: rule_id: AbUQLr - version_id: pZT3rg - url: https://semgrep.dev/playground/r/pZT3rg/go.lang.security.injection.tainted-url-host.tainted-url-host + version_id: o5Tn2R + url: https://semgrep.dev/playground/r/o5Tn2R/go.lang.security.injection.tainted-url-host.tainted-url-host origin: community mode: taint pattern-sources: @@ -8682,13 +9081,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/html.security.plaintext-http-link.plaintext-http-link shortlink: https://sg.run/RA5q semgrep.dev: rule: rule_id: AbUnNo - version_id: l4TqA1 - url: https://semgrep.dev/playground/r/l4TqA1/html.security.plaintext-http-link.plaintext-http-link + version_id: rxTx2E + url: https://semgrep.dev/playground/r/rxTx2E/html.security.plaintext-http-link.plaintext-http-link origin: community patterns: - pattern: ... @@ -8742,13 +9143,15 @@ rules: references: - https://cwe.mitre.org/data/definitions/926.html license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/java.android.security.exported_activity.exported_activity shortlink: https://sg.run/eNGZ semgrep.dev: rule: rule_id: v8Ul0r - version_id: zyT474 - url: https://semgrep.dev/playground/r/zyT474/java.android.security.exported_activity.exported_activity + version_id: bZTGzr + url: https://semgrep.dev/playground/r/bZTGzr/java.android.security.exported_activity.exported_activity origin: community - id: java.aws-lambda.security.tainted-sql-string.tainted-sql-string languages: @@ -8781,13 +9184,15 @@ rules: confidence: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.aws-lambda.security.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/EBYN semgrep.dev: rule: rule_id: YGUl4z - version_id: DkTEy9 - url: https://semgrep.dev/playground/r/DkTEy9/java.aws-lambda.security.tainted-sql-string.tainted-sql-string + version_id: NdT1XP + url: https://semgrep.dev/playground/r/NdT1XP/java.aws-lambda.security.tainted-sql-string.tainted-sql-string origin: community mode: taint pattern-sources: @@ -8892,13 +9297,15 @@ rules: confidence: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.aws-lambda.security.tainted-sqli.tainted-sqli shortlink: https://sg.run/7942 semgrep.dev: rule: rule_id: 6JUDWk - version_id: WrTLno - url: https://semgrep.dev/playground/r/WrTLno/java.aws-lambda.security.tainted-sqli.tainted-sqli + version_id: kbT76J + url: https://semgrep.dev/playground/r/kbT76J/java.aws-lambda.security.tainted-sqli.tainted-sqli origin: community - id: java.java-jwt.security.audit.jwt-decode-without-verify.java-jwt-decode-without-verify message: Detected the decoding of a JWT token without a verify step. JWT tokens @@ -8910,7 +9317,7 @@ rules: - 'CWE-345: Insufficient Verification of Data Authenticity' owasp: - A08:2021 - Software and Data Integrity Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -8922,13 +9329,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.java-jwt.security.audit.jwt-decode-without-verify.java-jwt-decode-without-verify shortlink: https://sg.run/Bk95 semgrep.dev: rule: rule_id: pKUOE9 - version_id: A8Tnw0 - url: https://semgrep.dev/playground/r/A8Tnw0/java.java-jwt.security.audit.jwt-decode-without-verify.java-jwt-decode-without-verify + version_id: w8T3lO + url: https://semgrep.dev/playground/r/w8T3lO/java.java-jwt.security.audit.jwt-decode-without-verify.java-jwt-decode-without-verify origin: community languages: - java @@ -8972,13 +9381,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/java.java-jwt.security.jwt-hardcode.java-jwt-hardcoded-secret shortlink: https://sg.run/RoDK semgrep.dev: rule: rule_id: oqUeAn - version_id: nWTgZJ - url: https://semgrep.dev/playground/r/nWTgZJ/java.java-jwt.security.jwt-hardcode.java-jwt-hardcoded-secret + version_id: xyT4G7 + url: https://semgrep.dev/playground/r/xyT4G7/java.java-jwt.security.jwt-hardcode.java-jwt-hardcoded-secret origin: community languages: - java @@ -9019,7 +9430,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -9031,13 +9442,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.java-jwt.security.jwt-none-alg.java-jwt-none-alg shortlink: https://sg.run/Av14 semgrep.dev: rule: rule_id: zdUkzR - version_id: DkTeAv - url: https://semgrep.dev/playground/r/DkTeAv/java.java-jwt.security.jwt-none-alg.java-jwt-none-alg + version_id: O9TylW + url: https://semgrep.dev/playground/r/O9TylW/java.java-jwt.security.jwt-none-alg.java-jwt-none-alg origin: community languages: - java @@ -9082,13 +9495,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/java.jax-rs.security.jax-rs-path-traversal.jax-rs-path-traversal shortlink: https://sg.run/DoWj semgrep.dev: rule: rule_id: 2ZUb9l - version_id: 0bT6jQ - url: https://semgrep.dev/playground/r/0bT6jQ/java.jax-rs.security.jax-rs-path-traversal.jax-rs-path-traversal + version_id: d6TD4W + url: https://semgrep.dev/playground/r/d6TD4W/java.jax-rs.security.jax-rs-path-traversal.jax-rs-path-traversal origin: community message: Detected a potential path traversal. A malicious actor could control the location of this file, to include going backwards in the directory with '../'. @@ -9161,13 +9576,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.jboss.security.session_sqli.find-sql-string-concatenation shortlink: https://sg.run/W8kA semgrep.dev: rule: rule_id: X5U8rQ - version_id: qkTK3A - url: https://semgrep.dev/playground/r/qkTK3A/java.jboss.security.session_sqli.find-sql-string-concatenation + version_id: nWT7GB + url: https://semgrep.dev/playground/r/nWT7GB/java.jboss.security.session_sqli.find-sql-string-concatenation origin: community - id: java.lang.security.audit.crlf-injection-logs.crlf-injection-logs message: When data from an untrusted source is put into a logger and not neutralized @@ -9189,13 +9606,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.crlf-injection-logs.crlf-injection-logs shortlink: https://sg.run/wek0 semgrep.dev: rule: rule_id: 8GUjwW - version_id: 9lTnx0 - url: https://semgrep.dev/playground/r/9lTnx0/java.lang.security.audit.crlf-injection-logs.crlf-injection-logs + version_id: 5PT6y8 + url: https://semgrep.dev/playground/r/5PT6y8/java.lang.security.audit.crlf-injection-logs.crlf-injection-logs origin: community severity: WARNING languages: @@ -9285,13 +9704,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.des-is-deprecated.des-is-deprecated shortlink: https://sg.run/5Q73 semgrep.dev: rule: rule_id: PeUZNg - version_id: 0bTNRK - url: https://semgrep.dev/playground/r/0bTNRK/java.lang.security.audit.crypto.des-is-deprecated.des-is-deprecated + version_id: GxT2Dr + url: https://semgrep.dev/playground/r/GxT2Dr/java.lang.security.audit.crypto.des-is-deprecated.des-is-deprecated origin: community severity: WARNING patterns: @@ -9332,13 +9753,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.desede-is-deprecated.desede-is-deprecated shortlink: https://sg.run/Geqn semgrep.dev: rule: rule_id: JDUy8J - version_id: rxT8QK - url: https://semgrep.dev/playground/r/rxT8QK/java.lang.security.audit.crypto.desede-is-deprecated.desede-is-deprecated + version_id: RGTbKq + url: https://semgrep.dev/playground/r/RGTbKq/java.lang.security.audit.crypto.desede-is-deprecated.desede-is-deprecated origin: community severity: WARNING patterns: @@ -9371,13 +9794,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.ecb-cipher.ecb-cipher shortlink: https://sg.run/Ro9K semgrep.dev: rule: rule_id: 5rUOb6 - version_id: bZT42d - url: https://semgrep.dev/playground/r/bZT42d/java.lang.security.audit.crypto.ecb-cipher.ecb-cipher + version_id: A8TR33 + url: https://semgrep.dev/playground/r/A8TR33/java.lang.security.audit.crypto.ecb-cipher.ecb-cipher origin: community message: Cipher in ECB mode is detected. ECB mode produces the same output for the same input each time which allows an attacker to intercept and replay the data. @@ -9409,13 +9834,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.gcm-detection.gcm-detection shortlink: https://sg.run/BLLb semgrep.dev: rule: rule_id: 5rU88R - version_id: 2KTBG7 - url: https://semgrep.dev/playground/r/2KTBG7/java.lang.security.audit.crypto.gcm-detection.gcm-detection + version_id: BjTEeK + url: https://semgrep.dev/playground/r/BjTEeK/java.lang.security.audit.crypto.gcm-detection.gcm-detection origin: community languages: - java @@ -9451,13 +9878,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.gcm-nonce-reuse.gcm-nonce-reuse shortlink: https://sg.run/Dww2 semgrep.dev: rule: rule_id: GdUZZ3 - version_id: kbTZ1q - url: https://semgrep.dev/playground/r/kbTZ1q/java.lang.security.audit.crypto.gcm-nonce-reuse.gcm-nonce-reuse + version_id: DkTQGN + url: https://semgrep.dev/playground/r/DkTQGN/java.lang.security.audit.crypto.gcm-nonce-reuse.gcm-nonce-reuse origin: community languages: - java @@ -9496,13 +9925,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.no-null-cipher.no-null-cipher shortlink: https://sg.run/AvA4 semgrep.dev: rule: rule_id: GdU7pw - version_id: K3TEBo - url: https://semgrep.dev/playground/r/K3TEBo/java.lang.security.audit.crypto.no-null-cipher.no-null-cipher + version_id: WrTbdQ + url: https://semgrep.dev/playground/r/WrTbdQ/java.lang.security.audit.crypto.no-null-cipher.no-null-cipher origin: community message: 'NullCipher was detected. This will not encrypt anything; the cipher text will be the same as the plain text. Use a valid, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). @@ -9537,13 +9968,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.no-static-initialization-vector.no-static-initialization-vector shortlink: https://sg.run/BkB5 semgrep.dev: rule: rule_id: ReUgj1 - version_id: QkTb3o - url: https://semgrep.dev/playground/r/QkTb3o/java.lang.security.audit.crypto.no-static-initialization-vector.no-static-initialization-vector + version_id: 0bTvwe + url: https://semgrep.dev/playground/r/0bTvwe/java.lang.security.audit.crypto.no-static-initialization-vector.no-static-initialization-vector origin: community severity: WARNING languages: @@ -9592,13 +10025,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.rsa-no-padding.rsa-no-padding shortlink: https://sg.run/DoOj semgrep.dev: rule: rule_id: AbUzoj - version_id: qkT6zv - url: https://semgrep.dev/playground/r/qkT6zv/java.lang.security.audit.crypto.rsa-no-padding.rsa-no-padding + version_id: K3TlrK + url: https://semgrep.dev/playground/r/K3TlrK/java.lang.security.audit.crypto.rsa-no-padding.rsa-no-padding origin: community message: Using RSA without OAEP mode weakens the encryption. severity: WARNING @@ -9630,13 +10065,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.lang.security.audit.crypto.unencrypted-socket.unencrypted-socket shortlink: https://sg.run/W8zA semgrep.dev: rule: rule_id: BYUN3X - version_id: X0Tpkd - url: https://semgrep.dev/playground/r/X0Tpkd/java.lang.security.audit.crypto.unencrypted-socket.unencrypted-socket + version_id: 5PT6y3 + url: https://semgrep.dev/playground/r/5PT6y3/java.lang.security.audit.crypto.unencrypted-socket.unencrypted-socket origin: community message: Detected use of a Java socket that is not encrypted. As a result, the traffic could be read by an attacker intercepting the network traffic. Use an SSLSocket @@ -9667,13 +10104,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-aes-ecb.use-of-aes-ecb shortlink: https://sg.run/dB2Y semgrep.dev: rule: rule_id: WAU2yA - version_id: GxTNKz - url: https://semgrep.dev/playground/r/GxTNKz/java.lang.security.audit.crypto.use-of-aes-ecb.use-of-aes-ecb + version_id: GxT2DW + url: https://semgrep.dev/playground/r/GxT2DW/java.lang.security.audit.crypto.use-of-aes-ecb.use-of-aes-ecb origin: community message: 'Use of AES with ECB mode detected. ECB doesn''t provide message confidentiality and is not semantically secure so should not be used. Instead, use a strong, @@ -9702,13 +10141,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-blowfish.use-of-blowfish shortlink: https://sg.run/ZE4n semgrep.dev: rule: rule_id: 0oUR28 - version_id: RGTJZK - url: https://semgrep.dev/playground/r/RGTJZK/java.lang.security.audit.crypto.use-of-blowfish.use-of-blowfish + version_id: RGTbKB + url: https://semgrep.dev/playground/r/RGTbKB/java.lang.security.audit.crypto.use-of-blowfish.use-of-blowfish origin: community message: 'Use of Blowfish was detected. Blowfish uses a 64-bit block size that makes it vulnerable to birthday attacks, and is therefore considered non-compliant. Instead, @@ -9767,13 +10208,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-default-aes.use-of-default-aes shortlink: https://sg.run/nzKO semgrep.dev: rule: rule_id: KxUB7Z - version_id: gETNAO - url: https://semgrep.dev/playground/r/gETNAO/java.lang.security.audit.crypto.use-of-default-aes.use-of-default-aes + version_id: A8TR3x + url: https://semgrep.dev/playground/r/A8TR3x/java.lang.security.audit.crypto.use-of-default-aes.use-of-default-aes origin: community message: 'Use of AES with no settings detected. By default, java.crypto.Cipher uses ECB mode. ECB doesn''t provide message confidentiality and is not semantically @@ -9808,13 +10251,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-md5-digest-utils.use-of-md5-digest-utils shortlink: https://sg.run/AWL2 semgrep.dev: rule: rule_id: BYUGK0 - version_id: yeTbqQ - url: https://semgrep.dev/playground/r/yeTbqQ/java.lang.security.audit.crypto.use-of-md5-digest-utils.use-of-md5-digest-utils + version_id: BjTEe4 + url: https://semgrep.dev/playground/r/BjTEe4/java.lang.security.audit.crypto.use-of-md5-digest-utils.use-of-md5-digest-utils origin: community patterns: - pattern: "$DU.$GET_ALGO().digest(...)\n" @@ -9853,13 +10298,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-md5.use-of-md5 shortlink: https://sg.run/ryJn semgrep.dev: rule: rule_id: KxU5lW - version_id: rxTgnX - url: https://semgrep.dev/playground/r/rxTgnX/java.lang.security.audit.crypto.use-of-md5.use-of-md5 + version_id: DkTQGo + url: https://semgrep.dev/playground/r/DkTQGo/java.lang.security.audit.crypto.use-of-md5.use-of-md5 origin: community patterns: - pattern: 'java.security.MessageDigest.getInstance($ALGO, ...); @@ -9892,13 +10339,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-rc2.use-of-rc2 shortlink: https://sg.run/EEvA semgrep.dev: rule: rule_id: qNUzXG - version_id: BjTqn1 - url: https://semgrep.dev/playground/r/BjTqn1/java.lang.security.audit.crypto.use-of-rc2.use-of-rc2 + version_id: WrTbd2 + url: https://semgrep.dev/playground/r/WrTbd2/java.lang.security.audit.crypto.use-of-rc2.use-of-rc2 origin: community message: 'Use of RC2 was detected. RC2 is vulnerable to related-key attacks, and is therefore considered non-compliant. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). @@ -9927,13 +10376,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-rc4.use-of-rc4 shortlink: https://sg.run/7OYR semgrep.dev: rule: rule_id: lBUw8k - version_id: DkTlZn - url: https://semgrep.dev/playground/r/DkTlZn/java.lang.security.audit.crypto.use-of-rc4.use-of-rc4 + version_id: 0bTvwY + url: https://semgrep.dev/playground/r/0bTvwY/java.lang.security.audit.crypto.use-of-rc4.use-of-rc4 origin: community message: 'Use of RC4 was detected. RC4 is vulnerable to several attacks, including stream cipher attacks and bit flipping attacks. Instead, use a strong, secure @@ -9973,13 +10424,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-sha1.use-of-sha1 shortlink: https://sg.run/bXNp semgrep.dev: rule: rule_id: qNUWNn - version_id: 7ZTY4e - url: https://semgrep.dev/playground/r/7ZTY4e/java.lang.security.audit.crypto.use-of-sha1.use-of-sha1 + version_id: K3TlrD + url: https://semgrep.dev/playground/r/K3TlrD/java.lang.security.audit.crypto.use-of-sha1.use-of-sha1 origin: community pattern-either: - pattern: 'java.security.MessageDigest.getInstance("SHA1", ...); @@ -10014,13 +10467,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.weak-rsa.use-of-weak-rsa-key shortlink: https://sg.run/4x6x semgrep.dev: rule: rule_id: 0oU5P5 - version_id: 8KTL8z - url: https://semgrep.dev/playground/r/8KTL8z/java.lang.security.audit.crypto.weak-rsa.use-of-weak-rsa-key + version_id: l4T5yb + url: https://semgrep.dev/playground/r/l4T5yb/java.lang.security.audit.crypto.weak-rsa.use-of-weak-rsa-key origin: community patterns: - pattern: | @@ -10059,13 +10514,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string shortlink: https://sg.run/OPXp semgrep.dev: rule: rule_id: QrUzxR - version_id: K3T0yp - url: https://semgrep.dev/playground/r/K3T0yp/java.lang.security.audit.formatted-sql-string.formatted-sql-string + version_id: WrTxK0 + url: https://semgrep.dev/playground/r/WrTxK0/java.lang.security.audit.formatted-sql-string.formatted-sql-string origin: community options: taint_assume_safe_numbers: true @@ -10145,13 +10602,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.http-response-splitting.http-response-splitting shortlink: https://sg.run/eL0l semgrep.dev: rule: rule_id: 3qUPyK - version_id: 44TY0Z - url: https://semgrep.dev/playground/r/44TY0Z/java.lang.security.audit.http-response-splitting.http-response-splitting + version_id: zyT5W7 + url: https://semgrep.dev/playground/r/zyT5W7/java.lang.security.audit.http-response-splitting.http-response-splitting origin: community message: Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters. This @@ -10194,13 +10653,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.lang.security.audit.insecure-smtp-connection.insecure-smtp-connection shortlink: https://sg.run/vzN4 semgrep.dev: rule: rule_id: 4bUkrW - version_id: PkTnP1 - url: https://semgrep.dev/playground/r/PkTnP1/java.lang.security.audit.insecure-smtp-connection.insecure-smtp-connection + version_id: pZTrXj + url: https://semgrep.dev/playground/r/pZTrXj/java.lang.security.audit.insecure-smtp-connection.insecure-smtp-connection origin: community message: Insecure SMTP connection detected. This connection will trust any SSL certificate. Enable certificate verification by setting 'email.setSSLCheckServerIdentity(true)'. @@ -10245,13 +10706,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.md5-used-as-password.md5-used-as-password shortlink: https://sg.run/JxEQ semgrep.dev: rule: rule_id: JDULAW - version_id: A8Tno0 - url: https://semgrep.dev/playground/r/A8Tno0/java.lang.security.audit.md5-used-as-password.md5-used-as-password + version_id: 9lTzJg + url: https://semgrep.dev/playground/r/9lTzJg/java.lang.security.audit.md5-used-as-password.md5-used-as-password origin: community mode: taint pattern-sources: @@ -10295,13 +10758,15 @@ rules: - servlets - spring license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.tainted-sql-from-http-request.tainted-sql-from-http-request shortlink: https://sg.run/Lg56 semgrep.dev: rule: rule_id: oqUBJG - version_id: 3ZTvKv - url: https://semgrep.dev/playground/r/3ZTvKv/java.lang.security.audit.sqli.tainted-sql-from-http-request.tainted-sql-from-http-request + version_id: vdT2v5 + url: https://semgrep.dev/playground/r/vdT2v5/java.lang.security.audit.sqli.tainted-sql-from-http-request.tainted-sql-from-http-request origin: community languages: - java @@ -10397,13 +10862,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.lang.security.audit.tainted-cmd-from-http-request.tainted-cmd-from-http-request shortlink: https://sg.run/8zPN semgrep.dev: rule: rule_id: zdUWrg - version_id: gETQgp - url: https://semgrep.dev/playground/r/gETQgp/java.lang.security.audit.tainted-cmd-from-http-request.tainted-cmd-from-http-request + version_id: nWT7nG + url: https://semgrep.dev/playground/r/nWT7nG/java.lang.security.audit.tainted-cmd-from-http-request.tainted-cmd-from-http-request origin: community - id: java.lang.security.audit.tainted-ldapi-from-http-request.tainted-ldapi-from-http-request message: Detected input from a HTTPServletRequest going into an LDAP query. This @@ -10428,13 +10895,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - LDAP Injection source: https://semgrep.dev/r/java.lang.security.audit.tainted-ldapi-from-http-request.tainted-ldapi-from-http-request shortlink: https://sg.run/gRg0 semgrep.dev: rule: rule_id: pKUXAv - version_id: BjTG3R - url: https://semgrep.dev/playground/r/BjTG3R/java.lang.security.audit.tainted-ldapi-from-http-request.tainted-ldapi-from-http-request + version_id: ExTn1r + url: https://semgrep.dev/playground/r/ExTn1r/java.lang.security.audit.tainted-ldapi-from-http-request.tainted-ldapi-from-http-request origin: community severity: WARNING languages: @@ -10514,13 +10983,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/java.lang.security.audit.tainted-session-from-http-request.tainted-session-from-http-request shortlink: https://sg.run/QbDZ semgrep.dev: rule: rule_id: 2ZU7Eo - version_id: QkTedR - url: https://semgrep.dev/playground/r/QkTedR/java.lang.security.audit.tainted-session-from-http-request.tainted-session-from-http-request + version_id: 7ZTObb + url: https://semgrep.dev/playground/r/7ZTObb/java.lang.security.audit.tainted-session-from-http-request.tainted-session-from-http-request origin: community - id: java.lang.security.audit.tainted-xpath-from-http-request.tainted-xpath-from-http-request message: Detected input from a HTTPServletRequest going into a XPath evaluate or @@ -10557,13 +11028,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XPath Injection source: https://semgrep.dev/r/java.lang.security.audit.tainted-xpath-from-http-request.tainted-xpath-from-http-request shortlink: https://sg.run/3BvK semgrep.dev: rule: rule_id: X5U5nj - version_id: 3ZT0jK - url: https://semgrep.dev/playground/r/3ZT0jK/java.lang.security.audit.tainted-xpath-from-http-request.tainted-xpath-from-http-request + version_id: LjT0zX + url: https://semgrep.dev/playground/r/LjT0zX/java.lang.security.audit.tainted-xpath-from-http-request.tainted-xpath-from-http-request origin: community - id: java.lang.security.audit.unvalidated-redirect.unvalidated-redirect message: Application redirects to a destination URL specified by a user-supplied @@ -10591,13 +11064,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/java.lang.security.audit.unvalidated-redirect.unvalidated-redirect shortlink: https://sg.run/Q51P semgrep.dev: rule: rule_id: WAUo0p - version_id: K3TOWL - url: https://semgrep.dev/playground/r/K3TOWL/java.lang.security.audit.unvalidated-redirect.unvalidated-redirect + version_id: gETqkO + url: https://semgrep.dev/playground/r/gETqkO/java.lang.security.audit.unvalidated-redirect.unvalidated-redirect origin: community severity: WARNING languages: @@ -10720,13 +11195,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.lang.security.audit.url-rewriting.url-rewriting shortlink: https://sg.run/3x7b semgrep.dev: rule: rule_id: 0oU5j3 - version_id: qkTK87 - url: https://semgrep.dev/playground/r/qkTK87/java.lang.security.audit.url-rewriting.url-rewriting + version_id: QkTJ1G + url: https://semgrep.dev/playground/r/QkTJ1G/java.lang.security.audit.url-rewriting.url-rewriting origin: community severity: WARNING languages: @@ -10818,13 +11295,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xxe.documentbuilderfactory-disallow-doctype-decl-false.documentbuilderfactory-disallow-doctype-decl-false shortlink: https://sg.run/4Dv5 semgrep.dev: rule: rule_id: j2UrJ8 - version_id: l4T04G - url: https://semgrep.dev/playground/r/l4T04G/java.lang.security.audit.xxe.documentbuilderfactory-disallow-doctype-decl-false.documentbuilderfactory-disallow-doctype-decl-false + version_id: BjTEK4 + url: https://semgrep.dev/playground/r/BjTEK4/java.lang.security.audit.xxe.documentbuilderfactory-disallow-doctype-decl-false.documentbuilderfactory-disallow-doctype-decl-false origin: community message: DOCTYPE declarations are enabled for $DBFACTORY. Without prohibiting external entity declarations, this is vulnerable to XML external entity attacks. Disable @@ -10899,13 +11378,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xxe.documentbuilderfactory-disallow-doctype-decl-missing.documentbuilderfactory-disallow-doctype-decl-missing shortlink: https://sg.run/PYBz semgrep.dev: rule: rule_id: 10UPQB - version_id: 3ZTz1w - url: https://semgrep.dev/playground/r/3ZTz1w/java.lang.security.audit.xxe.documentbuilderfactory-disallow-doctype-decl-missing.documentbuilderfactory-disallow-doctype-decl-missing + version_id: DkTQ2o + url: https://semgrep.dev/playground/r/DkTQ2o/java.lang.security.audit.xxe.documentbuilderfactory-disallow-doctype-decl-missing.documentbuilderfactory-disallow-doctype-decl-missing origin: community message: DOCTYPE declarations are enabled for this DocumentBuilderFactory. This is vulnerable to XML external entity attacks. Disable this by setting the feature @@ -11058,13 +11539,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xxe.documentbuilderfactory-external-general-entities-true.documentbuilderfactory-external-general-entities-true shortlink: https://sg.run/JgPy semgrep.dev: rule: rule_id: 9AUJ6r - version_id: YDT7p9 - url: https://semgrep.dev/playground/r/YDT7p9/java.lang.security.audit.xxe.documentbuilderfactory-external-general-entities-true.documentbuilderfactory-external-general-entities-true + version_id: WrTbY2 + url: https://semgrep.dev/playground/r/WrTbY2/java.lang.security.audit.xxe.documentbuilderfactory-external-general-entities-true.documentbuilderfactory-external-general-entities-true origin: community message: External entities are allowed for $DBFACTORY. This is vulnerable to XML external entity attacks. Disable this by setting the feature "http://xml.org/sax/features/external-general-entities" @@ -11104,13 +11587,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xxe.documentbuilderfactory-external-parameter-entities-true.documentbuilderfactory-external-parameter-entities-true shortlink: https://sg.run/5Lv0 semgrep.dev: rule: rule_id: yyUNeo - version_id: JdTjNr - url: https://semgrep.dev/playground/r/JdTjNr/java.lang.security.audit.xxe.documentbuilderfactory-external-parameter-entities-true.documentbuilderfactory-external-parameter-entities-true + version_id: 0bTvpY + url: https://semgrep.dev/playground/r/0bTvpY/java.lang.security.audit.xxe.documentbuilderfactory-external-parameter-entities-true.documentbuilderfactory-external-parameter-entities-true origin: community message: External entities are allowed for $DBFACTORY. This is vulnerable to XML external entity attacks. Disable this by setting the feature "http://xml.org/sax/features/external-parameter-entities" @@ -11151,13 +11636,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xxe.saxparserfactory-disallow-doctype-decl-missing.saxparserfactory-disallow-doctype-decl-missing shortlink: https://sg.run/Gj32 semgrep.dev: rule: rule_id: j2Udpk - version_id: 44TnNX - url: https://semgrep.dev/playground/r/44TnNX/java.lang.security.audit.xxe.saxparserfactory-disallow-doctype-decl-missing.saxparserfactory-disallow-doctype-decl-missing + version_id: K3TlwD + url: https://semgrep.dev/playground/r/K3TlwD/java.lang.security.audit.xxe.saxparserfactory-disallow-doctype-decl-missing.saxparserfactory-disallow-doctype-decl-missing origin: community message: DOCTYPE declarations are enabled for this SAXParserFactory. This is vulnerable to XML external entity attacks. Disable this by setting the feature `http://apache.org/xml/features/disallow-doctype-decl` @@ -11313,13 +11800,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xxe.transformerfactory-dtds-not-disabled.transformerfactory-dtds-not-disabled shortlink: https://sg.run/1wyQ semgrep.dev: rule: rule_id: v8UeQ1 - version_id: 7ZTyKK - url: https://semgrep.dev/playground/r/7ZTyKK/java.lang.security.audit.xxe.transformerfactory-dtds-not-disabled.transformerfactory-dtds-not-disabled + version_id: qkTNpE + url: https://semgrep.dev/playground/r/qkTNpE/java.lang.security.audit.xxe.transformerfactory-dtds-not-disabled.transformerfactory-dtds-not-disabled origin: community message: DOCTYPE declarations are enabled for this TransformerFactory. This is vulnerable to XML external entity attacks. Disable this by setting the attributes "accessExternalDTD" @@ -11492,13 +11981,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/java.lang.security.httpservlet-path-traversal.httpservlet-path-traversal shortlink: https://sg.run/oxXN semgrep.dev: rule: rule_id: NbUk7X - version_id: bZT4eN - url: https://semgrep.dev/playground/r/bZT4eN/java.lang.security.httpservlet-path-traversal.httpservlet-path-traversal + version_id: YDToYW + url: https://semgrep.dev/playground/r/YDToYW/java.lang.security.httpservlet-path-traversal.httpservlet-path-traversal origin: community message: Detected a potential path traversal. A malicious actor could control the location of this file, to include going backwards in the directory with '../'. @@ -11564,13 +12055,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.lang.security.insecure-jms-deserialization.insecure-jms-deserialization shortlink: https://sg.run/zvO1 semgrep.dev: rule: rule_id: kxUk12 - version_id: NdTQ2N - url: https://semgrep.dev/playground/r/NdTQ2N/java.lang.security.insecure-jms-deserialization.insecure-jms-deserialization + version_id: 6xTeyB + url: https://semgrep.dev/playground/r/6xTeyB/java.lang.security.insecure-jms-deserialization.insecure-jms-deserialization origin: community message: JMS Object messages depend on Java Serialization for marshalling/unmarshalling of the message payload when ObjectMessage.getObject() is called. Deserialization @@ -11616,13 +12109,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/java.lang.security.servletresponse-writer-xss.servletresponse-writer-xss shortlink: https://sg.run/pxjN semgrep.dev: rule: rule_id: wdUJOk - version_id: kbTZl6 - url: https://semgrep.dev/playground/r/kbTZl6/java.lang.security.servletresponse-writer-xss.servletresponse-writer-xss + version_id: zyT5G7 + url: https://semgrep.dev/playground/r/zyT5G7/java.lang.security.servletresponse-writer-xss.servletresponse-writer-xss origin: community severity: ERROR patterns: @@ -11665,13 +12160,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.xmlinputfactory-possible-xxe.xmlinputfactory-possible-xxe shortlink: https://sg.run/XBwA semgrep.dev: rule: rule_id: OrU35O - version_id: 5PT2zX - url: https://semgrep.dev/playground/r/5PT2zX/java.lang.security.xmlinputfactory-possible-xxe.xmlinputfactory-possible-xxe + version_id: X0TPAy + url: https://semgrep.dev/playground/r/X0TPAy/java.lang.security.xmlinputfactory-possible-xxe.xmlinputfactory-possible-xxe origin: community message: XML external entities are not explicitly disabled for this XMLInputFactory. This could be vulnerable to XML external entity vulnerabilities. Explicitly disable @@ -11736,13 +12233,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.spring.security.audit.spring-actuator-fully-enabled-yaml.spring-actuator-fully-enabled-yaml shortlink: https://sg.run/1Bzw semgrep.dev: rule: rule_id: eqUerQ - version_id: ExTYDv - url: https://semgrep.dev/playground/r/ExTYDv/java.spring.security.audit.spring-actuator-fully-enabled-yaml.spring-actuator-fully-enabled-yaml + version_id: NdT1en + url: https://semgrep.dev/playground/r/NdT1en/java.spring.security.audit.spring-actuator-fully-enabled-yaml.spring-actuator-fully-enabled-yaml origin: community - id: java.spring.security.audit.spring-actuator-fully-enabled.spring-actuator-fully-enabled pattern: management.endpoints.web.exposure.include=* @@ -11776,13 +12275,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.spring.security.audit.spring-actuator-fully-enabled.spring-actuator-fully-enabled shortlink: https://sg.run/L0vY semgrep.dev: rule: rule_id: EwU4vg - version_id: 7ZTY9P - url: https://semgrep.dev/playground/r/7ZTY9P/java.spring.security.audit.spring-actuator-fully-enabled.spring-actuator-fully-enabled + version_id: kbT7YK + url: https://semgrep.dev/playground/r/kbT7YK/java.spring.security.audit.spring-actuator-fully-enabled.spring-actuator-fully-enabled origin: community - id: java.spring.security.audit.spring-actuator-non-health-enabled-yaml.spring-actuator-dangerous-endpoints-enabled-yaml patterns: @@ -11828,13 +12329,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.spring.security.audit.spring-actuator-non-health-enabled-yaml.spring-actuator-dangerous-endpoints-enabled-yaml shortlink: https://sg.run/JzKQ semgrep.dev: rule: rule_id: kxUWpX - version_id: LjTpbl - url: https://semgrep.dev/playground/r/LjTpbl/java.spring.security.audit.spring-actuator-non-health-enabled-yaml.spring-actuator-dangerous-endpoints-enabled-yaml + version_id: w8T3K9 + url: https://semgrep.dev/playground/r/w8T3K9/java.spring.security.audit.spring-actuator-non-health-enabled-yaml.spring-actuator-dangerous-endpoints-enabled-yaml origin: community - id: java.spring.security.audit.spring-actuator-non-health-enabled.spring-actuator-dangerous-endpoints-enabled patterns: @@ -11869,13 +12372,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.spring.security.audit.spring-actuator-non-health-enabled.spring-actuator-dangerous-endpoints-enabled shortlink: https://sg.run/5g23 semgrep.dev: rule: rule_id: wdUWrZ - version_id: 8KTLkL - url: https://semgrep.dev/playground/r/8KTLkL/java.spring.security.audit.spring-actuator-non-health-enabled.spring-actuator-dangerous-endpoints-enabled + version_id: xyT4qv + url: https://semgrep.dev/playground/r/xyT4qv/java.spring.security.audit.spring-actuator-non-health-enabled.spring-actuator-dangerous-endpoints-enabled origin: community - id: java.spring.security.audit.spring-sqli.spring-sqli mode: taint @@ -11947,13 +12452,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.spring.security.audit.spring-sqli.spring-sqli shortlink: https://sg.run/1Z3x semgrep.dev: rule: rule_id: eqU8N2 - version_id: l4TjPP - url: https://semgrep.dev/playground/r/l4TjPP/java.spring.security.audit.spring-sqli.spring-sqli + version_id: 0bTOzP + url: https://semgrep.dev/playground/r/0bTOzP/java.spring.security.audit.spring-sqli.spring-sqli origin: community - id: java.spring.security.audit.spring-unvalidated-redirect.spring-unvalidated-redirect message: Application redirects a user to a destination URL specified by a user supplied @@ -11975,13 +12482,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/java.spring.security.audit.spring-unvalidated-redirect.spring-unvalidated-redirect shortlink: https://sg.run/9oXz semgrep.dev: rule: rule_id: v8Un7w - version_id: 44TYPN - url: https://semgrep.dev/playground/r/44TYPN/java.spring.security.audit.spring-unvalidated-redirect.spring-unvalidated-redirect + version_id: d6TDPl + url: https://semgrep.dev/playground/r/d6TDPl/java.spring.security.audit.spring-unvalidated-redirect.spring-unvalidated-redirect origin: community severity: WARNING languages: @@ -12040,13 +12549,15 @@ rules: confidence: HIGH interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/java.spring.security.injection.tainted-file-path.tainted-file-path shortlink: https://sg.run/x9o0 semgrep.dev: rule: rule_id: lBUxok - version_id: pZTYKW - url: https://semgrep.dev/playground/r/pZTYKW/java.spring.security.injection.tainted-file-path.tainted-file-path + version_id: nWT7pG + url: https://semgrep.dev/playground/r/nWT7pG/java.spring.security.injection.tainted-file-path.tainted-file-path origin: community mode: taint pattern-sources: @@ -12125,13 +12636,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/java.spring.security.injection.tainted-html-string.tainted-html-string shortlink: https://sg.run/ObdR semgrep.dev: rule: rule_id: YGUvkL - version_id: 2KTjgg - url: https://semgrep.dev/playground/r/2KTjgg/java.spring.security.injection.tainted-html-string.tainted-html-string + version_id: ExTngr + url: https://semgrep.dev/playground/r/ExTngr/java.spring.security.injection.tainted-html-string.tainted-html-string origin: community mode: taint pattern-sources: @@ -12241,13 +12754,15 @@ rules: impact: MEDIUM confidence: MEDIUM interfile: true + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.spring.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/9rzz semgrep.dev: rule: rule_id: 10UdRR - version_id: rxTZn4 - url: https://semgrep.dev/playground/r/rxTZn4/java.spring.security.injection.tainted-sql-string.tainted-sql-string + version_id: K3Tykq + url: https://semgrep.dev/playground/r/K3Tykq/java.spring.security.injection.tainted-sql-string.tainted-sql-string origin: community options: taint_assume_safe_numbers: true @@ -12409,13 +12924,15 @@ rules: likelihood: HIGH impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.spring.security.injection.tainted-system-command.tainted-system-command shortlink: https://sg.run/epY0 semgrep.dev: rule: rule_id: 6JUxGN - version_id: jQT2bK - url: https://semgrep.dev/playground/r/jQT2bK/java.spring.security.injection.tainted-system-command.tainted-system-command + version_id: LjT0XX + url: https://semgrep.dev/playground/r/LjT0XX/java.spring.security.injection.tainted-system-command.tainted-system-command origin: community - id: java.spring.security.injection.tainted-url-host.tainted-url-host languages: @@ -12448,13 +12965,15 @@ rules: confidence: MEDIUM interfile: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/java.spring.security.injection.tainted-url-host.tainted-url-host shortlink: https://sg.run/vkYn semgrep.dev: rule: rule_id: oqUZo8 - version_id: 1QTv9x - url: https://semgrep.dev/playground/r/1QTv9x/java.spring.security.injection.tainted-url-host.tainted-url-host + version_id: 8KTbK9 + url: https://semgrep.dev/playground/r/8KTbK9/java.spring.security.injection.tainted-url-host.tainted-url-host origin: community mode: taint pattern-sources: @@ -12533,13 +13052,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-element-methods.detect-angular-element-methods shortlink: https://sg.run/ydnO semgrep.dev: rule: rule_id: d8Ujdo - version_id: 5PTgLQ - url: https://semgrep.dev/playground/r/5PTgLQ/javascript.angular.security.detect-angular-element-methods.detect-angular-element-methods + version_id: 3ZTdOR + url: https://semgrep.dev/playground/r/3ZTdOR/javascript.angular.security.detect-angular-element-methods.detect-angular-element-methods origin: community languages: - javascript @@ -12606,13 +13127,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-element-taint.detect-angular-element-taint shortlink: https://sg.run/5AQ0 semgrep.dev: rule: rule_id: GdUP71 - version_id: GxTdry - url: https://semgrep.dev/playground/r/GxTdry/javascript.angular.security.detect-angular-element-taint.detect-angular-element-taint + version_id: 44ToZb + url: https://semgrep.dev/playground/r/44ToZb/javascript.angular.security.detect-angular-element-taint.detect-angular-element-taint origin: community languages: - javascript @@ -12695,13 +13218,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-sce-disabled.detect-angular-sce-disabled shortlink: https://sg.run/N4DG semgrep.dev: rule: rule_id: EwU20Z - version_id: NdTW6W - url: https://semgrep.dev/playground/r/NdTW6W/javascript.angular.security.detect-angular-sce-disabled.detect-angular-sce-disabled + version_id: 5PT693 + url: https://semgrep.dev/playground/r/5PT693/javascript.angular.security.detect-angular-sce-disabled.detect-angular-sce-disabled origin: community languages: - javascript @@ -12732,13 +13257,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-method.detect-angular-trust-as-method shortlink: https://sg.run/OPW2 semgrep.dev: rule: rule_id: gxU1QX - version_id: zyTeJ5 - url: https://semgrep.dev/playground/r/zyTeJ5/javascript.angular.security.detect-angular-trust-as-method.detect-angular-trust-as-method + version_id: BjTE14 + url: https://semgrep.dev/playground/r/BjTE14/javascript.angular.security.detect-angular-trust-as-method.detect-angular-trust-as-method origin: community languages: - javascript @@ -12779,13 +13306,15 @@ rules: likelihood: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/javascript.argon2.security.unsafe-argon2-config.unsafe-argon2-config shortlink: https://sg.run/ALq4 semgrep.dev: rule: rule_id: DbU2X8 - version_id: 1QTXNz - url: https://semgrep.dev/playground/r/1QTXNz/javascript.argon2.security.unsafe-argon2-config.unsafe-argon2-config + version_id: qkTN4E + url: https://semgrep.dev/playground/r/qkTN4E/javascript.argon2.security.unsafe-argon2-config.unsafe-argon2-config origin: community languages: - javascript @@ -12833,13 +13362,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.detect-child-process.detect-child-process shortlink: https://sg.run/Ggoq semgrep.dev: rule: rule_id: r6UDNQ - version_id: 0bTjPj - url: https://semgrep.dev/playground/r/0bTjPj/javascript.aws-lambda.security.detect-child-process.detect-child-process + version_id: YDTovW + url: https://semgrep.dev/playground/r/YDTovW/javascript.aws-lambda.security.detect-child-process.detect-child-process origin: community languages: - javascript @@ -12904,13 +13435,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/javascript.aws-lambda.security.dynamodb-request-object.dynamodb-request-object shortlink: https://sg.run/X1e4 semgrep.dev: rule: rule_id: 0oU1xk - version_id: K3T1WW - url: https://semgrep.dev/playground/r/K3T1WW/javascript.aws-lambda.security.dynamodb-request-object.dynamodb-request-object + version_id: JdTqDX + url: https://semgrep.dev/playground/r/JdTqDX/javascript.aws-lambda.security.dynamodb-request-object.dynamodb-request-object origin: community languages: - javascript @@ -12984,13 +13517,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.knex-sqli.knex-sqli shortlink: https://sg.run/RgWq semgrep.dev: rule: rule_id: bwUBlj - version_id: qkT38n - url: https://semgrep.dev/playground/r/qkT38n/javascript.aws-lambda.security.knex-sqli.knex-sqli + version_id: 5PT69b + url: https://semgrep.dev/playground/r/5PT69b/javascript.aws-lambda.security.knex-sqli.knex-sqli origin: community languages: - javascript @@ -13055,13 +13590,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.mysql-sqli.mysql-sqli shortlink: https://sg.run/A502 semgrep.dev: rule: rule_id: NbUBJ2 - version_id: l4TGnD - url: https://semgrep.dev/playground/r/l4TGnD/javascript.aws-lambda.security.mysql-sqli.mysql-sqli + version_id: GxT2Pd + url: https://semgrep.dev/playground/r/GxT2Pd/javascript.aws-lambda.security.mysql-sqli.mysql-sqli origin: community languages: - javascript @@ -13137,13 +13674,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.pg-sqli.pg-sqli shortlink: https://sg.run/BGKA semgrep.dev: rule: rule_id: kxU25P - version_id: YDTd9e - url: https://semgrep.dev/playground/r/YDTd9e/javascript.aws-lambda.security.pg-sqli.pg-sqli + version_id: RGTbAG + url: https://semgrep.dev/playground/r/RGTbAG/javascript.aws-lambda.security.pg-sqli.pg-sqli origin: community languages: - javascript @@ -13206,13 +13745,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.sequelize-sqli.sequelize-sqli shortlink: https://sg.run/DAlP semgrep.dev: rule: rule_id: wdUA5o - version_id: 6xTNPo - url: https://semgrep.dev/playground/r/6xTNPo/javascript.aws-lambda.security.sequelize-sqli.sequelize-sqli + version_id: A8TRJl + url: https://semgrep.dev/playground/r/A8TRJl/javascript.aws-lambda.security.sequelize-sqli.sequelize-sqli origin: community languages: - javascript @@ -13270,13 +13811,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.tainted-eval.tainted-eval shortlink: https://sg.run/WjY2 semgrep.dev: rule: rule_id: x8UNw5 - version_id: o5T68N - url: https://semgrep.dev/playground/r/o5T68N/javascript.aws-lambda.security.tainted-eval.tainted-eval + version_id: BjTE1Z + url: https://semgrep.dev/playground/r/BjTE1Z/javascript.aws-lambda.security.tainted-eval.tainted-eval origin: community languages: - javascript @@ -13331,13 +13874,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.aws-lambda.security.tainted-html-response.tainted-html-response shortlink: https://sg.run/0Gvj semgrep.dev: rule: rule_id: OrUJBY - version_id: zyTE7p - url: https://semgrep.dev/playground/r/zyTE7p/javascript.aws-lambda.security.tainted-html-response.tainted-html-response + version_id: DkTQNj + url: https://semgrep.dev/playground/r/DkTQNj/javascript.aws-lambda.security.tainted-html-response.tainted-html-response origin: community languages: - javascript @@ -13391,13 +13936,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.aws-lambda.security.tainted-html-string.tainted-html-string shortlink: https://sg.run/Lgqr semgrep.dev: rule: rule_id: PeUxwW - version_id: e1TAK1 - url: https://semgrep.dev/playground/r/e1TAK1/javascript.aws-lambda.security.tainted-html-string.tainted-html-string + version_id: WrTbE1 + url: https://semgrep.dev/playground/r/WrTbE1/javascript.aws-lambda.security.tainted-html-string.tainted-html-string origin: community languages: - javascript @@ -13470,13 +14017,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/KgJ5 semgrep.dev: rule: rule_id: eqUDqW - version_id: vdT3Q8 - url: https://semgrep.dev/playground/r/vdT3Q8/javascript.aws-lambda.security.tainted-sql-string.tainted-sql-string + version_id: 0bTv1A + url: https://semgrep.dev/playground/r/0bTv1A/javascript.aws-lambda.security.tainted-sql-string.tainted-sql-string origin: community languages: - javascript @@ -13543,13 +14092,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.aws-lambda.security.vm-runincontext-injection.vm-runincontext-injection shortlink: https://sg.run/q9w7 semgrep.dev: rule: rule_id: v8UOdZ - version_id: d6Tbgy - url: https://semgrep.dev/playground/r/d6Tbgy/javascript.aws-lambda.security.vm-runincontext-injection.vm-runincontext-injection + version_id: K3TlJp + url: https://semgrep.dev/playground/r/K3TlJp/javascript.aws-lambda.security.vm-runincontext-injection.vm-runincontext-injection origin: community languages: - javascript @@ -13614,13 +14165,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.bluebird.security.audit.tofastproperties-code-execution.tofastproperties-code-execution shortlink: https://sg.run/ndnZ semgrep.dev: rule: rule_id: JDUy9J - version_id: ZRTyd2 - url: https://semgrep.dev/playground/r/ZRTyd2/javascript.bluebird.security.audit.tofastproperties-code-execution.tofastproperties-code-execution + version_id: qkTN4N + url: https://semgrep.dev/playground/r/qkTN4N/javascript.bluebird.security.audit.tofastproperties-code-execution.tofastproperties-code-execution origin: community languages: - javascript @@ -13672,13 +14225,15 @@ rules: - vuln likelihood: HIGH impact: MEDIUM + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/javascript.browser.security.open-redirect.js-open-redirect shortlink: https://sg.run/3xRe semgrep.dev: rule: rule_id: WAUopl - version_id: A8ToQB - url: https://semgrep.dev/playground/r/A8ToQB/javascript.browser.security.open-redirect.js-open-redirect + version_id: X0TPxZ + url: https://semgrep.dev/playground/r/X0TPxZ/javascript.browser.security.open-redirect.js-open-redirect origin: community languages: - javascript @@ -13773,13 +14328,15 @@ rules: likelihood: MEDIUM impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.browser.security.raw-html-concat.raw-html-concat shortlink: https://sg.run/4xAx semgrep.dev: rule: rule_id: 0oU5b5 - version_id: WrTDQ3 - url: https://semgrep.dev/playground/r/WrTDQ3/javascript.browser.security.raw-html-concat.raw-html-concat + version_id: jQTKYR + url: https://semgrep.dev/playground/r/jQTKYR/javascript.browser.security.raw-html-concat.raw-html-concat origin: community languages: - javascript @@ -13947,13 +14504,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-compilescript-injection.chrome-remote-interface-compilescript-injection shortlink: https://sg.run/J9kj semgrep.dev: rule: rule_id: qNUjnb - version_id: 5PTYGR - url: https://semgrep.dev/playground/r/5PTYGR/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-compilescript-injection.chrome-remote-interface-compilescript-injection + version_id: yeTX2N + url: https://semgrep.dev/playground/r/yeTX2N/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-compilescript-injection.chrome-remote-interface-compilescript-injection origin: community languages: - javascript @@ -14004,13 +14563,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.deno.security.audit.deno-dangerous-run.deno-dangerous-run shortlink: https://sg.run/Nrrn semgrep.dev: rule: rule_id: x8UWWg - version_id: DkTeyA - url: https://semgrep.dev/playground/r/DkTeyA/javascript.deno.security.audit.deno-dangerous-run.deno-dangerous-run + version_id: w8T3nR + url: https://semgrep.dev/playground/r/w8T3nR/javascript.deno.security.audit.deno-dangerous-run.deno-dangerous-run origin: community languages: - javascript @@ -14062,13 +14623,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/javascript.express.security.audit.express-check-directory-listing.express-check-directory-listing shortlink: https://sg.run/DX2G semgrep.dev: rule: rule_id: x8UqEb - version_id: jQT83O - url: https://semgrep.dev/playground/r/jQT83O/javascript.express.security.audit.express-check-directory-listing.express-check-directory-listing + version_id: e1Tx1b + url: https://semgrep.dev/playground/r/e1Tx1b/javascript.express.security.audit.express-check-directory-listing.express-check-directory-listing origin: community languages: - javascript @@ -14122,13 +14685,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-default-name shortlink: https://sg.run/1Z5x semgrep.dev: rule: rule_id: eqU8k2 - version_id: kbTvW0 - url: https://semgrep.dev/playground/r/kbTvW0/javascript.express.security.audit.express-cookie-settings.express-cookie-session-default-name + version_id: vdT2Nd + url: https://semgrep.dev/playground/r/vdT2Nd/javascript.express.security.audit.express-cookie-settings.express-cookie-session-default-name origin: community patterns: - pattern-either: @@ -14177,13 +14742,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-domain shortlink: https://sg.run/rd41 semgrep.dev: rule: rule_id: ZqU5Pn - version_id: O9TLQ9 - url: https://semgrep.dev/playground/r/O9TLQ9/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-domain + version_id: nWT7Pd + url: https://semgrep.dev/playground/r/nWT7Pd/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-domain origin: community patterns: - pattern-either: @@ -14249,13 +14816,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-expires shortlink: https://sg.run/N4eG semgrep.dev: rule: rule_id: EwU2DZ - version_id: vdTbLe - url: https://semgrep.dev/playground/r/vdTbLe/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-expires + version_id: 7ZTOoJ + url: https://semgrep.dev/playground/r/7ZTOoJ/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-expires origin: community patterns: - pattern-either: @@ -14322,13 +14891,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-httponly shortlink: https://sg.run/ydBO semgrep.dev: rule: rule_id: d8UjGo - version_id: xyTbRg - url: https://semgrep.dev/playground/r/xyTbRg/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-httponly + version_id: ZRTwNy + url: https://semgrep.dev/playground/r/ZRTwNy/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-httponly origin: community patterns: - pattern-either: @@ -14395,13 +14966,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-path shortlink: https://sg.run/b7pd semgrep.dev: rule: rule_id: nJUz4X - version_id: e1TP45 - url: https://semgrep.dev/playground/r/e1TP45/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-path + version_id: ExTnNb + url: https://semgrep.dev/playground/r/ExTnNb/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-path origin: community patterns: - pattern-either: @@ -14467,13 +15040,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-secure shortlink: https://sg.run/9oKz semgrep.dev: rule: rule_id: v8Unzw - version_id: w8TgWB - url: https://semgrep.dev/playground/r/w8TgWB/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-secure + version_id: d6TDAp + url: https://semgrep.dev/playground/r/d6TDAp/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-secure origin: community patterns: - pattern-either: @@ -14540,13 +15115,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.express-jwt-not-revoked.express-jwt-not-revoked shortlink: https://sg.run/kXNo semgrep.dev: rule: rule_id: 7KUQ9k - version_id: YDT8by - url: https://semgrep.dev/playground/r/YDT8by/javascript.express.security.audit.express-jwt-not-revoked.express-jwt-not-revoked + version_id: 8KTb9O + url: https://semgrep.dev/playground/r/8KTb9O/javascript.express.security.audit.express-jwt-not-revoked.express-jwt-not-revoked origin: community languages: - javascript @@ -14587,13 +15164,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.express.security.audit.express-libxml-noent.express-libxml-noent shortlink: https://sg.run/Z75x semgrep.dev: rule: rule_id: pKUNeD - version_id: pZT57B - url: https://semgrep.dev/playground/r/pZT57B/javascript.express.security.audit.express-libxml-noent.express-libxml-noent + version_id: gETqxo + url: https://semgrep.dev/playground/r/gETqxo/javascript.express.security.audit.express-libxml-noent.express-libxml-noent origin: community languages: - javascript @@ -14677,13 +15256,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/javascript.express.security.audit.express-open-redirect.express-open-redirect shortlink: https://sg.run/EpoP semgrep.dev: rule: rule_id: X5ULkq - version_id: 2KT9J1 - url: https://semgrep.dev/playground/r/2KT9J1/javascript.express.security.audit.express-open-redirect.express-open-redirect + version_id: 3ZTdQZ + url: https://semgrep.dev/playground/r/3ZTdQZ/javascript.express.security.audit.express-open-redirect.express-open-redirect origin: community languages: - javascript @@ -14795,13 +15376,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal shortlink: https://sg.run/weRn semgrep.dev: rule: rule_id: L1Uyb8 - version_id: X0Tr63 - url: https://semgrep.dev/playground/r/X0Tr63/javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal + version_id: 44Tolp + url: https://semgrep.dev/playground/r/44Tolp/javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal origin: community languages: - javascript @@ -14896,13 +15479,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/javascript.express.security.audit.express-res-sendfile.express-res-sendfile shortlink: https://sg.run/7DJk semgrep.dev: rule: rule_id: j2UzDx - version_id: jQTo7O - url: https://semgrep.dev/playground/r/jQTo7O/javascript.express.security.audit.express-res-sendfile.express-res-sendfile + version_id: PkTY14 + url: https://semgrep.dev/playground/r/PkTY14/javascript.express.security.audit.express-res-sendfile.express-res-sendfile origin: community languages: - javascript @@ -14984,13 +15569,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.express.security.audit.express-session-hardcoded-secret.express-session-hardcoded-secret shortlink: https://sg.run/LYvG semgrep.dev: rule: rule_id: 10Uo39 - version_id: DkTr1r - url: https://semgrep.dev/playground/r/DkTr1r/javascript.express.security.audit.express-session-hardcoded-secret.express-session-hardcoded-secret + version_id: JdTqpX + url: https://semgrep.dev/playground/r/JdTqpX/javascript.express.security.audit.express-session-hardcoded-secret.express-session-hardcoded-secret origin: community languages: - javascript @@ -15045,13 +15632,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.express.security.audit.express-ssrf.express-ssrf shortlink: https://sg.run/0PNw semgrep.dev: rule: rule_id: eqU9l2 - version_id: 6xTwWX - url: https://semgrep.dev/playground/r/6xTwWX/javascript.express.security.audit.express-ssrf.express-ssrf + version_id: 5PT6Ab + url: https://semgrep.dev/playground/r/5PT6Ab/javascript.express.security.audit.express-ssrf.express-ssrf origin: community languages: - javascript @@ -15237,13 +15826,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/javascript.express.security.audit.express-third-party-object-deserialization.express-third-party-object-deserialization shortlink: https://sg.run/8W5j semgrep.dev: rule: rule_id: 9AUyqj - version_id: yeTEA3 - url: https://semgrep.dev/playground/r/yeTEA3/javascript.express.security.audit.express-third-party-object-deserialization.express-third-party-object-deserialization + version_id: GxT26d + url: https://semgrep.dev/playground/r/GxT26d/javascript.express.security.audit.express-third-party-object-deserialization.express-third-party-object-deserialization origin: community languages: - javascript @@ -15328,13 +15919,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.express.security.audit.express-xml2json-xxe-event.express-xml2json-xxe-event shortlink: https://sg.run/x1AA semgrep.dev: rule: rule_id: 8GUjkk - version_id: 0bT6z7 - url: https://semgrep.dev/playground/r/0bT6z7/javascript.express.security.audit.express-xml2json-xxe-event.express-xml2json-xxe-event + version_id: RGTbkG + url: https://semgrep.dev/playground/r/RGTbkG/javascript.express.security.audit.express-xml2json-xxe-event.express-xml2json-xxe-event origin: community languages: - javascript @@ -15404,13 +15997,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.express.security.audit.remote-property-injection.remote-property-injection shortlink: https://sg.run/Z4gn semgrep.dev: rule: rule_id: JDUL1B - version_id: qkTK7o - url: https://semgrep.dev/playground/r/qkTK7o/javascript.express.security.audit.remote-property-injection.remote-property-injection + version_id: BjTErZ + url: https://semgrep.dev/playground/r/BjTErZ/javascript.express.security.audit.remote-property-injection.remote-property-injection origin: community languages: - javascript @@ -15488,13 +16083,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/javascript.express.security.audit.res-render-injection.res-render-injection shortlink: https://sg.run/eLjd semgrep.dev: rule: rule_id: QrUzrq - version_id: rxTE2o - url: https://semgrep.dev/playground/r/rxTE2o/javascript.express.security.audit.res-render-injection.res-render-injection + version_id: DkTQnj + url: https://semgrep.dev/playground/r/DkTQnj/javascript.express.security.audit.res-render-injection.res-render-injection origin: community languages: - javascript @@ -15562,13 +16159,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.direct-response-write.direct-response-write shortlink: https://sg.run/vzGl semgrep.dev: rule: rule_id: 3qUPA1 - version_id: d6TxQk - url: https://semgrep.dev/playground/r/d6TxQk/javascript.express.security.audit.xss.direct-response-write.direct-response-write + version_id: WrTbQ1 + url: https://semgrep.dev/playground/r/WrTbQ1/javascript.express.security.audit.xss.direct-response-write.direct-response-write origin: community languages: - javascript @@ -15796,13 +16395,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.express.security.cors-misconfiguration.cors-misconfiguration shortlink: https://sg.run/nKXO semgrep.dev: rule: rule_id: 5rULJQ - version_id: NdTQyQ - url: https://semgrep.dev/playground/r/NdTQyQ/javascript.express.security.cors-misconfiguration.cors-misconfiguration + version_id: 1QTj7d + url: https://semgrep.dev/playground/r/1QTj7d/javascript.express.security.cors-misconfiguration.cors-misconfiguration origin: community languages: - javascript @@ -15880,13 +16481,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.express.security.express-expat-xxe.express-expat-xxe shortlink: https://sg.run/BkXx semgrep.dev: rule: rule_id: zdUkJl - version_id: 1QT1L8 - url: https://semgrep.dev/playground/r/1QT1L8/javascript.express.security.express-expat-xxe.express-expat-xxe + version_id: yeTXZN + url: https://semgrep.dev/playground/r/yeTXZN/javascript.express.security.express-expat-xxe.express-expat-xxe origin: community languages: - javascript @@ -15980,13 +16583,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.express.security.express-insecure-template-usage.express-insecure-template-usage shortlink: https://sg.run/b49v semgrep.dev: rule: rule_id: EwUr9k - version_id: 1QTB5R - url: https://semgrep.dev/playground/r/1QTB5R/javascript.express.security.express-insecure-template-usage.express-insecure-template-usage + version_id: rxTx4j + url: https://semgrep.dev/playground/r/rxTx4j/javascript.express.security.express-insecure-template-usage.express-insecure-template-usage origin: community languages: - javascript @@ -16149,13 +16754,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.express.security.express-phantom-injection.express-phantom-injection shortlink: https://sg.run/W8BL semgrep.dev: rule: rule_id: 2ZUbx3 - version_id: e1TAjX - url: https://semgrep.dev/playground/r/e1TAjX/javascript.express.security.express-phantom-injection.express-phantom-injection + version_id: NdT1od + url: https://semgrep.dev/playground/r/NdT1od/javascript.express.security.express-phantom-injection.express-phantom-injection origin: community languages: - javascript @@ -16230,13 +16837,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.express.security.express-puppeteer-injection.express-puppeteer-injection shortlink: https://sg.run/0QJB semgrep.dev: rule: rule_id: X5U8Nz - version_id: vdT36A - url: https://semgrep.dev/playground/r/vdT36A/javascript.express.security.express-puppeteer-injection.express-puppeteer-injection + version_id: kbT7LL + url: https://semgrep.dev/playground/r/kbT7LL/javascript.express.security.express-puppeteer-injection.express-puppeteer-injection origin: community languages: - javascript @@ -16312,13 +16921,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.express.security.express-sandbox-injection.express-sandbox-code-injection shortlink: https://sg.run/KlwL semgrep.dev: rule: rule_id: j2UvXB - version_id: d6Tbx0 - url: https://semgrep.dev/playground/r/d6Tbx0/javascript.express.security.express-sandbox-injection.express-sandbox-code-injection + version_id: w8T3DR + url: https://semgrep.dev/playground/r/w8T3DR/javascript.express.security.express-sandbox-injection.express-sandbox-code-injection origin: community languages: - javascript @@ -16390,13 +17001,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.express.security.express-vm-injection.express-vm-injection shortlink: https://sg.run/jkqJ semgrep.dev: rule: rule_id: DbUKPX - version_id: ZRTyA8 - url: https://semgrep.dev/playground/r/ZRTyA8/javascript.express.security.express-vm-injection.express-vm-injection + version_id: xyT4p8 + url: https://semgrep.dev/playground/r/xyT4p8/javascript.express.security.express-vm-injection.express-vm-injection origin: community languages: - javascript @@ -16464,13 +17077,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.express.security.express-vm2-injection.express-vm2-injection shortlink: https://sg.run/1GWv semgrep.dev: rule: rule_id: WAUPXJ - version_id: nWTwLj - url: https://semgrep.dev/playground/r/nWTwLj/javascript.express.security.express-vm2-injection.express-vm2-injection + version_id: O9TydQ + url: https://semgrep.dev/playground/r/O9TydQ/javascript.express.security.express-vm2-injection.express-vm2-injection origin: community languages: - javascript @@ -16557,13 +17172,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.express.security.express-wkhtml-injection.express-wkhtmltoimage-injection shortlink: https://sg.run/pxe0 semgrep.dev: rule: rule_id: kxUkl9 - version_id: ZRTRDo - url: https://semgrep.dev/playground/r/ZRTRDo/javascript.express.security.express-wkhtml-injection.express-wkhtmltoimage-injection + version_id: e1Tx3b + url: https://semgrep.dev/playground/r/e1Tx3b/javascript.express.security.express-wkhtml-injection.express-wkhtmltoimage-injection origin: community severity: ERROR languages: @@ -16626,13 +17243,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.express.security.express-wkhtml-injection.express-wkhtmltopdf-injection shortlink: https://sg.run/2xGq semgrep.dev: rule: rule_id: wdUJxq - version_id: nWTDQg - url: https://semgrep.dev/playground/r/nWTDQg/javascript.express.security.express-wkhtml-injection.express-wkhtmltopdf-injection + version_id: vdT28d + url: https://semgrep.dev/playground/r/vdT28d/javascript.express.security.express-wkhtml-injection.express-wkhtmltopdf-injection origin: community languages: - javascript @@ -16704,13 +17323,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.express.security.express-xml2json-xxe.express-xml2json-xxe shortlink: https://sg.run/XBD4 semgrep.dev: rule: rule_id: x8Uneb - version_id: 7ZTY38 - url: https://semgrep.dev/playground/r/7ZTY38/javascript.express.security.express-xml2json-xxe.express-xml2json-xxe + version_id: d6TDvp + url: https://semgrep.dev/playground/r/d6TDvp/javascript.express.security.express-xml2json-xxe.express-xml2json-xxe origin: community languages: - javascript @@ -16788,13 +17409,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.injection.raw-html-format.raw-html-format shortlink: https://sg.run/5DO3 semgrep.dev: rule: rule_id: 5rUL0X - version_id: qkTw3R - url: https://semgrep.dev/playground/r/qkTw3R/javascript.express.security.injection.raw-html-format.raw-html-format + version_id: ZRTwpy + url: https://semgrep.dev/playground/r/ZRTwpy/javascript.express.security.injection.raw-html-format.raw-html-format origin: community languages: - javascript @@ -16888,13 +17511,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/66ZL semgrep.dev: rule: rule_id: NbUNpr - version_id: BjTOyR - url: https://semgrep.dev/playground/r/BjTOyR/javascript.express.security.injection.tainted-sql-string.tainted-sql-string + version_id: nWT7od + url: https://semgrep.dev/playground/r/nWT7od/javascript.express.security.injection.tainted-sql-string.tainted-sql-string origin: community languages: - javascript @@ -16968,13 +17593,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/javascript.express.security.require-request.require-request shortlink: https://sg.run/jRbl semgrep.dev: rule: rule_id: OrU3WK - version_id: xyTEGG - url: https://semgrep.dev/playground/r/xyTEGG/javascript.express.security.require-request.require-request + version_id: ExTnAb + url: https://semgrep.dev/playground/r/ExTnAb/javascript.express.security.require-request.require-request origin: community languages: - javascript @@ -17036,13 +17663,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/javascript.express.security.x-frame-options-misconfiguration.x-frame-options-misconfiguration shortlink: https://sg.run/EvjA semgrep.dev: rule: rule_id: GdUrLy - version_id: A8TlzK - url: https://semgrep.dev/playground/r/A8TlzK/javascript.express.security.x-frame-options-misconfiguration.x-frame-options-misconfiguration + version_id: 7ZTOnJ + url: https://semgrep.dev/playground/r/7ZTOnJ/javascript.express.security.x-frame-options-misconfiguration.x-frame-options-misconfiguration origin: community languages: - javascript @@ -17123,13 +17752,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.jose.security.jwt-hardcode.hardcoded-jwt-secret shortlink: https://sg.run/Ro1g semgrep.dev: rule: rule_id: JDUyRl - version_id: jQT7AJ - url: https://semgrep.dev/playground/r/jQT7AJ/javascript.jose.security.jwt-hardcode.hardcoded-jwt-secret + version_id: 44To6p + url: https://semgrep.dev/playground/r/44To6p/javascript.jose.security.jwt-hardcode.hardcoded-jwt-secret origin: community languages: - javascript @@ -17182,7 +17813,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -17200,13 +17831,15 @@ rules: references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.jose.security.jwt-none-alg.jwt-none-alg shortlink: https://sg.run/AvRL semgrep.dev: rule: rule_id: 5rUOGN - version_id: GxTWe2 - url: https://semgrep.dev/playground/r/GxTWe2/javascript.jose.security.jwt-none-alg.jwt-none-alg + version_id: PkTYd4 + url: https://semgrep.dev/playground/r/PkTYd4/javascript.jose.security.jwt-none-alg.jwt-none-alg origin: community languages: - javascript @@ -17262,13 +17895,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret shortlink: https://sg.run/4xN9 semgrep.dev: rule: rule_id: WAUon7 - version_id: qkT8Xy - url: https://semgrep.dev/playground/r/qkT8Xy/javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret + version_id: DkTQYj + url: https://semgrep.dev/playground/r/DkTQYj/javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret origin: community languages: - javascript @@ -17321,7 +17956,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -17338,13 +17973,15 @@ rules: references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.jsonwebtoken.security.jwt-none-alg.jwt-none-alg shortlink: https://sg.run/PJXv semgrep.dev: rule: rule_id: 0oU53g - version_id: qkTKyo - url: https://semgrep.dev/playground/r/qkTKyo/javascript.jsonwebtoken.security.jwt-none-alg.jwt-none-alg + version_id: WrTb31 + url: https://semgrep.dev/playground/r/WrTb31/javascript.jsonwebtoken.security.jwt-none-alg.jwt-none-alg origin: community languages: - javascript @@ -17382,13 +18019,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.code-string-concat.code-string-concat shortlink: https://sg.run/96Yk semgrep.dev: rule: rule_id: DbUKEz - version_id: e1TlrZ - url: https://semgrep.dev/playground/r/e1TlrZ/javascript.lang.security.audit.code-string-concat.code-string-concat + version_id: 0bTveA + url: https://semgrep.dev/playground/r/0bTveA/javascript.lang.security.audit.code-string-concat.code-string-concat origin: community languages: - javascript @@ -17475,13 +18114,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.lang.security.audit.dangerous-spawn-shell.dangerous-spawn-shell shortlink: https://sg.run/DJ8v semgrep.dev: rule: rule_id: qNUo10 - version_id: YDT87D - url: https://semgrep.dev/playground/r/YDT87D/javascript.lang.security.audit.dangerous-spawn-shell.dangerous-spawn-shell + version_id: K3TlGp + url: https://semgrep.dev/playground/r/K3TlGp/javascript.lang.security.audit.dangerous-spawn-shell.dangerous-spawn-shell origin: community languages: - javascript @@ -17552,13 +18193,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp shortlink: https://sg.run/gr65 semgrep.dev: rule: rule_id: zdU1gD - version_id: K3TkwJ - url: https://semgrep.dev/playground/r/K3TkwJ/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp + version_id: YDTonX + url: https://semgrep.dev/playground/r/YDTonX/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp origin: community languages: - javascript @@ -17606,13 +18249,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.lang.security.audit.md5-used-as-password.md5-used-as-password shortlink: https://sg.run/GOEn semgrep.dev: rule: rule_id: GdUr5G - version_id: jQT92n - url: https://semgrep.dev/playground/r/jQT92n/javascript.lang.security.audit.md5-used-as-password.md5-used-as-password + version_id: RGTb0Q + url: https://semgrep.dev/playground/r/RGTb0Q/javascript.lang.security.audit.md5-used-as-password.md5-used-as-password origin: community languages: - javascript @@ -17652,13 +18297,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal shortlink: https://sg.run/OPqk semgrep.dev: rule: rule_id: 8GUjrq - version_id: yeTK13 - url: https://semgrep.dev/playground/r/yeTK13/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal + version_id: BjTEkB + url: https://semgrep.dev/playground/r/BjTEkB/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal origin: community languages: - javascript @@ -17740,13 +18387,15 @@ rules: - vuln likelihood: HIGH impact: MEDIUM + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.lang.security.audit.sqli.node-knex-sqli.node-knex-sqli shortlink: https://sg.run/l9eE semgrep.dev: rule: rule_id: d8UKLD - version_id: 7ZTqDG - url: https://semgrep.dev/playground/r/7ZTqDG/javascript.lang.security.audit.sqli.node-knex-sqli.node-knex-sqli + version_id: qkTNRp + url: https://semgrep.dev/playground/r/qkTNRp/javascript.lang.security.audit.sqli.node-knex-sqli.node-knex-sqli origin: community languages: - javascript @@ -17831,13 +18480,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: LOW + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.lang.security.audit.sqli.node-mssql-sqli.node-mssql-sqli shortlink: https://sg.run/lxlB semgrep.dev: rule: rule_id: kxU8Pd - version_id: JdT83K - url: https://semgrep.dev/playground/r/JdT83K/javascript.lang.security.audit.sqli.node-mssql-sqli.node-mssql-sqli + version_id: l4T5Jx + url: https://semgrep.dev/playground/r/l4T5Jx/javascript.lang.security.audit.sqli.node-mssql-sqli.node-mssql-sqli origin: community languages: - javascript @@ -17895,13 +18546,15 @@ rules: - vuln likelihood: HIGH impact: MEDIUM + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.lang.security.audit.sqli.node-mysql-sqli.node-mysql-sqli shortlink: https://sg.run/Y0oy semgrep.dev: rule: rule_id: ZqUlWE - version_id: LjTD7O - url: https://semgrep.dev/playground/r/LjTD7O/javascript.lang.security.audit.sqli.node-mysql-sqli.node-mysql-sqli + version_id: YDToZ2 + url: https://semgrep.dev/playground/r/YDToZ2/javascript.lang.security.audit.sqli.node-mysql-sqli.node-mysql-sqli origin: community languages: - javascript @@ -17968,13 +18621,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/javascript.lang.security.audit.sqli.node-postgres-sqli.node-postgres-sqli shortlink: https://sg.run/0n3v semgrep.dev: rule: rule_id: ReUPN9 - version_id: 1QTqAk - url: https://semgrep.dev/playground/r/1QTqAk/javascript.lang.security.audit.sqli.node-postgres-sqli.node-postgres-sqli + version_id: 6xTe2Q + url: https://semgrep.dev/playground/r/6xTe2Q/javascript.lang.security.audit.sqli.node-postgres-sqli.node-postgres-sqli origin: community languages: - javascript @@ -18035,13 +18690,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.detect-eval-with-expression.detect-eval-with-expression shortlink: https://sg.run/6nwK semgrep.dev: rule: rule_id: yyUngo - version_id: LjTp3v - url: https://semgrep.dev/playground/r/LjTp3v/javascript.lang.security.detect-eval-with-expression.detect-eval-with-expression + version_id: O9Typz + url: https://semgrep.dev/playground/r/O9Typz/javascript.lang.security.detect-eval-with-expression.detect-eval-with-expression origin: community languages: - javascript @@ -18129,13 +18786,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/javascript.lang.security.insecure-object-assign.insecure-object-assign shortlink: https://sg.run/2R0D semgrep.dev: rule: rule_id: AbUGOq - version_id: LjTdRg - url: https://semgrep.dev/playground/r/LjTdRg/javascript.lang.security.insecure-object-assign.insecure-object-assign + version_id: ExTnEW + url: https://semgrep.dev/playground/r/ExTnEW/javascript.lang.security.insecure-object-assign.insecure-object-assign origin: community languages: - javascript @@ -18179,13 +18838,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.passport-jwt.security.passport-hardcode.hardcoded-passport-secret shortlink: https://sg.run/vz70 semgrep.dev: rule: rule_id: QrUzq6 - version_id: 5PTgL6 - url: https://semgrep.dev/playground/r/5PTgL6/javascript.passport-jwt.security.passport-hardcode.hardcoded-passport-secret + version_id: gETqBw + url: https://semgrep.dev/playground/r/gETqBw/javascript.passport-jwt.security.passport-hardcode.hardcoded-passport-secret origin: community languages: - javascript @@ -18291,13 +18952,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection shortlink: https://sg.run/gjoe semgrep.dev: rule: rule_id: yyU0GX - version_id: bZT2ew - url: https://semgrep.dev/playground/r/bZT2ew/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection + version_id: YDToE2 + url: https://semgrep.dev/playground/r/YDToE2/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection origin: community languages: - javascript @@ -18373,13 +19036,15 @@ rules: likelihood: LOW impact: HIGH confidence: MEDIUM + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/json.aws.security.public-s3-bucket.public-s3-bucket shortlink: https://sg.run/lxv5 semgrep.dev: rule: rule_id: 7KUpLy - version_id: QkTl8x - url: https://semgrep.dev/playground/r/QkTl8x/json.aws.security.public-s3-bucket.public-s3-bucket + version_id: NdT1Z0 + url: https://semgrep.dev/playground/r/NdT1Z0/json.aws.security.public-s3-bucket.public-s3-bucket origin: community patterns: - pattern-inside: | @@ -18445,13 +19110,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/json.aws.security.public-s3-policy-statement.public-s3-policy-statement shortlink: https://sg.run/Yv1d semgrep.dev: rule: rule_id: 9AU1br - version_id: 3ZTDl0 - url: https://semgrep.dev/playground/r/3ZTDl0/json.aws.security.public-s3-policy-statement.public-s3-policy-statement + version_id: kbT7Dy + url: https://semgrep.dev/playground/r/kbT7Dy/json.aws.security.public-s3-policy-statement.public-s3-policy-statement origin: community severity: WARNING languages: @@ -18487,13 +19154,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/json.aws.security.wildcard-assume-role.wildcard-assume-role shortlink: https://sg.run/7YEZ semgrep.dev: rule: rule_id: JDULx5 - version_id: PkTEOk - url: https://semgrep.dev/playground/r/PkTEOk/json.aws.security.wildcard-assume-role.wildcard-assume-role + version_id: w8T3pP + url: https://semgrep.dev/playground/r/w8T3pP/json.aws.security.wildcard-assume-role.wildcard-assume-role origin: community languages: - json @@ -18519,13 +19188,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/kotlin.lang.security.anonymous-ldap-bind.anonymous-ldap-bind shortlink: https://sg.run/rY2n semgrep.dev: rule: rule_id: v8U9Q7 - version_id: 5PTB3L - url: https://semgrep.dev/playground/r/5PTB3L/kotlin.lang.security.anonymous-ldap-bind.anonymous-ldap-bind + version_id: O9Ty8z + url: https://semgrep.dev/playground/r/O9Ty8z/kotlin.lang.security.anonymous-ldap-bind.anonymous-ldap-bind origin: community message: Detected anonymous LDAP bind. This permits anonymous users to execute LDAP statements. Consider enforcing authentication for LDAP. See https://docs.oracle.com/javase/tutorial/jndi/ldap/auth_mechs.html @@ -18556,13 +19227,15 @@ rules: likelihood: LOW impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.ecb-cipher.ecb-cipher shortlink: https://sg.run/DzLj semgrep.dev: rule: rule_id: DbU1Zd - version_id: WrTkj3 - url: https://semgrep.dev/playground/r/WrTkj3/kotlin.lang.security.ecb-cipher.ecb-cipher + version_id: ExTnoW + url: https://semgrep.dev/playground/r/ExTnoW/kotlin.lang.security.ecb-cipher.ecb-cipher origin: community message: Cipher in ECB mode is detected. ECB mode produces the same output for the same input each time which allows an attacker to intercept and replay the data. @@ -18612,13 +19285,15 @@ rules: likelihood: LOW impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.no-null-cipher.no-null-cipher shortlink: https://sg.run/0ywb semgrep.dev: rule: rule_id: 0oU2Yy - version_id: K3TPQo - url: https://semgrep.dev/playground/r/K3TPQo/kotlin.lang.security.no-null-cipher.no-null-cipher + version_id: LjT0G3 + url: https://semgrep.dev/playground/r/LjT0G3/kotlin.lang.security.no-null-cipher.no-null-cipher origin: community message: 'NullCipher was detected. This will not encrypt anything; the cipher text will be the same as the plain text. Use a valid, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). @@ -18653,13 +19328,15 @@ rules: likelihood: LOW impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.use-of-md5.use-of-md5 shortlink: https://sg.run/4eQx semgrep.dev: rule: rule_id: qNUXPj - version_id: l4Te2o - url: https://semgrep.dev/playground/r/l4Te2o/kotlin.lang.security.use-of-md5.use-of-md5 + version_id: gETqPw + url: https://semgrep.dev/playground/r/gETqPw/kotlin.lang.security.use-of-md5.use-of-md5 origin: community pattern-either: - pattern: '$VAR = $MD.getInstance("MD5") @@ -18696,13 +19373,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.use-of-sha1.use-of-sha1 shortlink: https://sg.run/N1pp semgrep.dev: rule: rule_id: ZqUOdd - version_id: YDTzO4 - url: https://semgrep.dev/playground/r/YDTzO4/kotlin.lang.security.use-of-sha1.use-of-sha1 + version_id: QkTJX4 + url: https://semgrep.dev/playground/r/QkTJX4/kotlin.lang.security.use-of-sha1.use-of-sha1 origin: community pattern-either: - pattern: '$VAR = $MD.getInstance("SHA1") @@ -18737,13 +19416,15 @@ rules: likelihood: MEDIUM impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.doctrine.security.audit.doctrine-orm-dangerous-query.doctrine-orm-dangerous-query shortlink: https://sg.run/jwDJ semgrep.dev: rule: rule_id: kxUw23 - version_id: NdT72A - url: https://semgrep.dev/playground/r/NdT72A/php.doctrine.security.audit.doctrine-orm-dangerous-query.doctrine-orm-dangerous-query + version_id: PkTYzA + url: https://semgrep.dev/playground/r/PkTYzA/php.doctrine.security.audit.doctrine-orm-dangerous-query.doctrine-orm-dangerous-query origin: community mode: taint pattern-sinks: @@ -18828,13 +19509,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.assert-use.assert-use shortlink: https://sg.run/3xXW semgrep.dev: rule: rule_id: DbUpjk - version_id: RGTBrd - url: https://semgrep.dev/playground/r/RGTBrd/php.lang.security.assert-use.assert-use + version_id: JdTqn1 + url: https://semgrep.dev/playground/r/JdTqn1/php.lang.security.assert-use.assert-use origin: community languages: - php @@ -18869,13 +19552,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/php.lang.security.curl-ssl-verifypeer-off.curl-ssl-verifypeer-off shortlink: https://sg.run/PJqv semgrep.dev: rule: rule_id: 0oU5Xg - version_id: WrTkjA - url: https://semgrep.dev/playground/r/WrTkjA/php.lang.security.curl-ssl-verifypeer-off.curl-ssl-verifypeer-off + version_id: A8TREz + url: https://semgrep.dev/playground/r/A8TREz/php.lang.security.curl-ssl-verifypeer-off.curl-ssl-verifypeer-off origin: community languages: - php @@ -18914,13 +19599,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/php.lang.security.deserialization.extract-user-data shortlink: https://sg.run/6bv1 semgrep.dev: rule: rule_id: nJUykq - version_id: K3TqQr - url: https://semgrep.dev/playground/r/K3TqQr/php.lang.security.deserialization.extract-user-data + version_id: BjTEyB + url: https://semgrep.dev/playground/r/BjTEyB/php.lang.security.deserialization.extract-user-data origin: community severity: ERROR - id: php.lang.security.injection.echoed-request.echoed-request @@ -18967,13 +19654,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/php.lang.security.injection.echoed-request.echoed-request shortlink: https://sg.run/Bqqb semgrep.dev: rule: rule_id: BYUyyg - version_id: 0bTdNE - url: https://semgrep.dev/playground/r/0bTdNE/php.lang.security.injection.echoed-request.echoed-request + version_id: qkTNvp + url: https://semgrep.dev/playground/r/qkTNvp/php.lang.security.injection.echoed-request.echoed-request origin: community - id: php.lang.security.injection.tainted-filename.tainted-filename severity: WARNING @@ -18996,13 +19685,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/php.lang.security.injection.tainted-filename.tainted-filename shortlink: https://sg.run/Ayqp semgrep.dev: rule: rule_id: 5rUpro - version_id: o5TWR8 - url: https://semgrep.dev/playground/r/o5TWR8/php.lang.security.injection.tainted-filename.tainted-filename + version_id: l4T5px + url: https://semgrep.dev/playground/r/l4T5px/php.lang.security.injection.tainted-filename.tainted-filename origin: community languages: - php @@ -19185,13 +19876,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/php.lang.security.injection.tainted-object-instantiation.tainted-object-instantiation shortlink: https://sg.run/7ndw semgrep.dev: rule: rule_id: v8U4DA - version_id: zyTXQJ - url: https://semgrep.dev/playground/r/zyTXQJ/php.lang.security.injection.tainted-object-instantiation.tainted-object-instantiation + version_id: YDTow2 + url: https://semgrep.dev/playground/r/YDTow2/php.lang.security.injection.tainted-object-instantiation.tainted-object-instantiation origin: community mode: taint pattern-sources: @@ -19237,13 +19930,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.lang.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/lZYG semgrep.dev: rule: rule_id: qNUXdL - version_id: pZTqxD - url: https://semgrep.dev/playground/r/pZTqxD/php.lang.security.injection.tainted-sql-string.tainted-sql-string + version_id: JdTqnv + url: https://semgrep.dev/playground/r/JdTqnv/php.lang.security.injection.tainted-sql-string.tainted-sql-string origin: community mode: taint pattern-sanitizers: @@ -19311,13 +20006,15 @@ rules: impact: MEDIUM likelihood: MEDIUM confidence: MEDIUM + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/php.lang.security.injection.tainted-url-host.tainted-url-host shortlink: https://sg.run/Y8no semgrep.dev: rule: rule_id: lBU8K1 - version_id: 2KTAw2 - url: https://semgrep.dev/playground/r/2KTAw2/php.lang.security.injection.tainted-url-host.tainted-url-host + version_id: 5PT67o + url: https://semgrep.dev/playground/r/5PT67o/php.lang.security.injection.tainted-url-host.tainted-url-host origin: community mode: taint pattern-sources: @@ -19383,13 +20080,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/php.lang.security.md5-used-as-password.md5-used-as-password shortlink: https://sg.run/66YL semgrep.dev: rule: rule_id: YGUD1O - version_id: yeTQ5X - url: https://semgrep.dev/playground/r/yeTQ5X/php.lang.security.md5-used-as-password.md5-used-as-password + version_id: DkTQwv + url: https://semgrep.dev/playground/r/DkTQwv/php.lang.security.md5-used-as-password.md5-used-as-password origin: community mode: taint pattern-sources: @@ -19433,13 +20132,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/php.lang.security.openssl-cbc-static-iv.openssl-cbc-static-iv shortlink: https://sg.run/LgWJ semgrep.dev: rule: rule_id: DbUGbE - version_id: qkTnep - url: https://semgrep.dev/playground/r/qkTnep/php.lang.security.openssl-cbc-static-iv.openssl-cbc-static-iv + version_id: 0bTvGQ + url: https://semgrep.dev/playground/r/0bTvGQ/php.lang.security.openssl-cbc-static-iv.openssl-cbc-static-iv origin: community - id: php.lang.security.phpinfo-use.phpinfo-use pattern: phpinfo(...); @@ -19462,13 +20163,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/php.lang.security.phpinfo-use.phpinfo-use shortlink: https://sg.run/W82E semgrep.dev: rule: rule_id: ReUglY - version_id: kbTrZd - url: https://semgrep.dev/playground/r/kbTrZd/php.lang.security.phpinfo-use.phpinfo-use + version_id: l4T5pq + url: https://semgrep.dev/playground/r/l4T5pq/php.lang.security.phpinfo-use.phpinfo-use origin: community languages: - php @@ -19507,13 +20210,15 @@ rules: subcategory: - vuln license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/php.lang.security.redirect-to-request-uri.redirect-to-request-uri shortlink: https://sg.run/RWl2 semgrep.dev: rule: rule_id: 3qUb4n - version_id: 9lTN9v - url: https://semgrep.dev/playground/r/9lTN9v/php.lang.security.redirect-to-request-uri.redirect-to-request-uri + version_id: 6xTeRw + url: https://semgrep.dev/playground/r/6xTeRw/php.lang.security.redirect-to-request-uri.redirect-to-request-uri origin: community languages: - php @@ -19562,13 +20267,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.laravel.security.laravel-api-route-sql-injection.laravel-api-route-sql-injection shortlink: https://sg.run/x94g semgrep.dev: rule: rule_id: zdUln0 - version_id: kbT1l8 - url: https://semgrep.dev/playground/r/kbT1l8/php.laravel.security.laravel-api-route-sql-injection.laravel-api-route-sql-injection + version_id: X0TPYR + url: https://semgrep.dev/playground/r/X0TPYR/php.laravel.security.laravel-api-route-sql-injection.laravel-api-route-sql-injection origin: community - id: php.laravel.security.laravel-sql-injection.laravel-sql-injection metadata: @@ -19591,13 +20298,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.laravel.security.laravel-sql-injection.laravel-sql-injection shortlink: https://sg.run/x40p semgrep.dev: rule: rule_id: j2UQdp - version_id: GxT5jA - url: https://semgrep.dev/playground/r/GxT5jA/php.laravel.security.laravel-sql-injection.laravel-sql-injection + version_id: kbT7Wq + url: https://semgrep.dev/playground/r/kbT7Wq/php.laravel.security.laravel-sql-injection.laravel-sql-injection origin: community severity: WARNING message: Detected a SQL query based on user input. This could lead to SQL injection, @@ -19778,13 +20487,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.laravel.security.laravel-unsafe-validator.laravel-unsafe-validator shortlink: https://sg.run/vkeb semgrep.dev: rule: rule_id: X5ULgE - version_id: RGTYe5 - url: https://semgrep.dev/playground/r/RGTYe5/php.laravel.security.laravel-unsafe-validator.laravel-unsafe-validator + version_id: w8T3We + url: https://semgrep.dev/playground/r/w8T3We/php.laravel.security.laravel-unsafe-validator.laravel-unsafe-validator origin: community - id: problem-based-packs.insecure-transport.go-stdlib.bypass-tls-verification.bypass-tls-verification message: Checks for disabling of TLS/SSL certificate verification. This should only @@ -19805,13 +20516,15 @@ rules: - go vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.bypass-tls-verification.bypass-tls-verification shortlink: https://sg.run/4xj5 semgrep.dev: rule: rule_id: DbUpjg - version_id: e1T2Gr - url: https://semgrep.dev/playground/r/e1T2Gr/problem-based-packs.insecure-transport.go-stdlib.bypass-tls-verification.bypass-tls-verification + version_id: 44To5Z + url: https://semgrep.dev/playground/r/44To5Z/problem-based-packs.insecure-transport.go-stdlib.bypass-tls-verification.bypass-tls-verification origin: community languages: - go @@ -19843,13 +20556,15 @@ rules: - go vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.disallow-old-tls-versions.disallow-old-tls-versions shortlink: https://sg.run/PJqz semgrep.dev: rule: rule_id: WAUow9 - version_id: vdTABO - url: https://semgrep.dev/playground/r/vdTABO/problem-based-packs.insecure-transport.go-stdlib.disallow-old-tls-versions.disallow-old-tls-versions + version_id: PkTY21 + url: https://semgrep.dev/playground/r/PkTY21/problem-based-packs.insecure-transport.go-stdlib.disallow-old-tls-versions.disallow-old-tls-versions origin: community languages: - go @@ -19886,13 +20601,15 @@ rules: - ftp vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.ftp-request.ftp-request shortlink: https://sg.run/J9Ay semgrep.dev: rule: rule_id: 0oU5XN - version_id: d6T5p6 - url: https://semgrep.dev/playground/r/d6T5p6/problem-based-packs.insecure-transport.go-stdlib.ftp-request.ftp-request + version_id: JdTqGv + url: https://semgrep.dev/playground/r/JdTqGv/problem-based-packs.insecure-transport.go-stdlib.ftp-request.ftp-request origin: community languages: - go @@ -19942,13 +20659,15 @@ rules: - gorequest vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.gorequest-http-request.gorequest-http-request shortlink: https://sg.run/5Q10 semgrep.dev: rule: rule_id: KxUbXx - version_id: ZRTvX3 - url: https://semgrep.dev/playground/r/ZRTvX3/problem-based-packs.insecure-transport.go-stdlib.gorequest-http-request.gorequest-http-request + version_id: 5PT6ro + url: https://semgrep.dev/playground/r/5PT6ro/problem-based-packs.insecure-transport.go-stdlib.gorequest-http-request.gorequest-http-request origin: community languages: - go @@ -19990,13 +20709,15 @@ rules: - grequests vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.grequests-http-request.grequests-http-request shortlink: https://sg.run/Ge5q semgrep.dev: rule: rule_id: qNUjy3 - version_id: nWT10P - url: https://semgrep.dev/playground/r/nWT10P/problem-based-packs.insecure-transport.go-stdlib.grequests-http-request.grequests-http-request + version_id: GxT2Yq + url: https://semgrep.dev/playground/r/GxT2Yq/problem-based-packs.insecure-transport.go-stdlib.grequests-http-request.grequests-http-request origin: community languages: - go @@ -20031,13 +20752,15 @@ rules: - go vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.http-customized-request.http-customized-request shortlink: https://sg.run/RoYq semgrep.dev: rule: rule_id: lBU90n - version_id: K3TW54 - url: https://semgrep.dev/playground/r/K3TW54/problem-based-packs.insecure-transport.go-stdlib.http-customized-request.http-customized-request + version_id: RGTbnE + url: https://semgrep.dev/playground/r/RGTbnE/problem-based-packs.insecure-transport.go-stdlib.http-customized-request.http-customized-request origin: community languages: - go @@ -20068,13 +20791,15 @@ rules: - go vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.http-request.http-request shortlink: https://sg.run/Avd2 semgrep.dev: rule: rule_id: YGUR70 - version_id: 7ZTjXE - url: https://semgrep.dev/playground/r/7ZTjXE/problem-based-packs.insecure-transport.go-stdlib.http-request.http-request + version_id: A8TR00 + url: https://semgrep.dev/playground/r/A8TR00/problem-based-packs.insecure-transport.go-stdlib.http-request.http-request origin: community languages: - go @@ -20122,13 +20847,15 @@ rules: - sling vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.sling-http-request.sling-http-request shortlink: https://sg.run/BkZA semgrep.dev: rule: rule_id: 6JUjoX - version_id: LjTolG - url: https://semgrep.dev/playground/r/LjTolG/problem-based-packs.insecure-transport.go-stdlib.sling-http-request.sling-http-request + version_id: BjTEJv + url: https://semgrep.dev/playground/r/BjTEJv/problem-based-packs.insecure-transport.go-stdlib.sling-http-request.sling-http-request origin: community languages: - go @@ -20190,13 +20917,15 @@ rules: - go-telnet vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.go-stdlib.telnet-request.telnet-request shortlink: https://sg.run/Do4P semgrep.dev: rule: rule_id: oqUewD - version_id: 8KT7B3 - url: https://semgrep.dev/playground/r/8KT7B3/problem-based-packs.insecure-transport.go-stdlib.telnet-request.telnet-request + version_id: DkTQXv + url: https://semgrep.dev/playground/r/DkTQXv/problem-based-packs.insecure-transport.go-stdlib.telnet-request.telnet-request origin: community languages: - go @@ -20225,13 +20954,15 @@ rules: - spring vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-spring.bypass-tls-verification.bypass-tls-verification shortlink: https://sg.run/W822 semgrep.dev: rule: rule_id: zdUkZZ - version_id: gETonE - url: https://semgrep.dev/playground/r/gETonE/problem-based-packs.insecure-transport.java-spring.bypass-tls-verification.bypass-tls-verification + version_id: WrTbG6 + url: https://semgrep.dev/playground/r/WrTbG6/problem-based-packs.insecure-transport.java-spring.bypass-tls-verification.bypass-tls-verification origin: community languages: - java @@ -20278,13 +21009,15 @@ rules: - spring vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-spring.spring-ftp-request.spring-ftp-request shortlink: https://sg.run/0Qzj semgrep.dev: rule: rule_id: pKUOYW - version_id: QkTjg2 - url: https://semgrep.dev/playground/r/QkTjg2/problem-based-packs.insecure-transport.java-spring.spring-ftp-request.spring-ftp-request + version_id: 0bTvgQ + url: https://semgrep.dev/playground/r/0bTvgQ/problem-based-packs.insecure-transport.java-spring.spring-ftp-request.spring-ftp-request origin: community languages: - java @@ -20328,13 +21061,15 @@ rules: - spring vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-spring.spring-http-request.spring-http-request shortlink: https://sg.run/KlB5 semgrep.dev: rule: rule_id: 2ZUbjg - version_id: 3ZTzee - url: https://semgrep.dev/playground/r/3ZTzee/problem-based-packs.insecure-transport.java-spring.spring-http-request.spring-http-request + version_id: K3Tl8R + url: https://semgrep.dev/playground/r/K3Tl8R/problem-based-packs.insecure-transport.java-spring.spring-http-request.spring-http-request origin: community languages: - java @@ -20384,13 +21119,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.bypass-tls-verification.bypass-tls-verification shortlink: https://sg.run/qxD7 semgrep.dev: rule: rule_id: X5U8qv - version_id: 44TwGY - url: https://semgrep.dev/playground/r/44TwGY/problem-based-packs.insecure-transport.java-stdlib.bypass-tls-verification.bypass-tls-verification + version_id: qkTNLA + url: https://semgrep.dev/playground/r/qkTNLA/problem-based-packs.insecure-transport.java-stdlib.bypass-tls-verification.bypass-tls-verification origin: community languages: - java @@ -20442,13 +21179,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions1.disallow-old-tls-versions1 shortlink: https://sg.run/l25E semgrep.dev: rule: rule_id: j2Uv2K - version_id: PkTXOE - url: https://semgrep.dev/playground/r/PkTXOE/problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions1.disallow-old-tls-versions1 + version_id: l4T5oq + url: https://semgrep.dev/playground/r/l4T5oq/problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions1.disallow-old-tls-versions1 origin: community languages: - java @@ -20489,13 +21228,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions2.disallow-old-tls-versions2 shortlink: https://sg.run/Yvjy semgrep.dev: rule: rule_id: 10UKvx - version_id: WrTBA3 - url: https://semgrep.dev/playground/r/WrTBA3/problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions2.disallow-old-tls-versions2 + version_id: YDTokj + url: https://semgrep.dev/playground/r/YDTokj/problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions2.disallow-old-tls-versions2 origin: community languages: - java @@ -20529,13 +21270,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.ftp-request.ftp-request shortlink: https://sg.run/6n91 semgrep.dev: rule: rule_id: 9AU1wD - version_id: 5PT23K - url: https://semgrep.dev/playground/r/5PT23K/problem-based-packs.insecure-transport.java-stdlib.ftp-request.ftp-request + version_id: 6xTeGw + url: https://semgrep.dev/playground/r/6xTeGw/problem-based-packs.insecure-transport.java-stdlib.ftp-request.ftp-request origin: community languages: - java @@ -20572,13 +21315,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.http-components-request.http-components-request shortlink: https://sg.run/oxD0 semgrep.dev: rule: rule_id: yyUnjk - version_id: GxTKJO - url: https://semgrep.dev/playground/r/GxTKJO/problem-based-packs.insecure-transport.java-stdlib.http-components-request.http-components-request + version_id: o5Tno3 + url: https://semgrep.dev/playground/r/o5Tno3/problem-based-packs.insecure-transport.java-stdlib.http-components-request.http-components-request origin: community languages: - java @@ -20617,13 +21362,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.httpclient-http-request.httpclient-http-request shortlink: https://sg.run/zv2d semgrep.dev: rule: rule_id: r6Ur3y - version_id: RGTZrY - url: https://semgrep.dev/playground/r/RGTZrY/problem-based-packs.insecure-transport.java-stdlib.httpclient-http-request.httpclient-http-request + version_id: zyT5NO + url: https://semgrep.dev/playground/r/zyT5NO/problem-based-packs.insecure-transport.java-stdlib.httpclient-http-request.httpclient-http-request origin: community languages: - java @@ -20697,13 +21444,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.httpget-http-request.httpget-http-request shortlink: https://sg.run/QE2q semgrep.dev: rule: rule_id: 6JUOJ2 - version_id: l4TkEB - url: https://semgrep.dev/playground/r/l4TkEB/problem-based-packs.insecure-transport.java-stdlib.httpget-http-request.httpget-http-request + version_id: pZTreo + url: https://semgrep.dev/playground/r/pZTreo/problem-based-packs.insecure-transport.java-stdlib.httpget-http-request.httpget-http-request origin: community languages: - java @@ -20740,13 +21489,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.httpurlconnection-http-request.httpurlconnection-http-request shortlink: https://sg.run/px3Z semgrep.dev: rule: rule_id: bwUwvR - version_id: YDTWdq - url: https://semgrep.dev/playground/r/YDTWdq/problem-based-packs.insecure-transport.java-stdlib.httpurlconnection-http-request.httpurlconnection-http-request + version_id: 2KT15y + url: https://semgrep.dev/playground/r/2KT15y/problem-based-packs.insecure-transport.java-stdlib.httpurlconnection-http-request.httpurlconnection-http-request origin: community languages: - java @@ -20790,13 +21541,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.telnet-request.telnet-request shortlink: https://sg.run/XBQB semgrep.dev: rule: rule_id: kxUkXk - version_id: DkTZvg - url: https://semgrep.dev/playground/r/DkTZvg/problem-based-packs.insecure-transport.java-stdlib.telnet-request.telnet-request + version_id: jQTKDo + url: https://semgrep.dev/playground/r/jQTKDo/problem-based-packs.insecure-transport.java-stdlib.telnet-request.telnet-request origin: community languages: - java @@ -20824,13 +21577,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.tls-renegotiation.tls-renegotiation shortlink: https://sg.run/jR5N semgrep.dev: rule: rule_id: wdUJw8 - version_id: WrTAj9 - url: https://semgrep.dev/playground/r/WrTAj9/problem-based-packs.insecure-transport.java-stdlib.tls-renegotiation.tls-renegotiation + version_id: 1QTj3q + url: https://semgrep.dev/playground/r/1QTj3q/problem-based-packs.insecure-transport.java-stdlib.tls-renegotiation.tls-renegotiation origin: community languages: - java @@ -20858,13 +21613,15 @@ rules: - unirest vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.unirest-http-request.unirest-http-request shortlink: https://sg.run/1Z1G semgrep.dev: rule: rule_id: x8Uno2 - version_id: 0bTY9N - url: https://semgrep.dev/playground/r/0bTY9N/problem-based-packs.insecure-transport.java-stdlib.unirest-http-request.unirest-http-request + version_id: 9lTzq0 + url: https://semgrep.dev/playground/r/9lTzq0/problem-based-packs.insecure-transport.java-stdlib.unirest-http-request.unirest-http-request origin: community languages: - java @@ -20902,13 +21659,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.bypass-tls-verification.bypass-tls-verification shortlink: https://sg.run/9oxr semgrep.dev: rule: rule_id: OrU3Y6 - version_id: K3T6Qx - url: https://semgrep.dev/playground/r/K3T6Qx/problem-based-packs.insecure-transport.js-node.bypass-tls-verification.bypass-tls-verification + version_id: yeTXGg + url: https://semgrep.dev/playground/r/yeTXGg/problem-based-packs.insecure-transport.js-node.bypass-tls-verification.bypass-tls-verification origin: community languages: - javascript @@ -20940,13 +21699,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.disallow-old-tls-versions1.disallow-old-tls-versions1 shortlink: https://sg.run/ydpP semgrep.dev: rule: rule_id: eqU8nr - version_id: qkTPe3 - url: https://semgrep.dev/playground/r/qkTPe3/problem-based-packs.insecure-transport.js-node.disallow-old-tls-versions1.disallow-old-tls-versions1 + version_id: rxTxlK + url: https://semgrep.dev/playground/r/rxTxlK/problem-based-packs.insecure-transport.js-node.disallow-old-tls-versions1.disallow-old-tls-versions1 origin: community languages: - javascript @@ -20997,13 +21758,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.disallow-old-tls-versions2.disallow-old-tls-versions2 shortlink: https://sg.run/rdKe semgrep.dev: rule: rule_id: v8UnPO - version_id: l4TA2n - url: https://semgrep.dev/playground/r/l4TA2n/problem-based-packs.insecure-transport.js-node.disallow-old-tls-versions2.disallow-old-tls-versions2 + version_id: bZTGQd + url: https://semgrep.dev/playground/r/bZTGQd/problem-based-packs.insecure-transport.js-node.disallow-old-tls-versions2.disallow-old-tls-versions2 origin: community languages: - javascript @@ -21069,13 +21832,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.ftp-request.ftp-request shortlink: https://sg.run/b7QW semgrep.dev: rule: rule_id: d8UjZ6 - version_id: YDTKO0 - url: https://semgrep.dev/playground/r/YDTKO0/problem-based-packs.insecure-transport.js-node.ftp-request.ftp-request + version_id: NdT1Gl + url: https://semgrep.dev/playground/r/NdT1Gl/problem-based-packs.insecure-transport.js-node.ftp-request.ftp-request origin: community languages: - javascript @@ -21111,13 +21876,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.http-request.http-request shortlink: https://sg.run/N4Qy semgrep.dev: rule: rule_id: ZqU5r3 - version_id: JdTYeR - url: https://semgrep.dev/playground/r/JdTYeR/problem-based-packs.insecure-transport.js-node.http-request.http-request + version_id: kbT73q + url: https://semgrep.dev/playground/r/kbT73q/problem-based-packs.insecure-transport.js-node.http-request.http-request origin: community languages: - javascript @@ -21171,13 +21938,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.rest-http-client-support.rest-http-client-support shortlink: https://sg.run/kXGP semgrep.dev: rule: rule_id: nJUzKP - version_id: 5PT231 - url: https://semgrep.dev/playground/r/5PT231/problem-based-packs.insecure-transport.js-node.rest-http-client-support.rest-http-client-support + version_id: w8T3Ne + url: https://semgrep.dev/playground/r/w8T3Ne/problem-based-packs.insecure-transport.js-node.rest-http-client-support.rest-http-client-support origin: community languages: - javascript @@ -21228,13 +21997,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.telnet-request.telnet-request shortlink: https://sg.run/weoA semgrep.dev: rule: rule_id: EwU2GA - version_id: GxTKJR - url: https://semgrep.dev/playground/r/GxTKJR/problem-based-packs.insecure-transport.js-node.telnet-request.telnet-request + version_id: xyT404 + url: https://semgrep.dev/playground/r/xyT404/problem-based-packs.insecure-transport.js-node.telnet-request.telnet-request origin: community languages: - javascript @@ -21273,13 +22044,15 @@ rules: - rest-client vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.ruby-stdlib.http-client-requests.http-client-requests shortlink: https://sg.run/OPQL semgrep.dev: rule: rule_id: L1UyKG - version_id: qkT8Wb - url: https://semgrep.dev/playground/r/qkT8Wb/problem-based-packs.insecure-transport.ruby-stdlib.http-client-requests.http-client-requests + version_id: e1Txb7 + url: https://semgrep.dev/playground/r/e1Txb7/problem-based-packs.insecure-transport.ruby-stdlib.http-client-requests.http-client-requests origin: community languages: - ruby @@ -21317,13 +22090,15 @@ rules: - ruby vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.ruby-stdlib.net-ftp-request.net-ftp-request shortlink: https://sg.run/eLQ8 semgrep.dev: rule: rule_id: 8GUj13 - version_id: l4TnW8 - url: https://semgrep.dev/playground/r/l4TnW8/problem-based-packs.insecure-transport.ruby-stdlib.net-ftp-request.net-ftp-request + version_id: vdT2dr + url: https://semgrep.dev/playground/r/vdT2dr/problem-based-packs.insecure-transport.ruby-stdlib.net-ftp-request.net-ftp-request origin: community languages: - ruby @@ -21357,13 +22132,15 @@ rules: - ruby vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.ruby-stdlib.net-http-request.net-http-request shortlink: https://sg.run/vz6Y semgrep.dev: rule: rule_id: gxU1lE - version_id: BjTn89 - url: https://semgrep.dev/playground/r/BjTn89/problem-based-packs.insecure-transport.ruby-stdlib.net-http-request.net-http-request + version_id: d6TDLr + url: https://semgrep.dev/playground/r/d6TDLr/problem-based-packs.insecure-transport.ruby-stdlib.net-http-request.net-http-request origin: community languages: - ruby @@ -21404,13 +22181,15 @@ rules: - ruby vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.ruby-stdlib.net-telnet-request.net-telnet-request shortlink: https://sg.run/dKQE semgrep.dev: rule: rule_id: QrUzo2 - version_id: YDT9AA - url: https://semgrep.dev/playground/r/YDT9AA/problem-based-packs.insecure-transport.ruby-stdlib.net-telnet-request.net-telnet-request + version_id: ZRTwW6 + url: https://semgrep.dev/playground/r/ZRTwW6/problem-based-packs.insecure-transport.ruby-stdlib.net-telnet-request.net-telnet-request origin: community languages: - ruby @@ -21439,13 +22218,15 @@ rules: - open-uri vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.ruby-stdlib.openuri-request.openuri-request shortlink: https://sg.run/ZvQw semgrep.dev: rule: rule_id: 3qUPNe - version_id: WrTAjx - url: https://semgrep.dev/playground/r/WrTAjx/problem-based-packs.insecure-transport.ruby-stdlib.openuri-request.openuri-request + version_id: nWT7k8 + url: https://semgrep.dev/playground/r/nWT7k8/problem-based-packs.insecure-transport.ruby-stdlib.openuri-request.openuri-request origin: community languages: - ruby @@ -21518,13 +22299,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.aws-lambda.security.dangerous-asyncio-create-exec.dangerous-asyncio-create-exec shortlink: https://sg.run/oyv0 semgrep.dev: rule: rule_id: EwUrX8 - version_id: w8TOxj - url: https://semgrep.dev/playground/r/w8TOxj/python.aws-lambda.security.dangerous-asyncio-create-exec.dangerous-asyncio-create-exec + version_id: 7ZTOPe + url: https://semgrep.dev/playground/r/7ZTOPe/python.aws-lambda.security.dangerous-asyncio-create-exec.dangerous-asyncio-create-exec origin: community languages: - python @@ -21578,13 +22361,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.aws-lambda.security.dangerous-asyncio-exec.dangerous-asyncio-exec shortlink: https://sg.run/z14d semgrep.dev: rule: rule_id: 7KUxXg - version_id: xyTkeG - url: https://semgrep.dev/playground/r/xyTkeG/python.aws-lambda.security.dangerous-asyncio-exec.dangerous-asyncio-exec + version_id: LjT0Br + url: https://semgrep.dev/playground/r/LjT0Br/python.aws-lambda.security.dangerous-asyncio-exec.dangerous-asyncio-exec origin: community languages: - python @@ -21635,13 +22420,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.aws-lambda.security.dangerous-asyncio-shell.dangerous-asyncio-shell shortlink: https://sg.run/p9vZ semgrep.dev: rule: rule_id: L1UEl7 - version_id: O9T5WJ - url: https://semgrep.dev/playground/r/O9T5WJ/python.aws-lambda.security.dangerous-asyncio-shell.dangerous-asyncio-shell + version_id: 8KTbnz + url: https://semgrep.dev/playground/r/8KTbnz/python.aws-lambda.security.dangerous-asyncio-shell.dangerous-asyncio-shell origin: community languages: - python @@ -21678,13 +22465,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.aws-lambda.security.dangerous-spawn-process.dangerous-spawn-process shortlink: https://sg.run/2AjL semgrep.dev: rule: rule_id: 8GUGBq - version_id: e1TJkZ - url: https://semgrep.dev/playground/r/e1TJkZ/python.aws-lambda.security.dangerous-spawn-process.dangerous-spawn-process + version_id: gETq0J + url: https://semgrep.dev/playground/r/gETq0J/python.aws-lambda.security.dangerous-spawn-process.dangerous-spawn-process origin: community languages: - python @@ -21753,13 +22542,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.aws-lambda.security.dangerous-subprocess-use.dangerous-subprocess-use shortlink: https://sg.run/XZ7B semgrep.dev: rule: rule_id: gxUyn1 - version_id: vdTyzG - url: https://semgrep.dev/playground/r/vdTyzG/python.aws-lambda.security.dangerous-subprocess-use.dangerous-subprocess-use + version_id: QkTJ2k + url: https://semgrep.dev/playground/r/QkTJ2k/python.aws-lambda.security.dangerous-subprocess-use.dangerous-subprocess-use origin: community languages: - python @@ -21815,13 +22606,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.aws-lambda.security.dangerous-system-call.dangerous-system-call shortlink: https://sg.run/jDvN semgrep.dev: rule: rule_id: QrUkg6 - version_id: d6TJGA - url: https://semgrep.dev/playground/r/d6TJGA/python.aws-lambda.security.dangerous-system-call.dangerous-system-call + version_id: 3ZTdbL + url: https://semgrep.dev/playground/r/3ZTdbL/python.aws-lambda.security.dangerous-system-call.dangerous-system-call origin: community languages: - python @@ -21862,13 +22655,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.aws-lambda.security.dynamodb-filter-injection.dynamodb-filter-injection shortlink: https://sg.run/jjrl semgrep.dev: rule: rule_id: KxUJ2B - version_id: ZRToPp - url: https://semgrep.dev/playground/r/ZRToPp/python.aws-lambda.security.dynamodb-filter-injection.dynamodb-filter-injection + version_id: 44To8Z + url: https://semgrep.dev/playground/r/44To8Z/python.aws-lambda.security.dynamodb-filter-injection.dynamodb-filter-injection origin: community message: Detected DynamoDB query filter that is tainted by `$EVENT` object. This could lead to NoSQL injection if the variable is user-controlled and not properly @@ -21934,13 +22729,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.aws-lambda.security.mysql-sqli.mysql-sqli shortlink: https://sg.run/1RjG semgrep.dev: rule: rule_id: 3qU3eE - version_id: nWTv42 - url: https://semgrep.dev/playground/r/nWTv42/python.aws-lambda.security.mysql-sqli.mysql-sqli + version_id: PkTYb1 + url: https://semgrep.dev/playground/r/PkTYb1/python.aws-lambda.security.mysql-sqli.mysql-sqli origin: community pattern-sinks: - patterns: @@ -21995,13 +22792,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.aws-lambda.security.psycopg-sqli.psycopg-sqli shortlink: https://sg.run/9L8r semgrep.dev: rule: rule_id: 4bUQG1 - version_id: ExTzDo - url: https://semgrep.dev/playground/r/ExTzDo/python.aws-lambda.security.psycopg-sqli.psycopg-sqli + version_id: JdTqKv + url: https://semgrep.dev/playground/r/JdTqKv/python.aws-lambda.security.psycopg-sqli.psycopg-sqli origin: community pattern-sinks: - patterns: @@ -22050,13 +22849,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.aws-lambda.security.pymssql-sqli.pymssql-sqli shortlink: https://sg.run/yXvP semgrep.dev: rule: rule_id: PeUxO0 - version_id: 7ZTk9K - url: https://semgrep.dev/playground/r/7ZTk9K/python.aws-lambda.security.pymssql-sqli.pymssql-sqli + version_id: 5PT6Eo + url: https://semgrep.dev/playground/r/5PT6Eo/python.aws-lambda.security.pymssql-sqli.pymssql-sqli origin: community pattern-sinks: - patterns: @@ -22102,13 +22903,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.aws-lambda.security.pymysql-sqli.pymysql-sqli shortlink: https://sg.run/reve semgrep.dev: rule: rule_id: JDUlel - version_id: LjTvb9 - url: https://semgrep.dev/playground/r/LjTvb9/python.aws-lambda.security.pymysql-sqli.pymysql-sqli + version_id: GxT2Bq + url: https://semgrep.dev/playground/r/GxT2Bq/python.aws-lambda.security.pymysql-sqli.pymysql-sqli origin: community pattern-sinks: - patterns: @@ -22158,13 +22961,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.aws-lambda.security.sqlalchemy-sqli.sqlalchemy-sqli shortlink: https://sg.run/b48W semgrep.dev: rule: rule_id: 5rUy3N - version_id: 8KTwkn - url: https://semgrep.dev/playground/r/8KTwkn/python.aws-lambda.security.sqlalchemy-sqli.sqlalchemy-sqli + version_id: RGTb9E + url: https://semgrep.dev/playground/r/RGTb9E/python.aws-lambda.security.sqlalchemy-sqli.sqlalchemy-sqli origin: community pattern-sinks: - patterns: @@ -22219,13 +23024,15 @@ rules: likelihood: MEDIUM impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.aws-lambda.security.tainted-code-exec.tainted-code-exec shortlink: https://sg.run/Ng7y semgrep.dev: rule: rule_id: GdUDJP - version_id: d6TbZB - url: https://semgrep.dev/playground/r/d6TbZB/python.aws-lambda.security.tainted-code-exec.tainted-code-exec + version_id: A8TRp0 + url: https://semgrep.dev/playground/r/A8TRp0/python.aws-lambda.security.tainted-code-exec.tainted-code-exec origin: community languages: - python @@ -22269,13 +23076,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.aws-lambda.security.tainted-html-response.tainted-html-response shortlink: https://sg.run/k9vP semgrep.dev: rule: rule_id: ReUKrk - version_id: ZRTyrw - url: https://semgrep.dev/playground/r/ZRTyrw/python.aws-lambda.security.tainted-html-response.tainted-html-response + version_id: BjTEvv + url: https://semgrep.dev/playground/r/BjTEvv/python.aws-lambda.security.tainted-html-response.tainted-html-response origin: community languages: - python @@ -22309,13 +23118,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.aws-lambda.security.tainted-html-string.tainted-html-string shortlink: https://sg.run/8zNy semgrep.dev: rule: rule_id: JDUlwy - version_id: nWTwKe - url: https://semgrep.dev/playground/r/nWTwKe/python.aws-lambda.security.tainted-html-string.tainted-html-string + version_id: DkTQ7v + url: https://semgrep.dev/playground/r/DkTQ7v/python.aws-lambda.security.tainted-html-string.tainted-html-string origin: community mode: taint pattern-sources: @@ -22394,13 +23205,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.aws-lambda.security.tainted-pickle-deserialization.tainted-pickle-deserialization shortlink: https://sg.run/JbjW semgrep.dev: rule: rule_id: JDUDQg - version_id: gETN2n - url: https://semgrep.dev/playground/r/gETN2n/python.aws-lambda.security.tainted-pickle-deserialization.tainted-pickle-deserialization + version_id: WrTbJ6 + url: https://semgrep.dev/playground/r/WrTbJ6/python.aws-lambda.security.tainted-pickle-deserialization.tainted-pickle-deserialization origin: community languages: - python @@ -22434,13 +23247,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.aws-lambda.security.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/wXvA semgrep.dev: rule: rule_id: AbU3LX - version_id: 7ZTY2z - url: https://semgrep.dev/playground/r/7ZTY2z/python.aws-lambda.security.tainted-sql-string.tainted-sql-string + version_id: 0bTvqQ + url: https://semgrep.dev/playground/r/0bTvqQ/python.aws-lambda.security.tainted-sql-string.tainted-sql-string origin: community mode: taint pattern-sinks: @@ -22498,13 +23313,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/python.boto3.security.hardcoded-token.hardcoded-token shortlink: https://sg.run/LwQ6 semgrep.dev: rule: rule_id: 5rUOwK - version_id: 6xTPED - url: https://semgrep.dev/playground/r/6xTPED/python.boto3.security.hardcoded-token.hardcoded-token + version_id: K3Tl3R + url: https://semgrep.dev/playground/r/K3Tl3R/python.boto3.security.hardcoded-token.hardcoded-token origin: community languages: - python @@ -22558,13 +23375,15 @@ rules: confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] owasp: A6:2017 misconfiguration + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.empty-aes-key.empty-aes-key shortlink: https://sg.run/zQ9G semgrep.dev: rule: rule_id: OrUADK - version_id: zyTOjq - url: https://semgrep.dev/playground/r/zyTOjq/python.cryptography.security.empty-aes-key.empty-aes-key + version_id: qkTNJA + url: https://semgrep.dev/playground/r/qkTNJA/python.cryptography.security.empty-aes-key.empty-aes-key origin: community - id: python.cryptography.security.insecure-cipher-algorithms-arc4.insecure-cipher-algorithm-arc4 pattern: cryptography.hazmat.primitives.ciphers.algorithms.ARC4(...) @@ -22589,13 +23408,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insecure-cipher-algorithms-arc4.insecure-cipher-algorithm-arc4 shortlink: https://sg.run/xoZL semgrep.dev: rule: rule_id: KxU8gK - version_id: 8KTLp4 - url: https://semgrep.dev/playground/r/8KTLp4/python.cryptography.security.insecure-cipher-algorithms-arc4.insecure-cipher-algorithm-arc4 + version_id: l4T51q + url: https://semgrep.dev/playground/r/l4T51q/python.cryptography.security.insecure-cipher-algorithms-arc4.insecure-cipher-algorithm-arc4 origin: community severity: WARNING languages: @@ -22623,13 +23444,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insecure-cipher-algorithms-blowfish.insecure-cipher-algorithm-blowfish shortlink: https://sg.run/OdzL semgrep.dev: rule: rule_id: qNULvO - version_id: gET5wA - url: https://semgrep.dev/playground/r/gET5wA/python.cryptography.security.insecure-cipher-algorithms-blowfish.insecure-cipher-algorithm-blowfish + version_id: YDTo4j + url: https://semgrep.dev/playground/r/YDTo4j/python.cryptography.security.insecure-cipher-algorithms-blowfish.insecure-cipher-algorithm-blowfish origin: community severity: WARNING languages: @@ -22657,13 +23480,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-idea shortlink: https://sg.run/3xyK semgrep.dev: rule: rule_id: BYUNPg - version_id: QkTQbz - url: https://semgrep.dev/playground/r/QkTQbz/python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-idea + version_id: JdTqKY + url: https://semgrep.dev/playground/r/JdTqKY/python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-idea origin: community severity: WARNING languages: @@ -22695,13 +23520,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5 shortlink: https://sg.run/eY88 semgrep.dev: rule: rule_id: lBUopp - version_id: 44TYn2 - url: https://semgrep.dev/playground/r/44TYn2/python.cryptography.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5 + version_id: GxT2B3 + url: https://semgrep.dev/playground/r/GxT2B3/python.cryptography.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5 origin: community severity: WARNING languages: @@ -22743,13 +23570,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1 shortlink: https://sg.run/J9Qy semgrep.dev: rule: rule_id: 0oU5dN - version_id: DkToXW - url: https://semgrep.dev/playground/r/DkToXW/python.cryptography.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1 + version_id: RGTb97 + url: https://semgrep.dev/playground/r/RGTb97/python.cryptography.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1 origin: community severity: WARNING languages: @@ -22784,13 +23613,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insufficient-dsa-key-size.insufficient-dsa-key-size shortlink: https://sg.run/5Qb0 semgrep.dev: rule: rule_id: KxUb0x - version_id: JdTZd6 - url: https://semgrep.dev/playground/r/JdTZd6/python.cryptography.security.insufficient-dsa-key-size.insufficient-dsa-key-size + version_id: A8TRpD + url: https://semgrep.dev/playground/r/A8TRpD/python.cryptography.security.insufficient-dsa-key-size.insufficient-dsa-key-size origin: community languages: - python @@ -22829,13 +23660,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.distributed.security.require-encryption shortlink: https://sg.run/AvQ2 semgrep.dev: rule: rule_id: YGURy0 - version_id: A8T1k6 - url: https://semgrep.dev/playground/r/A8T1k6/python.distributed.security.require-encryption + version_id: 0bTvqb + url: https://semgrep.dev/playground/r/0bTvqb/python.distributed.security.require-encryption origin: community languages: - python @@ -22859,13 +23692,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization shortlink: https://sg.run/9oyr semgrep.dev: rule: rule_id: OrU3e6 - version_id: BjTGwp - url: https://semgrep.dev/playground/r/BjTGwp/python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization + version_id: K3Tl3L + url: https://semgrep.dev/playground/r/K3Tl3L/python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization origin: community message: Avoid using insecure deserialization library, backed by `pickle`, `_pickle`, `cpickle`, `dill`, `shelve`, or `yaml`, which are known to lead to remote code @@ -22943,13 +23778,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/python.django.security.audit.csrf-exempt.no-csrf-exempt shortlink: https://sg.run/rd5e semgrep.dev: rule: rule_id: v8UnqO - version_id: WrT6v8 - url: https://semgrep.dev/playground/r/WrT6v8/python.django.security.audit.csrf-exempt.no-csrf-exempt + version_id: l4T510 + url: https://semgrep.dev/playground/r/l4T510/python.django.security.audit.csrf-exempt.no-csrf-exempt origin: community languages: - python @@ -22975,13 +23812,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.injection.code.user-eval-format-string.user-eval-format-string shortlink: https://sg.run/4x2z semgrep.dev: rule: rule_id: BYUNw9 - version_id: nWTwBe - url: https://semgrep.dev/playground/r/nWTwBe/python.django.security.injection.code.user-eval-format-string.user-eval-format-string + version_id: 8KTbBL + url: https://semgrep.dev/playground/r/8KTbBL/python.django.security.injection.code.user-eval-format-string.user-eval-format-string origin: community patterns: - pattern-inside: | @@ -23110,13 +23949,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.injection.code.user-eval.user-eval shortlink: https://sg.run/PJDW semgrep.dev: rule: rule_id: DbUpDQ - version_id: ExTYJB - url: https://semgrep.dev/playground/r/ExTYJB/python.django.security.injection.code.user-eval.user-eval + version_id: gETqnL + url: https://semgrep.dev/playground/r/gETqnL/python.django.security.injection.code.user-eval.user-eval origin: community patterns: - pattern-inside: | @@ -23163,13 +24004,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.injection.code.user-exec-format-string.user-exec-format-string shortlink: https://sg.run/J9JW semgrep.dev: rule: rule_id: WAUovx - version_id: 7ZTYLz - url: https://semgrep.dev/playground/r/7ZTYLz/python.django.security.injection.code.user-exec-format-string.user-exec-format-string + version_id: QkTJgL + url: https://semgrep.dev/playground/r/QkTJgL/python.django.security.injection.code.user-exec-format-string.user-exec-format-string origin: community patterns: - pattern-inside: | @@ -23391,13 +24234,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.injection.code.user-exec.user-exec shortlink: https://sg.run/5Q3X semgrep.dev: rule: rule_id: 0oU5AW - version_id: LjTp1q - url: https://semgrep.dev/playground/r/LjTp1q/python.django.security.injection.code.user-exec.user-exec + version_id: 3ZTde5 + url: https://semgrep.dev/playground/r/3ZTde5/python.django.security.injection.code.user-exec.user-exec origin: community patterns: - pattern-inside: | @@ -23467,13 +24312,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.django.security.injection.command.command-injection-os-system.command-injection-os-system shortlink: https://sg.run/Gen2 semgrep.dev: rule: rule_id: KxUbp2 - version_id: 8KTLd4 - url: https://semgrep.dev/playground/r/8KTLd4/python.django.security.injection.command.command-injection-os-system.command-injection-os-system + version_id: 44ToGN + url: https://semgrep.dev/playground/r/44ToGN/python.django.security.injection.command.command-injection-os-system.command-injection-os-system origin: community languages: - python @@ -23800,13 +24647,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.django.security.injection.command.subprocess-injection.subprocess-injection shortlink: https://sg.run/49BE semgrep.dev: rule: rule_id: EwUepx - version_id: gET5bA - url: https://semgrep.dev/playground/r/gET5bA/python.django.security.injection.command.subprocess-injection.subprocess-injection + version_id: PkTYOq + url: https://semgrep.dev/playground/r/PkTYOq/python.django.security.injection.command.subprocess-injection.subprocess-injection origin: community - id: python.django.security.injection.csv-writer-injection.csv-writer-injection languages: @@ -23838,13 +24687,15 @@ rules: impact: MEDIUM likelihood: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.django.security.injection.csv-writer-injection.csv-writer-injection shortlink: https://sg.run/Pw9q semgrep.dev: rule: rule_id: 7KUK1y - version_id: QkTQ4z - url: https://semgrep.dev/playground/r/QkTQ4z/python.django.security.injection.csv-writer-injection.csv-writer-injection + version_id: JdTqeY + url: https://semgrep.dev/playground/r/JdTqeY/python.django.security.injection.csv-writer-injection.csv-writer-injection origin: community mode: taint pattern-sinks: @@ -23892,13 +24743,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/python.django.security.injection.email.xss-html-email-body.xss-html-email-body shortlink: https://sg.run/RoBe semgrep.dev: rule: rule_id: qNUj02 - version_id: 3ZTxoB - url: https://semgrep.dev/playground/r/3ZTxoB/python.django.security.injection.email.xss-html-email-body.xss-html-email-body + version_id: 5PT63R + url: https://semgrep.dev/playground/r/5PT63R/python.django.security.injection.email.xss-html-email-body.xss-html-email-body origin: community languages: - python @@ -24103,13 +24956,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/python.django.security.injection.email.xss-send-mail-html-message.xss-send-mail-html-message shortlink: https://sg.run/Avx8 semgrep.dev: rule: rule_id: lBU9Ll - version_id: 44TYX2 - url: https://semgrep.dev/playground/r/44TYX2/python.django.security.injection.email.xss-send-mail-html-message.xss-send-mail-html-message + version_id: GxT2J3 + url: https://semgrep.dev/playground/r/GxT2J3/python.django.security.injection.email.xss-send-mail-html-message.xss-send-mail-html-message origin: community languages: - python @@ -24358,13 +25213,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/python.django.security.injection.open-redirect.open-redirect shortlink: https://sg.run/Ave2 semgrep.dev: rule: rule_id: PeUZgr - version_id: l4TDGZ - url: https://semgrep.dev/playground/r/l4TDGZ/python.django.security.injection.open-redirect.open-redirect + version_id: A8TRLD + url: https://semgrep.dev/playground/r/A8TRLD/python.django.security.injection.open-redirect.open-redirect origin: community languages: - python @@ -24954,13 +25811,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.django.security.injection.path-traversal.path-traversal-file-name.path-traversal-file-name shortlink: https://sg.run/BkO2 semgrep.dev: rule: rule_id: YGUR36 - version_id: zyT7nl - url: https://semgrep.dev/playground/r/zyT7nl/python.django.security.injection.path-traversal.path-traversal-file-name.path-traversal-file-name + version_id: BjTE8R + url: https://semgrep.dev/playground/r/BjTE8R/python.django.security.injection.path-traversal.path-traversal-file-name.path-traversal-file-name origin: community patterns: - pattern-inside: | @@ -25041,13 +25900,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.django.security.injection.path-traversal.path-traversal-open.path-traversal-open shortlink: https://sg.run/W8qg semgrep.dev: rule: rule_id: oqUe7z - version_id: 2KTJL3 - url: https://semgrep.dev/playground/r/2KTJL3/python.django.security.injection.path-traversal.path-traversal-open.path-traversal-open + version_id: WrTbj4 + url: https://semgrep.dev/playground/r/WrTbj4/python.django.security.injection.path-traversal.path-traversal-open.path-traversal-open origin: community languages: - python @@ -25496,13 +26357,15 @@ rules: likelihood: HIGH impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.injection.raw-html-format.raw-html-format shortlink: https://sg.run/oYj1 semgrep.dev: rule: rule_id: 2ZUPER - version_id: A8Tn65 - url: https://semgrep.dev/playground/r/A8Tn65/python.django.security.injection.raw-html-format.raw-html-format + version_id: 0bTv9b + url: https://semgrep.dev/playground/r/0bTv9b/python.django.security.injection.raw-html-format.raw-html-format origin: community mode: taint pattern-sanitizers: @@ -25556,13 +26419,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.injection.reflected-data-httpresponse.reflected-data-httpresponse shortlink: https://sg.run/BkvA semgrep.dev: rule: rule_id: JDUydR - version_id: BjTG9p - url: https://semgrep.dev/playground/r/BjTG9p/python.django.security.injection.reflected-data-httpresponse.reflected-data-httpresponse + version_id: K3TlQL + url: https://semgrep.dev/playground/r/K3TlQL/python.django.security.injection.reflected-data-httpresponse.reflected-data-httpresponse origin: community languages: - python @@ -25830,13 +26695,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.injection.reflected-data-httpresponsebadrequest.reflected-data-httpresponsebadrequest shortlink: https://sg.run/DoZP semgrep.dev: rule: rule_id: 5rUOX1 - version_id: DkTeOR - url: https://semgrep.dev/playground/r/DkTeOR/python.django.security.injection.reflected-data-httpresponsebadrequest.reflected-data-httpresponsebadrequest + version_id: qkTNe7 + url: https://semgrep.dev/playground/r/qkTNe7/python.django.security.injection.reflected-data-httpresponsebadrequest.reflected-data-httpresponsebadrequest origin: community languages: - python @@ -26105,13 +26972,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.django.security.injection.request-data-fileresponse.request-data-fileresponse shortlink: https://sg.run/W862 semgrep.dev: rule: rule_id: GdU7QR - version_id: X0T6gz - url: https://semgrep.dev/playground/r/X0T6gz/python.django.security.injection.request-data-fileresponse.request-data-fileresponse + version_id: l4T520 + url: https://semgrep.dev/playground/r/l4T520/python.django.security.injection.request-data-fileresponse.request-data-fileresponse origin: community languages: - python @@ -26195,13 +27064,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.django.security.injection.request-data-write.request-data-write shortlink: https://sg.run/0Q6j semgrep.dev: rule: rule_id: ReUg5z - version_id: 0bT64G - url: https://semgrep.dev/playground/r/0bT64G/python.django.security.injection.request-data-write.request-data-write + version_id: YDToOy + url: https://semgrep.dev/playground/r/YDToOy/python.django.security.injection.request-data-write.request-data-write origin: community languages: - python @@ -26404,13 +27275,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.injection.sql.sql-injection-extra.sql-injection-using-extra-where shortlink: https://sg.run/0Ql5 semgrep.dev: rule: rule_id: zdUkx1 - version_id: K3TOp8 - url: https://semgrep.dev/playground/r/K3TOp8/python.django.security.injection.sql.sql-injection-extra.sql-injection-using-extra-where + version_id: 6xTezd + url: https://semgrep.dev/playground/r/6xTezd/python.django.security.injection.sql.sql-injection-extra.sql-injection-using-extra-where origin: community languages: - python @@ -26726,13 +27599,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.injection.sql.sql-injection-rawsql.sql-injection-using-rawsql shortlink: https://sg.run/Kl4X semgrep.dev: rule: rule_id: pKUOBp - version_id: qkTK0J - url: https://semgrep.dev/playground/r/qkTK0J/python.django.security.injection.sql.sql-injection-rawsql.sql-injection-using-rawsql + version_id: o5TnR7 + url: https://semgrep.dev/playground/r/o5TnR7/python.django.security.injection.sql.sql-injection-rawsql.sql-injection-using-rawsql origin: community languages: - python @@ -27041,13 +27916,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.injection.sql.sql-injection-using-db-cursor-execute.sql-injection-db-cursor-execute shortlink: https://sg.run/qx7y semgrep.dev: rule: rule_id: 2ZUbDL - version_id: DkT4q8 - url: https://semgrep.dev/playground/r/DkT4q8/python.django.security.injection.sql.sql-injection-using-db-cursor-execute.sql-injection-db-cursor-execute + version_id: zyT5Q5 + url: https://semgrep.dev/playground/r/zyT5Q5/python.django.security.injection.sql.sql-injection-using-db-cursor-execute.sql-injection-db-cursor-execute origin: community languages: - python @@ -27346,13 +28223,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.injection.sql.sql-injection-using-raw.sql-injection-using-raw shortlink: https://sg.run/l2v9 semgrep.dev: rule: rule_id: X5U8v5 - version_id: YDT838 - url: https://semgrep.dev/playground/r/YDT838/python.django.security.injection.sql.sql-injection-using-raw.sql-injection-using-raw + version_id: pZTrxl + url: https://semgrep.dev/playground/r/pZTrxl/python.django.security.injection.sql.sql-injection-using-raw.sql-injection-using-raw origin: community languages: - python @@ -27652,13 +28531,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/python.django.security.injection.ssrf.ssrf-injection-requests.ssrf-injection-requests shortlink: https://sg.run/YvY4 semgrep.dev: rule: rule_id: j2UvEw - version_id: JdTZJ2 - url: https://semgrep.dev/playground/r/JdTZJ2/python.django.security.injection.ssrf.ssrf-injection-requests.ssrf-injection-requests + version_id: 2KT1wW + url: https://semgrep.dev/playground/r/2KT1wW/python.django.security.injection.ssrf.ssrf-injection-requests.ssrf-injection-requests origin: community languages: - python @@ -27917,13 +28798,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/python.django.security.injection.ssrf.ssrf-injection-urllib.ssrf-injection-urllib shortlink: https://sg.run/6n2B semgrep.dev: rule: rule_id: 10UKDo - version_id: 5PTYvx - url: https://semgrep.dev/playground/r/5PTYvx/python.django.security.injection.ssrf.ssrf-injection-urllib.ssrf-injection-urllib + version_id: X0TPJW + url: https://semgrep.dev/playground/r/X0TPJW/python.django.security.injection.ssrf.ssrf-injection-urllib.ssrf-injection-urllib origin: community languages: - python @@ -28204,13 +29087,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.django.security.nan-injection.nan-injection shortlink: https://sg.run/Og7L semgrep.dev: rule: rule_id: DbUGvk - version_id: jQT7QB - url: https://semgrep.dev/playground/r/jQT7QB/python.django.security.nan-injection.nan-injection + version_id: yeTXdn + url: https://semgrep.dev/playground/r/yeTXdn/python.django.security.nan-injection.nan-injection origin: community - id: python.django.security.passwords.password-empty-string.password-empty-string message: "'$VAR' is the empty string and is being used to set the password on '$MODEL'. @@ -28231,13 +29116,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.django.security.passwords.password-empty-string.password-empty-string shortlink: https://sg.run/oxnR semgrep.dev: rule: rule_id: 9AU1jW - version_id: DkTeOP - url: https://semgrep.dev/playground/r/DkTeOP/python.django.security.passwords.password-empty-string.password-empty-string + version_id: rxTx8k + url: https://semgrep.dev/playground/r/rxTx8k/python.django.security.passwords.password-empty-string.password-empty-string origin: community patterns: - pattern-either: @@ -28277,13 +29164,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.django.security.passwords.use-none-for-password-default.use-none-for-password-default shortlink: https://sg.run/zvBW semgrep.dev: rule: rule_id: yyUn6Z - version_id: qkTgLQ - url: https://semgrep.dev/playground/r/qkTgLQ/python.django.security.passwords.use-none-for-password-default.use-none-for-password-default + version_id: bZTG4N + url: https://semgrep.dev/playground/r/bZTG4N/python.django.security.passwords.use-none-for-password-default.use-none-for-password-default origin: community languages: - python @@ -28322,13 +29211,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host shortlink: https://sg.run/eLby semgrep.dev: rule: rule_id: L1Uy1n - version_id: K3TOpE - url: https://semgrep.dev/playground/r/K3TOpE/python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host + version_id: kbT7Z6 + url: https://semgrep.dev/playground/r/kbT7Z6/python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host origin: community languages: - python @@ -28363,13 +29254,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/python.flask.security.audit.app-run-security-config.avoid_using_app_run_directly shortlink: https://sg.run/vz5b semgrep.dev: rule: rule_id: 8GUjdX - version_id: qkTK0D - url: https://semgrep.dev/playground/r/qkTK0D/python.flask.security.audit.app-run-security-config.avoid_using_app_run_directly + version_id: w8T30A + url: https://semgrep.dev/playground/r/w8T30A/python.flask.security.audit.app-run-security-config.avoid_using_app_run_directly origin: community languages: - python @@ -28398,13 +29291,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.debug-enabled.debug-enabled shortlink: https://sg.run/dKrd semgrep.dev: rule: rule_id: gxU1bd - version_id: qkTPK2 - url: https://semgrep.dev/playground/r/qkTPK2/python.flask.security.audit.debug-enabled.debug-enabled + version_id: xyT43d + url: https://semgrep.dev/playground/r/xyT43d/python.flask.security.audit.debug-enabled.debug-enabled origin: community severity: WARNING languages: @@ -28433,13 +29328,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.audit.directly-returned-format-string.directly-returned-format-string shortlink: https://sg.run/Zv6o semgrep.dev: rule: rule_id: QrUz49 - version_id: YDT839 - url: https://semgrep.dev/playground/r/YDT839/python.flask.security.audit.directly-returned-format-string.directly-returned-format-string + version_id: O9TyZX + url: https://semgrep.dev/playground/r/O9TyZX/python.flask.security.audit.directly-returned-format-string.directly-returned-format-string origin: community languages: - python @@ -28520,13 +29417,15 @@ rules: impact: MEDIUM likelihood: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.flask.security.injection.csv-writer-injection.csv-writer-injection shortlink: https://sg.run/JzqQ semgrep.dev: rule: rule_id: L1UR2K - version_id: QkTxrQ - url: https://semgrep.dev/playground/r/QkTxrQ/python.flask.security.injection.csv-writer-injection.csv-writer-injection + version_id: 3ZTdx5 + url: https://semgrep.dev/playground/r/3ZTdx5/python.flask.security.injection.csv-writer-injection.csv-writer-injection origin: community mode: taint pattern-sinks: @@ -28614,13 +29513,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.flask.security.injection.nan-injection.nan-injection shortlink: https://sg.run/e598 semgrep.dev: rule: rule_id: WAUdj7 - version_id: 1QTq5E - url: https://semgrep.dev/playground/r/1QTq5E/python.flask.security.injection.nan-injection.nan-injection + version_id: 44ToYN + url: https://semgrep.dev/playground/r/44ToYN/python.flask.security.injection.nan-injection.nan-injection origin: community - id: python.flask.security.injection.raw-html-concat.raw-html-format languages: @@ -28652,13 +29553,15 @@ rules: likelihood: MEDIUM impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.injection.raw-html-concat.raw-html-format shortlink: https://sg.run/Pb7e semgrep.dev: rule: rule_id: GdUrJv - version_id: bZT4Gb - url: https://semgrep.dev/playground/r/bZT4Gb/python.flask.security.injection.raw-html-concat.raw-html-format + version_id: 5PT6YR + url: https://semgrep.dev/playground/r/5PT6YR/python.flask.security.injection.raw-html-concat.raw-html-format origin: community mode: taint pattern-sanitizers: @@ -28723,13 +29626,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/python.flask.security.injection.ssrf-requests.ssrf-requests shortlink: https://sg.run/J9LW semgrep.dev: rule: rule_id: WAUoRx - version_id: zyT0e1 - url: https://semgrep.dev/playground/r/zyT0e1/python.flask.security.injection.ssrf-requests.ssrf-requests + version_id: GxT2W3 + url: https://semgrep.dev/playground/r/GxT2W3/python.flask.security.injection.ssrf-requests.ssrf-requests origin: community pattern-either: - patterns: @@ -28861,13 +29766,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.flask.security.injection.subprocess-injection.subprocess-injection shortlink: https://sg.run/5gW3 semgrep.dev: rule: rule_id: 8GU3qp - version_id: 3ZTyA7 - url: https://semgrep.dev/playground/r/3ZTyA7/python.flask.security.injection.subprocess-injection.subprocess-injection + version_id: RGTbw7 + url: https://semgrep.dev/playground/r/RGTbw7/python.flask.security.injection.subprocess-injection.subprocess-injection origin: community - id: python.flask.security.injection.tainted-sql-string.tainted-sql-string message: Detected user input used to manually construct a SQL string. This is usually @@ -28896,13 +29803,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.flask.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/JxZj semgrep.dev: rule: rule_id: YGUDKQ - version_id: w8T03J - url: https://semgrep.dev/playground/r/w8T03J/python.flask.security.injection.tainted-sql-string.tainted-sql-string + version_id: A8TRnD + url: https://semgrep.dev/playground/r/A8TRnD/python.flask.security.injection.tainted-sql-string.tainted-sql-string origin: community severity: ERROR languages: @@ -28964,13 +29873,15 @@ rules: impact: MEDIUM likelihood: MEDIUM confidence: MEDIUM + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/python.flask.security.injection.tainted-url-host.tainted-url-host shortlink: https://sg.run/RXpK semgrep.dev: rule: rule_id: ReU3Wb - version_id: xyT34W - url: https://semgrep.dev/playground/r/xyT34W/python.flask.security.injection.tainted-url-host.tainted-url-host + version_id: BjTEGR + url: https://semgrep.dev/playground/r/BjTEGR/python.flask.security.injection.tainted-url-host.tainted-url-host origin: community mode: taint pattern-sinks: @@ -29043,13 +29954,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.flask.security.injection.user-eval.eval-injection shortlink: https://sg.run/5QpX semgrep.dev: rule: rule_id: 0oU54W - version_id: O9TZyD - url: https://semgrep.dev/playground/r/O9TZyD/python.flask.security.injection.user-eval.eval-injection + version_id: DkTQeA + url: https://semgrep.dev/playground/r/DkTQeA/python.flask.security.injection.user-eval.eval-injection origin: community pattern-either: - patterns: @@ -29118,13 +30031,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.flask.security.injection.user-exec.exec-injection shortlink: https://sg.run/Ge42 semgrep.dev: rule: rule_id: KxUbl2 - version_id: e1TAxz - url: https://semgrep.dev/playground/r/e1TAxz/python.flask.security.injection.user-exec.exec-injection + version_id: WrTb64 + url: https://semgrep.dev/playground/r/WrTb64/python.flask.security.injection.user-exec.exec-injection origin: community pattern-either: - patterns: @@ -29202,13 +30117,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Encoding source: https://semgrep.dev/r/python.jinja2.security.audit.autoescape-disabled-false.incorrect-autoescape-disabled shortlink: https://sg.run/L2L7 semgrep.dev: rule: rule_id: QrU1Xg - version_id: WrT2Or - url: https://semgrep.dev/playground/r/WrT2Or/python.jinja2.security.audit.autoescape-disabled-false.incorrect-autoescape-disabled + version_id: DkTQ36 + url: https://semgrep.dev/playground/r/DkTQ36/python.jinja2.security.audit.autoescape-disabled-false.incorrect-autoescape-disabled origin: community languages: - python @@ -29242,13 +30159,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Encoding source: https://semgrep.dev/r/python.jinja2.security.audit.missing-autoescape-disabled.missing-autoescape-disabled shortlink: https://sg.run/8kY4 semgrep.dev: rule: rule_id: 3qULRx - version_id: PkTnYn - url: https://semgrep.dev/playground/r/PkTnYn/python.jinja2.security.audit.missing-autoescape-disabled.missing-autoescape-disabled + version_id: WrTbkO + url: https://semgrep.dev/playground/r/WrTbkO/python.jinja2.security.audit.missing-autoescape-disabled.missing-autoescape-disabled origin: community languages: - python @@ -29265,7 +30184,7 @@ rules: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design references: - - https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + - https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -29276,13 +30195,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret shortlink: https://sg.run/l2E9 semgrep.dev: rule: rule_id: X5U8P5 - version_id: GxTW2b - url: https://semgrep.dev/playground/r/GxTW2b/python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret + version_id: qkTN9o + url: https://semgrep.dev/playground/r/qkTN9o/python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret origin: community patterns: - pattern: 'jwt.encode($X, $SECRET, ...) @@ -29306,7 +30227,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -29318,13 +30239,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.jwt.security.jwt-none-alg.jwt-python-none-alg shortlink: https://sg.run/Yvp4 semgrep.dev: rule: rule_id: j2UvKw - version_id: RGTwbW - url: https://semgrep.dev/playground/r/RGTwbW/python.jwt.security.jwt-none-alg.jwt-python-none-alg + version_id: l4T5ez + url: https://semgrep.dev/playground/r/l4T5ez/python.jwt.security.jwt-none-alg.jwt-python-none-alg origin: community languages: - python @@ -29427,13 +30350,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-asyncio-exec-tainted-env-args.dangerous-asyncio-exec-tainted-env-args shortlink: https://sg.run/Apjp semgrep.dev: rule: rule_id: 7KUE1E - version_id: qkTKND - url: https://semgrep.dev/playground/r/qkTKND/python.lang.security.audit.dangerous-asyncio-exec-tainted-env-args.dangerous-asyncio-exec-tainted-env-args + version_id: X0TPo2 + url: https://semgrep.dev/playground/r/X0TPo2/python.lang.security.audit.dangerous-asyncio-exec-tainted-env-args.dangerous-asyncio-exec-tainted-env-args origin: community languages: - python @@ -29528,13 +30453,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-asyncio-shell-tainted-env-args.dangerous-asyncio-shell-tainted-env-args shortlink: https://sg.run/Dx8Y semgrep.dev: rule: rule_id: 8GU5q3 - version_id: YDT8o9 - url: https://semgrep.dev/playground/r/YDT8o9/python.lang.security.audit.dangerous-asyncio-shell-tainted-env-args.dangerous-asyncio-shell-tainted-env-args + version_id: 1QTj02 + url: https://semgrep.dev/playground/r/1QTj02/python.lang.security.audit.dangerous-asyncio-shell-tainted-env-args.dangerous-asyncio-shell-tainted-env-args origin: community languages: - python @@ -29638,13 +30565,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-code-run-tainted-env-args.dangerous-interactive-code-run-tainted-env-args shortlink: https://sg.run/0Bgv semgrep.dev: rule: rule_id: QrUG72 - version_id: o5T5n1 - url: https://semgrep.dev/playground/r/o5T5n1/python.lang.security.audit.dangerous-code-run-tainted-env-args.dangerous-interactive-code-run-tainted-env-args + version_id: yeTXQG + url: https://semgrep.dev/playground/r/yeTXQG/python.lang.security.audit.dangerous-code-run-tainted-env-args.dangerous-interactive-code-run-tainted-env-args origin: community severity: WARNING languages: @@ -29753,13 +30682,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-os-exec-tainted-env-args.dangerous-os-exec-tainted-env-args shortlink: https://sg.run/qL6z semgrep.dev: rule: rule_id: 4bUEAY - version_id: pZTQrY - url: https://semgrep.dev/playground/r/pZTQrY/python.lang.security.audit.dangerous-os-exec-tainted-env-args.dangerous-os-exec-tainted-env-args + version_id: bZTGx6 + url: https://semgrep.dev/playground/r/bZTGx6/python.lang.security.audit.dangerous-os-exec-tainted-env-args.dangerous-os-exec-tainted-env-args origin: community languages: - python @@ -29870,13 +30801,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-spawn-process-tainted-env-args.dangerous-spawn-process-tainted-env-args shortlink: https://sg.run/Y3Ke semgrep.dev: rule: rule_id: JDUz34 - version_id: X0TJPb - url: https://semgrep.dev/playground/r/X0TJPb/python.lang.security.audit.dangerous-spawn-process-tainted-env-args.dangerous-spawn-process-tainted-env-args + version_id: kbT7rr + url: https://semgrep.dev/playground/r/kbT7rr/python.lang.security.audit.dangerous-spawn-process-tainted-env-args.dangerous-spawn-process-tainted-env-args origin: community languages: - python @@ -29958,13 +30891,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-subinterpreters-run-string-tainted-env-args.dangerous-subinterpreters-run-string-tainted-env-args shortlink: https://sg.run/oLl9 semgrep.dev: rule: rule_id: GdUkxO - version_id: 1QTXjj - url: https://semgrep.dev/playground/r/1QTXjj/python.lang.security.audit.dangerous-subinterpreters-run-string-tainted-env-args.dangerous-subinterpreters-run-string-tainted-env-args + version_id: xyT49l + url: https://semgrep.dev/playground/r/xyT49l/python.lang.security.audit.dangerous-subinterpreters-run-string-tainted-env-args.dangerous-subinterpreters-run-string-tainted-env-args origin: community severity: WARNING languages: @@ -30079,13 +31014,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-subprocess-use-tainted-env-args.dangerous-subprocess-use-tainted-env-args shortlink: https://sg.run/pLGg semgrep.dev: rule: rule_id: AbUgrZ - version_id: o5TQo9 - url: https://semgrep.dev/playground/r/o5TQo9/python.lang.security.audit.dangerous-subprocess-use-tainted-env-args.dangerous-subprocess-use-tainted-env-args + version_id: e1TxEX + url: https://semgrep.dev/playground/r/e1TxEX/python.lang.security.audit.dangerous-subprocess-use-tainted-env-args.dangerous-subprocess-use-tainted-env-args origin: community languages: - python @@ -30194,13 +31131,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-system-call-tainted-env-args.dangerous-system-call-tainted-env-args shortlink: https://sg.run/XR2K semgrep.dev: rule: rule_id: DbUR9g - version_id: NdTQOg - url: https://semgrep.dev/playground/r/NdTQOg/python.lang.security.audit.dangerous-system-call-tainted-env-args.dangerous-system-call-tainted-env-args + version_id: ZRTwB8 + url: https://semgrep.dev/playground/r/ZRTwB8/python.lang.security.audit.dangerous-system-call-tainted-env-args.dangerous-system-call-tainted-env-args origin: community languages: - python @@ -30288,13 +31227,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-testcapi-run-in-subinterp-tainted-env-args.dangerous-testcapi-run-in-subinterp-tainted-env-args shortlink: https://sg.run/1DLw semgrep.dev: rule: rule_id: 0oUK7N - version_id: 9lTPZq - url: https://semgrep.dev/playground/r/9lTPZq/python.lang.security.audit.dangerous-testcapi-run-in-subinterp-tainted-env-args.dangerous-testcapi-run-in-subinterp-tainted-env-args + version_id: ExTnd7 + url: https://semgrep.dev/playground/r/ExTnd7/python.lang.security.audit.dangerous-testcapi-run-in-subinterp-tainted-env-args.dangerous-testcapi-run-in-subinterp-tainted-env-args origin: community severity: WARNING languages: @@ -30321,13 +31262,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/python.lang.security.audit.insecure-file-permissions.insecure-file-permissions shortlink: https://sg.run/AXY4 semgrep.dev: rule: rule_id: zdUYqR - version_id: ExTYkN - url: https://semgrep.dev/playground/r/ExTYkN/python.lang.security.audit.insecure-file-permissions.insecure-file-permissions + version_id: PkTYE6 + url: https://semgrep.dev/playground/r/PkTYE6/python.lang.security.audit.insecure-file-permissions.insecure-file-permissions origin: community message: These permissions `$BITS` are widely permissive and grant access to more people than may be necessary. A good default is `0o644` which gives read and write @@ -30403,13 +31346,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure shortlink: https://sg.run/ydNx semgrep.dev: rule: rule_id: x8UnJk - version_id: w8TvNW - url: https://semgrep.dev/playground/r/w8TvNW/python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure + version_id: X0TPp2 + url: https://semgrep.dev/playground/r/X0TPp2/python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure origin: community - id: python.lang.security.audit.md5-used-as-password.md5-used-as-password severity: WARNING @@ -30442,13 +31387,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.audit.md5-used-as-password.md5-used-as-password shortlink: https://sg.run/5DwD semgrep.dev: rule: rule_id: 6JU1w1 - version_id: JdTZgr - url: https://semgrep.dev/playground/r/JdTZgr/python.lang.security.audit.md5-used-as-password.md5-used-as-password + version_id: 9lTzL3 + url: https://semgrep.dev/playground/r/9lTzL3/python.lang.security.audit.md5-used-as-password.md5-used-as-password origin: community mode: taint pattern-sources: @@ -30486,13 +31433,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.network.bind.avoid-bind-to-all-interfaces shortlink: https://sg.run/rdln semgrep.dev: rule: rule_id: OrU3og - version_id: WrT13W - url: https://semgrep.dev/playground/r/WrT13W/python.lang.security.audit.network.bind.avoid-bind-to-all-interfaces + version_id: yeTXzG + url: https://semgrep.dev/playground/r/yeTXzG/python.lang.security.audit.network.bind.avoid-bind-to-all-interfaces origin: community languages: - python @@ -30542,13 +31491,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.lang.security.audit.network.disabled-cert-validation.disabled-cert-validation shortlink: https://sg.run/b7yp semgrep.dev: rule: rule_id: eqU87k - version_id: GxTWwe - url: https://semgrep.dev/playground/r/GxTWwe/python.lang.security.audit.network.disabled-cert-validation.disabled-cert-validation + version_id: rxTxXN + url: https://semgrep.dev/playground/r/rxTxXN/python.lang.security.audit.network.disabled-cert-validation.disabled-cert-validation origin: community languages: - python @@ -30576,13 +31527,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.audit.ssl-wrap-socket-is-deprecated.ssl-wrap-socket-is-deprecated shortlink: https://sg.run/PJOY semgrep.dev: rule: rule_id: BYUN2e - version_id: YDT8XN - url: https://semgrep.dev/playground/r/YDT8XN/python.lang.security.audit.ssl-wrap-socket-is-deprecated.ssl-wrap-socket-is-deprecated + version_id: nWT7lj + url: https://semgrep.dev/playground/r/nWT7lj/python.lang.security.audit.ssl-wrap-socket-is-deprecated.ssl-wrap-socket-is-deprecated origin: community languages: - python @@ -30620,13 +31573,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.subprocess-shell-true.subprocess-shell-true shortlink: https://sg.run/J92w semgrep.dev: rule: rule_id: DbUpz2 - version_id: 6xT0p5 - url: https://semgrep.dev/playground/r/6xT0p5/python.lang.security.audit.subprocess-shell-true.subprocess-shell-true + version_id: ExTnb7 + url: https://semgrep.dev/playground/r/ExTnb7/python.lang.security.audit.subprocess-shell-true.subprocess-shell-true origin: community languages: - python @@ -30782,13 +31737,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.dangerous-code-run.dangerous-interactive-code-run shortlink: https://sg.run/9pRY semgrep.dev: rule: rule_id: KxUKzx - version_id: 44TrPJ - url: https://semgrep.dev/playground/r/44TrPJ/python.lang.security.dangerous-code-run.dangerous-interactive-code-run + version_id: gETqp2 + url: https://semgrep.dev/playground/r/gETqp2/python.lang.security.dangerous-code-run.dangerous-interactive-code-run origin: community severity: WARNING languages: @@ -30949,13 +31906,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.dangerous-os-exec.dangerous-os-exec shortlink: https://sg.run/yL9x semgrep.dev: rule: rule_id: qNUR13 - version_id: PkTNr7 - url: https://semgrep.dev/playground/r/PkTNr7/python.lang.security.dangerous-os-exec.dangerous-os-exec + version_id: 3ZTdgX + url: https://semgrep.dev/playground/r/3ZTdgX/python.lang.security.dangerous-os-exec.dangerous-os-exec origin: community languages: - python @@ -31159,13 +32118,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.dangerous-spawn-process.dangerous-spawn-process shortlink: https://sg.run/r8Zn semgrep.dev: rule: rule_id: lBUJrn - version_id: 1QTXg4 - url: https://semgrep.dev/playground/r/1QTXg4/python.lang.security.dangerous-spawn-process.dangerous-spawn-process + version_id: 44ToJd + url: https://semgrep.dev/playground/r/44ToJd/python.lang.security.dangerous-spawn-process.dangerous-spawn-process origin: community languages: - python @@ -31299,13 +32260,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.dangerous-subinterpreters-run-string.dangerous-subinterpreters-run-string shortlink: https://sg.run/bPop semgrep.dev: rule: rule_id: PeURWr - version_id: JdT8rw - url: https://semgrep.dev/playground/r/JdT8rw/python.lang.security.dangerous-subinterpreters-run-string.dangerous-subinterpreters-run-string + version_id: PkTYK6 + url: https://semgrep.dev/playground/r/PkTYK6/python.lang.security.dangerous-subinterpreters-run-string.dangerous-subinterpreters-run-string origin: community severity: WARNING languages: @@ -31472,13 +32435,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.dangerous-subprocess-use.dangerous-subprocess-use shortlink: https://sg.run/NWxp semgrep.dev: rule: rule_id: JDUz3R - version_id: 5PTbD0 - url: https://semgrep.dev/playground/r/5PTbD0/python.lang.security.dangerous-subprocess-use.dangerous-subprocess-use + version_id: JdTq4d + url: https://semgrep.dev/playground/r/JdTq4d/python.lang.security.dangerous-subprocess-use.dangerous-subprocess-use origin: community languages: - python @@ -31642,13 +32607,15 @@ rules: likelihood: HIGH impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.dangerous-system-call.dangerous-system-call shortlink: https://sg.run/k0W7 semgrep.dev: rule: rule_id: 5rUoP1 - version_id: GxTpEK - url: https://semgrep.dev/playground/r/GxTpEK/python.lang.security.dangerous-system-call.dangerous-system-call + version_id: 5PT6xv + url: https://semgrep.dev/playground/r/5PT6xv/python.lang.security.dangerous-system-call.dangerous-system-call origin: community languages: - python @@ -31788,13 +32755,15 @@ rules: likelihood: HIGH impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.dangerous-testcapi-run-in-subinterp.dangerous-testcapi-run-in-subinterp shortlink: https://sg.run/wLpY semgrep.dev: rule: rule_id: GdUkxR - version_id: yeT7Ae - url: https://semgrep.dev/playground/r/yeT7Ae/python.lang.security.dangerous-testcapi-run-in-subinterp.dangerous-testcapi-run-in-subinterp + version_id: GxT2g2 + url: https://semgrep.dev/playground/r/GxT2g2/python.lang.security.dangerous-testcapi-run-in-subinterp.dangerous-testcapi-run-in-subinterp origin: community severity: WARNING languages: @@ -31831,13 +32800,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5 shortlink: https://sg.run/vYrY semgrep.dev: rule: rule_id: PeU2e2 - version_id: O9TZoR - url: https://semgrep.dev/playground/r/O9TZoR/python.lang.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5 + version_id: qkTNAo + url: https://semgrep.dev/playground/r/qkTNAo/python.lang.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5 origin: community severity: WARNING languages: @@ -31877,13 +32848,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1 shortlink: https://sg.run/ydYx semgrep.dev: rule: rule_id: x8UnBk - version_id: e1TA7A - url: https://semgrep.dev/playground/r/e1TA7A/python.lang.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1 + version_id: l4T53z + url: https://semgrep.dev/playground/r/l4T53z/python.lang.security.insecure-hash-algorithms.insecure-hash-algorithm-sha1 origin: community severity: WARNING languages: @@ -31910,13 +32883,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/python.lang.security.use-defused-xml.use-defused-xml shortlink: https://sg.run/kX47 semgrep.dev: rule: rule_id: d8UjRx - version_id: nWTwqD - url: https://semgrep.dev/playground/r/nWTwqD/python.lang.security.use-defused-xml.use-defused-xml + version_id: GxT2bo + url: https://semgrep.dev/playground/r/GxT2bo/python.lang.security.use-defused-xml.use-defused-xml origin: community message: The Python documentation recommends using `defusedxml` instead of `xml` because the native Python `xml` library is vulnerable to XML External Entity (XXE) @@ -31953,13 +32928,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/python.lang.security.use-defused-xmlrpc.use-defused-xmlrpc shortlink: https://sg.run/weqY semgrep.dev: rule: rule_id: ZqU5EZ - version_id: ExTYBP - url: https://semgrep.dev/playground/r/ExTYBP/python.lang.security.use-defused-xmlrpc.use-defused-xmlrpc + version_id: RGTbNA + url: https://semgrep.dev/playground/r/RGTbNA/python.lang.security.use-defused-xmlrpc.use-defused-xmlrpc origin: community severity: ERROR languages: @@ -31986,13 +32963,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-cipher-algorithm-blowfish.insecure-cipher-algorithm-blowfish shortlink: https://sg.run/dlOE semgrep.dev: rule: rule_id: JDUGnK - version_id: LjTp6W - url: https://semgrep.dev/playground/r/LjTp6W/python.pycryptodome.security.insecure-cipher-algorithm-blowfish.insecure-cipher-algorithm-blowfish + version_id: BjTE4p + url: https://semgrep.dev/playground/r/BjTE4p/python.pycryptodome.security.insecure-cipher-algorithm-blowfish.insecure-cipher-algorithm-blowfish origin: community severity: WARNING languages: @@ -32022,13 +33001,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-cipher-algorithm-des.insecure-cipher-algorithm-des shortlink: https://sg.run/Z5bw semgrep.dev: rule: rule_id: 5rUr73 - version_id: 8KTLe6 - url: https://semgrep.dev/playground/r/8KTLe6/python.pycryptodome.security.insecure-cipher-algorithm-des.insecure-cipher-algorithm-des + version_id: DkTQBR + url: https://semgrep.dev/playground/r/DkTQBR/python.pycryptodome.security.insecure-cipher-algorithm-des.insecure-cipher-algorithm-des origin: community severity: WARNING languages: @@ -32058,13 +33039,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-cipher-algorithm-rc2.insecure-cipher-algorithm-rc2 shortlink: https://sg.run/nAbY semgrep.dev: rule: rule_id: GdUYlW - version_id: gET59j - url: https://semgrep.dev/playground/r/gET59j/python.pycryptodome.security.insecure-cipher-algorithm-rc2.insecure-cipher-algorithm-rc2 + version_id: WrTbe8 + url: https://semgrep.dev/playground/r/WrTbe8/python.pycryptodome.security.insecure-cipher-algorithm-rc2.insecure-cipher-algorithm-rc2 origin: community severity: WARNING languages: @@ -32094,13 +33077,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-cipher-algorithm-rc4.insecure-cipher-algorithm-rc4 shortlink: https://sg.run/Eo6N semgrep.dev: rule: rule_id: ReUnEB - version_id: QkTQKP - url: https://semgrep.dev/playground/r/QkTQKP/python.pycryptodome.security.insecure-cipher-algorithm-rc4.insecure-cipher-algorithm-rc4 + version_id: 0bTv0G + url: https://semgrep.dev/playground/r/0bTv0G/python.pycryptodome.security.insecure-cipher-algorithm-rc4.insecure-cipher-algorithm-rc4 origin: community severity: WARNING languages: @@ -32130,13 +33115,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-xor shortlink: https://sg.run/L0yr semgrep.dev: rule: rule_id: PeUk5W - version_id: 3ZTx98 - url: https://semgrep.dev/playground/r/3ZTx98/python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-xor + version_id: K3TlA8 + url: https://semgrep.dev/playground/r/K3TlA8/python.pycryptodome.security.insecure-cipher-algorithm.insecure-cipher-algorithm-xor origin: community severity: WARNING languages: @@ -32169,13 +33156,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-hash-algorithm-md2.insecure-hash-algorithm-md2 shortlink: https://sg.run/7JP2 semgrep.dev: rule: rule_id: AbU0Ex - version_id: 44TYvr - url: https://semgrep.dev/playground/r/44TYvr/python.pycryptodome.security.insecure-hash-algorithm-md2.insecure-hash-algorithm-md2 + version_id: qkTNAJ + url: https://semgrep.dev/playground/r/qkTNAJ/python.pycryptodome.security.insecure-hash-algorithm-md2.insecure-hash-algorithm-md2 origin: community severity: WARNING languages: @@ -32208,13 +33197,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-hash-algorithm-md4.insecure-hash-algorithm-md4 shortlink: https://sg.run/Lve6 semgrep.dev: rule: rule_id: BYUJy4 - version_id: PkTnAP - url: https://semgrep.dev/playground/r/PkTnAP/python.pycryptodome.security.insecure-hash-algorithm-md4.insecure-hash-algorithm-md4 + version_id: l4T532 + url: https://semgrep.dev/playground/r/l4T532/python.pycryptodome.security.insecure-hash-algorithm-md4.insecure-hash-algorithm-md4 origin: community severity: WARNING languages: @@ -32247,13 +33238,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-hash-algorithm-md5.insecure-hash-algorithm-md5 shortlink: https://sg.run/85JN semgrep.dev: rule: rule_id: DbUXwo - version_id: JdTZ7r - url: https://semgrep.dev/playground/r/JdTZ7r/python.pycryptodome.security.insecure-hash-algorithm-md5.insecure-hash-algorithm-md5 + version_id: YDTog8 + url: https://semgrep.dev/playground/r/YDTog8/python.pycryptodome.security.insecure-hash-algorithm-md5.insecure-hash-algorithm-md5 origin: community severity: WARNING languages: @@ -32286,13 +33279,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insecure-hash-algorithm.insecure-hash-algorithm-sha1 shortlink: https://sg.run/3ALr semgrep.dev: rule: rule_id: ReUPO3 - version_id: 5PTYnG - url: https://semgrep.dev/playground/r/5PTYnG/python.pycryptodome.security.insecure-hash-algorithm.insecure-hash-algorithm-sha1 + version_id: 6xTe4A + url: https://semgrep.dev/playground/r/6xTe4A/python.pycryptodome.security.insecure-hash-algorithm.insecure-hash-algorithm-sha1 origin: community severity: WARNING languages: @@ -32330,13 +33325,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insufficient-dsa-key-size.insufficient-dsa-key-size shortlink: https://sg.run/4y8l semgrep.dev: rule: rule_id: AbUWje - version_id: GxTW9e - url: https://semgrep.dev/playground/r/GxTW9e/python.pycryptodome.security.insufficient-dsa-key-size.insufficient-dsa-key-size + version_id: o5TnGP + url: https://semgrep.dev/playground/r/o5TnGP/python.pycryptodome.security.insufficient-dsa-key-size.insufficient-dsa-key-size origin: community languages: - python @@ -32371,13 +33368,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.insufficient-rsa-key-size.insufficient-rsa-key-size shortlink: https://sg.run/PprY semgrep.dev: rule: rule_id: BYUBWe - version_id: RGTw1l - url: https://semgrep.dev/playground/r/RGTw1l/python.pycryptodome.security.insufficient-rsa-key-size.insufficient-rsa-key-size + version_id: zyT566 + url: https://semgrep.dev/playground/r/zyT566/python.pycryptodome.security.insufficient-rsa-key-size.insufficient-rsa-key-size origin: community languages: - python @@ -32406,13 +33405,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.pycryptodome.security.mode-without-authentication.crypto-mode-without-authentication shortlink: https://sg.run/k1K1 semgrep.dev: rule: rule_id: YGUw8w - version_id: rxT72G - url: https://semgrep.dev/playground/r/rxT72G/python.pycryptodome.security.mode-without-authentication.crypto-mode-without-authentication + version_id: pZTrRg + url: https://semgrep.dev/playground/r/pZTrRg/python.pycryptodome.security.mode-without-authentication.crypto-mode-without-authentication origin: community patterns: - pattern-either: @@ -32460,13 +33461,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/python.pymongo.security.mongodb.mongo-client-bad-auth shortlink: https://sg.run/YXRd semgrep.dev: rule: rule_id: d8UlOX - version_id: BjTG2w - url: https://semgrep.dev/playground/r/BjTG2w/python.pymongo.security.mongodb.mongo-client-bad-auth + version_id: 2KT1nB + url: https://semgrep.dev/playground/r/2KT1nB/python.pymongo.security.mongodb.mongo-client-bad-auth origin: community - id: python.pyramid.audit.authtkt-cookie-httponly-unsafe-default.pyramid-authtkt-cookie-httponly-unsafe-default patterns: @@ -32500,13 +33503,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.authtkt-cookie-httponly-unsafe-default.pyramid-authtkt-cookie-httponly-unsafe-default shortlink: https://sg.run/EprB semgrep.dev: rule: rule_id: bwUXKB - version_id: rxTglX - url: https://semgrep.dev/playground/r/rxTglX/python.pyramid.audit.authtkt-cookie-httponly-unsafe-default.pyramid-authtkt-cookie-httponly-unsafe-default + version_id: X0TPG0 + url: https://semgrep.dev/playground/r/X0TPG0/python.pyramid.audit.authtkt-cookie-httponly-unsafe-default.pyramid-authtkt-cookie-httponly-unsafe-default origin: community languages: - python @@ -32551,13 +33556,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.authtkt-cookie-httponly-unsafe-value.pyramid-authtkt-cookie-httponly-unsafe-value shortlink: https://sg.run/7DgQ semgrep.dev: rule: rule_id: NbUq9e - version_id: WrT6rb - url: https://semgrep.dev/playground/r/WrT6rb/python.pyramid.audit.authtkt-cookie-httponly-unsafe-value.pyramid-authtkt-cookie-httponly-unsafe-value + version_id: jQTKG4 + url: https://semgrep.dev/playground/r/jQTKG4/python.pyramid.audit.authtkt-cookie-httponly-unsafe-value.pyramid-authtkt-cookie-httponly-unsafe-value origin: community languages: - python @@ -32594,13 +33601,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.authtkt-cookie-samesite.pyramid-authtkt-cookie-samesite shortlink: https://sg.run/LYrY semgrep.dev: rule: rule_id: kxUYjY - version_id: 0bT6WO - url: https://semgrep.dev/playground/r/0bT6WO/python.pyramid.audit.authtkt-cookie-samesite.pyramid-authtkt-cookie-samesite + version_id: 1QTjJr + url: https://semgrep.dev/playground/r/1QTjJr/python.pyramid.audit.authtkt-cookie-samesite.pyramid-authtkt-cookie-samesite origin: community languages: - python @@ -32641,13 +33650,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.authtkt-cookie-secure-unsafe-default.pyramid-authtkt-cookie-secure-unsafe-default shortlink: https://sg.run/8WxQ semgrep.dev: rule: rule_id: wdUKzn - version_id: K3TONN - url: https://semgrep.dev/playground/r/K3TONN/python.pyramid.audit.authtkt-cookie-secure-unsafe-default.pyramid-authtkt-cookie-secure-unsafe-default + version_id: 9lTz82 + url: https://semgrep.dev/playground/r/9lTz82/python.pyramid.audit.authtkt-cookie-secure-unsafe-default.pyramid-authtkt-cookie-secure-unsafe-default origin: community languages: - python @@ -32691,13 +33702,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.authtkt-cookie-secure-unsafe-value.pyramid-authtkt-cookie-secure-unsafe-value shortlink: https://sg.run/gjp5 semgrep.dev: rule: rule_id: x8UqAp - version_id: qkT9YY - url: https://semgrep.dev/playground/r/qkT9YY/python.pyramid.audit.authtkt-cookie-secure-unsafe-value.pyramid-authtkt-cookie-secure-unsafe-value + version_id: yeTXYl + url: https://semgrep.dev/playground/r/yeTXYl/python.pyramid.audit.authtkt-cookie-secure-unsafe-value.pyramid-authtkt-cookie-secure-unsafe-value origin: community languages: - python @@ -32738,13 +33751,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/python.pyramid.audit.csrf-origin-check-disabled-globally.pyramid-csrf-origin-check-disabled-globally shortlink: https://sg.run/3GeW semgrep.dev: rule: rule_id: eqU9Le - version_id: YDTzqN - url: https://semgrep.dev/playground/r/YDTzqN/python.pyramid.audit.csrf-origin-check-disabled-globally.pyramid-csrf-origin-check-disabled-globally + version_id: bZTGP2 + url: https://semgrep.dev/playground/r/bZTGP2/python.pyramid.audit.csrf-origin-check-disabled-globally.pyramid-csrf-origin-check-disabled-globally origin: community - id: python.pyramid.audit.csrf-origin-check-disabled.pyramid-csrf-origin-check-disabled message: Origin check for the CSRF token is disabled for this view. This might represent @@ -32772,13 +33787,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/python.pyramid.audit.csrf-origin-check-disabled.pyramid-csrf-origin-check-disabled shortlink: https://sg.run/4RB9 semgrep.dev: rule: rule_id: v8UGpL - version_id: 6xTAb5 - url: https://semgrep.dev/playground/r/6xTAb5/python.pyramid.audit.csrf-origin-check-disabled.pyramid-csrf-origin-check-disabled + version_id: NdT1vw + url: https://semgrep.dev/playground/r/NdT1vw/python.pyramid.audit.csrf-origin-check-disabled.pyramid-csrf-origin-check-disabled origin: community severity: WARNING languages: @@ -32837,13 +33854,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.set-cookie-httponly-unsafe-default.pyramid-set-cookie-httponly-unsafe-default shortlink: https://sg.run/P19v semgrep.dev: rule: rule_id: d8UPQ7 - version_id: o5TWXe - url: https://semgrep.dev/playground/r/o5TWXe/python.pyramid.audit.set-cookie-httponly-unsafe-default.pyramid-set-cookie-httponly-unsafe-default + version_id: kbT7Ql + url: https://semgrep.dev/playground/r/kbT7Ql/python.pyramid.audit.set-cookie-httponly-unsafe-default.pyramid-set-cookie-httponly-unsafe-default origin: community languages: - python @@ -32895,13 +33914,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.set-cookie-httponly-unsafe-value.pyramid-set-cookie-httponly-unsafe-value shortlink: https://sg.run/JbqP semgrep.dev: rule: rule_id: ZqU37W - version_id: zyTXqy - url: https://semgrep.dev/playground/r/zyTXqy/python.pyramid.audit.set-cookie-httponly-unsafe-value.pyramid-set-cookie-httponly-unsafe-value + version_id: w8T3qb + url: https://semgrep.dev/playground/r/w8T3qb/python.pyramid.audit.set-cookie-httponly-unsafe-value.pyramid-set-cookie-httponly-unsafe-value origin: community languages: - python @@ -32946,13 +33967,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.set-cookie-samesite-unsafe-default.pyramid-set-cookie-samesite-unsafe-default shortlink: https://sg.run/5AWj semgrep.dev: rule: rule_id: nJUp80 - version_id: pZTqPw - url: https://semgrep.dev/playground/r/pZTqPw/python.pyramid.audit.set-cookie-samesite-unsafe-default.pyramid-set-cookie-samesite-unsafe-default + version_id: xyT4lz + url: https://semgrep.dev/playground/r/xyT4lz/python.pyramid.audit.set-cookie-samesite-unsafe-default.pyramid-set-cookie-samesite-unsafe-default origin: community languages: - python @@ -32998,13 +34021,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.set-cookie-samesite-unsafe-value.pyramid-set-cookie-samesite-unsafe-value shortlink: https://sg.run/GXR6 semgrep.dev: rule: rule_id: EwUgpY - version_id: 2KTAlP - url: https://semgrep.dev/playground/r/2KTAlP/python.pyramid.audit.set-cookie-samesite-unsafe-value.pyramid-set-cookie-samesite-unsafe-value + version_id: O9TyAb + url: https://semgrep.dev/playground/r/O9TyAb/python.pyramid.audit.set-cookie-samesite-unsafe-value.pyramid-set-cookie-samesite-unsafe-value origin: community languages: - python @@ -33049,13 +34074,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.set-cookie-secure-unsafe-default.pyramid-set-cookie-secure-unsafe-default shortlink: https://sg.run/RbrN semgrep.dev: rule: rule_id: 7KUr15 - version_id: X0ToWg - url: https://semgrep.dev/playground/r/X0ToWg/python.pyramid.audit.set-cookie-secure-unsafe-default.pyramid-set-cookie-secure-unsafe-default + version_id: e1TxYn + url: https://semgrep.dev/playground/r/e1TxYn/python.pyramid.audit.set-cookie-secure-unsafe-default.pyramid-set-cookie-secure-unsafe-default origin: community languages: - python @@ -33105,13 +34132,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.pyramid.audit.set-cookie-secure-unsafe-value.pyramid-set-cookie-secure-unsafe-value shortlink: https://sg.run/AzjB semgrep.dev: rule: rule_id: L1UX2J - version_id: jQTLkr - url: https://semgrep.dev/playground/r/jQTLkr/python.pyramid.audit.set-cookie-secure-unsafe-value.pyramid-set-cookie-secure-unsafe-value + version_id: vdT2Kq + url: https://semgrep.dev/playground/r/vdT2Kq/python.pyramid.audit.set-cookie-secure-unsafe-value.pyramid-set-cookie-secure-unsafe-value origin: community languages: - python @@ -33151,13 +34180,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/python.pyramid.security.csrf-check-disabled-globally.pyramid-csrf-check-disabled-globally shortlink: https://sg.run/Bx2R semgrep.dev: rule: rule_id: 8GUKqP - version_id: 1QT084 - url: https://semgrep.dev/playground/r/1QT084/python.pyramid.security.csrf-check-disabled-globally.pyramid-csrf-check-disabled-globally + version_id: d6TDOB + url: https://semgrep.dev/playground/r/d6TDOB/python.pyramid.security.csrf-check-disabled-globally.pyramid-csrf-check-disabled-globally origin: community - id: python.pyramid.security.direct-use-of-response.pyramid-direct-use-of-response message: Detected data rendered directly to the end user via 'Response'. This bypasses @@ -33183,13 +34214,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.pyramid.security.direct-use-of-response.pyramid-direct-use-of-response shortlink: https://sg.run/DX8G semgrep.dev: rule: rule_id: gxUeA8 - version_id: 9lTEQy - url: https://semgrep.dev/playground/r/9lTEQy/python.pyramid.security.direct-use-of-response.pyramid-direct-use-of-response + version_id: ZRTwkw + url: https://semgrep.dev/playground/r/ZRTwkw/python.pyramid.security.direct-use-of-response.pyramid-direct-use-of-response origin: community languages: - python @@ -33247,13 +34280,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.pyramid.security.sqlalchemy-sql-injection.pyramid-sqlalchemy-sql-injection shortlink: https://sg.run/W7eE semgrep.dev: rule: rule_id: QrUZ7l - version_id: yeTQk2 - url: https://semgrep.dev/playground/r/yeTQk2/python.pyramid.security.sqlalchemy-sql-injection.pyramid-sqlalchemy-sql-injection + version_id: nWT75e + url: https://semgrep.dev/playground/r/nWT75e/python.pyramid.security.sqlalchemy-sql-injection.pyramid-sqlalchemy-sql-injection origin: community mode: taint pattern-sources: @@ -33345,13 +34380,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.sqlalchemy.security.sqlalchemy-sql-injection.sqlalchemy-sql-injection shortlink: https://sg.run/J3Xo semgrep.dev: rule: rule_id: BYUBWo - version_id: xyT9Lw - url: https://semgrep.dev/playground/r/xyT9Lw/python.sqlalchemy.security.sqlalchemy-sql-injection.sqlalchemy-sql-injection + version_id: QkTJ3z + url: https://semgrep.dev/playground/r/QkTJ3z/python.sqlalchemy.security.sqlalchemy-sql-injection.sqlalchemy-sql-injection origin: community - id: ruby.aws-lambda.security.activerecord-sqli.activerecord-sqli languages: @@ -33383,13 +34420,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.aws-lambda.security.activerecord-sqli.activerecord-sqli shortlink: https://sg.run/vXvY semgrep.dev: rule: rule_id: 0oUw9g - version_id: JdT83X - url: https://semgrep.dev/playground/r/JdT83X/ruby.aws-lambda.security.activerecord-sqli.activerecord-sqli + version_id: 3ZTdKB + url: https://semgrep.dev/playground/r/3ZTdKB/ruby.aws-lambda.security.activerecord-sqli.activerecord-sqli origin: community pattern-sinks: - patterns: @@ -33438,13 +34477,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.aws-lambda.security.mysql2-sqli.mysql2-sqli shortlink: https://sg.run/dJLE semgrep.dev: rule: rule_id: KxUrQ3 - version_id: 5PTbPb - url: https://semgrep.dev/playground/r/5PTbPb/ruby.aws-lambda.security.mysql2-sqli.mysql2-sqli + version_id: 44ToN2 + url: https://semgrep.dev/playground/r/44ToN2/ruby.aws-lambda.security.mysql2-sqli.mysql2-sqli origin: community pattern-sinks: - patterns: @@ -33496,13 +34537,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.aws-lambda.security.pg-sqli.pg-sqli shortlink: https://sg.run/ZKww semgrep.dev: rule: rule_id: qNUQee - version_id: GxTpxd - url: https://semgrep.dev/playground/r/GxTpxd/ruby.aws-lambda.security.pg-sqli.pg-sqli + version_id: PkTYwo + url: https://semgrep.dev/playground/r/PkTYwo/ruby.aws-lambda.security.pg-sqli.pg-sqli origin: community pattern-sinks: - patterns: @@ -33555,13 +34598,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.aws-lambda.security.sequel-sqli.sequel-sqli shortlink: https://sg.run/n9vY semgrep.dev: rule: rule_id: lBUy2N - version_id: RGTjQG - url: https://semgrep.dev/playground/r/RGTjQG/ruby.aws-lambda.security.sequel-sqli.sequel-sqli + version_id: JdTqw6 + url: https://semgrep.dev/playground/r/JdTqw6/ruby.aws-lambda.security.sequel-sqli.sequel-sqli origin: community pattern-sinks: - patterns: @@ -33612,13 +34657,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/ruby.aws-lambda.security.tainted-deserialization.tainted-deserialization shortlink: https://sg.run/dplX semgrep.dev: rule: rule_id: zdUlNJ - version_id: DkT3e4 - url: https://semgrep.dev/playground/r/DkT3e4/ruby.aws-lambda.security.tainted-deserialization.tainted-deserialization + version_id: 5PT6ly + url: https://semgrep.dev/playground/r/5PT6ly/ruby.aws-lambda.security.tainted-deserialization.tainted-deserialization origin: community pattern-sinks: - patterns: @@ -33674,13 +34721,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.aws-lambda.security.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/EB7N semgrep.dev: rule: rule_id: PeUxOE - version_id: WrTk6A - url: https://semgrep.dev/playground/r/WrTk6A/ruby.aws-lambda.security.tainted-sql-string.tainted-sql-string + version_id: GxT2Oo + url: https://semgrep.dev/playground/r/GxT2Oo/ruby.aws-lambda.security.tainted-sql-string.tainted-sql-string origin: community mode: taint pattern-sources: @@ -33760,13 +34809,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/ruby.lang.security.bad-deserialization.bad-deserialization shortlink: https://sg.run/DJj2 semgrep.dev: rule: rule_id: lBUdQg - version_id: pZT4jr - url: https://semgrep.dev/playground/r/pZT4jr/ruby.lang.security.bad-deserialization.bad-deserialization + version_id: qkTNgJ + url: https://semgrep.dev/playground/r/qkTNgJ/ruby.lang.security.bad-deserialization.bad-deserialization origin: community languages: - ruby @@ -33822,13 +34873,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-exec.dangerous-exec shortlink: https://sg.run/R8GY semgrep.dev: rule: rule_id: WAUZOw - version_id: 2KTA62 - url: https://semgrep.dev/playground/r/2KTA62/ruby.lang.security.dangerous-exec.dangerous-exec + version_id: 6xTe7A + url: https://semgrep.dev/playground/r/6xTe7A/ruby.lang.security.dangerous-exec.dangerous-exec origin: community severity: WARNING languages: @@ -33849,13 +34902,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/ruby.lang.security.divide-by-zero.divide-by-zero shortlink: https://sg.run/KWpP semgrep.dev: rule: rule_id: oqUzXA - version_id: yeTQdX - url: https://semgrep.dev/playground/r/yeTQdX/ruby.lang.security.divide-by-zero.divide-by-zero + version_id: X0TPe0 + url: https://semgrep.dev/playground/r/X0TPe0/ruby.lang.security.divide-by-zero.divide-by-zero origin: community languages: - ruby @@ -33892,13 +34947,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.lang.security.force-ssl-false.force-ssl-false shortlink: https://sg.run/YgkW semgrep.dev: rule: rule_id: 2ZU4lx - version_id: NdT55D - url: https://semgrep.dev/playground/r/NdT55D/ruby.lang.security.force-ssl-false.force-ssl-false + version_id: 9lTzN2 + url: https://semgrep.dev/playground/r/9lTzN2/ruby.lang.security.force-ssl-false.force-ssl-false origin: community languages: - ruby @@ -33934,13 +34991,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/ruby.lang.security.hardcoded-secret-rsa-passphrase.hardcoded-secret-rsa-passphrase shortlink: https://sg.run/xPEe semgrep.dev: rule: rule_id: bwULyN - version_id: bZTjz4 - url: https://semgrep.dev/playground/r/bZTjz4/ruby.lang.security.hardcoded-secret-rsa-passphrase.hardcoded-secret-rsa-passphrase + version_id: qkTq7w + url: https://semgrep.dev/playground/r/qkTq7w/ruby.lang.security.hardcoded-secret-rsa-passphrase.hardcoded-secret-rsa-passphrase origin: community patterns: - pattern-either: @@ -34042,13 +35101,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.lang.security.insufficient-rsa-key-size.insufficient-rsa-key-size shortlink: https://sg.run/O4Re semgrep.dev: rule: rule_id: NbUe4N - version_id: xyT99A - url: https://semgrep.dev/playground/r/xyT99A/ruby.lang.security.insufficient-rsa-key-size.insufficient-rsa-key-size + version_id: bZTGW2 + url: https://semgrep.dev/playground/r/bZTGW2/ruby.lang.security.insufficient-rsa-key-size.insufficient-rsa-key-size origin: community patterns: - pattern-either: @@ -34108,13 +35169,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.lang.security.json-encoding.json-encoding shortlink: https://sg.run/zkYz semgrep.dev: rule: rule_id: 10UZ8v - version_id: YDTJOB - url: https://semgrep.dev/playground/r/YDTJOB/ruby.lang.security.json-encoding.json-encoding + version_id: kbT7vl + url: https://semgrep.dev/playground/r/kbT7vl/ruby.lang.security.json-encoding.json-encoding origin: community languages: - ruby @@ -34149,13 +35212,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.lang.security.md5-used-as-password.md5-used-as-password shortlink: https://sg.run/GOZy semgrep.dev: rule: rule_id: oqU4p2 - version_id: ZRTBBG - url: https://semgrep.dev/playground/r/ZRTBBG/ruby.lang.security.md5-used-as-password.md5-used-as-password + version_id: O9TyLb + url: https://semgrep.dev/playground/r/O9TyLb/ruby.lang.security.md5-used-as-password.md5-used-as-password origin: community mode: taint pattern-sources: @@ -34191,13 +35256,15 @@ rules: - ruby - rails license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.no-eval.ruby-eval shortlink: https://sg.run/bDwZ semgrep.dev: rule: rule_id: OrUGNk - version_id: rxTq2d - url: https://semgrep.dev/playground/r/rxTq2d/ruby.lang.security.no-eval.ruby-eval + version_id: 7ZTOqz + url: https://semgrep.dev/playground/r/7ZTOqz/ruby.lang.security.no-eval.ruby-eval origin: community languages: - ruby @@ -34257,13 +35324,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/ruby.lang.security.ssl-mode-no-verify.ssl-mode-no-verify shortlink: https://sg.run/kLxX semgrep.dev: rule: rule_id: v8U5Yn - version_id: 44Txx5 - url: https://semgrep.dev/playground/r/44Txx5/ruby.lang.security.ssl-mode-no-verify.ssl-mode-no-verify + version_id: 8KTbO4 + url: https://semgrep.dev/playground/r/8KTbO4/ruby.lang.security.ssl-mode-no-verify.ssl-mode-no-verify origin: community - id: ruby.lang.security.weak-hashes-md5.weak-hashes-md5 message: Should not use md5 to generate hashes. md5 is proven to be vulnerable through @@ -34286,13 +35355,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/ruby.lang.security.weak-hashes-md5.weak-hashes-md5 shortlink: https://sg.run/O1re semgrep.dev: rule: rule_id: nJUYxZ - version_id: qkTz15 - url: https://semgrep.dev/playground/r/qkTz15/ruby.lang.security.weak-hashes-md5.weak-hashes-md5 + version_id: 3ZTdDB + url: https://semgrep.dev/playground/r/3ZTdDB/ruby.lang.security.weak-hashes-md5.weak-hashes-md5 origin: community languages: - ruby @@ -34328,13 +35399,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/ruby.lang.security.weak-hashes-sha1.weak-hashes-sha1 shortlink: https://sg.run/e4qX semgrep.dev: rule: rule_id: EwU4jq - version_id: GxT444 - url: https://semgrep.dev/playground/r/GxT444/ruby.lang.security.weak-hashes-sha1.weak-hashes-sha1 + version_id: 44ToW2 + url: https://semgrep.dev/playground/r/44ToW2/ruby.lang.security.weak-hashes-sha1.weak-hashes-sha1 origin: community languages: - ruby @@ -34372,13 +35445,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/ruby.rails.security.audit.avoid-session-manipulation.avoid-session-manipulation shortlink: https://sg.run/86q7 semgrep.dev: rule: rule_id: BYUdW6 - version_id: A8Tyyv - url: https://semgrep.dev/playground/r/A8Tyyv/ruby.rails.security.audit.avoid-session-manipulation.avoid-session-manipulation + version_id: JdTqA6 + url: https://semgrep.dev/playground/r/JdTqA6/ruby.rails.security.audit.avoid-session-manipulation.avoid-session-manipulation origin: community message: This gets data from session using user inputs. A malicious user may be able to retrieve information from your session that you didn't intend them to. @@ -34414,13 +35489,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.audit.avoid-tainted-file-access.avoid-tainted-file-access shortlink: https://sg.run/gYln semgrep.dev: rule: rule_id: DbU1dr - version_id: BjTQQj - url: https://semgrep.dev/playground/r/BjTQQj/ruby.rails.security.audit.avoid-tainted-file-access.avoid-tainted-file-access + version_id: 5PT60y + url: https://semgrep.dev/playground/r/5PT60y/ruby.rails.security.audit.avoid-tainted-file-access.avoid-tainted-file-access origin: community message: Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to. @@ -34492,13 +35569,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.audit.avoid-tainted-ftp-call.avoid-tainted-ftp-call shortlink: https://sg.run/Q9gP semgrep.dev: rule: rule_id: WAUyzp - version_id: DkT334 - url: https://semgrep.dev/playground/r/DkT334/ruby.rails.security.audit.avoid-tainted-ftp-call.avoid-tainted-ftp-call + version_id: GxT25o + url: https://semgrep.dev/playground/r/GxT25o/ruby.rails.security.audit.avoid-tainted-ftp-call.avoid-tainted-ftp-call origin: community message: Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to. @@ -34538,13 +35617,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/ruby.rails.security.audit.avoid-tainted-http-request.avoid-tainted-http-request shortlink: https://sg.run/3rLb semgrep.dev: rule: rule_id: 0oU2x3 - version_id: WrTkkA - url: https://semgrep.dev/playground/r/WrTkkA/ruby.rails.security.audit.avoid-tainted-http-request.avoid-tainted-http-request + version_id: RGTbYA + url: https://semgrep.dev/playground/r/RGTbYA/ruby.rails.security.audit.avoid-tainted-http-request.avoid-tainted-http-request origin: community message: Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to. @@ -34625,13 +35706,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/ruby.rails.security.audit.avoid-tainted-shell-call.avoid-tainted-shell-call shortlink: https://sg.run/4e8E semgrep.dev: rule: rule_id: KxU72k - version_id: 1QTnze - url: https://semgrep.dev/playground/r/1QTnze/ruby.rails.security.audit.avoid-tainted-shell-call.avoid-tainted-shell-call + version_id: A8TR15 + url: https://semgrep.dev/playground/r/A8TR15/ruby.rails.security.audit.avoid-tainted-shell-call.avoid-tainted-shell-call origin: community message: Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to. @@ -34713,34 +35796,23 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.rails.security.audit.dynamic-finders.dynamic-finders shortlink: https://sg.run/5yNW semgrep.dev: rule: rule_id: gxUJ8A - version_id: l4Twrr - url: https://semgrep.dev/playground/r/l4Twrr/ruby.rails.security.audit.dynamic-finders.dynamic-finders + version_id: 1QTxQB + url: https://semgrep.dev/playground/r/1QTxQB/ruby.rails.security.audit.dynamic-finders.dynamic-finders origin: community - message: Discovered an application that uses MySQL and find_by_* dynamic finders - on potentially sensitive fields. There is a vulnerability in MySQL integer conversion, - which could case "0" to match any string, and could therefore lead to sensitive - data being exposed. Instead, upgrade to Rails version 4. + message: This rule is deprecated. languages: - ruby severity: WARNING - mode: taint - pattern-sources: - - pattern: params - - pattern: request.env - pattern-sinks: - - pattern: "$X.find_by_token(...)" - - pattern: "$X.find_by_guid(...)" - - pattern: "$X.find_by_password(...)" - - pattern: "$X.find_by_api_key(...)" - - pattern: "$X.find_by_activation(...)" - - pattern: "$X.find_by_code(...)" - - pattern: "$X.find_by_private(...)" - - pattern: "$X.find_by_reset(...)" + patterns: + - pattern: a() + - pattern: b() - id: ruby.rails.security.audit.number-to-currency.number-to-currency metadata: owasp: @@ -34763,13 +35835,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.number-to-currency.number-to-currency shortlink: https://sg.run/veD4 semgrep.dev: rule: rule_id: yyUAl9 - version_id: jQTbNj - url: https://semgrep.dev/playground/r/jQTbNj/ruby.rails.security.audit.number-to-currency.number-to-currency + version_id: l4T5w2 + url: https://semgrep.dev/playground/r/l4T5w2/ruby.rails.security.audit.number-to-currency.number-to-currency origin: community message: This rule is deprecated. languages: @@ -34800,13 +35874,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.rails.security.audit.quote-table-name.quote-table-name shortlink: https://sg.run/d1dY semgrep.dev: rule: rule_id: r6U2dJ - version_id: 1QT9kp - url: https://semgrep.dev/playground/r/1QT9kp/ruby.rails.security.audit.quote-table-name.quote-table-name + version_id: YDToj8 + url: https://semgrep.dev/playground/r/YDToj8/ruby.rails.security.audit.quote-table-name.quote-table-name origin: community message: This rule is deprecated. languages: @@ -34876,13 +35952,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.rails.security.audit.sqli.ruby-pg-sqli.ruby-pg-sqli shortlink: https://sg.run/kL0o semgrep.dev: rule: rule_id: NbUAz7 - version_id: A8Twrl - url: https://semgrep.dev/playground/r/A8Twrl/ruby.rails.security.audit.sqli.ruby-pg-sqli.ruby-pg-sqli + version_id: WrTb2D + url: https://semgrep.dev/playground/r/WrTb2D/ruby.rails.security.audit.sqli.ruby-pg-sqli.ruby-pg-sqli origin: community severity: WARNING - id: ruby.rails.security.audit.xss.avoid-link-to.avoid-link-to @@ -34908,13 +35986,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-link-to.avoid-link-to shortlink: https://sg.run/JxXQ semgrep.dev: rule: rule_id: lBU8Qj - version_id: zyTX9A - url: https://semgrep.dev/playground/r/zyTX9A/ruby.rails.security.audit.xss.avoid-link-to.avoid-link-to + version_id: l4T5wG + url: https://semgrep.dev/playground/r/l4T5wG/ruby.rails.security.audit.xss.avoid-link-to.avoid-link-to origin: community message: This code includes user input in `link_to`. In Rails 2.x, the body of `link_to` is not escaped. This means that user input which reaches the body will be executed @@ -34962,13 +36042,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-redirect.avoid-redirect shortlink: https://sg.run/5DY3 semgrep.dev: rule: rule_id: YGUDqJ - version_id: 2KTAX4 - url: https://semgrep.dev/playground/r/2KTAX4/ruby.rails.security.audit.xss.avoid-redirect.avoid-redirect + version_id: 6xTeOg + url: https://semgrep.dev/playground/r/6xTeOg/ruby.rails.security.audit.xss.avoid-redirect.avoid-redirect origin: community message: When a redirect uses user input, a malicious user can spoof a website under a trusted URL or access restricted parts of a site. When using user-supplied values, @@ -35033,13 +36115,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-render-dynamic-path.avoid-render-dynamic-path shortlink: https://sg.run/GO2n semgrep.dev: rule: rule_id: 6JU1bL - version_id: X0Top7 - url: https://semgrep.dev/playground/r/X0Top7/ruby.rails.security.audit.xss.avoid-render-dynamic-path.avoid-render-dynamic-path + version_id: o5Tnj1 + url: https://semgrep.dev/playground/r/o5Tnj1/ruby.rails.security.audit.xss.avoid-render-dynamic-path.avoid-render-dynamic-path origin: community message: Avoid rendering user input. It may be possible for a malicious user to input a path that lets them access a template they shouldn't. To prevent this, @@ -35099,13 +36183,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-before-filter.check-before-filter shortlink: https://sg.run/O4Zn semgrep.dev: rule: rule_id: wdUkBP - version_id: vdT74w - url: https://semgrep.dev/playground/r/vdT74w/ruby.rails.security.brakeman.check-before-filter.check-before-filter + version_id: xyT4DW + url: https://semgrep.dev/playground/r/xyT4DW/ruby.rails.security.brakeman.check-before-filter.check-before-filter origin: community - id: ruby.rails.security.brakeman.check-dynamic-render-local-file-include.check-dynamic-render-local-file-include mode: search @@ -35148,13 +36234,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-dynamic-render-local-file-include.check-dynamic-render-local-file-include shortlink: https://sg.run/3QWl semgrep.dev: rule: rule_id: JDUokO - version_id: nWTdll - url: https://semgrep.dev/playground/r/nWTdll/ruby.rails.security.brakeman.check-dynamic-render-local-file-include.check-dynamic-render-local-file-include + version_id: e1Tx2z + url: https://semgrep.dev/playground/r/e1Tx2z/ruby.rails.security.brakeman.check-dynamic-render-local-file-include.check-dynamic-render-local-file-include origin: community - id: ruby.rails.security.brakeman.check-http-verb-confusion.check-http-verb-confusion mode: search @@ -35194,13 +36282,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-http-verb-confusion.check-http-verb-confusion shortlink: https://sg.run/eJ6y semgrep.dev: rule: rule_id: x8UdDE - version_id: ExTdby - url: https://semgrep.dev/playground/r/ExTdby/ruby.rails.security.brakeman.check-http-verb-confusion.check-http-verb-confusion + version_id: vdT2A4 + url: https://semgrep.dev/playground/r/vdT2A4/ruby.rails.security.brakeman.check-http-verb-confusion.check-http-verb-confusion origin: community - id: ruby.rails.security.brakeman.check-rails-session-secret-handling.check-rails-session-secret-handling patterns: @@ -35248,13 +36338,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-rails-session-secret-handling.check-rails-session-secret-handling shortlink: https://sg.run/KyJd semgrep.dev: rule: rule_id: lBUX1r - version_id: ZRTYGn - url: https://semgrep.dev/playground/r/ZRTYGn/ruby.rails.security.brakeman.check-rails-session-secret-handling.check-rails-session-secret-handling + version_id: ExTn3N + url: https://semgrep.dev/playground/r/ExTn3N/ruby.rails.security.brakeman.check-rails-session-secret-handling.check-rails-session-secret-handling origin: community - id: ruby.rails.security.brakeman.check-redirect-to.check-redirect-to mode: taint @@ -35336,13 +36428,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-redirect-to.check-redirect-to shortlink: https://sg.run/eJNX semgrep.dev: rule: rule_id: kxUOJ6 - version_id: QkTBL5 - url: https://semgrep.dev/playground/r/QkTBL5/ruby.rails.security.brakeman.check-redirect-to.check-redirect-to + version_id: 7ZTOjn + url: https://semgrep.dev/playground/r/7ZTOjn/ruby.rails.security.brakeman.check-redirect-to.check-redirect-to origin: community - id: ruby.rails.security.brakeman.check-regex-dos.check-regex-dos mode: taint @@ -35411,13 +36505,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-regex-dos.check-regex-dos shortlink: https://sg.run/qZwx semgrep.dev: rule: rule_id: YGUY4R - version_id: yeTWdZ - url: https://semgrep.dev/playground/r/yeTWdZ/ruby.rails.security.brakeman.check-regex-dos.check-regex-dos + version_id: LjT0ok + url: https://semgrep.dev/playground/r/LjT0ok/ruby.rails.security.brakeman.check-regex-dos.check-regex-dos origin: community - id: ruby.rails.security.brakeman.check-render-local-file-include.check-render-local-file-include mode: taint @@ -35480,13 +36576,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-render-local-file-include.check-render-local-file-include shortlink: https://sg.run/Jw8Z semgrep.dev: rule: rule_id: ReU2pZ - version_id: A8Tw7K - url: https://semgrep.dev/playground/r/A8Tw7K/ruby.rails.security.brakeman.check-render-local-file-include.check-render-local-file-include + version_id: 8KTb7N + url: https://semgrep.dev/playground/r/8KTb7N/ruby.rails.security.brakeman.check-render-local-file-include.check-render-local-file-include origin: community - id: ruby.rails.security.brakeman.check-reverse-tabnabbing.check-reverse-tabnabbing mode: search @@ -35555,13 +36653,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-reverse-tabnabbing.check-reverse-tabnabbing shortlink: https://sg.run/r30j semgrep.dev: rule: rule_id: DbUNX4 - version_id: PkTEK8 - url: https://semgrep.dev/playground/r/PkTEK8/ruby.rails.security.brakeman.check-reverse-tabnabbing.check-reverse-tabnabbing + version_id: gETqor + url: https://semgrep.dev/playground/r/gETqor/ruby.rails.security.brakeman.check-reverse-tabnabbing.check-reverse-tabnabbing origin: community - id: ruby.rails.security.brakeman.check-secrets.check-secrets patterns: @@ -35597,13 +36697,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-secrets.check-secrets shortlink: https://sg.run/5ZKl semgrep.dev: rule: rule_id: AbUNqO - version_id: JdT248 - url: https://semgrep.dev/playground/r/JdT248/ruby.rails.security.brakeman.check-secrets.check-secrets + version_id: QkTJjA + url: https://semgrep.dev/playground/r/QkTJjA/ruby.rails.security.brakeman.check-secrets.check-secrets origin: community - id: ruby.rails.security.brakeman.check-send-file.check-send-file mode: taint @@ -35655,13 +36757,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-send-file.check-send-file shortlink: https://sg.run/GbY1 semgrep.dev: rule: rule_id: BYUKbl - version_id: 5PTBxg - url: https://semgrep.dev/playground/r/5PTBxg/ruby.rails.security.brakeman.check-send-file.check-send-file + version_id: 3ZTdzb + url: https://semgrep.dev/playground/r/3ZTdzb/ruby.rails.security.brakeman.check-send-file.check-send-file origin: community - id: ruby.rails.security.brakeman.check-sql.check-sql mode: taint @@ -35762,13 +36866,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-sql.check-sql shortlink: https://sg.run/vpgb semgrep.dev: rule: rule_id: OrUv2z - version_id: 6xTO5q - url: https://semgrep.dev/playground/r/6xTO5q/ruby.rails.security.brakeman.check-sql.check-sql + version_id: 44TowG + url: https://semgrep.dev/playground/r/44TowG/ruby.rails.security.brakeman.check-sql.check-sql origin: community - id: ruby.rails.security.brakeman.check-unsafe-reflection-methods.check-unsafe-reflection-methods mode: taint @@ -35823,13 +36929,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-unsafe-reflection-methods.check-unsafe-reflection-methods shortlink: https://sg.run/dPYd semgrep.dev: rule: rule_id: eqUZ2Q - version_id: nWTgGX - url: https://semgrep.dev/playground/r/nWTgGX/ruby.rails.security.brakeman.check-unsafe-reflection-methods.check-unsafe-reflection-methods + version_id: PkTYXn + url: https://semgrep.dev/playground/r/PkTYXn/ruby.rails.security.brakeman.check-unsafe-reflection-methods.check-unsafe-reflection-methods origin: community - id: ruby.rails.security.brakeman.check-unsafe-reflection.check-unsafe-reflection mode: taint @@ -35889,13 +36997,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-unsafe-reflection.check-unsafe-reflection shortlink: https://sg.run/vpEX semgrep.dev: rule: rule_id: wdUkYA - version_id: ExT0qZ - url: https://semgrep.dev/playground/r/ExT0qZ/ruby.rails.security.brakeman.check-unsafe-reflection.check-unsafe-reflection + version_id: JdTqY2 + url: https://semgrep.dev/playground/r/JdTqY2/ruby.rails.security.brakeman.check-unsafe-reflection.check-unsafe-reflection origin: community - id: ruby.rails.security.brakeman.check-unscoped-find.check-unscoped-find mode: taint @@ -35953,13 +37063,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-unscoped-find.check-unscoped-find shortlink: https://sg.run/dPbP semgrep.dev: rule: rule_id: x8Ud6d - version_id: d6T11N - url: https://semgrep.dev/playground/r/d6T11N/ruby.rails.security.brakeman.check-unscoped-find.check-unscoped-find + version_id: 5PT62x + url: https://semgrep.dev/playground/r/5PT62x/ruby.rails.security.brakeman.check-unscoped-find.check-unscoped-find origin: community - id: ruby.rails.security.brakeman.check-validation-regex.check-validation-regex mode: search @@ -36002,13 +37114,15 @@ rules: likelihood: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-validation-regex.check-validation-regex shortlink: https://sg.run/ZPo7 semgrep.dev: rule: rule_id: OrUv1X - version_id: rxTJ8A - url: https://semgrep.dev/playground/r/rxTJ8A/ruby.rails.security.brakeman.check-validation-regex.check-validation-regex + version_id: GxT2Kb + url: https://semgrep.dev/playground/r/GxT2Kb/ruby.rails.security.brakeman.check-validation-regex.check-validation-regex origin: community - id: ruby.rails.security.injection.raw-html-format.raw-html-format languages: @@ -36041,13 +37155,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.injection.raw-html-format.raw-html-format shortlink: https://sg.run/b2JQ semgrep.dev: rule: rule_id: kxUwZX - version_id: 0bTQZ4 - url: https://semgrep.dev/playground/r/0bTQZ4/ruby.rails.security.injection.raw-html-format.raw-html-format + version_id: A8TRZ1 + url: https://semgrep.dev/playground/r/A8TRZ1/ruby.rails.security.injection.raw-html-format.raw-html-format origin: community mode: taint pattern-sanitizers: @@ -36108,13 +37224,15 @@ rules: likelihood: MEDIUM impact: HIGH confidence: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/Y85o semgrep.dev: rule: rule_id: bwU8gl - version_id: bZTqE5 - url: https://semgrep.dev/playground/r/bZTqE5/ruby.rails.security.injection.tainted-sql-string.tainted-sql-string + version_id: BjTEnn + url: https://semgrep.dev/playground/r/BjTEnn/ruby.rails.security.injection.tainted-sql-string.tainted-sql-string origin: community mode: taint pattern-sources: @@ -36190,13 +37308,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.injection.tainted-url-host.tainted-url-host shortlink: https://sg.run/RX3g semgrep.dev: rule: rule_id: zdUY0W - version_id: qkT9rq - url: https://semgrep.dev/playground/r/qkT9rq/ruby.rails.security.injection.tainted-url-host.tainted-url-host + version_id: DkTQZP + url: https://semgrep.dev/playground/r/DkTQZP/ruby.rails.security.injection.tainted-url-host.tainted-url-host origin: community mode: taint pattern-sanitizers: @@ -36243,13 +37363,15 @@ rules: impact: MEDIUM subcategory: vuln license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/rust.lang.security.reqwest-accept-invalid.reqwest-accept-invalid shortlink: https://sg.run/DqrG semgrep.dev: rule: rule_id: qNUKDg - version_id: YDTGox - url: https://semgrep.dev/playground/r/YDTGox/rust.lang.security.reqwest-accept-invalid.reqwest-accept-invalid + version_id: l4T5AG + url: https://semgrep.dev/playground/r/l4T5AG/rust.lang.security.reqwest-accept-invalid.reqwest-accept-invalid origin: community languages: - rust @@ -36276,13 +37398,15 @@ rules: impact: MEDIUM subcategory: vuln license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/rust.lang.security.rustls-dangerous.rustls-dangerous shortlink: https://sg.run/01Rw semgrep.dev: rule: rule_id: YGU8LK - version_id: DkT4wA - url: https://semgrep.dev/playground/r/DkT4wA/rust.lang.security.rustls-dangerous.rustls-dangerous + version_id: 6xTewg + url: https://semgrep.dev/playground/r/6xTewg/rust.lang.security.rustls-dangerous.rustls-dangerous origin: community languages: - rust @@ -36302,13 +37426,15 @@ rules: impact: MEDIUM subcategory: vuln license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/rust.lang.security.ssl-verify-none.ssl-verify-none shortlink: https://sg.run/K2Pn semgrep.dev: rule: rule_id: 6JU0Bl - version_id: zyTg5v - url: https://semgrep.dev/playground/r/zyTg5v/rust.lang.security.ssl-verify-none.ssl-verify-none + version_id: o5Tnp1 + url: https://semgrep.dev/playground/r/o5Tnp1/rust.lang.security.ssl-verify-none.ssl-verify-none origin: community languages: - rust @@ -36396,13 +37522,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/scala.jwt-scala.security.jwt-scala-hardcode.jwt-scala-hardcode shortlink: https://sg.run/8zE7 semgrep.dev: rule: rule_id: WAUdK0 - version_id: O9T4yg - url: https://semgrep.dev/playground/r/O9T4yg/scala.jwt-scala.security.jwt-scala-hardcode.jwt-scala-hardcode + version_id: 2KT1oq + url: https://semgrep.dev/playground/r/2KT1oq/scala.jwt-scala.security.jwt-scala-hardcode.jwt-scala-hardcode origin: community - id: scala.lang.security.audit.documentbuilder-dtd-enabled.documentbuilder-dtd-enabled patterns: @@ -36489,13 +37617,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/scala.lang.security.audit.documentbuilder-dtd-enabled.documentbuilder-dtd-enabled shortlink: https://sg.run/gRQn semgrep.dev: rule: rule_id: 0oUwzP - version_id: ZRTBwZ - url: https://semgrep.dev/playground/r/ZRTBwZ/scala.lang.security.audit.documentbuilder-dtd-enabled.documentbuilder-dtd-enabled + version_id: 9lTz9K + url: https://semgrep.dev/playground/r/9lTz9K/scala.lang.security.audit.documentbuilder-dtd-enabled.documentbuilder-dtd-enabled origin: community - id: scala.lang.security.audit.tainted-sql-string.tainted-sql-string languages: @@ -36527,13 +37657,15 @@ rules: - vuln likelihood: MEDIUM impact: HIGH + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/scala.lang.security.audit.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/ALD6 semgrep.dev: rule: rule_id: WAUY8B - version_id: PkTELW - url: https://semgrep.dev/playground/r/PkTELW/scala.lang.security.audit.tainted-sql-string.tainted-sql-string + version_id: vdT2w4 + url: https://semgrep.dev/playground/r/vdT2w4/scala.lang.security.audit.tainted-sql-string.tainted-sql-string origin: community pattern-sources: - patterns: @@ -36668,13 +37800,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/scala.play.security.conf-csrf-headers-bypass.conf-csrf-headers-bypass shortlink: https://sg.run/4DEE semgrep.dev: rule: rule_id: lBUyRR - version_id: 5PTB54 - url: https://semgrep.dev/playground/r/5PTB54/scala.play.security.conf-csrf-headers-bypass.conf-csrf-headers-bypass + version_id: ZRTw9e + url: https://semgrep.dev/playground/r/ZRTw9e/scala.play.security.conf-csrf-headers-bypass.conf-csrf-headers-bypass origin: community - id: scala.play.security.conf-insecure-cookie-settings.conf-insecure-cookie-settings patterns: @@ -36711,13 +37845,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/scala.play.security.conf-insecure-cookie-settings.conf-insecure-cookie-settings shortlink: https://sg.run/8z8N semgrep.dev: rule: rule_id: GdUDJO - version_id: zyTvAY - url: https://semgrep.dev/playground/r/zyTvAY/scala.play.security.conf-insecure-cookie-settings.conf-insecure-cookie-settings + version_id: nWT7bp + url: https://semgrep.dev/playground/r/nWT7bp/scala.play.security.conf-insecure-cookie-settings.conf-insecure-cookie-settings origin: community - id: scala.play.security.tainted-html-response.tainted-html-response mode: taint @@ -36742,13 +37878,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/scala.play.security.tainted-html-response.tainted-html-response shortlink: https://sg.run/BG96 semgrep.dev: rule: rule_id: 0oUwn2 - version_id: LjT8P8 - url: https://semgrep.dev/playground/r/LjT8P8/scala.play.security.tainted-html-response.tainted-html-response + version_id: ExTnLN + url: https://semgrep.dev/playground/r/ExTnLN/scala.play.security.tainted-html-response.tainted-html-response origin: community message: Detected a request with potential user-input going into an `Ok()` response. This bypasses any view or template environments, including HTML escaping, which @@ -36837,13 +37975,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/scala.play.security.tainted-slick-sqli.tainted-slick-sqli shortlink: https://sg.run/k9K2 semgrep.dev: rule: rule_id: GdUDWO - version_id: A8TyYe - url: https://semgrep.dev/playground/r/A8TyYe/scala.play.security.tainted-slick-sqli.tainted-slick-sqli + version_id: 7ZTOln + url: https://semgrep.dev/playground/r/7ZTOln/scala.play.security.tainted-slick-sqli.tainted-slick-sqli origin: community message: Detected a tainted SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Avoid using using user input @@ -36919,13 +38059,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/scala.play.security.tainted-sql-from-http-request.tainted-sql-from-http-request shortlink: https://sg.run/BeW9 semgrep.dev: rule: rule_id: 0oUpon - version_id: BjTQYe - url: https://semgrep.dev/playground/r/BjTQYe/scala.play.security.tainted-sql-from-http-request.tainted-sql-from-http-request + version_id: LjT0Wk + url: https://semgrep.dev/playground/r/LjT0Wk/scala.play.security.tainted-sql-from-http-request.tainted-sql-from-http-request origin: community pattern-sources: - patterns: @@ -37046,13 +38188,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-cloudfront-insecure-tls.aws-insecure-cloudfront-distribution-tls-version shortlink: https://sg.run/Q6o4 semgrep.dev: rule: rule_id: kxU6A8 - version_id: d6TYg1 - url: https://semgrep.dev/playground/r/d6TYg1/terraform.aws.security.aws-cloudfront-insecure-tls.aws-insecure-cloudfront-distribution-tls-version + version_id: BjTEgn + url: https://semgrep.dev/playground/r/BjTEgn/terraform.aws.security.aws-cloudfront-insecure-tls.aws-insecure-cloudfront-distribution-tls-version origin: community languages: - hcl @@ -37091,13 +38235,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-cloudwatch-log-group-no-retention.aws-cloudwatch-log-group-no-retention shortlink: https://sg.run/4lwl semgrep.dev: rule: rule_id: x8UGBG - version_id: nWT3N3 - url: https://semgrep.dev/playground/r/nWT3N3/terraform.aws.security.aws-cloudwatch-log-group-no-retention.aws-cloudwatch-log-group-no-retention + version_id: WrTbXD + url: https://semgrep.dev/playground/r/WrTbXD/terraform.aws.security.aws-cloudwatch-log-group-no-retention.aws-cloudwatch-log-group-no-retention origin: community - id: terraform.aws.security.aws-codebuild-project-unencrypted.aws-codebuild-project-unencrypted patterns: @@ -37134,13 +38280,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-codebuild-project-unencrypted.aws-codebuild-project-unencrypted shortlink: https://sg.run/5yxA semgrep.dev: rule: rule_id: v8U4kG - version_id: LjTjeb - url: https://semgrep.dev/playground/r/LjTjeb/terraform.aws.security.aws-codebuild-project-unencrypted.aws-codebuild-project-unencrypted + version_id: l4T5KG + url: https://semgrep.dev/playground/r/l4T5KG/terraform.aws.security.aws-codebuild-project-unencrypted.aws-codebuild-project-unencrypted origin: community - id: terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging patterns: @@ -37177,13 +38325,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging shortlink: https://sg.run/GyAp semgrep.dev: rule: rule_id: d8U4RA - version_id: gETKX7 - url: https://semgrep.dev/playground/r/gETKX7/terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging + version_id: JdTqBr + url: https://semgrep.dev/playground/r/JdTqBr/terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging origin: community - id: terraform.aws.security.aws-dynamodb-table-unencrypted.aws-dynamodb-table-unencrypted patterns: @@ -37225,13 +38375,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-dynamodb-table-unencrypted.aws-dynamodb-table-unencrypted shortlink: https://sg.run/Ay4p semgrep.dev: rule: rule_id: nJUGe2 - version_id: JdTXRq - url: https://semgrep.dev/playground/r/JdTXRq/terraform.aws.security.aws-dynamodb-table-unencrypted.aws-dynamodb-table-unencrypted + version_id: BjTEgw + url: https://semgrep.dev/playground/r/BjTEgw/terraform.aws.security.aws-dynamodb-table-unencrypted.aws-dynamodb-table-unencrypted origin: community - id: terraform.aws.security.aws-ebs-snapshot-encrypted-with-cmk.aws-ebs-snapshot-encrypted-with-cmk patterns: @@ -37267,13 +38419,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ebs-snapshot-encrypted-with-cmk.aws-ebs-snapshot-encrypted-with-cmk shortlink: https://sg.run/ByPW semgrep.dev: rule: rule_id: EwUqko - version_id: 5PTZG5 - url: https://semgrep.dev/playground/r/5PTZG5/terraform.aws.security.aws-ebs-snapshot-encrypted-with-cmk.aws-ebs-snapshot-encrypted-with-cmk + version_id: DkTQPO + url: https://semgrep.dev/playground/r/DkTQPO/terraform.aws.security.aws-ebs-snapshot-encrypted-with-cmk.aws-ebs-snapshot-encrypted-with-cmk origin: community languages: - hcl @@ -37308,13 +38462,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ebs-unencrypted.aws-ebs-unencrypted shortlink: https://sg.run/Dy5Y semgrep.dev: rule: rule_id: 7KUW7K - version_id: GxT1X9 - url: https://semgrep.dev/playground/r/GxT1X9/terraform.aws.security.aws-ebs-unencrypted.aws-ebs-unencrypted + version_id: WrTbXb + url: https://semgrep.dev/playground/r/WrTbXb/terraform.aws.security.aws-ebs-unencrypted.aws-ebs-unencrypted origin: community - id: terraform.aws.security.aws-ec2-has-public-ip.aws-ec2-has-public-ip patterns: @@ -37356,13 +38512,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-ec2-has-public-ip.aws-ec2-has-public-ip shortlink: https://sg.run/08rv semgrep.dev: rule: rule_id: 8GUA2n - version_id: BjTRZx - url: https://semgrep.dev/playground/r/BjTRZx/terraform.aws.security.aws-ec2-has-public-ip.aws-ec2-has-public-ip + version_id: qkTNEY + url: https://semgrep.dev/playground/r/qkTNEY/terraform.aws.security.aws-ec2-has-public-ip.aws-ec2-has-public-ip origin: community languages: - hcl @@ -37438,13 +38596,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-ecr-repository-wildcard-principal.aws-ecr-repository-wildcard-principal shortlink: https://sg.run/nzqb semgrep.dev: rule: rule_id: qNUzov - version_id: YDTLel - url: https://semgrep.dev/playground/r/YDTLel/terraform.aws.security.aws-ecr-repository-wildcard-principal.aws-ecr-repository-wildcard-principal + version_id: X0TP1g + url: https://semgrep.dev/playground/r/X0TP1g/terraform.aws.security.aws-ecr-repository-wildcard-principal.aws-ecr-repository-wildcard-principal origin: community languages: - hcl @@ -37484,13 +38644,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-elasticsearch-insecure-tls-version.aws-elasticsearch-insecure-tls-version shortlink: https://sg.run/PYlq semgrep.dev: rule: rule_id: YGUle7 - version_id: GxT1e6 - url: https://semgrep.dev/playground/r/GxT1e6/terraform.aws.security.aws-elasticsearch-insecure-tls-version.aws-elasticsearch-insecure-tls-version + version_id: 9lTzvy + url: https://semgrep.dev/playground/r/9lTzvy/terraform.aws.security.aws-elasticsearch-insecure-tls-version.aws-elasticsearch-insecure-tls-version origin: community - id: terraform.aws.security.aws-elasticsearch-nodetonode-encryption.aws-elasticsearch-nodetonode-encryption-not-enabled patterns: @@ -37550,13 +38712,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-elasticsearch-nodetonode-encryption.aws-elasticsearch-nodetonode-encryption-not-enabled shortlink: https://sg.run/lp3y semgrep.dev: rule: rule_id: 3qU6J7 - version_id: RGTyLR - url: https://semgrep.dev/playground/r/RGTyLR/terraform.aws.security.aws-elasticsearch-nodetonode-encryption.aws-elasticsearch-nodetonode-encryption-not-enabled + version_id: yeTXE2 + url: https://semgrep.dev/playground/r/yeTXE2/terraform.aws.security.aws-elasticsearch-nodetonode-encryption.aws-elasticsearch-nodetonode-encryption-not-enabled origin: community languages: - hcl @@ -37608,13 +38772,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-glacier-vault-any-principal.aws-glacier-vault-any-principal shortlink: https://sg.run/XN9K semgrep.dev: rule: rule_id: AbUeYK - version_id: K3TxkQ - url: https://semgrep.dev/playground/r/K3TxkQ/terraform.aws.security.aws-glacier-vault-any-principal.aws-glacier-vault-any-principal + version_id: O9Ty9R + url: https://semgrep.dev/playground/r/O9Ty9R/terraform.aws.security.aws-glacier-vault-any-principal.aws-glacier-vault-any-principal origin: community languages: - hcl @@ -37667,13 +38833,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-iam-admin-policy-ssoadmin.aws-iam-admin-policy-ssoadmin shortlink: https://sg.run/jzgY semgrep.dev: rule: rule_id: BYUzY5 - version_id: qkTD7K - url: https://semgrep.dev/playground/r/qkTD7K/terraform.aws.security.aws-iam-admin-policy-ssoadmin.aws-iam-admin-policy-ssoadmin + version_id: e1TxlA + url: https://semgrep.dev/playground/r/e1TxlA/terraform.aws.security.aws-iam-admin-policy-ssoadmin.aws-iam-admin-policy-ssoadmin origin: community languages: - hcl @@ -37727,13 +38895,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-iam-admin-policy.aws-iam-admin-policy shortlink: https://sg.run/1zbw semgrep.dev: rule: rule_id: DbUx8l - version_id: l4TERe - url: https://semgrep.dev/playground/r/l4TERe/terraform.aws.security.aws-iam-admin-policy.aws-iam-admin-policy + version_id: vdT2ED + url: https://semgrep.dev/playground/r/vdT2ED/terraform.aws.security.aws-iam-admin-policy.aws-iam-admin-policy origin: community languages: - hcl @@ -37791,13 +38961,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-insecure-api-gateway-tls-version.aws-insecure-api-gateway-tls-version shortlink: https://sg.run/p98J semgrep.dev: rule: rule_id: v8UOle - version_id: 6xTB94 - url: https://semgrep.dev/playground/r/6xTB94/terraform.aws.security.aws-insecure-api-gateway-tls-version.aws-insecure-api-gateway-tls-version + version_id: ZRTw8k + url: https://semgrep.dev/playground/r/ZRTw8k/terraform.aws.security.aws-insecure-api-gateway-tls-version.aws-insecure-api-gateway-tls-version origin: community - id: terraform.aws.security.aws-insecure-redshift-ssl-configuration.aws-insecure-redshift-ssl-configuration patterns: @@ -37843,13 +39015,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-insecure-redshift-ssl-configuration.aws-insecure-redshift-ssl-configuration shortlink: https://sg.run/yPYx semgrep.dev: rule: rule_id: 0oUrOj - version_id: o5TADQ - url: https://semgrep.dev/playground/r/o5TADQ/terraform.aws.security.aws-insecure-redshift-ssl-configuration.aws-insecure-redshift-ssl-configuration + version_id: nWT7ED + url: https://semgrep.dev/playground/r/nWT7ED/terraform.aws.security.aws-insecure-redshift-ssl-configuration.aws-insecure-redshift-ssl-configuration origin: community languages: - hcl @@ -37905,13 +39079,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-kms-key-wildcard-principal.aws-kms-key-wildcard-principal shortlink: https://sg.run/Nwlp semgrep.dev: rule: rule_id: lBUWPD - version_id: 2KT82k - url: https://semgrep.dev/playground/r/2KT82k/terraform.aws.security.aws-kms-key-wildcard-principal.aws-kms-key-wildcard-principal + version_id: 8KTb66 + url: https://semgrep.dev/playground/r/8KTb66/terraform.aws.security.aws-kms-key-wildcard-principal.aws-kms-key-wildcard-principal origin: community languages: - hcl @@ -37971,13 +39147,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-kms-no-rotation.aws-kms-no-rotation shortlink: https://sg.run/kz47 semgrep.dev: rule: rule_id: PeU0L3 - version_id: X0TRy1 - url: https://semgrep.dev/playground/r/X0TRy1/terraform.aws.security.aws-kms-no-rotation.aws-kms-no-rotation + version_id: gETqzj + url: https://semgrep.dev/playground/r/gETqzj/terraform.aws.security.aws-kms-no-rotation.aws-kms-no-rotation origin: community - id: terraform.aws.security.aws-lambda-environment-credentials.aws-lambda-environment-credentials patterns: @@ -38025,13 +39203,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-lambda-environment-credentials.aws-lambda-environment-credentials shortlink: https://sg.run/wZqY semgrep.dev: rule: rule_id: JDU6gj - version_id: 8KT8Ak - url: https://semgrep.dev/playground/r/8KT8Ak/terraform.aws.security.aws-lambda-environment-credentials.aws-lambda-environment-credentials + version_id: QkTJ5P + url: https://semgrep.dev/playground/r/QkTJ5P/terraform.aws.security.aws-lambda-environment-credentials.aws-lambda-environment-credentials origin: community languages: - hcl @@ -38081,13 +39261,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-lambda-permission-unrestricted-source-arn.aws-lambda-permission-unrestricted-source-arn shortlink: https://sg.run/kOP7 semgrep.dev: rule: rule_id: OrU9Ox - version_id: 1QTL4Y - url: https://semgrep.dev/playground/r/1QTL4Y/terraform.aws.security.aws-lambda-permission-unrestricted-source-arn.aws-lambda-permission-unrestricted-source-arn + version_id: 44ToBr + url: https://semgrep.dev/playground/r/44ToBr/terraform.aws.security.aws-lambda-permission-unrestricted-source-arn.aws-lambda-permission-unrestricted-source-arn origin: community - id: terraform.aws.security.aws-provider-static-credentials.aws-provider-static-credentials patterns: @@ -38125,13 +39307,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/terraform.aws.security.aws-provider-static-credentials.aws-provider-static-credentials shortlink: https://sg.run/L3kn semgrep.dev: rule: rule_id: d8U4n0 - version_id: gETQJX - url: https://semgrep.dev/playground/r/gETQJX/terraform.aws.security.aws-provider-static-credentials.aws-provider-static-credentials + version_id: GxT23e + url: https://semgrep.dev/playground/r/GxT23e/terraform.aws.security.aws-provider-static-credentials.aws-provider-static-credentials origin: community - id: terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention patterns: @@ -38170,13 +39354,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention shortlink: https://sg.run/OyYB semgrep.dev: rule: rule_id: GdUzwQ - version_id: rxTWK7 - url: https://semgrep.dev/playground/r/rxTWK7/terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention + version_id: RGTb8l + url: https://semgrep.dev/playground/r/RGTb8l/terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention origin: community - id: terraform.aws.security.aws-sqs-queue-policy-wildcard-principal.aws-sqs-queue-policy-wildcard-principal patterns: @@ -38256,13 +39442,15 @@ rules: rule-origin-note: published from /src/aws-sqs-queue-policy-wildcard-principal.yml in None license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-sqs-queue-policy-wildcard-principal.aws-sqs-queue-policy-wildcard-principal shortlink: https://sg.run/z3eW semgrep.dev: rule: rule_id: PeUl9d - version_id: yeT79Q - url: https://semgrep.dev/playground/r/yeT79Q/terraform.aws.security.aws-sqs-queue-policy-wildcard-principal.aws-sqs-queue-policy-wildcard-principal + version_id: l4T5b4 + url: https://semgrep.dev/playground/r/l4T5b4/terraform.aws.security.aws-sqs-queue-policy-wildcard-principal.aws-sqs-queue-policy-wildcard-principal origin: community languages: - hcl @@ -38327,13 +39515,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.insecure-load-balancer-tls-version.insecure-load-balancer-tls-version shortlink: https://sg.run/187G semgrep.dev: rule: rule_id: 2ZUP9K - version_id: 7ZT8yD - url: https://semgrep.dev/playground/r/7ZT8yD/terraform.aws.security.insecure-load-balancer-tls-version.insecure-load-balancer-tls-version + version_id: jQTKWr + url: https://semgrep.dev/playground/r/jQTKWr/terraform.aws.security.insecure-load-balancer-tls-version.insecure-load-balancer-tls-version origin: community languages: - hcl @@ -38376,13 +39566,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.wildcard-assume-role.wildcard-assume-role shortlink: https://sg.run/LXWr semgrep.dev: rule: rule_id: 5rUL1P - version_id: 8KTDZj - url: https://semgrep.dev/playground/r/8KTDZj/terraform.aws.security.wildcard-assume-role.wildcard-assume-role + version_id: 9lTz2y + url: https://semgrep.dev/playground/r/9lTz2y/terraform.aws.security.wildcard-assume-role.wildcard-assume-role origin: community languages: - hcl @@ -38438,13 +39630,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.appservice.appservice-authentication-enabled.appservice-authentication-enabled shortlink: https://sg.run/JxYw semgrep.dev: rule: rule_id: 0oU23p - version_id: l4TEje - url: https://semgrep.dev/playground/r/l4TEje/terraform.azure.security.appservice.appservice-authentication-enabled.appservice-authentication-enabled + version_id: xyT4Ow + url: https://semgrep.dev/playground/r/xyT4Ow/terraform.azure.security.appservice.appservice-authentication-enabled.appservice-authentication-enabled origin: community languages: - hcl @@ -38497,13 +39691,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/terraform.azure.security.appservice.appservice-enable-http2.appservice-enable-http2 shortlink: https://sg.run/5DkA semgrep.dev: rule: rule_id: KxU7LJ - version_id: YDTLyx - url: https://semgrep.dev/playground/r/YDTLyx/terraform.azure.security.appservice.appservice-enable-http2.appservice-enable-http2 + version_id: O9TyzR + url: https://semgrep.dev/playground/r/O9TyzR/terraform.azure.security.appservice.appservice-enable-http2.appservice-enable-http2 origin: community languages: - hcl @@ -38549,13 +39745,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.azure.security.appservice.appservice-enable-https-only.appservice-enable-https-only shortlink: https://sg.run/GOKp semgrep.dev: rule: rule_id: qNUXwx - version_id: JdTXWO - url: https://semgrep.dev/playground/r/JdTXWO/terraform.azure.security.appservice.appservice-enable-https-only.appservice-enable-https-only + version_id: e1Tx5A + url: https://semgrep.dev/playground/r/e1Tx5A/terraform.azure.security.appservice.appservice-enable-https-only.appservice-enable-https-only origin: community languages: - hcl @@ -38600,13 +39798,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.appservice.appservice-require-client-cert.appservice-require-client-cert shortlink: https://sg.run/RX1O semgrep.dev: rule: rule_id: lBU8D6 - version_id: 5PTZwl - url: https://semgrep.dev/playground/r/5PTZwl/terraform.azure.security.appservice.appservice-require-client-cert.appservice-require-client-cert + version_id: vdT2gD + url: https://semgrep.dev/playground/r/vdT2gD/terraform.azure.security.appservice.appservice-require-client-cert.appservice-require-client-cert origin: community languages: - hcl @@ -38639,13 +39839,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.appservice.appservice-use-secure-tls-policy.appservice-use-secure-tls-policy shortlink: https://sg.run/AXRp semgrep.dev: rule: rule_id: YGUDbZ - version_id: GxT1A5 - url: https://semgrep.dev/playground/r/GxT1A5/terraform.azure.security.appservice.appservice-use-secure-tls-policy.appservice-use-secure-tls-policy + version_id: d6TD1E + url: https://semgrep.dev/playground/r/d6TD1E/terraform.azure.security.appservice.appservice-use-secure-tls-policy.appservice-use-secure-tls-policy origin: community languages: - hcl @@ -38686,13 +39888,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.azure.security.appservice.azure-appservice-detailed-errormessages-enabled.azure-appservice-detailed-errormessages-enabled shortlink: https://sg.run/pA1g semgrep.dev: rule: rule_id: bwU1Eg - version_id: BjTRPl - url: https://semgrep.dev/playground/r/BjTRPl/terraform.azure.security.appservice.azure-appservice-detailed-errormessages-enabled.azure-appservice-detailed-errormessages-enabled + version_id: ExTnOP + url: https://semgrep.dev/playground/r/ExTnOP/terraform.azure.security.appservice.azure-appservice-detailed-errormessages-enabled.azure-appservice-detailed-errormessages-enabled origin: community languages: - hcl @@ -38730,13 +39934,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.azure.security.appservice.azure-appservice-https-only.azure-appservice-https-only shortlink: https://sg.run/1g9w semgrep.dev: rule: rule_id: x8UZRP - version_id: K3Tx01 - url: https://semgrep.dev/playground/r/K3Tx01/terraform.azure.security.appservice.azure-appservice-https-only.azure-appservice-https-only + version_id: gETqjj + url: https://semgrep.dev/playground/r/gETqjj/terraform.azure.security.appservice.azure-appservice-https-only.azure-appservice-https-only origin: community languages: - hcl @@ -38772,13 +39978,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.azure-key-no-expiration-date.azure-key-no-expiration-date shortlink: https://sg.run/J1vw semgrep.dev: rule: rule_id: 0oUlgp - version_id: ZRTbzN - url: https://semgrep.dev/playground/r/ZRTbzN/terraform.azure.security.azure-key-no-expiration-date.azure-key-no-expiration-date + version_id: DkTQlG + url: https://semgrep.dev/playground/r/DkTQlG/terraform.azure.security.azure-key-no-expiration-date.azure-key-no-expiration-date origin: community languages: - hcl @@ -38816,13 +40024,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.azure-mssql-service-mintls-version.azure-mssql-service-mintls-version shortlink: https://sg.run/B1lW semgrep.dev: rule: rule_id: 6JUJG8 - version_id: 8KTDpg - url: https://semgrep.dev/playground/r/8KTDpg/terraform.azure.security.azure-mssql-service-mintls-version.azure-mssql-service-mintls-version + version_id: qkTN6B + url: https://semgrep.dev/playground/r/qkTN6B/terraform.azure.security.azure-mssql-service-mintls-version.azure-mssql-service-mintls-version origin: community languages: - hcl @@ -38858,13 +40068,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.azure-mysql-encryption-enabled.azure-mysql-encryption-enabled shortlink: https://sg.run/Dd6Y semgrep.dev: rule: rule_id: oqUloL - version_id: gETKw0 - url: https://semgrep.dev/playground/r/gETKw0/terraform.azure.security.azure-mysql-encryption-enabled.azure-mysql-encryption-enabled + version_id: l4T5kJ + url: https://semgrep.dev/playground/r/l4T5kJ/terraform.azure.security.azure-mysql-encryption-enabled.azure-mysql-encryption-enabled origin: community languages: - hcl @@ -38902,13 +40114,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.azure-mysql-mintls-version.azure-mysql-mintls-version shortlink: https://sg.run/WR44 semgrep.dev: rule: rule_id: zdU8NN - version_id: QkT9bg - url: https://semgrep.dev/playground/r/QkT9bg/terraform.azure.security.azure-mysql-mintls-version.azure-mysql-mintls-version + version_id: YDToWE + url: https://semgrep.dev/playground/r/YDToWE/terraform.azure.security.azure-mysql-mintls-version.azure-mysql-mintls-version origin: community languages: - hcl @@ -38943,13 +40157,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.keyvault.keyvault-ensure-key-expires.keyvault-ensure-key-expires shortlink: https://sg.run/vq9A semgrep.dev: rule: rule_id: gxUgXq - version_id: X0TRbP - url: https://semgrep.dev/playground/r/X0TRbP/terraform.azure.security.keyvault.keyvault-ensure-key-expires.keyvault-ensure-key-expires + version_id: d6TDXg + url: https://semgrep.dev/playground/r/d6TDXg/terraform.azure.security.keyvault.keyvault-ensure-key-expires.keyvault-ensure-key-expires origin: community languages: - hcl @@ -38984,13 +40200,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.keyvault.keyvault-ensure-secret-expires.keyvault-ensure-secret-expires shortlink: https://sg.run/d2RZ semgrep.dev: rule: rule_id: QrUdNy - version_id: jQTPbZ - url: https://semgrep.dev/playground/r/jQTPbZ/terraform.azure.security.keyvault.keyvault-ensure-secret-expires.keyvault-ensure-secret-expires + version_id: ZRTw0A + url: https://semgrep.dev/playground/r/ZRTw0A/terraform.azure.security.keyvault.keyvault-ensure-secret-expires.keyvault-ensure-secret-expires origin: community languages: - hcl @@ -39032,13 +40250,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.azure.security.keyvault.keyvault-purge-enabled.keyvault-purge-enabled shortlink: https://sg.run/Z4xD semgrep.dev: rule: rule_id: 3qUjw9 - version_id: 1QTG9g - url: https://semgrep.dev/playground/r/1QTG9g/terraform.azure.security.keyvault.keyvault-purge-enabled.keyvault-purge-enabled + version_id: nWT7XR + url: https://semgrep.dev/playground/r/nWT7XR/terraform.azure.security.keyvault.keyvault-purge-enabled.keyvault-purge-enabled origin: community languages: - hcl @@ -39078,13 +40298,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.azure.security.storage.storage-enforce-https.storage-enforce-https shortlink: https://sg.run/0y9v semgrep.dev: rule: rule_id: pKUpDA - version_id: bZTyYK - url: https://semgrep.dev/playground/r/bZTyYK/terraform.azure.security.storage.storage-enforce-https.storage-enforce-https + version_id: 8KTbRb + url: https://semgrep.dev/playground/r/8KTbRb/terraform.azure.security.storage.storage-enforce-https.storage-enforce-https origin: community languages: - hcl @@ -39131,13 +40353,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.storage.storage-use-secure-tls-policy.storage-use-secure-tls-policy shortlink: https://sg.run/KXD7 semgrep.dev: rule: rule_id: AbUQdL - version_id: kbTJoR - url: https://semgrep.dev/playground/r/kbTJoR/terraform.azure.security.storage.storage-use-secure-tls-policy.storage-use-secure-tls-policy + version_id: QkTJPK + url: https://semgrep.dev/playground/r/QkTJPK/terraform.azure.security.storage.storage-use-secure-tls-policy.storage-use-secure-tls-policy origin: community languages: - hcl @@ -39172,13 +40396,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.gcp.security.gcp-cloud-storage-logging.gcp-cloud-storage-logging shortlink: https://sg.run/5g5D semgrep.dev: rule: rule_id: gxUrdg - version_id: RGTyX5 - url: https://semgrep.dev/playground/r/RGTyX5/terraform.gcp.security.gcp-cloud-storage-logging.gcp-cloud-storage-logging + version_id: DkTQEG + url: https://semgrep.dev/playground/r/DkTQEG/terraform.gcp.security.gcp-cloud-storage-logging.gcp-cloud-storage-logging origin: community - id: terraform.gcp.security.gcp-dns-key-specs-rsasha1.gcp-dns-key-specs-rsasha1 patterns: @@ -39233,13 +40459,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.gcp.security.gcp-dns-key-specs-rsasha1.gcp-dns-key-specs-rsasha1 shortlink: https://sg.run/bKKW semgrep.dev: rule: rule_id: 7KUZZb - version_id: O9T1y4 - url: https://semgrep.dev/playground/r/O9T1y4/terraform.gcp.security.gcp-dns-key-specs-rsasha1.gcp-dns-key-specs-rsasha1 + version_id: d6TDYg + url: https://semgrep.dev/playground/r/d6TDYg/terraform.gcp.security.gcp-dns-key-specs-rsasha1.gcp-dns-key-specs-rsasha1 origin: community languages: - hcl @@ -39281,13 +40509,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.gcp.security.gcp-sql-database-require-ssl.gcp-sql-database-require-ssl shortlink: https://sg.run/W4Yg semgrep.dev: rule: rule_id: v8Uod5 - version_id: NdT4OG - url: https://semgrep.dev/playground/r/NdT4OG/terraform.gcp.security.gcp-sql-database-require-ssl.gcp-sql-database-require-ssl + version_id: o5Tn6q + url: https://semgrep.dev/playground/r/o5Tn6q/terraform.gcp.security.gcp-sql-database-require-ssl.gcp-sql-database-require-ssl origin: community languages: - hcl @@ -39347,13 +40577,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.gcp.security.gcp-sql-public-database.gcp-sql-public-database shortlink: https://sg.run/0Xv5 semgrep.dev: rule: rule_id: d8U7Ll - version_id: kbTJA5 - url: https://semgrep.dev/playground/r/kbTJA5/terraform.gcp.security.gcp-sql-public-database.gcp-sql-public-database + version_id: zyT5Ez + url: https://semgrep.dev/playground/r/zyT5Ez/terraform.gcp.security.gcp-sql-public-database.gcp-sql-public-database origin: community languages: - hcl @@ -39389,13 +40621,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.lang.security.ebs-unencrypted-volume.unencrypted-ebs-volume shortlink: https://sg.run/GWdB semgrep.dev: rule: rule_id: WAUZW5 - version_id: 7ZT87G - url: https://semgrep.dev/playground/r/7ZT87G/terraform.lang.security.ebs-unencrypted-volume.unencrypted-ebs-volume + version_id: NdT171 + url: https://semgrep.dev/playground/r/NdT171/terraform.lang.security.ebs-unencrypted-volume.unencrypted-ebs-volume origin: community - id: terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional languages: @@ -39421,13 +40655,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional shortlink: https://sg.run/J3BQ semgrep.dev: rule: rule_id: GdU0eA - version_id: LjTjYO - url: https://semgrep.dev/playground/r/LjTjYO/terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional + version_id: kbT71A + url: https://semgrep.dev/playground/r/kbT71A/terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional origin: community pattern-either: - patterns: @@ -39513,13 +40749,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.lang.security.rds-insecure-password-storage-in-source-code.rds-insecure-password-storage-in-source-code shortlink: https://sg.run/x4qA semgrep.dev: rule: rule_id: OrUl6W - version_id: DkTE88 - url: https://semgrep.dev/playground/r/DkTE88/terraform.lang.security.rds-insecure-password-storage-in-source-code.rds-insecure-password-storage-in-source-code + version_id: gETqQe + url: https://semgrep.dev/playground/r/gETqQe/terraform.lang.security.rds-insecure-password-storage-in-source-code.rds-insecure-password-storage-in-source-code origin: community - id: terraform.lang.security.s3-public-rw-bucket.s3-public-rw-bucket pattern: acl = "public-read-write" @@ -39546,13 +40784,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.s3-public-rw-bucket.s3-public-rw-bucket shortlink: https://sg.run/0nok semgrep.dev: rule: rule_id: 6JUqvn - version_id: qkTDl5 - url: https://semgrep.dev/playground/r/qkTDl5/terraform.lang.security.s3-public-rw-bucket.s3-public-rw-bucket + version_id: PkTYPz + url: https://semgrep.dev/playground/r/PkTYPz/terraform.lang.security.s3-public-rw-bucket.s3-public-rw-bucket origin: community - id: terraform.lang.security.s3-unencrypted-bucket.s3-unencrypted-bucket patterns: @@ -39584,13 +40824,15 @@ rules: confidence: MEDIUM deprecated: true license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.lang.security.s3-unencrypted-bucket.s3-unencrypted-bucket shortlink: https://sg.run/Jezw semgrep.dev: rule: rule_id: 3qU62L - version_id: WrT0pL - url: https://semgrep.dev/playground/r/WrT0pL/terraform.lang.security.s3-unencrypted-bucket.s3-unencrypted-bucket + version_id: JdTq9n + url: https://semgrep.dev/playground/r/JdTq9n/terraform.lang.security.s3-unencrypted-bucket.s3-unencrypted-bucket origin: community - id: trailofbits.go.anonymous-race-condition.anonymous-race-condition message: Possible race condition due to memory aliasing of variable `$X` @@ -39612,13 +40854,15 @@ rules: references: - https://github.com/golang/go/wiki/CommonMistakes#using-goroutines-on-loop-iterator-variables license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.anonymous-race-condition.anonymous-race-condition shortlink: https://sg.run/BL22 semgrep.dev: rule: rule_id: nJUr88 - version_id: BjTgnv - url: https://semgrep.dev/playground/r/BjTgnv/trailofbits.go.anonymous-race-condition.anonymous-race-condition + version_id: LjTYl7 + url: https://semgrep.dev/playground/r/LjTYl7/trailofbits.go.anonymous-race-condition.anonymous-race-condition origin: community patterns: - pattern-either: @@ -39716,6 +40960,26 @@ rules: }(...) ... } + - pattern-not: | + for $Y, $X := range ... { + ... + $Y, $X := $Y, $X + ... + go func(...){ + ... + <... $X.$VAR ...> + }(...) + } + - pattern-not: | + for $Y, $X := range ... { + ... + $Y, $X := $Y, $X + ... + go func(...){ + ... + <... $Y.$VAR ...> + }(...) + } - id: trailofbits.go.hanging-goroutine.hanging-goroutine message: Potential goroutine leak due to unbuffered channel send inside loop or unbuffered channel receive in select block @@ -39736,13 +41000,15 @@ rules: references: - https://blog.trailofbits.com/2021/11/08/discovering-goroutine-leaks-with-semgrep license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.hanging-goroutine.hanging-goroutine shortlink: https://sg.run/Dw8o semgrep.dev: rule: rule_id: EwUQp2 - version_id: DkTPZv - url: https://semgrep.dev/playground/r/DkTPZv/trailofbits.go.hanging-goroutine.hanging-goroutine + version_id: 44TXYo + url: https://semgrep.dev/playground/r/44TXYo/trailofbits.go.hanging-goroutine.hanging-goroutine origin: community patterns: - pattern-either: @@ -39847,13 +41113,15 @@ rules: - https://pkg.go.dev/sync#RWMutex - https://blog.trailofbits.com/2020/06/09/how-to-check-if-a-mutex-is-locked-in-go/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.missing-runlock-on-rwmutex.missing-runlock-on-rwmutex shortlink: https://sg.run/9r40 semgrep.dev: rule: rule_id: 8GUzNK - version_id: K3TD6R - url: https://semgrep.dev/playground/r/K3TD6R/trailofbits.go.missing-runlock-on-rwmutex.missing-runlock-on-rwmutex + version_id: 5PTvBJ + url: https://semgrep.dev/playground/r/5PTvBJ/trailofbits.go.missing-runlock-on-rwmutex.missing-runlock-on-rwmutex origin: community patterns: - pattern-either: @@ -39890,13 +41158,15 @@ rules: - https://pkg.go.dev/sync#Mutex - https://blog.trailofbits.com/2020/06/09/how-to-check-if-a-mutex-is-locked-in-go/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.missing-unlock-before-return.missing-unlock-before-return shortlink: https://sg.run/18Bk semgrep.dev: rule: rule_id: L1U5Gz - version_id: qkTdPA - url: https://semgrep.dev/playground/r/qkTdPA/trailofbits.go.missing-unlock-before-return.missing-unlock-before-return + version_id: GxTG4v + url: https://semgrep.dev/playground/r/GxTG4v/trailofbits.go.missing-unlock-before-return.missing-unlock-before-return origin: community patterns: - pattern-either: @@ -39931,13 +41201,15 @@ rules: references: - https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call shortlink: https://sg.run/05g5 semgrep.dev: rule: rule_id: L1Ur2r - version_id: l4TKAq - url: https://semgrep.dev/playground/r/l4TKAq/trailofbits.go.nil-check-after-call.nil-check-after-call + version_id: RGTXBe + url: https://semgrep.dev/playground/r/RGTXBe/trailofbits.go.nil-check-after-call.nil-check-after-call origin: community patterns: - pattern-either: @@ -40017,13 +41289,15 @@ rules: references: - https://go.dev/blog/maps#concurrency license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.racy-append-to-slice.racy-append-to-slice shortlink: https://sg.run/jkNY semgrep.dev: rule: rule_id: ReUoP7 - version_id: YDT1Kj - url: https://semgrep.dev/playground/r/YDT1Kj/trailofbits.go.racy-append-to-slice.racy-append-to-slice + version_id: A8T6yr + url: https://semgrep.dev/playground/r/A8T6yr/trailofbits.go.racy-append-to-slice.racy-append-to-slice origin: community patterns: - pattern: "$SLICE = append($SLICE, $ITEM)\n" @@ -40076,13 +41350,15 @@ rules: references: - https://go.dev/blog/maps#concurrency license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.racy-write-to-map.racy-write-to-map shortlink: https://sg.run/1Gnw semgrep.dev: rule: rule_id: AbUGWD - version_id: 6xTlww - url: https://semgrep.dev/playground/r/6xTlww/trailofbits.go.racy-write-to-map.racy-write-to-map + version_id: BjT9QN + url: https://semgrep.dev/playground/r/BjT9QN/trailofbits.go.racy-write-to-map.racy-write-to-map origin: community patterns: - pattern: "$MAP[$KEY] = $VALUE\n" @@ -40123,13 +41399,15 @@ rules: references: - https://github.com/golang/go/blob/go1.15.2/src/net/rpc/server.go#L643-L658 license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.servercodec-readrequestbody-unhandled-nil.servercodec-readrequestbody-unhandled-nil shortlink: https://sg.run/lx09 semgrep.dev: rule: rule_id: QrUp7k - version_id: o5T3p3 - url: https://semgrep.dev/playground/r/o5T3p3/trailofbits.go.servercodec-readrequestbody-unhandled-nil.servercodec-readrequestbody-unhandled-nil + version_id: DkTO3W + url: https://semgrep.dev/playground/r/DkTO3W/trailofbits.go.servercodec-readrequestbody-unhandled-nil.servercodec-readrequestbody-unhandled-nil origin: community patterns: - pattern: | @@ -40168,13 +41446,15 @@ rules: references: - https://go101.org/article/concurrent-common-mistakes.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.sync-mutex-value-copied.sync-mutex-value-copied shortlink: https://sg.run/owlR semgrep.dev: rule: rule_id: PeUBW1 - version_id: pZTd4o - url: https://semgrep.dev/playground/r/pZTd4o/trailofbits.go.sync-mutex-value-copied.sync-mutex-value-copied + version_id: 0bT4Q2 + url: https://semgrep.dev/playground/r/0bT4Q2/trailofbits.go.sync-mutex-value-copied.sync-mutex-value-copied origin: community patterns: - pattern-either: @@ -40214,13 +41494,15 @@ rules: references: - https://pkg.go.dev/golang.org/x/sys/windows#LazyDLL license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.unsafe-dll-loading.unsafe-dll-loading shortlink: https://sg.run/poE3 semgrep.dev: rule: rule_id: pKUQBW - version_id: 2KTkoy - url: https://semgrep.dev/playground/r/2KTkoy/trailofbits.go.unsafe-dll-loading.unsafe-dll-loading + version_id: K3TpP5 + url: https://semgrep.dev/playground/r/K3TpP5/trailofbits.go.unsafe-dll-loading.unsafe-dll-loading origin: community patterns: - pattern-either: @@ -40266,13 +41548,15 @@ rules: references: - https://go101.org/article/concurrent-common-mistakes.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.waitgroup-add-called-inside-goroutine.waitgroup-add-called-inside-goroutine shortlink: https://sg.run/z98W semgrep.dev: rule: rule_id: JDUQ3v - version_id: X0Tj0R - url: https://semgrep.dev/playground/r/X0Tj0R/trailofbits.go.waitgroup-add-called-inside-goroutine.waitgroup-add-called-inside-goroutine + version_id: qkT09Q + url: https://semgrep.dev/playground/r/qkT09Q/trailofbits.go.waitgroup-add-called-inside-goroutine.waitgroup-add-called-inside-goroutine origin: community patterns: - pattern-either: @@ -40321,13 +41605,15 @@ rules: references: - https://go101.org/article/concurrent-common-mistakes.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.waitgroup-wait-inside-loop.waitgroup-wait-inside-loop shortlink: https://sg.run/pkGL semgrep.dev: rule: rule_id: 5rU8Po - version_id: jQT40o - url: https://semgrep.dev/playground/r/jQT40o/trailofbits.go.waitgroup-wait-inside-loop.waitgroup-wait-inside-loop + version_id: l4TLeX + url: https://semgrep.dev/playground/r/l4TLeX/trailofbits.go.waitgroup-wait-inside-loop.waitgroup-wait-inside-loop origin: community patterns: - pattern-either: @@ -40411,13 +41697,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/schema/directives/#custom-directives license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.schema-directives.schema-directives shortlink: https://sg.run/wE2N semgrep.dev: rule: rule_id: OrU1Oz - version_id: 6xTYB4 - url: https://semgrep.dev/playground/r/6xTYB4/trailofbits.javascript.apollo-graphql.schema-directives.schema-directives + version_id: YDT3zv + url: https://semgrep.dev/playground/r/YDT3zv/trailofbits.javascript.apollo-graphql.schema-directives.schema-directives origin: community pattern-either: - pattern: 'new ApolloServer({..., schemaDirectives: ..., ...})' @@ -40445,13 +41733,15 @@ rules: references: - https://github.com/apollographql/apollo-server/security/advisories/GHSA-2p3c-p3qw-69r4 license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.use-of-graphql-upload.use-of-graphql-upload shortlink: https://sg.run/xE20 semgrep.dev: rule: rule_id: eqUB1Q - version_id: o5TNAQ - url: https://semgrep.dev/playground/r/o5TNAQ/trailofbits.javascript.apollo-graphql.use-of-graphql-upload.use-of-graphql-upload + version_id: JdTJ2p + url: https://semgrep.dev/playground/r/JdTJ2p/trailofbits.javascript.apollo-graphql.use-of-graphql-upload.use-of-graphql-upload origin: community patterns: - pattern: app.use(graphqlUploadExpress()); @@ -40478,13 +41768,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors#configuring-cors-options-for-apollo-server license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v3-cors-express.v3-express-bad-cors shortlink: https://sg.run/vE1n semgrep.dev: rule: rule_id: ZqUbNY - version_id: 2KTq8k - url: https://semgrep.dev/playground/r/2KTq8k/trailofbits.javascript.apollo-graphql.v3-cors-express.v3-express-bad-cors + version_id: RGTXBp + url: https://semgrep.dev/playground/r/RGTXBp/trailofbits.javascript.apollo-graphql.v3-cors-express.v3-express-bad-cors origin: community mode: taint pattern-sources: @@ -40546,13 +41838,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors#configuring-cors-options-for-apollo-server license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v3-cors-express.v3-express-no-cors shortlink: https://sg.run/eNE0 semgrep.dev: rule: rule_id: d8UYAJ - version_id: pZTWE4 - url: https://semgrep.dev/playground/r/pZTWE4/trailofbits.javascript.apollo-graphql.v3-cors-express.v3-express-no-cors + version_id: GxTG4k + url: https://semgrep.dev/playground/r/GxTG4k/trailofbits.javascript.apollo-graphql.v3-cors-express.v3-express-no-cors origin: community patterns: - pattern-either: @@ -40589,13 +41883,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors#configuring-cors-options-for-apollo-server license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v3-cors.v3-bad-cors shortlink: https://sg.run/Zo3x semgrep.dev: rule: rule_id: EwUZNW - version_id: jQTxPW - url: https://semgrep.dev/playground/r/jQTxPW/trailofbits.javascript.apollo-graphql.v3-cors.v3-bad-cors + version_id: BjT9QJ + url: https://semgrep.dev/playground/r/BjT9QJ/trailofbits.javascript.apollo-graphql.v3-cors.v3-bad-cors origin: community mode: taint pattern-sources: @@ -40654,13 +41950,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors#configuring-cors-options-for-apollo-server license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v3-cors.v3-no-cors shortlink: https://sg.run/dbNX semgrep.dev: rule: rule_id: nJU3P4 - version_id: X0T9R1 - url: https://semgrep.dev/playground/r/X0T9R1/trailofbits.javascript.apollo-graphql.v3-cors.v3-no-cors + version_id: A8T6yE + url: https://semgrep.dev/playground/r/A8T6yE/trailofbits.javascript.apollo-graphql.v3-cors.v3-no-cors origin: community patterns: - pattern-either: @@ -40700,13 +41998,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors/#preventing-cross-site-request-forgery-csrf license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v3-csrf-prevention.v3-csrf-prevention shortlink: https://sg.run/nEGg semgrep.dev: rule: rule_id: 7KU8o3 - version_id: 1QTlG6 - url: https://semgrep.dev/playground/r/1QTlG6/trailofbits.javascript.apollo-graphql.v3-csrf-prevention.v3-csrf-prevention + version_id: DkTO37 + url: https://semgrep.dev/playground/r/DkTO37/trailofbits.javascript.apollo-graphql.v3-csrf-prevention.v3-csrf-prevention origin: community patterns: - pattern: new ApolloServer({...}) @@ -40736,13 +42036,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors/#preventing-cross-site-request-forgery-csrf license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v4-csrf-prevention.v4-csrf-prevention shortlink: https://sg.run/Eb1P semgrep.dev: rule: rule_id: L1UjQ3 - version_id: 9lTBpp - url: https://semgrep.dev/playground/r/9lTBpp/trailofbits.javascript.apollo-graphql.v4-csrf-prevention.v4-csrf-prevention + version_id: WrTRkj + url: https://semgrep.dev/playground/r/WrTRkj/trailofbits.javascript.apollo-graphql.v4-csrf-prevention.v4-csrf-prevention origin: community patterns: - pattern: 'new ApolloServer({..., csrfPrevention: false, ...}) @@ -40768,13 +42070,15 @@ rules: references: - https://lxml.de/FAQ.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/trailofbits.python.lxml-in-pandas.lxml-in-pandas shortlink: https://sg.run/1z1G semgrep.dev: rule: rule_id: 0oUrdJ - version_id: 9lTG90 - url: https://semgrep.dev/playground/r/9lTG90/trailofbits.python.lxml-in-pandas.lxml-in-pandas + version_id: K3TpPP + url: https://semgrep.dev/playground/r/K3TpPP/trailofbits.python.lxml-in-pandas.lxml-in-pandas origin: community pattern-either: - patterns: @@ -40821,13 +42125,15 @@ rules: references: - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/trailofbits.python.pickles-in-numpy.pickles-in-numpy shortlink: https://sg.run/ryKe semgrep.dev: rule: rule_id: lBUWjy - version_id: xyTgD4 - url: https://semgrep.dev/playground/r/xyTgD4/trailofbits.python.pickles-in-numpy.pickles-in-numpy + version_id: zyTxXw + url: https://semgrep.dev/playground/r/zyTxXw/trailofbits.python.pickles-in-numpy.pickles-in-numpy origin: community patterns: - pattern: numpy.load(..., allow_pickle=$VALUE, ...) @@ -40865,13 +42171,15 @@ rules: references: - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/trailofbits.python.pickles-in-pandas.pickles-in-pandas shortlink: https://sg.run/bXQW semgrep.dev: rule: rule_id: PeU06j - version_id: O9Tq20 - url: https://semgrep.dev/playground/r/O9Tq20/trailofbits.python.pickles-in-pandas.pickles-in-pandas + version_id: pZTBq8 + url: https://semgrep.dev/playground/r/pZTBq8/trailofbits.python.pickles-in-pandas.pickles-in-pandas origin: community patterns: - pattern-either: @@ -40905,13 +42213,15 @@ rules: references: - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/trailofbits.python.pickles-in-pytorch-distributed.pickles-in-pytorch-distributed shortlink: https://sg.run/ZZxW semgrep.dev: rule: rule_id: qNUrw1 - version_id: e1To27 - url: https://semgrep.dev/playground/r/e1To27/trailofbits.python.pickles-in-pytorch-distributed.pickles-in-pytorch-distributed + version_id: 2KTDAe + url: https://semgrep.dev/playground/r/2KTDAe/trailofbits.python.pickles-in-pytorch-distributed.pickles-in-pytorch-distributed origin: community patterns: - pattern-either: @@ -40941,13 +42251,15 @@ rules: references: - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/trailofbits.python.pickles-in-pytorch.pickles-in-pytorch shortlink: https://sg.run/NwQy semgrep.dev: rule: rule_id: JDU6WD - version_id: vdTwwr - url: https://semgrep.dev/playground/r/vdTwwr/trailofbits.python.pickles-in-pytorch.pickles-in-pytorch + version_id: X0TvoD + url: https://semgrep.dev/playground/r/X0TvoD/trailofbits.python.pickles-in-pytorch.pickles-in-pytorch origin: community patterns: - pattern-either: @@ -40957,36 +42269,6 @@ rules: - pattern-not: torch.save(..., "...") - pattern-not: torch.save($M.state_dict(), ...) - pattern-not-inside: "$M.load_state_dict(torch.load(...))" -- id: trailofbits.python.pickles-in-torch-distributed.pickles-in-torch-distributed - message: Functions reliant on pickle can result in arbitrary code execution - languages: - - python - severity: ERROR - metadata: - category: security - cwe: 'CWE-502: Deserialization of Untrusted Data' - subcategory: - - vuln - confidence: MEDIUM - likelihood: MEDIUM - impact: HIGH - references: - - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.pickles-in-torch-distributed.pickles-in-torch-distributed - shortlink: https://sg.run/kzGP - semgrep.dev: - rule: - rule_id: 5rUpwA - version_id: vdTw0v - url: https://semgrep.dev/playground/r/vdTw0v/trailofbits.python.pickles-in-torch-distributed.pickles-in-torch-distributed - origin: community - patterns: - - pattern-either: - - pattern: torch.distributed.broadcast_object_list(...) - - pattern: torch.distributed.all_gather_object(...) - - pattern: torch.distributed.gather_object(...) - - pattern: torch.distributed.scatter_object_list(...) - id: trailofbits.python.scikit-joblib-load.scikit-joblib-load message: Scikit `joblib` uses pickle under the hood. Functions reliant on pickle can result in arbitrary code execution. Consider using `skops` instead. @@ -41008,13 +42290,15 @@ rules: references: - https://scikit-learn.org/stable/model_persistence.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/trailofbits.python.scikit-joblib-load.scikit-joblib-load shortlink: https://sg.run/wzW6 semgrep.dev: rule: rule_id: DbULlX - version_id: ExTLL2 - url: https://semgrep.dev/playground/r/ExTLL2/trailofbits.python.scikit-joblib-load.scikit-joblib-load + version_id: 9lTjEP + url: https://semgrep.dev/playground/r/9lTjEP/trailofbits.python.scikit-joblib-load.scikit-joblib-load origin: community patterns: - pattern: joblib.load(...) @@ -41040,13 +42324,15 @@ rules: references: - https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/trailofbits.python.tarfile-extractall-traversal.tarfile-extractall-traversal shortlink: https://sg.run/2RLD semgrep.dev: rule: rule_id: GdUZxq - version_id: 7ZTlle - url: https://semgrep.dev/playground/r/7ZTlle/trailofbits.python.tarfile-extractall-traversal.tarfile-extractall-traversal + version_id: yeT6Q1 + url: https://semgrep.dev/playground/r/yeT6Q1/trailofbits.python.tarfile-extractall-traversal.tarfile-extractall-traversal origin: community patterns: - pattern-either: @@ -41091,42 +42377,15 @@ rules: references: - https://pytorch.org/docs/stable/distributed.html#torch.distributed.isend license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.python.waiting-with-pytorch-distributed.waiting-with-pytorch-distributed shortlink: https://sg.run/LpoX semgrep.dev: rule: rule_id: 5rUxGL - version_id: 8KTJJz - url: https://semgrep.dev/playground/r/8KTJJz/trailofbits.python.waiting-with-pytorch-distributed.waiting-with-pytorch-distributed - origin: community - patterns: - - pattern-either: - - pattern: "$REQ = torch.distributed.irecv(...)" - - pattern: "$REQ = torch.distributed.isend(...)" - - pattern-not-inside: | - ... - $REQ.wait() -- id: trailofbits.python.waiting-with-torch-distributed.waiting-with-torch-distributed - message: Not waiting for requests is a source of undefined behavior - languages: - - python - severity: WARNING - metadata: - category: security - cwe: 'CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior' - subcategory: - - vuln - confidence: MEDIUM - likelihood: LOW - impact: LOW - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.waiting-with-torch-distributed.waiting-with-torch-distributed - shortlink: https://sg.run/OyQL - semgrep.dev: - rule: - rule_id: AbUe4q - version_id: LjTDxq - url: https://semgrep.dev/playground/r/LjTDxq/trailofbits.python.waiting-with-torch-distributed.waiting-with-torch-distributed + version_id: bZTYx3 + url: https://semgrep.dev/playground/r/bZTYx3/trailofbits.python.waiting-with-pytorch-distributed.waiting-with-pytorch-distributed origin: community patterns: - pattern-either: @@ -41162,13 +42421,15 @@ rules: - vuln likelihood: LOW impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.angular.security.audit.angular-domsanitizer.angular-bypasssecuritytrust shortlink: https://sg.run/KWxP semgrep.dev: rule: rule_id: oqUzgA - version_id: WrTA1W - url: https://semgrep.dev/playground/r/WrTA1W/typescript.angular.security.audit.angular-domsanitizer.angular-bypasssecuritytrust + version_id: 5PT6gr + url: https://semgrep.dev/playground/r/5PT6gr/typescript.angular.security.audit.angular-domsanitizer.angular-bypasssecuritytrust origin: community languages: - typescript @@ -41296,13 +42557,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/typescript.aws-cdk.security.audit.awscdk-bucket-encryption.awscdk-bucket-encryption shortlink: https://sg.run/eowX semgrep.dev: rule: rule_id: bwU8qz - version_id: K3TPnj - url: https://semgrep.dev/playground/r/K3TPnj/typescript.aws-cdk.security.audit.awscdk-bucket-encryption.awscdk-bucket-encryption + version_id: GxT2dB + url: https://semgrep.dev/playground/r/GxT2dB/typescript.aws-cdk.security.audit.awscdk-bucket-encryption.awscdk-bucket-encryption origin: community languages: - typescript @@ -41363,13 +42626,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.aws-cdk.security.audit.awscdk-bucket-enforcessl.aws-cdk-bucket-enforcessl shortlink: https://sg.run/vqBX semgrep.dev: rule: rule_id: NbUN8B - version_id: qkT95B - url: https://semgrep.dev/playground/r/qkT95B/typescript.aws-cdk.security.audit.awscdk-bucket-enforcessl.aws-cdk-bucket-enforcessl + version_id: RGTb4r + url: https://semgrep.dev/playground/r/RGTb4r/typescript.aws-cdk.security.audit.awscdk-bucket-enforcessl.aws-cdk-bucket-enforcessl origin: community languages: - ts @@ -41412,13 +42677,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/typescript.aws-cdk.security.audit.awscdk-sqs-unencryptedqueue.awscdk-sqs-unencryptedqueue shortlink: https://sg.run/d23P semgrep.dev: rule: rule_id: kxUwqO - version_id: l4TelJ - url: https://semgrep.dev/playground/r/l4TelJ/typescript.aws-cdk.security.audit.awscdk-sqs-unencryptedqueue.awscdk-sqs-unencryptedqueue + version_id: A8TRon + url: https://semgrep.dev/playground/r/A8TRon/typescript.aws-cdk.security.audit.awscdk-sqs-unencryptedqueue.awscdk-sqs-unencryptedqueue origin: community languages: - ts @@ -41471,13 +42738,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/typescript.aws-cdk.security.awscdk-bucket-grantpublicaccessmethod.awscdk-bucket-grantpublicaccessmethod shortlink: https://sg.run/Z4p7 semgrep.dev: rule: rule_id: wdUjZK - version_id: YDTzNE - url: https://semgrep.dev/playground/r/YDTzNE/typescript.aws-cdk.security.awscdk-bucket-grantpublicaccessmethod.awscdk-bucket-grantpublicaccessmethod + version_id: BjTE3Q + url: https://semgrep.dev/playground/r/BjTE3Q/typescript.aws-cdk.security.awscdk-bucket-grantpublicaccessmethod.awscdk-bucket-grantpublicaccessmethod origin: community languages: - ts @@ -41521,13 +42790,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/typescript.aws-cdk.security.awscdk-codebuild-project-public.awscdk-codebuild-project-public shortlink: https://sg.run/nK7G semgrep.dev: rule: rule_id: x8UxXZ - version_id: 6xTAZR - url: https://semgrep.dev/playground/r/6xTAZR/typescript.aws-cdk.security.awscdk-codebuild-project-public.awscdk-codebuild-project-public + version_id: DkTQrL + url: https://semgrep.dev/playground/r/DkTQrL/typescript.aws-cdk.security.awscdk-codebuild-project-public.awscdk-codebuild-project-public origin: community languages: - ts @@ -41572,13 +42843,15 @@ rules: - vuln likelihood: MEDIUM impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml shortlink: https://sg.run/rAx6 semgrep.dev: rule: rule_id: x8UWvK - version_id: A8TodP - url: https://semgrep.dev/playground/r/A8TodP/typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml + version_id: YDTo9B + url: https://semgrep.dev/playground/r/YDTo9B/typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml origin: community languages: - typescript @@ -41726,13 +42999,15 @@ rules: - vuln likelihood: HIGH impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-unsanitized-method.react-unsanitized-method shortlink: https://sg.run/E5x8 semgrep.dev: rule: rule_id: QrU68w - version_id: qkTPZj - url: https://semgrep.dev/playground/r/qkTPZj/typescript.react.security.audit.react-unsanitized-method.react-unsanitized-method + version_id: bZTGjY + url: https://semgrep.dev/playground/r/bZTGjY/typescript.react.security.audit.react-unsanitized-method.react-unsanitized-method origin: community languages: - typescript @@ -41877,13 +43152,15 @@ rules: - vuln likelihood: MEDIUM impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property shortlink: https://sg.run/70Zv semgrep.dev: rule: rule_id: 3qUBl4 - version_id: l4TAjd - url: https://semgrep.dev/playground/r/l4TAjd/typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property + version_id: NdT1w1 + url: https://semgrep.dev/playground/r/NdT1w1/typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property origin: community languages: - typescript @@ -42041,13 +43318,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.react-insecure-request.react-insecure-request shortlink: https://sg.run/1n0b semgrep.dev: rule: rule_id: NbUA3O - version_id: nWTdOR - url: https://semgrep.dev/playground/r/nWTdOR/typescript.react.security.react-insecure-request.react-insecure-request + version_id: w8T37Q + url: https://semgrep.dev/playground/r/w8T37Q/typescript.react.security.react-insecure-request.react-insecure-request origin: community languages: - typescript @@ -42114,13 +43393,16 @@ rules: - ci - argo license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection + - Command Injection source: https://semgrep.dev/r/yaml.argo.security.argo-workflow-parameter-command-injection.argo-workflow-parameter-command-injection shortlink: https://sg.run/yqeZ semgrep.dev: rule: rule_id: 10U0zW - version_id: WrT274 - url: https://semgrep.dev/playground/r/WrT274/yaml.argo.security.argo-workflow-parameter-command-injection.argo-workflow-parameter-command-injection + version_id: O9TyWN + url: https://semgrep.dev/playground/r/O9TyWN/yaml.argo.security.argo-workflow-parameter-command-injection.argo-workflow-parameter-command-injection origin: community severity: ERROR patterns: @@ -42215,13 +43497,15 @@ rules: likelihood: HIGH impact: HIGH confidence: HIGH + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.privileged-service.privileged-service shortlink: https://sg.run/AlX0 semgrep.dev: rule: rule_id: DbUW17 - version_id: 5PTBQq - url: https://semgrep.dev/playground/r/5PTBQq/yaml.docker-compose.security.privileged-service.privileged-service + version_id: d6TDGj + url: https://semgrep.dev/playground/r/d6TDGj/yaml.docker-compose.security.privileged-service.privileged-service origin: community languages: - yaml @@ -42256,13 +43540,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/yaml.github-actions.security.allowed-unsecure-commands.allowed-unsecure-commands shortlink: https://sg.run/qq78 semgrep.dev: rule: rule_id: EwUQ9x - version_id: xyTD3Q - url: https://semgrep.dev/playground/r/xyTD3Q/yaml.github-actions.security.allowed-unsecure-commands.allowed-unsecure-commands + version_id: 7ZTO9W + url: https://semgrep.dev/playground/r/7ZTO9W/yaml.github-actions.security.allowed-unsecure-commands.allowed-unsecure-commands origin: community patterns: - pattern-either: @@ -42298,13 +43584,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/yaml.github-actions.security.github-script-injection.github-script-injection shortlink: https://sg.run/g1G0 semgrep.dev: rule: rule_id: OrUQvK - version_id: WrTkDk - url: https://semgrep.dev/playground/r/WrTkDk/yaml.github-actions.security.github-script-injection.github-script-injection + version_id: 8KTbkv + url: https://semgrep.dev/playground/r/8KTbkv/yaml.github-actions.security.github-script-injection.github-script-injection origin: community patterns: - pattern-inside: 'steps: [...]' @@ -42375,13 +43663,15 @@ rules: impact: HIGH confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/yaml.github-actions.security.run-shell-injection.run-shell-injection shortlink: https://sg.run/pkzk semgrep.dev: rule: rule_id: v8UjQj - version_id: K3TPZA - url: https://semgrep.dev/playground/r/K3TPZA/yaml.github-actions.security.run-shell-injection.run-shell-injection + version_id: QkTJr0 + url: https://semgrep.dev/playground/r/QkTJr0/yaml.github-actions.security.run-shell-injection.run-shell-injection origin: community patterns: - pattern-inside: 'steps: [...]' @@ -42413,6 +43703,55 @@ rules: - pattern: "${{ github.head_ref }}" - pattern: "${{ github.event.inputs ... }}" severity: ERROR +- id: yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha + patterns: + - pattern-inside: "{steps: ...}" + - pattern: 'uses: "$USES" + + ' + - metavariable-pattern: + metavariable: "$USES" + language: generic + patterns: + - pattern-not-regex: "^[.]/" + - pattern-not-regex: "^actions/" + - pattern-not-regex: "@[0-9a-f]{40}$" + - pattern-not-regex: "^docker://.*@sha256:[0-9a-f]{64}$" + message: An action sourced from a third-party repository on GitHub is not pinned + to a full length commit SHA. Pinning an action to a full length commit SHA is + currently the only way to use an action as an immutable release. Pinning to a + particular SHA helps mitigate the risk of a bad actor adding a backdoor to the + action's repository, as they would need to generate a SHA-1 collision for a valid + Git object payload. + languages: + - yaml + severity: WARNING + metadata: + cwe: + - 'CWE-1357: Reliance on Insufficiently Trustworthy Component' + owasp: A06:2021 - Vulnerable and Outdated Components + references: + - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components + - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions + category: security + technology: + - github-actions + subcategory: + - vuln + likelihood: LOW + impact: LOW + confidence: HIGH + license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other + source: https://semgrep.dev/r/yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha + shortlink: https://sg.run/koLA + semgrep.dev: + rule: + rule_id: YGUdrq + version_id: 9lTK6r + url: https://semgrep.dev/playground/r/9lTK6r/yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha + origin: community - id: yaml.github-actions.security.workflow-run-target-code-checkout.workflow-run-target-code-checkout languages: - yaml @@ -42444,13 +43783,15 @@ rules: technology: - github-actions license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/yaml.github-actions.security.workflow-run-target-code-checkout.workflow-run-target-code-checkout shortlink: https://sg.run/A0p6 semgrep.dev: rule: rule_id: 4bU8E4 - version_id: O9T2ZZ - url: https://semgrep.dev/playground/r/O9T2ZZ/yaml.github-actions.security.workflow-run-target-code-checkout.workflow-run-target-code-checkout + version_id: 3ZTdAr + url: https://semgrep.dev/playground/r/3ZTdAr/yaml.github-actions.security.workflow-run-target-code-checkout.workflow-run-target-code-checkout origin: community patterns: - pattern-inside: | @@ -42532,13 +43873,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.allow-privilege-escalation-no-securitycontext.allow-privilege-escalation-no-securitycontext shortlink: https://sg.run/eleR semgrep.dev: rule: rule_id: WAU5J6 - version_id: QkTDDx - url: https://semgrep.dev/playground/r/QkTDDx/yaml.kubernetes.security.allow-privilege-escalation-no-securitycontext.allow-privilege-escalation-no-securitycontext + version_id: 44ToPE + url: https://semgrep.dev/playground/r/44ToPE/yaml.kubernetes.security.allow-privilege-escalation-no-securitycontext.allow-privilege-escalation-no-securitycontext origin: community languages: - yaml @@ -42599,13 +43942,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.allow-privilege-escalation-true.allow-privilege-escalation-true shortlink: https://sg.run/vw3W semgrep.dev: rule: rule_id: 0oUkqQ - version_id: 3ZTnn0 - url: https://semgrep.dev/playground/r/3ZTnn0/yaml.kubernetes.security.allow-privilege-escalation-true.allow-privilege-escalation-true + version_id: PkTYrz + url: https://semgrep.dev/playground/r/PkTYrz/yaml.kubernetes.security.allow-privilege-escalation-true.allow-privilege-escalation-true origin: community languages: - yaml @@ -42669,13 +44014,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.allow-privilege-escalation.allow-privilege-escalation shortlink: https://sg.run/ljp6 semgrep.dev: rule: rule_id: 6JUqEO - version_id: 44TppP - url: https://semgrep.dev/playground/r/44TppP/yaml.kubernetes.security.allow-privilege-escalation.allow-privilege-escalation + version_id: JdTqrn + url: https://semgrep.dev/playground/r/JdTqrn/yaml.kubernetes.security.allow-privilege-escalation.allow-privilege-escalation origin: community languages: - yaml @@ -42709,13 +44056,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.exposing-docker-socket-hostpath.exposing-docker-socket-hostpath shortlink: https://sg.run/v0pR semgrep.dev: rule: rule_id: d8Uz6v - version_id: JdT2EB - url: https://semgrep.dev/playground/r/JdT2EB/yaml.kubernetes.security.exposing-docker-socket-hostpath.exposing-docker-socket-hostpath + version_id: GxT2EB + url: https://semgrep.dev/playground/r/GxT2EB/yaml.kubernetes.security.exposing-docker-socket-hostpath.exposing-docker-socket-hostpath origin: community languages: - yaml @@ -42762,13 +44111,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.privileged-container.privileged-container shortlink: https://sg.run/Ygr5 semgrep.dev: rule: rule_id: oqUz2p - version_id: A8TyKB - url: https://semgrep.dev/playground/r/A8TyKB/yaml.kubernetes.security.privileged-container.privileged-container + version_id: DkTQ0L + url: https://semgrep.dev/playground/r/DkTQ0L/yaml.kubernetes.security.privileged-container.privileged-container origin: community languages: - yaml @@ -42804,13 +44155,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.seccomp-confinement-disabled.seccomp-confinement-disabled shortlink: https://sg.run/6rgY semgrep.dev: rule: rule_id: zdUynw - version_id: WrTkDp - url: https://semgrep.dev/playground/r/WrTkDp/yaml.kubernetes.security.seccomp-confinement-disabled.seccomp-confinement-disabled + version_id: YDTo0B + url: https://semgrep.dev/playground/r/YDTo0B/yaml.kubernetes.security.seccomp-confinement-disabled.seccomp-confinement-disabled origin: community languages: - yaml @@ -42857,13 +44210,15 @@ rules: likelihood: LOW impact: MEDIUM confidence: MEDIUM + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/yaml.kubernetes.security.secrets-in-config-file.secrets-in-config-file shortlink: https://sg.run/KyL6 semgrep.dev: rule: rule_id: YGUYEb - version_id: 3ZT061 - url: https://semgrep.dev/playground/r/3ZT061/yaml.kubernetes.security.secrets-in-config-file.secrets-in-config-file + version_id: JdTqrb + url: https://semgrep.dev/playground/r/JdTqrb/yaml.kubernetes.security.secrets-in-config-file.secrets-in-config-file origin: community languages: - yaml @@ -42893,13 +44248,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/yaml.kubernetes.security.skip-tls-verify-cluster.skip-tls-verify-cluster shortlink: https://sg.run/okyn semgrep.dev: rule: rule_id: zdUyWx - version_id: K3TPZk - url: https://semgrep.dev/playground/r/K3TPZk/yaml.kubernetes.security.skip-tls-verify-cluster.skip-tls-verify-cluster + version_id: 5PT6DW + url: https://semgrep.dev/playground/r/5PT6DW/yaml.kubernetes.security.skip-tls-verify-cluster.skip-tls-verify-cluster origin: community languages: - yaml @@ -42929,13 +44286,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/yaml.kubernetes.security.skip-tls-verify-service.skip-tls-verify-service shortlink: https://sg.run/zk10 semgrep.dev: rule: rule_id: pKUGXr - version_id: qkT9Ey - url: https://semgrep.dev/playground/r/qkT9Ey/yaml.kubernetes.security.skip-tls-verify-service.skip-tls-verify-service + version_id: GxT2E1 + url: https://semgrep.dev/playground/r/GxT2E1/yaml.kubernetes.security.skip-tls-verify-service.skip-tls-verify-service origin: community languages: - yaml diff --git a/assets/semgrep_rules/generated/oss/audit.yaml b/assets/semgrep_rules/generated/oss/audit.yaml index b364daf2..8bedea15 100644 --- a/assets/semgrep_rules/generated/oss/audit.yaml +++ b/assets/semgrep_rules/generated/oss/audit.yaml @@ -27,13 +27,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/bash.curl.security.curl-pipe-bash.curl-pipe-bash shortlink: https://sg.run/KXz6 semgrep.dev: rule: rule_id: qNUXrw - version_id: GxTpd8 - url: https://semgrep.dev/playground/r/GxTpd8/bash.curl.security.curl-pipe-bash.curl-pipe-bash + version_id: NdTx1B + url: https://semgrep.dev/playground/r/NdTx1B/bash.curl.security.curl-pipe-bash.curl-pipe-bash origin: community patterns: - pattern-either: @@ -68,13 +70,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/bash.lang.security.ifs-tampering.ifs-tampering shortlink: https://sg.run/Q9pq semgrep.dev: rule: rule_id: WAUy9q - version_id: 8KTWnY - url: https://semgrep.dev/playground/r/8KTWnY/bash.lang.security.ifs-tampering.ifs-tampering + version_id: kbTo7O + url: https://semgrep.dev/playground/r/kbTo7O/bash.lang.security.ifs-tampering.ifs-tampering origin: community - id: c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string message: Use %s, %d, %c... to format your variables, otherwise this could leak information. @@ -94,13 +98,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string shortlink: https://sg.run/vzwn semgrep.dev: rule: rule_id: 5rUOlg - version_id: e1TAB7 - url: https://semgrep.dev/playground/r/e1TAB7/c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string + version_id: O9TPyd + url: https://semgrep.dev/playground/r/O9TPyd/c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string origin: community languages: - c @@ -124,13 +130,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn shortlink: https://sg.run/dKqX semgrep.dev: rule: rule_id: GdU7OE - version_id: 5PTB64 - url: https://semgrep.dev/playground/r/5PTB64/c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn + version_id: e1T6xy + url: https://semgrep.dev/playground/r/e1T6xy/c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn origin: community languages: - c @@ -168,13 +176,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/c.lang.security.insecure-use-memset.insecure-use-memset shortlink: https://sg.run/l9GE semgrep.dev: rule: rule_id: d8UK7D - version_id: xyTOO3 - url: https://semgrep.dev/playground/r/xyTOO3/c.lang.security.insecure-use-memset.insecure-use-memset + version_id: vdTZ2X + url: https://semgrep.dev/playground/r/vdTZ2X/c.lang.security.insecure-use-memset.insecure-use-memset origin: community - id: c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn pattern: scanf(...) @@ -195,13 +205,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn shortlink: https://sg.run/nd1g semgrep.dev: rule: rule_id: AbUzPd - version_id: nWTwv8 - url: https://semgrep.dev/playground/r/nWTwv8/c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn + version_id: ZRTLwx + url: https://semgrep.dev/playground/r/ZRTLwx/c.lang.security.insecure-use-scanf-fn.insecure-use-scanf-fn origin: community languages: - c @@ -228,13 +240,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn shortlink: https://sg.run/EkRP semgrep.dev: rule: rule_id: BYUNjA - version_id: ExTYz2 - url: https://semgrep.dev/playground/r/ExTYz2/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn + version_id: nWT67k + url: https://semgrep.dev/playground/r/nWT67k/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn origin: community languages: - c @@ -264,13 +278,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn shortlink: https://sg.run/7oNk semgrep.dev: rule: rule_id: DbUpo5 - version_id: 7ZTYke - url: https://semgrep.dev/playground/r/7ZTYke/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn + version_id: ExT9nX + url: https://semgrep.dev/playground/r/ExT9nX/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn origin: community languages: - c @@ -295,13 +311,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/c.lang.security.insecure-use-strtok-fn.insecure-use-strtok-fn shortlink: https://sg.run/LwqG semgrep.dev: rule: rule_id: WAUo5v - version_id: LjTpvr - url: https://semgrep.dev/playground/r/LjTpvr/c.lang.security.insecure-use-strtok-fn.insecure-use-strtok-fn + version_id: 7ZTLOY + url: https://semgrep.dev/playground/r/7ZTLOY/c.lang.security.insecure-use-strtok-fn.insecure-use-strtok-fn origin: community languages: - c @@ -342,13 +360,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/c.lang.security.random-fd-exhaustion.random-fd-exhaustion shortlink: https://sg.run/8yNj semgrep.dev: rule: rule_id: 0oU5k4 - version_id: 8KTLwz - url: https://semgrep.dev/playground/r/8KTLwz/c.lang.security.random-fd-exhaustion.random-fd-exhaustion + version_id: LjT10x + url: https://semgrep.dev/playground/r/LjT10x/c.lang.security.random-fd-exhaustion.random-fd-exhaustion origin: community languages: - c @@ -377,13 +397,15 @@ rules: technology: - node.js license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/contrib.nodejsscan.crypto_node.node_md5 shortlink: https://sg.run/dKBX semgrep.dev: rule: rule_id: GdU75E - version_id: zyTdbN - url: https://semgrep.dev/playground/r/zyTdbN/contrib.nodejsscan.crypto_node.node_md5 + version_id: yeT6L5 + url: https://semgrep.dev/playground/r/yeT6L5/contrib.nodejsscan.crypto_node.node_md5 origin: community languages: - javascript @@ -424,13 +446,15 @@ rules: technology: - node.js license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/contrib.nodejsscan.crypto_node.node_sha1 shortlink: https://sg.run/ZvEx semgrep.dev: rule: rule_id: ReUgYx - version_id: pZTo0A - url: https://semgrep.dev/playground/r/pZTo0A/contrib.nodejsscan.crypto_node.node_sha1 + version_id: rxT5Y8 + url: https://semgrep.dev/playground/r/rxT5Y8/contrib.nodejsscan.crypto_node.node_sha1 origin: community languages: - javascript @@ -473,13 +497,15 @@ rules: - ".net" - mvc license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/csharp.dotnet.security.mvc-missing-antiforgery.mvc-missing-antiforgery shortlink: https://sg.run/Y0Jy semgrep.dev: rule: rule_id: ZqUlxE - version_id: JdTre1 - url: https://semgrep.dev/playground/r/JdTre1/csharp.dotnet.security.mvc-missing-antiforgery.mvc-missing-antiforgery + version_id: xyT4Lo + url: https://semgrep.dev/playground/r/xyT4Lo/csharp.dotnet.security.mvc-missing-antiforgery.mvc-missing-antiforgery origin: community languages: - csharp @@ -527,13 +553,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/csharp.dotnet.security.net-webconfig-debug.net-webconfig-debug shortlink: https://sg.run/yPWx semgrep.dev: rule: rule_id: 0oUrvj - version_id: 5PTl7J - url: https://semgrep.dev/playground/r/5PTl7J/csharp.dotnet.security.net-webconfig-debug.net-webconfig-debug + version_id: O9Tyje + url: https://semgrep.dev/playground/r/O9Tyje/csharp.dotnet.security.net-webconfig-debug.net-webconfig-debug origin: community languages: - generic @@ -568,13 +596,15 @@ rules: technology: - ".net" license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/csharp.dotnet.security.net-webconfig-trace-enabled.net-webconfig-trace-enabled shortlink: https://sg.run/6bP1 semgrep.dev: rule: rule_id: nJUyJq - version_id: PkTXbE - url: https://semgrep.dev/playground/r/PkTXbE/csharp.dotnet.security.net-webconfig-trace-enabled.net-webconfig-trace-enabled + version_id: e1TxR6 + url: https://semgrep.dev/playground/r/e1TxR6/csharp.dotnet.security.net-webconfig-trace-enabled.net-webconfig-trace-enabled origin: community languages: - generic @@ -613,13 +643,15 @@ rules: - asp - webforms license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/csharp.dotnet.security.web-config-insecure-cookie-settings.web-config-insecure-cookie-settings shortlink: https://sg.run/z1jd semgrep.dev: rule: rule_id: 7KUxPg - version_id: GxTEJj - url: https://semgrep.dev/playground/r/GxTEJj/csharp.dotnet.security.web-config-insecure-cookie-settings.web-config-insecure-cookie-settings + version_id: 7ZTOgD + url: https://semgrep.dev/playground/r/7ZTOgD/csharp.dotnet.security.web-config-insecure-cookie-settings.web-config-insecure-cookie-settings origin: community languages: - generic @@ -679,13 +711,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/csharp.lang.security.ad.jwt-tokenvalidationparameters-no-expiry-validation.jwt-tokenvalidationparameters-no-expiry-validation shortlink: https://sg.run/KA0d semgrep.dev: rule: rule_id: bwU5kK - version_id: 1QTqdb - url: https://semgrep.dev/playground/r/1QTqdb/csharp.lang.security.ad.jwt-tokenvalidationparameters-no-expiry-validation.jwt-tokenvalidationparameters-no-expiry-validation + version_id: gETq3W + url: https://semgrep.dev/playground/r/gETq3W/csharp.lang.security.ad.jwt-tokenvalidationparameters-no-expiry-validation.jwt-tokenvalidationparameters-no-expiry-validation origin: community languages: - csharp @@ -714,13 +748,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/csharp.lang.security.injections.os-command.os-command-injection shortlink: https://sg.run/Ze6p semgrep.dev: rule: rule_id: 9AUOjg - version_id: o5TWJ5 - url: https://semgrep.dev/playground/r/o5TWJ5/csharp.lang.security.injections.os-command.os-command-injection + version_id: 5PT6d9 + url: https://semgrep.dev/playground/r/5PT6d9/csharp.lang.security.injections.os-command.os-command-injection origin: community message: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes @@ -795,13 +831,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.data-contract-resolver.data-contract-resolver shortlink: https://sg.run/yXjP semgrep.dev: rule: rule_id: PeUxb0 - version_id: pZTqAJ - url: https://semgrep.dev/playground/r/pZTqAJ/csharp.lang.security.insecure-deserialization.data-contract-resolver.data-contract-resolver + version_id: RGTbDR + url: https://semgrep.dev/playground/r/RGTbDR/csharp.lang.security.insecure-deserialization.data-contract-resolver.data-contract-resolver origin: community message: Only use DataContractResolver if you are completely sure of what information is being serialized. Malicious types can cause unexpected behavior. @@ -832,13 +870,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.fast-json.insecure-fastjson-deserialization shortlink: https://sg.run/nqnd semgrep.dev: rule: rule_id: NbUAwk - version_id: 2KTAEn - url: https://semgrep.dev/playground/r/2KTAEn/csharp.lang.security.insecure-deserialization.fast-json.insecure-fastjson-deserialization + version_id: A8TR9g + url: https://semgrep.dev/playground/r/A8TR9g/csharp.lang.security.insecure-deserialization.fast-json.insecure-fastjson-deserialization origin: community message: "$type extension has the potential to be unsafe, so use it with common sense and known json sources and not public facing ones to be safe" @@ -875,13 +915,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.insecure-typefilterlevel-full.insecure-typefilterlevel-full shortlink: https://sg.run/rere semgrep.dev: rule: rule_id: JDUlKl - version_id: jQTLJA - url: https://semgrep.dev/playground/r/jQTLJA/csharp.lang.security.insecure-deserialization.insecure-typefilterlevel-full.insecure-typefilterlevel-full + version_id: GxTwen + url: https://semgrep.dev/playground/r/GxTwen/csharp.lang.security.insecure-deserialization.insecure-typefilterlevel-full.insecure-typefilterlevel-full origin: community message: Using a .NET remoting service can lead to RCE, even if you try to configure TypeFilterLevel. Recommended to switch from .NET Remoting to WCF https://docs.microsoft.com/en-us/dotnet/framework/wcf/migrating-from-net-remoting-to-wcf @@ -929,13 +971,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.javascript-serializer.insecure-javascriptserializer-deserialization shortlink: https://sg.run/0nJq semgrep.dev: rule: rule_id: PeUkrK - version_id: 1QT0Qw - url: https://semgrep.dev/playground/r/1QT0Qw/csharp.lang.security.insecure-deserialization.javascript-serializer.insecure-javascriptserializer-deserialization + version_id: WrTbWG + url: https://semgrep.dev/playground/r/WrTbWG/csharp.lang.security.insecure-deserialization.javascript-serializer.insecure-javascriptserializer-deserialization origin: community message: The SimpleTypeResolver class is insecure and should not be used. Using SimpleTypeResolver to deserialize JSON could allow the remote client to execute @@ -992,13 +1036,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/csharp.lang.security.insecure-deserialization.newtonsoft.insecure-newtonsoft-deserialization shortlink: https://sg.run/8n2g semgrep.dev: rule: rule_id: OrUGgl - version_id: A8T7Lz - url: https://semgrep.dev/playground/r/A8T7Lz/csharp.lang.security.insecure-deserialization.newtonsoft.insecure-newtonsoft-deserialization + version_id: qkTN2K + url: https://semgrep.dev/playground/r/qkTN2K/csharp.lang.security.insecure-deserialization.newtonsoft.insecure-newtonsoft-deserialization origin: community - id: csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span severity: WARNING @@ -1023,13 +1069,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span shortlink: https://sg.run/b4eW semgrep.dev: rule: rule_id: 5rUyEN - version_id: NdT5J4 - url: https://semgrep.dev/playground/r/NdT5J4/csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span + version_id: YDTopx + url: https://semgrep.dev/playground/r/YDTopx/csharp.lang.security.memory.memory-marshal-create-span.memory-marshal-create-span origin: community message: MemoryMarshal.CreateSpan and MemoryMarshal.CreateReadOnlySpan should be used with caution, as the length argument is not checked. @@ -1057,13 +1105,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/csharp.lang.security.regular-expression-dos.regular-expression-dos-infinite-timeout.regular-expression-dos-infinite-timeout shortlink: https://sg.run/NgRy semgrep.dev: rule: rule_id: GdUDBP - version_id: yeT7Pv - url: https://semgrep.dev/playground/r/yeT7Pv/csharp.lang.security.regular-expression-dos.regular-expression-dos-infinite-timeout.regular-expression-dos-infinite-timeout + version_id: zyT5Kv + url: https://semgrep.dev/playground/r/zyT5Kv/csharp.lang.security.regular-expression-dos.regular-expression-dos-infinite-timeout.regular-expression-dos-infinite-timeout origin: community message: 'Specifying the regex timeout leaves the system vulnerable to a regex-based Denial of Service (DoS) attack. Consider setting the timeout to a short amount @@ -1103,13 +1153,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/csharp.lang.security.regular-expression-dos.regular-expression-dos.regular-expression-dos shortlink: https://sg.run/RPyY semgrep.dev: rule: rule_id: 4bU2gd - version_id: RGTzvG - url: https://semgrep.dev/playground/r/RGTzvG/csharp.lang.security.regular-expression-dos.regular-expression-dos.regular-expression-dos + version_id: pZTr14 + url: https://semgrep.dev/playground/r/pZTr14/csharp.lang.security.regular-expression-dos.regular-expression-dos.regular-expression-dos origin: community message: An attacker can then cause a program using a regular expression to enter these extreme situations and then hang for a very long time. @@ -1171,7 +1223,7 @@ rules: - pattern: | $S = String.Format(...); ... - $PATTERN $SQL = new PATTERN($S,...); + $PATTERN $SQL = new $PATTERN($S,...); - pattern: | $S = String.Concat(...); ... @@ -1225,13 +1277,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/csharp.lang.security.sqli.csharp-sqli.csharp-sqli shortlink: https://sg.run/d2Xd semgrep.dev: rule: rule_id: x8UxeP - version_id: A8T4Yl - url: https://semgrep.dev/playground/r/A8T4Yl/csharp.lang.security.sqli.csharp-sqli.csharp-sqli + version_id: RGTvL8 + url: https://semgrep.dev/playground/r/RGTvL8/csharp.lang.security.sqli.csharp-sqli.csharp-sqli origin: community languages: - csharp @@ -1258,13 +1312,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.http-client.ssrf shortlink: https://sg.run/4eB9 semgrep.dev: rule: rule_id: 10UdbE - version_id: BjTPYZ - url: https://semgrep.dev/playground/r/BjTPYZ/csharp.lang.security.ssrf.http-client.ssrf + version_id: X0TPQ1 + url: https://semgrep.dev/playground/r/X0TPQ1/csharp.lang.security.ssrf.http-client.ssrf origin: community message: SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself. @@ -1331,13 +1387,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.rest-client.ssrf shortlink: https://sg.run/Pb9v semgrep.dev: rule: rule_id: 9AURoq - version_id: DkT58j - url: https://semgrep.dev/playground/r/DkT58j/csharp.lang.security.ssrf.rest-client.ssrf + version_id: jQTKgW + url: https://semgrep.dev/playground/r/jQTKgW/csharp.lang.security.ssrf.rest-client.ssrf origin: community message: SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself. @@ -1382,13 +1440,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.web-client.ssrf shortlink: https://sg.run/JxqP semgrep.dev: rule: rule_id: yyUPBe - version_id: WrT1x1 - url: https://semgrep.dev/playground/r/WrT1x1/csharp.lang.security.ssrf.web-client.ssrf + version_id: 1QTjO6 + url: https://semgrep.dev/playground/r/1QTjO6/csharp.lang.security.ssrf.web-client.ssrf origin: community message: SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself. @@ -1474,13 +1534,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/csharp.lang.security.ssrf.web-request.ssrf shortlink: https://sg.run/5DWj semgrep.dev: rule: rule_id: r6UwoG - version_id: nWTdk6 - url: https://semgrep.dev/playground/r/nWTdk6/csharp.lang.security.ssrf.web-request.ssrf + version_id: 9lTzdp + url: https://semgrep.dev/playground/r/9lTzdp/csharp.lang.security.ssrf.web-request.ssrf origin: community message: The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that @@ -1543,13 +1605,15 @@ rules: impact: LOW confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/csharp.lang.security.stacktrace-disclosure.stacktrace-disclosure shortlink: https://sg.run/XvkA semgrep.dev: rule: rule_id: lBU6Dv - version_id: ExTd6n - url: https://semgrep.dev/playground/r/ExTd6n/csharp.lang.security.stacktrace-disclosure.stacktrace-disclosure + version_id: yeTXRK + url: https://semgrep.dev/playground/r/yeTXRK/csharp.lang.security.stacktrace-disclosure.stacktrace-disclosure origin: community languages: - csharp @@ -1584,13 +1648,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/csharp.razor.security.html-raw-json.html-raw-json shortlink: https://sg.run/P86E semgrep.dev: rule: rule_id: lBUzPw - version_id: gETLn3 - url: https://semgrep.dev/playground/r/gETLn3/csharp.razor.security.html-raw-json.html-raw-json + version_id: kbT7dG + url: https://semgrep.dev/playground/r/kbT7dG/csharp.razor.security.html-raw-json.html-raw-json origin: community paths: include: @@ -1637,13 +1703,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/dockerfile.security.last-user-is-root.last-user-is-root shortlink: https://sg.run/5Z43 semgrep.dev: rule: rule_id: ReU2n5 - version_id: 8KTDkl - url: https://semgrep.dev/playground/r/8KTDkl/dockerfile.security.last-user-is-root.last-user-is-root + version_id: w8T39L + url: https://semgrep.dev/playground/r/w8T39L/dockerfile.security.last-user-is-root.last-user-is-root origin: community - id: dockerfile.security.missing-user-entrypoint.missing-user-entrypoint patterns: @@ -1679,13 +1747,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/dockerfile.security.missing-user-entrypoint.missing-user-entrypoint shortlink: https://sg.run/k281 semgrep.dev: rule: rule_id: ReUW9E - version_id: QkTPnP - url: https://semgrep.dev/playground/r/QkTPnP/dockerfile.security.missing-user-entrypoint.missing-user-entrypoint + version_id: xyT4Ko + url: https://semgrep.dev/playground/r/xyT4Ko/dockerfile.security.missing-user-entrypoint.missing-user-entrypoint origin: community - id: dockerfile.security.missing-user.missing-user patterns: @@ -1721,13 +1791,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/dockerfile.security.missing-user.missing-user shortlink: https://sg.run/Gbvn semgrep.dev: rule: rule_id: AbUN06 - version_id: 3ZTq68 - url: https://semgrep.dev/playground/r/3ZTq68/dockerfile.security.missing-user.missing-user + version_id: O9TyNe + url: https://semgrep.dev/playground/r/O9TyNe/dockerfile.security.missing-user.missing-user origin: community - id: generic.ci.security.bash-reverse-shell.bash_reverse_shell metadata: @@ -1747,13 +1819,15 @@ rules: likelihood: MEDIUM impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/generic.ci.security.bash-reverse-shell.bash_reverse_shell shortlink: https://sg.run/4l9l semgrep.dev: rule: rule_id: gxUJrJ - version_id: DkT3lr - url: https://semgrep.dev/playground/r/DkT3lr/generic.ci.security.bash-reverse-shell.bash_reverse_shell + version_id: d6TDrR + url: https://semgrep.dev/playground/r/d6TDrR/generic.ci.security.bash-reverse-shell.bash_reverse_shell origin: community message: Semgrep found a bash reverse shell severity: ERROR @@ -1799,13 +1873,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/generic.dockerfile.security.last-user-is-root.last-user-is-root shortlink: https://sg.run/N461 semgrep.dev: rule: rule_id: L1UyO5 - version_id: 9lT29Q - url: https://semgrep.dev/playground/r/9lT29Q/generic.dockerfile.security.last-user-is-root.last-user-is-root + version_id: LjT072 + url: https://semgrep.dev/playground/r/LjT072/generic.dockerfile.security.last-user-is-root.last-user-is-root origin: community - id: generic.nginx.security.alias-path-traversal.alias-path-traversal patterns: @@ -1852,13 +1928,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/generic.nginx.security.alias-path-traversal.alias-path-traversal shortlink: https://sg.run/ZvNL semgrep.dev: rule: rule_id: 5rUOjq - version_id: BjTQRX - url: https://semgrep.dev/playground/r/BjTQRX/generic.nginx.security.alias-path-traversal.alias-path-traversal + version_id: 44To7g + url: https://semgrep.dev/playground/r/44To7g/generic.nginx.security.alias-path-traversal.alias-path-traversal origin: community - id: generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host paths: @@ -1891,13 +1969,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host shortlink: https://sg.run/ndpb semgrep.dev: rule: rule_id: GdU7yl - version_id: DkT3Eq - url: https://semgrep.dev/playground/r/DkT3Eq/generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host + version_id: PkTYDx + url: https://semgrep.dev/playground/r/PkTYDx/generic.nginx.security.dynamic-proxy-host.dynamic-proxy-host origin: community pattern-either: - pattern: proxy_pass $SCHEME://$$HOST ...; @@ -1932,13 +2012,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/generic.nginx.security.dynamic-proxy-scheme.dynamic-proxy-scheme shortlink: https://sg.run/EkAo semgrep.dev: rule: rule_id: ReUg7n - version_id: WrTkLl - url: https://semgrep.dev/playground/r/WrTkLl/generic.nginx.security.dynamic-proxy-scheme.dynamic-proxy-scheme + version_id: JdTq5o + url: https://semgrep.dev/playground/r/JdTq5o/generic.nginx.security.dynamic-proxy-scheme.dynamic-proxy-scheme origin: community pattern: proxy_pass $$SCHEME:// ...; - id: generic.nginx.security.header-injection.header-injection @@ -1979,13 +2061,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/generic.nginx.security.header-injection.header-injection shortlink: https://sg.run/7oj4 semgrep.dev: rule: rule_id: AbUz8p - version_id: 0bTQn5 - url: https://semgrep.dev/playground/r/0bTQn5/generic.nginx.security.header-injection.header-injection + version_id: 5PT6k9 + url: https://semgrep.dev/playground/r/5PT6k9/generic.nginx.security.header-injection.header-injection origin: community - id: generic.nginx.security.header-redefinition.header-redefinition patterns: @@ -2033,13 +2117,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/generic.nginx.security.header-redefinition.header-redefinition shortlink: https://sg.run/Lwl7 semgrep.dev: rule: rule_id: BYUN58 - version_id: K3TPx4 - url: https://semgrep.dev/playground/r/K3TPx4/generic.nginx.security.header-redefinition.header-redefinition + version_id: GxT2j6 + url: https://semgrep.dev/playground/r/GxT2j6/generic.nginx.security.header-redefinition.header-redefinition origin: community - id: generic.nginx.security.insecure-redirect.insecure-redirect patterns: @@ -2077,13 +2163,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/generic.nginx.security.insecure-redirect.insecure-redirect shortlink: https://sg.run/8y14 semgrep.dev: rule: rule_id: DbUpJe - version_id: qkT9Db - url: https://semgrep.dev/playground/r/qkT9Db/generic.nginx.security.insecure-redirect.insecure-redirect + version_id: RGTbeR + url: https://semgrep.dev/playground/r/RGTbeR/generic.nginx.security.insecure-redirect.insecure-redirect origin: community - id: generic.nginx.security.insecure-ssl-version.insecure-ssl-version patterns: @@ -2122,13 +2210,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/generic.nginx.security.insecure-ssl-version.insecure-ssl-version shortlink: https://sg.run/gLKy semgrep.dev: rule: rule_id: WAUo9k - version_id: l4TeE8 - url: https://semgrep.dev/playground/r/l4TeE8/generic.nginx.security.insecure-ssl-version.insecure-ssl-version + version_id: A8TRkg + url: https://semgrep.dev/playground/r/A8TRkg/generic.nginx.security.insecure-ssl-version.insecure-ssl-version origin: community - id: generic.nginx.security.missing-ssl-version.missing-ssl-version patterns: @@ -2165,13 +2255,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/generic.nginx.security.missing-ssl-version.missing-ssl-version shortlink: https://sg.run/3xzl semgrep.dev: rule: rule_id: KxUbeA - version_id: 6xTABD - url: https://semgrep.dev/playground/r/6xTABD/generic.nginx.security.missing-ssl-version.missing-ssl-version + version_id: DkTQqw + url: https://semgrep.dev/playground/r/DkTQqw/generic.nginx.security.missing-ssl-version.missing-ssl-version origin: community - id: generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling patterns: @@ -2230,13 +2322,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling shortlink: https://sg.run/ploZ semgrep.dev: rule: rule_id: 6JUq0Z - version_id: qkTz55 - url: https://semgrep.dev/playground/r/qkTz55/generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling + version_id: WrTbOG + url: https://semgrep.dev/playground/r/WrTbOG/generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling origin: community - id: generic.nginx.security.request-host-used.request-host-used pattern-either: @@ -2272,13 +2366,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/generic.nginx.security.request-host-used.request-host-used shortlink: https://sg.run/4x3Z semgrep.dev: rule: rule_id: qNUjGg - version_id: l4Twlr - url: https://semgrep.dev/playground/r/l4Twlr/generic.nginx.security.request-host-used.request-host-used + version_id: 0bTvyq + url: https://semgrep.dev/playground/r/0bTvyq/generic.nginx.security.request-host-used.request-host-used origin: community - id: generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token pattern-regex: amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} @@ -2306,13 +2402,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token shortlink: https://sg.run/PJzE semgrep.dev: rule: rule_id: lBU9bw - version_id: pZTqEy - url: https://semgrep.dev/playground/r/pZTqEy/generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token + version_id: 44TozP + url: https://semgrep.dev/playground/r/44TozP/generic.secrets.security.detected-amazon-mws-auth-token.detected-amazon-mws-auth-token origin: community - id: generic.secrets.security.detected-artifactory-password.detected-artifactory-password options: @@ -2351,6 +2449,9 @@ rules: metavariable: "$ITEM" languages: - generic + paths: + exclude: + - "*.svg" message: Artifactory token detected severity: ERROR metadata: @@ -2373,13 +2474,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-artifactory-password.detected-artifactory-password shortlink: https://sg.run/J9KZ semgrep.dev: rule: rule_id: YGUR5K - version_id: gETw8D - url: https://semgrep.dev/playground/r/gETw8D/generic.secrets.security.detected-artifactory-password.detected-artifactory-password + version_id: 44T34B + url: https://semgrep.dev/playground/r/44T34B/generic.secrets.security.detected-artifactory-password.detected-artifactory-password origin: community - id: generic.secrets.security.detected-artifactory-token.detected-artifactory-token patterns: @@ -2412,13 +2515,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-artifactory-token.detected-artifactory-token shortlink: https://sg.run/5Q2l semgrep.dev: rule: rule_id: 6JUj3l - version_id: 3ZTwyk - url: https://semgrep.dev/playground/r/3ZTwyk/generic.secrets.security.detected-artifactory-token.detected-artifactory-token + version_id: JdTqPx + url: https://semgrep.dev/playground/r/JdTqPx/generic.secrets.security.detected-artifactory-token.detected-artifactory-token origin: community - id: generic.secrets.security.detected-aws-account-id.detected-aws-account-id patterns: @@ -2479,13 +2584,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-account-id.detected-aws-account-id shortlink: https://sg.run/Ro22 semgrep.dev: rule: rule_id: zdUkdd - version_id: gETK27 - url: https://semgrep.dev/playground/r/gETK27/generic.secrets.security.detected-aws-account-id.detected-aws-account-id + version_id: GxT20A + url: https://semgrep.dev/playground/r/GxT20A/generic.secrets.security.detected-aws-account-id.detected-aws-account-id origin: community - id: generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key pattern-regex: da2-[a-z0-9]{26} @@ -2513,18 +2620,20 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key shortlink: https://sg.run/AvJ6 semgrep.dev: rule: rule_id: pKUOoZ - version_id: 9lTEpq - url: https://semgrep.dev/playground/r/9lTEpq/generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key + version_id: RGTbP5 + url: https://semgrep.dev/playground/r/RGTbP5/generic.secrets.security.detected-aws-appsync-graphql-key.detected-aws-appsync-graphql-key origin: community - id: generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key patterns: - pattern-regex: (("|'|`)?((?i)aws)_?\w*((?i)secret)_?\w*("|'|`)?\s{0,50}(:|=>|=)\s{0,50}("|'|`)?[A-Za-z0-9/+=]{40}("|'|`)?) - - pattern-not-regex: "(?i)example|sample|test|fake" + - pattern-not-regex: "(?i)example|sample|test|fake|xxxxxx" languages: - regex message: AWS Secret Access Key detected @@ -2549,21 +2658,23 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key shortlink: https://sg.run/Bk39 semgrep.dev: rule: rule_id: 2ZUbe8 - version_id: yeTQoe - url: https://semgrep.dev/playground/r/yeTQoe/generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key + version_id: PkTL4v + url: https://semgrep.dev/playground/r/PkTL4v/generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key origin: community - id: generic.secrets.security.detected-aws-session-token.detected-aws-session-token patterns: - - pattern-regex: "((?i)AWS_SESSION_TOKEN)\\s*(:|=>|=)\\s*([A-Za-z0-9/+=]{16,})" + - pattern-regex: "((?i)AWS_SESSION_TOKEN)\\s*(:|=>|=)\\s*(?P[A-Za-z0-9/+=]{16,})" - pattern-not-regex: "(?i)example|sample|test|fake" - metavariable-analysis: analyzer: entropy - metavariable: "$3" + metavariable: "$TOKEN" languages: - regex message: AWS Session Token detected @@ -2588,13 +2699,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-aws-session-token.detected-aws-session-token shortlink: https://sg.run/DoRW semgrep.dev: rule: rule_id: X5U8Er - version_id: RGT4LN - url: https://semgrep.dev/playground/r/RGT4LN/generic.secrets.security.detected-aws-session-token.detected-aws-session-token + version_id: BjTEBE + url: https://semgrep.dev/playground/r/BjTEBE/generic.secrets.security.detected-aws-session-token.detected-aws-session-token origin: community - id: generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash pattern-regex: "\\$2[aby]?\\$[\\d]+\\$[./A-Za-z0-9]{53}" @@ -2621,13 +2734,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash shortlink: https://sg.run/3A8G semgrep.dev: rule: rule_id: PeUk0Q - version_id: bZTxy4 - url: https://semgrep.dev/playground/r/bZTxy4/generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash + version_id: DkTQW8 + url: https://semgrep.dev/playground/r/DkTQW8/generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash origin: community - id: generic.secrets.security.detected-codeclimate.detected-codeclimate pattern-regex: (?i)codeclima.{0,50}["|'|`]?[0-9a-f]{64}["|'|`]? @@ -2655,13 +2770,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-codeclimate.detected-codeclimate shortlink: https://sg.run/W8yz semgrep.dev: rule: rule_id: j2UvW7 - version_id: NdT545 - url: https://semgrep.dev/playground/r/NdT545/generic.secrets.security.detected-codeclimate.detected-codeclimate + version_id: WrTbZr + url: https://semgrep.dev/playground/r/WrTbZr/generic.secrets.security.detected-codeclimate.detected-codeclimate origin: community - id: generic.secrets.security.detected-etc-shadow.detected-etc-shadow pattern-regex: root:[x!*]*:[0-9]*:[0-9]* @@ -2687,13 +2804,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-etc-shadow.detected-etc-shadow shortlink: https://sg.run/4ylL semgrep.dev: rule: rule_id: JDUP6p - version_id: kbTrJ9 - url: https://semgrep.dev/playground/r/kbTrJ9/generic.secrets.security.detected-etc-shadow.detected-etc-shadow + version_id: 0bTvJx + url: https://semgrep.dev/playground/r/0bTvJx/generic.secrets.security.detected-etc-shadow.detected-etc-shadow origin: community - id: generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token pattern-either: @@ -2724,13 +2843,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token shortlink: https://sg.run/0QYJ semgrep.dev: rule: rule_id: 10UKBL - version_id: w8T4Yq - url: https://semgrep.dev/playground/r/w8T4Yq/generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token + version_id: K3TlYv + url: https://semgrep.dev/playground/r/K3TlYv/generic.secrets.security.detected-facebook-access-token.detected-facebook-access-token origin: community - id: generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth pattern-regex: '[fF][aA][cC][eE][bB][oO][oO][kK].*[tT][oO][kK][eE][nN].*[''|"]?[0-9a-f]{32}[''|"]?' @@ -2758,13 +2879,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth shortlink: https://sg.run/Klq6 semgrep.dev: rule: rule_id: 9AU127 - version_id: xyT96b - url: https://semgrep.dev/playground/r/xyT96b/generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth + version_id: qkTNb5 + url: https://semgrep.dev/playground/r/qkTNb5/generic.secrets.security.detected-facebook-oauth.detected-facebook-oauth origin: community - id: generic.secrets.security.detected-generic-api-key.detected-generic-api-key pattern-regex: '[aA][pP][iI]_?[kK][eE][yY][=_:\s-]+[''|"]?[0-9a-zA-Z]{32,45}[''|"]?' @@ -2791,13 +2914,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-generic-api-key.detected-generic-api-key shortlink: https://sg.run/qxj8 semgrep.dev: rule: rule_id: yyUn8p - version_id: O9T41K - url: https://semgrep.dev/playground/r/O9T41K/generic.secrets.security.detected-generic-api-key.detected-generic-api-key + version_id: l4T5zr + url: https://semgrep.dev/playground/r/l4T5zr/generic.secrets.security.detected-generic-api-key.detected-generic-api-key origin: community - id: generic.secrets.security.detected-generic-secret.detected-generic-secret pattern-regex: '[sS][eE][cC][rR][eE][tT][:= \t]*[''|\"]?[0-9a-zA-Z]{32,45}[''|\"]?' @@ -2824,13 +2949,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-generic-secret.detected-generic-secret shortlink: https://sg.run/l2o5 semgrep.dev: rule: rule_id: r6Urqe - version_id: e1TEB2 - url: https://semgrep.dev/playground/r/e1TEB2/generic.secrets.security.detected-generic-secret.detected-generic-secret + version_id: YDToQR + url: https://semgrep.dev/playground/r/YDToQR/generic.secrets.security.detected-generic-secret.detected-generic-secret origin: community - id: generic.secrets.security.detected-github-token.detected-github-token patterns: @@ -2874,13 +3001,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-github-token.detected-github-token shortlink: https://sg.run/PpOv semgrep.dev: rule: rule_id: eqUv7b - version_id: vdTDlw - url: https://semgrep.dev/playground/r/vdTDlw/generic.secrets.security.detected-github-token.detected-github-token + version_id: 6xTe6q + url: https://semgrep.dev/playground/r/6xTe6q/generic.secrets.security.detected-github-token.detected-github-token origin: community - id: generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account pattern-regex: (("|'|`)?type("|'|`)?\s{0,50}(:|=>|=)\s{0,50}("|'|`)?service_account("|'|`)?,?) @@ -2908,13 +3037,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account shortlink: https://sg.run/6nXj semgrep.dev: rule: rule_id: NbUkL8 - version_id: nWTd3X - url: https://semgrep.dev/playground/r/nWTd3X/generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account + version_id: pZTrwz + url: https://semgrep.dev/playground/r/pZTrwz/generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account origin: community - id: generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token pattern-regex: ya29\.[0-9A-Za-z\-_]+ @@ -2942,13 +3073,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token shortlink: https://sg.run/ox2n semgrep.dev: rule: rule_id: kxUkpo - version_id: ExTdZZ - url: https://semgrep.dev/playground/r/ExTdZZ/generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token + version_id: 2KT1K7 + url: https://semgrep.dev/playground/r/2KT1K7/generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token origin: community - id: generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key pattern-regex: "[hH][eE][rR][oO][kK][uU].*[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}" @@ -2976,13 +3109,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key shortlink: https://sg.run/pxXR semgrep.dev: rule: rule_id: x8UnOB - version_id: LjTxj8 - url: https://semgrep.dev/playground/r/LjTxj8/generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key + version_id: jQTKRz + url: https://semgrep.dev/playground/r/jQTKRz/generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key origin: community - id: generic.secrets.security.detected-hockeyapp.detected-hockeyapp pattern-regex: (?i)hockey.{0,50}(\\\"|'|`)?[0-9a-f]{32}(\\\"|'|`)? @@ -3010,13 +3145,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-hockeyapp.detected-hockeyapp shortlink: https://sg.run/2xoY semgrep.dev: rule: rule_id: OrU3zo - version_id: 8KTWDk - url: https://semgrep.dev/playground/r/8KTWDk/generic.secrets.security.detected-hockeyapp.detected-hockeyapp + version_id: 1QTjeY + url: https://semgrep.dev/playground/r/1QTjeY/generic.secrets.security.detected-hockeyapp.detected-hockeyapp origin: community - id: generic.secrets.security.detected-jwt-token.detected-jwt-token pattern-regex: eyJ[A-Za-z0-9-_=]{14,}\.[A-Za-z0-9-_=]{13,}\.?[A-Za-z0-9-_.+/=]*? @@ -3032,7 +3169,7 @@ rules: - jwt confidence: LOW references: - - https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + - https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ cwe: - 'CWE-321: Use of Hard-coded Cryptographic Key' owasp: @@ -3042,13 +3179,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/generic.secrets.security.detected-jwt-token.detected-jwt-token shortlink: https://sg.run/05N5 semgrep.dev: rule: rule_id: kxU8E8 - version_id: gETLKX - url: https://semgrep.dev/playground/r/gETLKX/generic.secrets.security.detected-jwt-token.detected-jwt-token + version_id: 9lTzk5 + url: https://semgrep.dev/playground/r/9lTzk5/generic.secrets.security.detected-jwt-token.detected-jwt-token origin: community - id: generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key pattern-regex: k2sk_v[0-9]_[0-9a-zA-Z]{24} @@ -3075,13 +3214,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key shortlink: https://sg.run/d2YQ semgrep.dev: rule: rule_id: JDULYW - version_id: QkTB9q - url: https://semgrep.dev/playground/r/QkTB9q/generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key + version_id: yeTXyx + url: https://semgrep.dev/playground/r/yeTXyx/generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key origin: community - id: generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key pattern-regex: "[0-9a-f]{32}-us[0-9]{1,2}" @@ -3109,13 +3250,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key shortlink: https://sg.run/XBde semgrep.dev: rule: rule_id: eqU8QR - version_id: 3ZT781 - url: https://semgrep.dev/playground/r/3ZT781/generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key + version_id: rxTx91 + url: https://semgrep.dev/playground/r/rxTx91/generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key origin: community - id: generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key pattern-regex: key-[0-9a-zA-Z]{32} @@ -3143,13 +3286,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key shortlink: https://sg.run/jRL2 semgrep.dev: rule: rule_id: v8UneY - version_id: 44TxDO - url: https://semgrep.dev/playground/r/44TxDO/generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key + version_id: bZTGNE + url: https://semgrep.dev/playground/r/bZTGNE/generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key origin: community - id: generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token patterns: @@ -3184,13 +3329,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token shortlink: https://sg.run/Ppg3 semgrep.dev: rule: rule_id: 5rU4pe - version_id: 6xT7RJ - url: https://semgrep.dev/playground/r/6xT7RJ/generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token + version_id: NdT1YG + url: https://semgrep.dev/playground/r/NdT1YG/generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token origin: community - id: generic.secrets.security.detected-outlook-team.detected-outlook-team pattern-regex: https://outlook\.office\.com/webhook/[0-9a-f-]{36} @@ -3218,13 +3365,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-outlook-team.detected-outlook-team shortlink: https://sg.run/1ZwQ semgrep.dev: rule: rule_id: d8UjXq - version_id: 5PTBZ6 - url: https://semgrep.dev/playground/r/5PTBZ6/generic.secrets.security.detected-outlook-team.detected-outlook-team + version_id: w8T3Gy + url: https://semgrep.dev/playground/r/w8T3Gy/generic.secrets.security.detected-outlook-team.detected-outlook-team origin: community - id: generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token pattern-regex: access_token\$production\$[0-9a-z]{16}\$[0-9a-z]{32} @@ -3253,13 +3402,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token shortlink: https://sg.run/9oBR semgrep.dev: rule: rule_id: ZqU507 - version_id: GxT41w - url: https://semgrep.dev/playground/r/GxT41w/generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token + version_id: xyT423 + url: https://semgrep.dev/playground/r/xyT423/generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token origin: community - id: generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block pattern-regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----" @@ -3288,13 +3439,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block shortlink: https://sg.run/ydKd semgrep.dev: rule: rule_id: nJUzXz - version_id: pZTJeG - url: https://semgrep.dev/playground/r/pZTJeG/generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block + version_id: O9TyD4 + url: https://semgrep.dev/playground/r/O9TyD4/generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block origin: community - id: generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key pattern-regex: sk_live_[0-9a-z]{32} @@ -3322,13 +3475,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key shortlink: https://sg.run/rdGA semgrep.dev: rule: rule_id: EwU274 - version_id: A8Tywj - url: https://semgrep.dev/playground/r/A8Tywj/generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key + version_id: e1Txpw + url: https://semgrep.dev/playground/r/e1Txpw/generic.secrets.security.detected-picatic-api-key.detected-picatic-api-key origin: community - id: generic.secrets.security.detected-private-key.detected-private-key patterns: @@ -3369,13 +3524,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-private-key.detected-private-key shortlink: https://sg.run/b7dr semgrep.dev: rule: rule_id: 7KUQ0p - version_id: BjTQ6X - url: https://semgrep.dev/playground/r/BjTQ6X/generic.secrets.security.detected-private-key.detected-private-key + version_id: vdT2jK + url: https://semgrep.dev/playground/r/vdT2jK/generic.secrets.security.detected-private-key.detected-private-key origin: community - id: generic.secrets.security.detected-sauce-token.detected-sauce-token pattern-regex: (?i)sauce.{0,50}(\\\"|'|`)?[0-9a-f-]{36}(\\\"|'|`)? @@ -3403,13 +3560,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-sauce-token.detected-sauce-token shortlink: https://sg.run/N4k1 semgrep.dev: rule: rule_id: L1UyZ5 - version_id: DkT3Aq - url: https://semgrep.dev/playground/r/DkT3Aq/generic.secrets.security.detected-sauce-token.detected-sauce-token + version_id: d6TDlN + url: https://semgrep.dev/playground/r/d6TDlN/generic.secrets.security.detected-sauce-token.detected-sauce-token origin: community - id: generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key pattern-regex: SG\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9-]{43}\b @@ -3437,13 +3596,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key shortlink: https://sg.run/qqOy semgrep.dev: rule: rule_id: x8U2EG - version_id: WrTk0l - url: https://semgrep.dev/playground/r/WrTk0l/generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key + version_id: ZRTwg1 + url: https://semgrep.dev/playground/r/ZRTwg1/generic.secrets.security.detected-sendgrid-api-key.detected-sendgrid-api-key origin: community - id: generic.secrets.security.detected-slack-token.detected-slack-token pattern-either: @@ -3473,13 +3634,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-slack-token.detected-slack-token shortlink: https://sg.run/kXdz semgrep.dev: rule: rule_id: 8GUjRA - version_id: 0bTQj5 - url: https://semgrep.dev/playground/r/0bTQj5/generic.secrets.security.detected-slack-token.detected-slack-token + version_id: nWT7r1 + url: https://semgrep.dev/playground/r/nWT7r1/generic.secrets.security.detected-slack-token.detected-slack-token origin: community - id: generic.secrets.security.detected-slack-webhook.detected-slack-webhook pattern-regex: https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24} @@ -3507,13 +3670,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-slack-webhook.detected-slack-webhook shortlink: https://sg.run/weWX semgrep.dev: rule: rule_id: gxU1dy - version_id: K3TP14 - url: https://semgrep.dev/playground/r/K3TP14/generic.secrets.security.detected-slack-webhook.detected-slack-webhook + version_id: ExTnQL + url: https://semgrep.dev/playground/r/ExTnQL/generic.secrets.security.detected-slack-webhook.detected-slack-webhook origin: community - id: generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key pattern-regex: (?i)snyk.{0,50}['|"|`]?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"\s]? @@ -3540,13 +3705,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key shortlink: https://sg.run/lxO9 semgrep.dev: rule: rule_id: OrUD9J - version_id: qkT93b - url: https://semgrep.dev/playground/r/qkT93b/generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key + version_id: 7ZTOpG + url: https://semgrep.dev/playground/r/7ZTOpG/generic.secrets.security.detected-snyk-api-key.detected-snyk-api-key origin: community - id: generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key pattern-regex: (?i)softlayer.{0,50}["|'|`]?[a-z0-9]{64}["|'|`]? @@ -3574,13 +3741,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key shortlink: https://sg.run/YXq4 semgrep.dev: rule: rule_id: eqUplZ - version_id: l4TeG8 - url: https://semgrep.dev/playground/r/l4TeG8/generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key + version_id: LjT0rO + url: https://semgrep.dev/playground/r/LjT0rO/generic.secrets.security.detected-softlayer-api-key.detected-softlayer-api-key origin: community - id: generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key pattern-regex: (?i)sonar.{0,50}(\\\"|'|`)?[0-9a-f]{40}(\\\"|'|`)? @@ -3608,13 +3777,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key shortlink: https://sg.run/x10P semgrep.dev: rule: rule_id: QrUzP1 - version_id: YDTzdA - url: https://semgrep.dev/playground/r/YDTzdA/generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key + version_id: 8KTbxR + url: https://semgrep.dev/playground/r/8KTbxR/generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key origin: community - id: generic.secrets.security.detected-sql-dump.detected-sql-dump pattern-regex: Dumping data for table `.*` @@ -3640,13 +3811,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/generic.secrets.security.detected-sql-dump.detected-sql-dump shortlink: https://sg.run/J3eR semgrep.dev: rule: rule_id: GdU0zk - version_id: 6xTAND - url: https://semgrep.dev/playground/r/6xTAND/generic.secrets.security.detected-sql-dump.detected-sql-dump + version_id: gETqYK + url: https://semgrep.dev/playground/r/gETqYK/generic.secrets.security.detected-sql-dump.detected-sql-dump origin: community - id: generic.secrets.security.detected-square-access-token.detected-square-access-token pattern-regex: sq0atp-[0-9A-Za-z\-_]{22} @@ -3674,13 +3847,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-square-access-token.detected-square-access-token shortlink: https://sg.run/OP3b semgrep.dev: rule: rule_id: 3qUPqO - version_id: o5TW6K - url: https://semgrep.dev/playground/r/o5TW6K/generic.secrets.security.detected-square-access-token.detected-square-access-token + version_id: QkTJpx + url: https://semgrep.dev/playground/r/QkTJpx/generic.secrets.security.detected-square-access-token.detected-square-access-token origin: community - id: generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret pattern-regex: sq0csp-[0-9A-Za-z\\\-_]{43} @@ -3708,13 +3883,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret shortlink: https://sg.run/eL7E semgrep.dev: rule: rule_id: 4bUk4l - version_id: zyTXEl - url: https://semgrep.dev/playground/r/zyTXEl/generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret + version_id: 3ZTdE0 + url: https://semgrep.dev/playground/r/3ZTdE0/generic.secrets.security.detected-square-oauth-secret.detected-square-oauth-secret origin: community - id: generic.secrets.security.detected-ssh-password.detected-ssh-password pattern-regex: sshpass -p.*['|\\\"] @@ -3742,13 +3919,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-ssh-password.detected-ssh-password shortlink: https://sg.run/vzDR semgrep.dev: rule: rule_id: PeUZ4d - version_id: pZTq5y - url: https://semgrep.dev/playground/r/pZTq5y/generic.secrets.security.detected-ssh-password.detected-ssh-password + version_id: 44To2P + url: https://semgrep.dev/playground/r/44To2P/generic.secrets.security.detected-ssh-password.detected-ssh-password origin: community - id: generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key pattern-regex: sk_live_[0-9a-zA-Z]{24} @@ -3776,13 +3955,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key shortlink: https://sg.run/dKd5 semgrep.dev: rule: rule_id: JDUy0z - version_id: 2KTA93 - url: https://semgrep.dev/playground/r/2KTA93/generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key + version_id: PkTYBG + url: https://semgrep.dev/playground/r/PkTYBG/generic.secrets.security.detected-stripe-api-key.detected-stripe-api-key origin: community - id: generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key pattern-regex: rk_live_[0-9a-zA-Z]{24} @@ -3810,13 +3991,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key shortlink: https://sg.run/ZvdL semgrep.dev: rule: rule_id: 5rUOWq - version_id: X0Torz - url: https://semgrep.dev/playground/r/X0Torz/generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key + version_id: JdTqQx + url: https://semgrep.dev/playground/r/JdTqQx/generic.secrets.security.detected-stripe-restricted-api-key.detected-stripe-restricted-api-key origin: community - id: generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key patterns: @@ -3847,13 +4030,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key shortlink: https://sg.run/nd4b semgrep.dev: rule: rule_id: GdU7Nl - version_id: jQTLoB - url: https://semgrep.dev/playground/r/jQTLoB/generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key + version_id: 5PT68z + url: https://semgrep.dev/playground/r/5PT68z/generic.secrets.security.detected-telegram-bot-api-key.detected-telegram-bot-api-key origin: community - id: generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key pattern-regex: SK[0-9a-fA-F]{32} @@ -3881,13 +4066,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key shortlink: https://sg.run/Ek2o semgrep.dev: rule: rule_id: ReUgJn - version_id: 1QT01E - url: https://semgrep.dev/playground/r/1QT01E/generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key + version_id: GxT2ZA + url: https://semgrep.dev/playground/r/GxT2ZA/generic.secrets.security.detected-twilio-api-key.detected-twilio-api-key origin: community - id: generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token pattern-regex: "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" @@ -3915,13 +4102,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token shortlink: https://sg.run/7oR4 semgrep.dev: rule: rule_id: AbUzDp - version_id: 9lTExq - url: https://semgrep.dev/playground/r/9lTExq/generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token + version_id: RGTbo5 + url: https://semgrep.dev/playground/r/RGTbo5/generic.secrets.security.detected-twitter-access-token.detected-twitter-access-token origin: community - id: generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth patterns: @@ -3951,13 +4140,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth shortlink: https://sg.run/Lwb7 semgrep.dev: rule: rule_id: BYUNq8 - version_id: 7ZT0Jd - url: https://semgrep.dev/playground/r/7ZT0Jd/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth + version_id: A8TRG6 + url: https://semgrep.dev/playground/r/A8TRG6/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth origin: community - id: generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak patterns: @@ -3985,13 +4176,15 @@ rules: technology: - Google Maps license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak shortlink: https://sg.run/DL5d semgrep.dev: rule: rule_id: EwU3kN - version_id: JdT89w - url: https://semgrep.dev/playground/r/JdT89w/generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak + version_id: DkTQK8 + url: https://semgrep.dev/playground/r/DkTQK8/generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak origin: community - id: generic.unicode.security.bidi.contains-bidirectional-characters patterns: @@ -4028,13 +4221,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/generic.unicode.security.bidi.contains-bidirectional-characters shortlink: https://sg.run/nK4r semgrep.dev: rule: rule_id: d8UeX4 - version_id: bZTx24 - url: https://semgrep.dev/playground/r/bZTx24/generic.unicode.security.bidi.contains-bidirectional-characters + version_id: WrTbPr + url: https://semgrep.dev/playground/r/WrTbPr/generic.unicode.security.bidi.contains-bidirectional-characters origin: community languages: - bash @@ -4088,13 +4283,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/go.gorilla.security.audit.session-cookie-missing-httponly.session-cookie-missing-httponly shortlink: https://sg.run/4xJZ semgrep.dev: rule: rule_id: qNUj6g - version_id: w8T4Oq - url: https://semgrep.dev/playground/r/w8T4Oq/go.gorilla.security.audit.session-cookie-missing-httponly.session-cookie-missing-httponly + version_id: l4T58r + url: https://semgrep.dev/playground/r/l4T58r/go.gorilla.security.audit.session-cookie-missing-httponly.session-cookie-missing-httponly origin: community fix-regex: regex: "(HttpOnly\\s*:\\s+)false" @@ -4134,13 +4331,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/go.gorilla.security.audit.session-cookie-missing-secure.session-cookie-missing-secure shortlink: https://sg.run/PJdE semgrep.dev: rule: rule_id: lBU9kw - version_id: YDTjNR - url: https://semgrep.dev/playground/r/YDTjNR/go.gorilla.security.audit.session-cookie-missing-secure.session-cookie-missing-secure + version_id: YDToDR + url: https://semgrep.dev/playground/r/YDToDR/go.gorilla.security.audit.session-cookie-missing-secure.session-cookie-missing-secure origin: community fix-regex: regex: "(Secure\\s*:\\s+)false" @@ -4187,13 +4386,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/go.gorilla.security.audit.websocket-missing-origin-check.websocket-missing-origin-check shortlink: https://sg.run/xXpz semgrep.dev: rule: rule_id: ReUKdz - version_id: w8T7jk - url: https://semgrep.dev/playground/r/w8T7jk/go.gorilla.security.audit.websocket-missing-origin-check.websocket-missing-origin-check + version_id: JdTqLP + url: https://semgrep.dev/playground/r/JdTqLP/go.gorilla.security.audit.websocket-missing-origin-check.websocket-missing-origin-check origin: community - id: go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection metadata: @@ -4212,13 +4413,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection shortlink: https://sg.run/J9yZ semgrep.dev: rule: rule_id: PeUZ4X - version_id: vdTDyw - url: https://semgrep.dev/playground/r/vdTDyw/go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection + version_id: GxT2rr + url: https://semgrep.dev/playground/r/GxT2rr/go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection origin: community message: 'Found an insecure gRPC connection using ''grpc.WithInsecure()''. This creates a connection without encryption to a gRPC server. A malicious attacker @@ -4250,13 +4453,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection shortlink: https://sg.run/5Q5l semgrep.dev: rule: rule_id: JDUy0B - version_id: NdTjwX - url: https://semgrep.dev/playground/r/NdTjwX/go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection + version_id: RGTb3q + url: https://semgrep.dev/playground/r/RGTb3q/go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection origin: community message: Found an insecure gRPC server without 'grpc.Creds()' or options with credentials. This allows for a connection without encryption to this server. A malicious attacker @@ -4291,7 +4496,7 @@ rules: - 'CWE-345: Insufficient Verification of Data Authenticity' owasp: - A08:2021 - Software and Data Integrity Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -4303,13 +4508,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/go.jwt-go.security.audit.jwt-parse-unverified.jwt-go-parse-unverified shortlink: https://sg.run/Av66 semgrep.dev: rule: rule_id: ReUgJJ - version_id: ZRTBon - url: https://semgrep.dev/playground/r/ZRTBon/go.jwt-go.security.audit.jwt-parse-unverified.jwt-go-parse-unverified + version_id: A8TRQ3 + url: https://semgrep.dev/playground/r/A8TRQ3/go.jwt-go.security.audit.jwt-parse-unverified.jwt-go-parse-unverified origin: community languages: - go @@ -4330,7 +4537,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -4342,13 +4549,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.jwt-go.security.jwt-none-alg.jwt-go-none-algorithm shortlink: https://sg.run/Gej1 semgrep.dev: rule: rule_id: 5rUOWQ - version_id: nWTdvX - url: https://semgrep.dev/playground/r/nWTdvX/go.jwt-go.security.jwt-none-alg.jwt-go-none-algorithm + version_id: BjTEdK + url: https://semgrep.dev/playground/r/BjTEdK/go.jwt-go.security.jwt-none-alg.jwt-go-none-algorithm origin: community languages: - go @@ -4384,13 +4593,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.bad_imports.insecure-module-used shortlink: https://sg.run/l2gj semgrep.dev: rule: rule_id: yyUnov - version_id: 0bTzED - url: https://semgrep.dev/playground/r/0bTzED/go.lang.security.audit.crypto.bad_imports.insecure-module-used + version_id: 0bTv2e + url: https://semgrep.dev/playground/r/0bTv2e/go.lang.security.audit.crypto.bad_imports.insecure-module-used origin: community languages: - go @@ -4426,13 +4637,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/go.lang.security.audit.crypto.insecure_ssh.avoid-ssh-insecure-ignore-host-key shortlink: https://sg.run/Yv6X semgrep.dev: rule: rule_id: r6UrW9 - version_id: LjTxv8 - url: https://semgrep.dev/playground/r/LjTxv8/go.lang.security.audit.crypto.insecure_ssh.avoid-ssh-insecure-ignore-host-key + version_id: K3Tl7K + url: https://semgrep.dev/playground/r/K3Tl7K/go.lang.security.audit.crypto.insecure_ssh.avoid-ssh-insecure-ignore-host-key origin: community languages: - go @@ -4461,13 +4674,15 @@ rules: likelihood: HIGH impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/go.lang.security.audit.crypto.use_of_weak_rsa_key.use-of-weak-rsa-key shortlink: https://sg.run/9oY4 semgrep.dev: rule: rule_id: d8UjY3 - version_id: zyT2y3 - url: https://semgrep.dev/playground/r/zyT2y3/go.lang.security.audit.crypto.use_of_weak_rsa_key.use-of-weak-rsa-key + version_id: X0TPdG + url: https://semgrep.dev/playground/r/X0TPdG/go.lang.security.audit.crypto.use_of_weak_rsa_key.use-of-weak-rsa-key origin: community patterns: - pattern-either: @@ -4535,13 +4750,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-command-write.dangerous-command-write shortlink: https://sg.run/Bko5 semgrep.dev: rule: rule_id: pKUOZ9 - version_id: RGTBj1 - url: https://semgrep.dev/playground/r/RGTBj1/go.lang.security.audit.dangerous-command-write.dangerous-command-write + version_id: jQTK3e + url: https://semgrep.dev/playground/r/jQTK3e/go.lang.security.audit.dangerous-command-write.dangerous-command-write origin: community - id: go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd patterns: @@ -4633,13 +4850,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd shortlink: https://sg.run/Dorj semgrep.dev: rule: rule_id: 2ZUb8l - version_id: A8Tyoj - url: https://semgrep.dev/playground/r/A8Tyoj/go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd + version_id: 1QTjdA + url: https://semgrep.dev/playground/r/1QTjdA/go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd origin: community severity: ERROR languages: @@ -4711,13 +4930,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-exec-command.dangerous-exec-command shortlink: https://sg.run/W8lA semgrep.dev: rule: rule_id: X5U8RQ - version_id: zyTgBb - url: https://semgrep.dev/playground/r/zyTgBb/go.lang.security.audit.dangerous-exec-command.dangerous-exec-command + version_id: 9lTzR9 + url: https://semgrep.dev/playground/r/9lTzR9/go.lang.security.audit.dangerous-exec-command.dangerous-exec-command origin: community severity: ERROR languages: @@ -4822,13 +5043,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.dangerous-syscall-exec.dangerous-syscall-exec shortlink: https://sg.run/0QRb semgrep.dev: rule: rule_id: j2UvPl - version_id: DkT3rq - url: https://semgrep.dev/playground/r/DkT3rq/go.lang.security.audit.dangerous-syscall-exec.dangerous-syscall-exec + version_id: yeTXP4 + url: https://semgrep.dev/playground/r/yeTXP4/go.lang.security.audit.dangerous-syscall-exec.dangerous-syscall-exec origin: community severity: ERROR languages: @@ -4861,13 +5084,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/go.lang.security.audit.database.string-formatted-query.string-formatted-query shortlink: https://sg.run/ydEr semgrep.dev: rule: rule_id: ZqU5bD - version_id: zyT256 - url: https://semgrep.dev/playground/r/zyT256/go.lang.security.audit.database.string-formatted-query.string-formatted-query + version_id: rxTxwE + url: https://semgrep.dev/playground/r/rxTxwE/go.lang.security.audit.database.string-formatted-query.string-formatted-query origin: community patterns: - metavariable-regex: @@ -5036,13 +5261,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/go.lang.security.audit.net.bind_all.avoid-bind-to-all-interfaces shortlink: https://sg.run/rdE0 semgrep.dev: rule: rule_id: nJUz3J - version_id: O9Tg6O - url: https://semgrep.dev/playground/r/O9Tg6O/go.lang.security.audit.net.bind_all.avoid-bind-to-all-interfaces + version_id: NdT1NP + url: https://semgrep.dev/playground/r/NdT1NP/go.lang.security.audit.net.bind_all.avoid-bind-to-all-interfaces origin: community pattern-either: - pattern: tls.Listen($NETWORK, "=~/^0.0.0.0:.*$/", ...) @@ -5073,13 +5300,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string shortlink: https://sg.run/weE0 semgrep.dev: rule: rule_id: 8GUjDW - version_id: e1TNz3 - url: https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string + version_id: O9Ty6W + url: https://semgrep.dev/playground/r/O9Ty6W/go.lang.security.audit.net.formatted-template-string.formatted-template-string origin: community languages: - go @@ -5130,13 +5359,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/go.lang.security.audit.net.pprof.pprof-debug-exposure shortlink: https://sg.run/x1Ep semgrep.dev: rule: rule_id: gxU1Kp - version_id: WrTAJ9 - url: https://semgrep.dev/playground/r/WrTAJ9/go.lang.security.audit.net.pprof.pprof-debug-exposure + version_id: vdT296 + url: https://semgrep.dev/playground/r/vdT296/go.lang.security.audit.net.pprof.pprof-debug-exposure origin: community message: The profiling 'pprof' endpoint is automatically exposed on /debug/pprof. This could leak information about the server. Instead, use `import "net/http/pprof"`. @@ -5185,13 +5416,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.unescaped-data-in-htmlattr.unescaped-data-in-htmlattr shortlink: https://sg.run/OPRp semgrep.dev: rule: rule_id: QrUz9R - version_id: vdT790 - url: https://semgrep.dev/playground/r/vdT790/go.lang.security.audit.net.unescaped-data-in-htmlattr.unescaped-data-in-htmlattr + version_id: d6TDeW + url: https://semgrep.dev/playground/r/d6TDeW/go.lang.security.audit.net.unescaped-data-in-htmlattr.unescaped-data-in-htmlattr origin: community languages: - go @@ -5247,13 +5480,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.unescaped-data-in-js.unescaped-data-in-js shortlink: https://sg.run/eLNl semgrep.dev: rule: rule_id: 3qUP8K - version_id: A8TyoX - url: https://semgrep.dev/playground/r/A8TyoX/go.lang.security.audit.net.unescaped-data-in-js.unescaped-data-in-js + version_id: ZRTwOr + url: https://semgrep.dev/playground/r/ZRTwOr/go.lang.security.audit.net.unescaped-data-in-js.unescaped-data-in-js origin: community languages: - go @@ -5310,13 +5545,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url shortlink: https://sg.run/vzE4 semgrep.dev: rule: rule_id: 4bUkDW - version_id: d6Tde3 - url: https://semgrep.dev/playground/r/d6Tde3/go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url + version_id: nWT7ZB + url: https://semgrep.dev/playground/r/nWT7ZB/go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url origin: community languages: - go @@ -5368,13 +5605,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/go.lang.security.audit.net.use-tls.use-tls shortlink: https://sg.run/dKbY semgrep.dev: rule: rule_id: PeUZ8X - version_id: DkT3rk - url: https://semgrep.dev/playground/r/DkT3rk/go.lang.security.audit.net.use-tls.use-tls + version_id: ExTnK9 + url: https://semgrep.dev/playground/r/ExTnK9/go.lang.security.audit.net.use-tls.use-tls origin: community message: Found an HTTP server without TLS. Use 'http.ListenAndServeTLS' instead. See https://golang.org/pkg/net/http/#ListenAndServeTLS for more information. @@ -5402,13 +5641,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.lang.security.audit.reflect-makefunc.reflect-makefunc shortlink: https://sg.run/KlPd semgrep.dev: rule: rule_id: 10UKGb - version_id: 0bTQPg - url: https://semgrep.dev/playground/r/0bTQPg/go.lang.security.audit.reflect-makefunc.reflect-makefunc + version_id: LjT05Y + url: https://semgrep.dev/playground/r/LjT05Y/go.lang.security.audit.reflect-makefunc.reflect-makefunc origin: community severity: ERROR pattern: reflect.MakeFunc(...) @@ -5451,13 +5692,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/go.lang.security.audit.unsafe-reflect-by-name.unsafe-reflect-by-name shortlink: https://sg.run/R8Xv semgrep.dev: rule: rule_id: BYUBdJ - version_id: 6xTAPk - url: https://semgrep.dev/playground/r/6xTAPk/go.lang.security.audit.unsafe-reflect-by-name.unsafe-reflect-by-name + version_id: 44TogA + url: https://semgrep.dev/playground/r/44TogA/go.lang.security.audit.unsafe-reflect-by-name.unsafe-reflect-by-name origin: community severity: WARNING languages: @@ -5485,13 +5728,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/go.lang.security.audit.unsafe.use-of-unsafe-block shortlink: https://sg.run/qxEx semgrep.dev: rule: rule_id: 9AU1p1 - version_id: zyTvjY - url: https://semgrep.dev/playground/r/zyTvjY/go.lang.security.audit.unsafe.use-of-unsafe-block + version_id: PkTY0Z + url: https://semgrep.dev/playground/r/PkTY0Z/go.lang.security.audit.unsafe.use-of-unsafe-block origin: community pattern: unsafe.$FUNC(...) - id: go.lang.security.audit.xss.import-text-template.import-text-template @@ -5523,13 +5768,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.import-text-template.import-text-template shortlink: https://sg.run/ndEO semgrep.dev: rule: rule_id: 5rUOZQ - version_id: vdTggK - url: https://semgrep.dev/playground/r/vdTggK/go.lang.security.audit.xss.import-text-template.import-text-template + version_id: JdTq6P + url: https://semgrep.dev/playground/r/JdTq6P/go.lang.security.audit.xss.import-text-template.import-text-template origin: community severity: WARNING patterns: @@ -5571,13 +5818,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter shortlink: https://sg.run/EkbA semgrep.dev: rule: rule_id: GdU71y - version_id: pZTq7v - url: https://semgrep.dev/playground/r/pZTq7v/go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter + version_id: 5PT6p8 + url: https://semgrep.dev/playground/r/5PT6p8/go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter origin: community patterns: - pattern-either: @@ -5622,13 +5871,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-fprintf-to-responsewriter.no-fprintf-to-responsewriter shortlink: https://sg.run/7oqR semgrep.dev: rule: rule_id: ReUgyJ - version_id: 2KTAJo - url: https://semgrep.dev/playground/r/2KTAJo/go.lang.security.audit.xss.no-fprintf-to-responsewriter.no-fprintf-to-responsewriter + version_id: GxT2zr + url: https://semgrep.dev/playground/r/GxT2zr/go.lang.security.audit.xss.no-fprintf-to-responsewriter.no-fprintf-to-responsewriter origin: community severity: WARNING patterns: @@ -5671,13 +5922,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-interpolation-in-tag.no-interpolation-in-tag shortlink: https://sg.run/LwJJ semgrep.dev: rule: rule_id: AbUzBB - version_id: X0To6j - url: https://semgrep.dev/playground/r/X0To6j/go.lang.security.audit.xss.no-interpolation-in-tag.no-interpolation-in-tag + version_id: RGTbqq + url: https://semgrep.dev/playground/r/RGTbqq/go.lang.security.audit.xss.no-interpolation-in-tag.no-interpolation-in-tag origin: community languages: - generic @@ -5717,13 +5970,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-interpolation-js-template-string.no-interpolation-js-template-string shortlink: https://sg.run/8yl7 semgrep.dev: rule: rule_id: BYUNR6 - version_id: jQTL78 - url: https://semgrep.dev/playground/r/jQTL78/go.lang.security.audit.xss.no-interpolation-js-template-string.no-interpolation-js-template-string + version_id: A8TRe3 + url: https://semgrep.dev/playground/r/A8TRe3/go.lang.security.audit.xss.no-interpolation-js-template-string.no-interpolation-js-template-string origin: community languages: - generic @@ -5763,13 +6018,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-io-writestring-to-responsewriter.no-io-writestring-to-responsewriter shortlink: https://sg.run/gLwn semgrep.dev: rule: rule_id: DbUpEr - version_id: 1QT0qB - url: https://semgrep.dev/playground/r/1QT0qB/go.lang.security.audit.xss.no-io-writestring-to-responsewriter.no-io-writestring-to-responsewriter + version_id: BjTEzK + url: https://semgrep.dev/playground/r/BjTEzK/go.lang.security.audit.xss.no-io-writestring-to-responsewriter.no-io-writestring-to-responsewriter origin: community severity: WARNING patterns: @@ -5810,13 +6067,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.no-printf-in-responsewriter.no-printf-in-responsewriter shortlink: https://sg.run/Q5BP semgrep.dev: rule: rule_id: WAUoLp - version_id: 9lTEPr - url: https://semgrep.dev/playground/r/9lTEPr/go.lang.security.audit.xss.no-printf-in-responsewriter.no-printf-in-responsewriter + version_id: DkTQxN + url: https://semgrep.dev/playground/r/DkTQxN/go.lang.security.audit.xss.no-printf-in-responsewriter.no-printf-in-responsewriter origin: community severity: WARNING patterns: @@ -5859,13 +6118,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type shortlink: https://sg.run/3xDb semgrep.dev: rule: rule_id: 0oU5n3 - version_id: yeTQ7o - url: https://semgrep.dev/playground/r/yeTQ7o/go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type + version_id: WrTbNQ + url: https://semgrep.dev/playground/r/WrTbNQ/go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type origin: community languages: - go @@ -5903,13 +6164,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/go.lang.security.bad_tmp.bad-tmp-file-creation shortlink: https://sg.run/Gejn semgrep.dev: rule: rule_id: 6JUjnL - version_id: bZTxjj - url: https://semgrep.dev/playground/r/bZTxjj/go.lang.security.bad_tmp.bad-tmp-file-creation + version_id: K3Tl5K + url: https://semgrep.dev/playground/r/K3Tl5K/go.lang.security.bad_tmp.bad-tmp-file-creation origin: community pattern-either: - pattern: ioutil.WriteFile("=~//tmp/.*$/", ...) @@ -5978,13 +6241,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb shortlink: https://sg.run/RodK semgrep.dev: rule: rule_id: oqUeqn - version_id: NdT5w2 - url: https://semgrep.dev/playground/r/NdT5w2/go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb + version_id: qkTNWO + url: https://semgrep.dev/playground/r/qkTNWO/go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb origin: community - id: go.lang.security.zip.path-traversal-inside-zip-extraction message: File traversal when extracting zip archive @@ -6009,13 +6274,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/go.lang.security.zip.path-traversal-inside-zip-extraction shortlink: https://sg.run/Av64 semgrep.dev: rule: rule_id: zdUkoR - version_id: e1TENW - url: https://semgrep.dev/playground/r/e1TENW/go.lang.security.zip.path-traversal-inside-zip-extraction + version_id: zyT5ne + url: https://semgrep.dev/playground/r/zyT5ne/go.lang.security.zip.path-traversal-inside-zip-extraction origin: community languages: - go @@ -6050,13 +6317,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/go.otto.security.audit.dangerous-execution.dangerous-execution shortlink: https://sg.run/4xWE semgrep.dev: rule: rule_id: KxUbxk - version_id: vdTD7Z - url: https://semgrep.dev/playground/r/vdTD7Z/go.otto.security.audit.dangerous-execution.dangerous-execution + version_id: pZTrzq + url: https://semgrep.dev/playground/r/pZTrzq/go.otto.security.audit.dangerous-execution.dangerous-execution origin: community severity: ERROR patterns: @@ -6131,13 +6400,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/html.security.missing-noopener-or-noreferrer.missing-noopener-or-noreferrer shortlink: https://sg.run/Ezqo semgrep.dev: rule: rule_id: 8GUvNg - version_id: 5PTYbo - url: https://semgrep.dev/playground/r/5PTYbo/html.security.missing-noopener-or-noreferrer.missing-noopener-or-noreferrer + version_id: 1QTj5A + url: https://semgrep.dev/playground/r/1QTj5A/html.security.missing-noopener-or-noreferrer.missing-noopener-or-noreferrer origin: community patterns: - pattern: a() @@ -6167,13 +6438,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/html.security.missing-noopener.missing-noopener shortlink: https://sg.run/5Q03 semgrep.dev: rule: rule_id: YGURLJ - version_id: YDTK07 - url: https://semgrep.dev/playground/r/YDTK07/html.security.missing-noopener.missing-noopener + version_id: 9lTzZ9 + url: https://semgrep.dev/playground/r/9lTzZ9/html.security.missing-noopener.missing-noopener origin: community patterns: - pattern: a() @@ -6223,13 +6496,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.jboss.security.seam-log-injection.seam-log-injection shortlink: https://sg.run/3A4o semgrep.dev: rule: rule_id: JDUPQ7 - version_id: zyTX5Q - url: https://semgrep.dev/playground/r/zyTX5Q/java.jboss.security.seam-log-injection.seam-log-injection + version_id: ZRTwGr + url: https://semgrep.dev/playground/r/ZRTwGr/java.jboss.security.seam-log-injection.seam-log-injection origin: community severity: ERROR - id: java.jjwt.security.jwt-none-alg.jjwt-none-alg @@ -6243,7 +6518,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -6260,13 +6535,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.jjwt.security.jwt-none-alg.jjwt-none-alg shortlink: https://sg.run/0Q7b semgrep.dev: rule: rule_id: j2Uvol - version_id: l4TNGq - url: https://semgrep.dev/playground/r/l4TNGq/java.jjwt.security.jwt-none-alg.jjwt-none-alg + version_id: ExTnq9 + url: https://semgrep.dev/playground/r/ExTnq9/java.jjwt.security.jwt-none-alg.jjwt-none-alg origin: community languages: - java @@ -6302,13 +6579,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.lang.security.audit.anonymous-ldap-bind.anonymous-ldap-bind shortlink: https://sg.run/jR6A semgrep.dev: rule: rule_id: eqU8J3 - version_id: YDT8dj - url: https://semgrep.dev/playground/r/YDT8dj/java.lang.security.audit.anonymous-ldap-bind.anonymous-ldap-bind + version_id: 7ZTOWO + url: https://semgrep.dev/playground/r/7ZTOWO/java.lang.security.audit.anonymous-ldap-bind.anonymous-ldap-bind origin: community message: Detected anonymous LDAP bind. This permits anonymous users to execute LDAP statements. Consider enforcing authentication for LDAP. See https://docs.oracle.com/javase/tutorial/jndi/ldap/auth_mechs.html @@ -6337,13 +6616,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.bad-hexa-conversion.bad-hexa-conversion shortlink: https://sg.run/1Z7D semgrep.dev: rule: rule_id: v8Uny0 - version_id: 0bTYqN - url: https://semgrep.dev/playground/r/0bTYqN/java.lang.security.audit.bad-hexa-conversion.bad-hexa-conversion + version_id: LjT0PY + url: https://semgrep.dev/playground/r/LjT0PY/java.lang.security.audit.bad-hexa-conversion.bad-hexa-conversion origin: community message: '''Integer.toHexString()'' strips leading zeroes from each byte if read byte-by-byte. This mistake weakens the hash value computed since it introduces @@ -6384,13 +6665,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.blowfish-insufficient-key-size.blowfish-insufficient-key-size shortlink: https://sg.run/9o74 semgrep.dev: rule: rule_id: d8UjJ3 - version_id: o5T563 - url: https://semgrep.dev/playground/r/o5T563/java.lang.security.audit.blowfish-insufficient-key-size.blowfish-insufficient-key-size + version_id: 8KTbAe + url: https://semgrep.dev/playground/r/8KTbAe/java.lang.security.audit.blowfish-insufficient-key-size.blowfish-insufficient-key-size origin: community message: Using less than 128 bits for Blowfish is considered insecure. Use 128 bits or more, or switch to use AES instead. @@ -6430,13 +6713,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle shortlink: https://sg.run/ydxr semgrep.dev: rule: rule_id: ZqU5oD - version_id: zyTeEO - url: https://semgrep.dev/playground/r/zyTeEO/java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle + version_id: gETqyZ + url: https://semgrep.dev/playground/r/gETqyZ/java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle origin: community severity: WARNING fix: '"AES/GCM/NoPadding" @@ -6544,13 +6829,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.lang.security.audit.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call shortlink: https://sg.run/rd90 semgrep.dev: rule: rule_id: nJUzvJ - version_id: 2KTeLN - url: https://semgrep.dev/playground/r/2KTeLN/java.lang.security.audit.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call + version_id: QkTJkW + url: https://semgrep.dev/playground/r/QkTJkW/java.lang.security.audit.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call origin: community severity: ERROR languages: @@ -6729,13 +7016,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.lang.security.audit.command-injection-process-builder.command-injection-process-builder shortlink: https://sg.run/gJJe semgrep.dev: rule: rule_id: 4bUzzo - version_id: 2KT69y - url: https://semgrep.dev/playground/r/2KT69y/java.lang.security.audit.command-injection-process-builder.command-injection-process-builder + version_id: 3ZTd3l + url: https://semgrep.dev/playground/r/3ZTd3l/java.lang.security.audit.command-injection-process-builder.command-injection-process-builder origin: community severity: ERROR languages: @@ -6763,13 +7052,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/java.lang.security.audit.cookie-missing-httponly.cookie-missing-httponly shortlink: https://sg.run/b7Be semgrep.dev: rule: rule_id: EwU2z6 - version_id: jQTe1J - url: https://semgrep.dev/playground/r/jQTe1J/java.lang.security.audit.cookie-missing-httponly.cookie-missing-httponly + version_id: 44ToQA + url: https://semgrep.dev/playground/r/44ToQA/java.lang.security.audit.cookie-missing-httponly.cookie-missing-httponly origin: community message: A cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading @@ -6809,13 +7100,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/java.lang.security.audit.cookie-missing-samesite.cookie-missing-samesite shortlink: https://sg.run/N427 semgrep.dev: rule: rule_id: 7KUQkX - version_id: A8Tlwe - url: https://semgrep.dev/playground/r/A8Tlwe/java.lang.security.audit.cookie-missing-samesite.cookie-missing-samesite + version_id: PkTYxZ + url: https://semgrep.dev/playground/r/PkTYxZ/java.lang.security.audit.cookie-missing-samesite.cookie-missing-samesite origin: community message: Detected cookie without the SameSite attribute. severity: WARNING @@ -6847,13 +7140,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/java.lang.security.audit.cookie-missing-secure-flag.cookie-missing-secure-flag shortlink: https://sg.run/kXoK semgrep.dev: rule: rule_id: L1Uyvp - version_id: 9lTN3n - url: https://semgrep.dev/playground/r/9lTN3n/java.lang.security.audit.cookie-missing-secure-flag.cookie-missing-secure-flag + version_id: JdTqlP + url: https://semgrep.dev/playground/r/JdTqlP/java.lang.security.audit.cookie-missing-secure-flag.cookie-missing-secure-flag origin: community message: A cookie was detected without setting the 'secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels @@ -6893,13 +7188,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.avoid-implementing-custom-digests.avoid-implementing-custom-digests shortlink: https://sg.run/PJ0p semgrep.dev: rule: rule_id: KxUbW4 - version_id: e1TAJ7 - url: https://semgrep.dev/playground/r/e1TAJ7/java.lang.security.audit.crypto.ssl.avoid-implementing-custom-digests.avoid-implementing-custom-digests + version_id: qkTNQO + url: https://semgrep.dev/playground/r/qkTNQO/java.lang.security.audit.crypto.ssl.avoid-implementing-custom-digests.avoid-implementing-custom-digests origin: community message: 'Cryptographic algorithms are notoriously difficult to get right. By implementing a custom message digest, you risk introducing security issues into your program. @@ -6936,13 +7233,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated shortlink: https://sg.run/J9Gj semgrep.dev: rule: rule_id: qNUj8b - version_id: vdT37r - url: https://semgrep.dev/playground/r/vdT37r/java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated + version_id: l4T5yp + url: https://semgrep.dev/playground/r/l4T5yp/java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated origin: community message: DefaultHttpClient is deprecated. Further, it does not support connections using TLS1.2, which makes using DefaultHttpClient a security hazard. Use HttpClientBuilder @@ -6981,13 +7280,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.insecure-hostname-verifier.insecure-hostname-verifier shortlink: https://sg.run/5QoD semgrep.dev: rule: rule_id: lBU9n8 - version_id: d6Tbdr - url: https://semgrep.dev/playground/r/d6Tbdr/java.lang.security.audit.crypto.ssl.insecure-hostname-verifier.insecure-hostname-verifier + version_id: YDTolk + url: https://semgrep.dev/playground/r/YDTolk/java.lang.security.audit.crypto.ssl.insecure-hostname-verifier.insecure-hostname-verifier origin: community severity: WARNING languages: @@ -7029,13 +7330,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/java.lang.security.audit.crypto.ssl.insecure-trust-manager.insecure-trust-manager shortlink: https://sg.run/GePy semgrep.dev: rule: rule_id: YGUR9A - version_id: ZRTyY6 - url: https://semgrep.dev/playground/r/ZRTyY6/java.lang.security.audit.crypto.ssl.insecure-trust-manager.insecure-trust-manager + version_id: JdTqlK + url: https://semgrep.dev/playground/r/JdTqlK/java.lang.security.audit.crypto.ssl.insecure-trust-manager.insecure-trust-manager origin: community message: Detected empty trust manager implementations. This is dangerous because it accepts any certificate, enabling man-in-the-middle attacks. Consider using @@ -7092,13 +7395,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.crypto.weak-random.weak-random shortlink: https://sg.run/NwBp semgrep.dev: rule: rule_id: lBUW5D - version_id: LjTp8r - url: https://semgrep.dev/playground/r/LjTp8r/java.lang.security.audit.crypto.weak-random.weak-random + version_id: qkTNQE + url: https://semgrep.dev/playground/r/qkTNQE/java.lang.security.audit.crypto.weak-random.weak-random origin: community pattern-either: - pattern: 'new java.util.Random(...).$FUNC(...) @@ -7149,13 +7454,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.dangerous-groovy-shell.dangerous-groovy-shell shortlink: https://sg.run/58LK semgrep.dev: rule: rule_id: ReUPKp - version_id: gET5QJ - url: https://semgrep.dev/playground/r/gET5QJ/java.lang.security.audit.dangerous-groovy-shell.dangerous-groovy-shell + version_id: YDTolW + url: https://semgrep.dev/playground/r/YDTolW/java.lang.security.audit.dangerous-groovy-shell.dangerous-groovy-shell origin: community languages: - java @@ -7179,13 +7486,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.el-injection.el-injection shortlink: https://sg.run/x1wp semgrep.dev: rule: rule_id: gxU1Np - version_id: QkTQek - url: https://semgrep.dev/playground/r/QkTQek/java.lang.security.audit.el-injection.el-injection + version_id: 6xTeDB + url: https://semgrep.dev/playground/r/6xTeDB/java.lang.security.audit.el-injection.el-injection origin: community message: An expression is built with a dynamic value. The source of the value(s) should be verified to avoid that unfiltered values fall into this risky code evaluation. @@ -7346,13 +7655,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/java.lang.security.audit.java-reverse-shell.java-reverse-shell shortlink: https://sg.run/kkrX semgrep.dev: rule: rule_id: KxUY7b - version_id: JdTZ9v - url: https://semgrep.dev/playground/r/JdTZ9v/java.lang.security.audit.java-reverse-shell.java-reverse-shell + version_id: 2KT17O + url: https://semgrep.dev/playground/r/2KT17O/java.lang.security.audit.java-reverse-shell.java-reverse-shell origin: community languages: - java @@ -7383,13 +7694,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.jdbc-sql-formatted-string.jdbc-sql-formatted-string shortlink: https://sg.run/dKWY semgrep.dev: rule: rule_id: PeUZNX - version_id: 5PTYgo - url: https://semgrep.dev/playground/r/5PTYgo/java.lang.security.audit.jdbc-sql-formatted-string.jdbc-sql-formatted-string + version_id: X0TP5y + url: https://semgrep.dev/playground/r/X0TP5y/java.lang.security.audit.jdbc-sql-formatted-string.jdbc-sql-formatted-string origin: community message: 'Possible JDBC injection detected. Use the parameterized query feature available in queryForObject instead of concatenating or formatting strings: ''jdbc.queryForObject("select @@ -7508,13 +7821,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - LDAP Injection source: https://semgrep.dev/r/java.lang.security.audit.ldap-entry-poisoning.ldap-entry-poisoning shortlink: https://sg.run/ZvOn semgrep.dev: rule: rule_id: JDUy8B - version_id: GxTWdq - url: https://semgrep.dev/playground/r/GxTWdq/java.lang.security.audit.ldap-entry-poisoning.ldap-entry-poisoning + version_id: jQTKr2 + url: https://semgrep.dev/playground/r/jQTKr2/java.lang.security.audit.ldap-entry-poisoning.ldap-entry-poisoning origin: community message: An object-returning LDAP search will allow attackers to control the LDAP response. This could lead to Remote Code Execution. @@ -7557,13 +7872,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - LDAP Injection source: https://semgrep.dev/r/java.lang.security.audit.ldap-injection.ldap-injection shortlink: https://sg.run/nd2O semgrep.dev: rule: rule_id: 5rUObQ - version_id: RGTw4E - url: https://semgrep.dev/playground/r/RGTw4E/java.lang.security.audit.ldap-injection.ldap-injection + version_id: 1QTjPl + url: https://semgrep.dev/playground/r/1QTjPl/java.lang.security.audit.ldap-injection.ldap-injection origin: community severity: WARNING languages: @@ -7640,13 +7957,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.lang.security.audit.object-deserialization.object-deserialization shortlink: https://sg.run/Ek0A semgrep.dev: rule: rule_id: GdU7py - version_id: BjTG3v - url: https://semgrep.dev/playground/r/BjTG3v/java.lang.security.audit.object-deserialization.object-deserialization + version_id: yeTXN6 + url: https://semgrep.dev/playground/r/yeTXN6/java.lang.security.audit.object-deserialization.object-deserialization origin: community message: Found object deserialization using ObjectInputStream. Deserializing entire Java objects is dangerous because malicious actors can create Java object streams @@ -7679,13 +7998,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.ognl-injection.ognl-injection shortlink: https://sg.run/7o7R semgrep.dev: rule: rule_id: ReUgjJ - version_id: DkTerv - url: https://semgrep.dev/playground/r/DkTerv/java.lang.security.audit.ognl-injection.ognl-injection + version_id: rxTxDx + url: https://semgrep.dev/playground/r/rxTxDx/java.lang.security.audit.ognl-injection.ognl-injection origin: community severity: WARNING languages: @@ -8533,13 +8854,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission shortlink: https://sg.run/LwzJ semgrep.dev: rule: rule_id: AbUzwB - version_id: jQTpDQ - url: https://semgrep.dev/playground/r/jQTpDQ/java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission + version_id: bZTGBk + url: https://semgrep.dev/playground/r/bZTGBk/java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission origin: community pattern-either: - pattern: java.nio.file.Files.setPosixFilePermissions($FILE, java.nio.file.attribute.PosixFilePermissions.fromString("=~/(^......r..$)|(^.......w.$)|(^........x$)/")); @@ -8584,13 +8907,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.permissive-cors.permissive-cors shortlink: https://sg.run/8y77 semgrep.dev: rule: rule_id: BYUN66 - version_id: o5TOgY - url: https://semgrep.dev/playground/r/o5TOgY/java.lang.security.audit.permissive-cors.permissive-cors + version_id: NdT1Bn + url: https://semgrep.dev/playground/r/NdT1Bn/java.lang.security.audit.permissive-cors.permissive-cors origin: community severity: WARNING languages: @@ -8663,13 +8988,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.lang.security.audit.script-engine-injection.script-engine-injection shortlink: https://sg.run/gLqn semgrep.dev: rule: rule_id: DbUpAr - version_id: K3TOWR - url: https://semgrep.dev/playground/r/K3TOWR/java.lang.security.audit.script-engine-injection.script-engine-injection + version_id: kbT7OK + url: https://semgrep.dev/playground/r/kbT7OK/java.lang.security.audit.script-engine-injection.script-engine-injection origin: community severity: WARNING languages: @@ -8800,13 +9127,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.hibernate-sqli.hibernate-sqli shortlink: https://sg.run/Roqg semgrep.dev: rule: rule_id: 6JUjPD - version_id: qkTK8A - url: https://semgrep.dev/playground/r/qkTK8A/java.lang.security.audit.sqli.hibernate-sqli.hibernate-sqli + version_id: w8T3k9 + url: https://semgrep.dev/playground/r/w8T3k9/java.lang.security.audit.sqli.hibernate-sqli.hibernate-sqli origin: community languages: - java @@ -8873,13 +9202,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli shortlink: https://sg.run/AvkL semgrep.dev: rule: rule_id: oqUe8K - version_id: l4TNnq - url: https://semgrep.dev/playground/r/l4TNnq/java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli + version_id: xyT4dv + url: https://semgrep.dev/playground/r/xyT4dv/java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli origin: community - id: java.lang.security.audit.sqli.jdo-sqli.jdo-sqli pattern-either: @@ -8975,13 +9306,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.jdo-sqli.jdo-sqli shortlink: https://sg.run/Bkwx semgrep.dev: rule: rule_id: zdUk7l - version_id: YDT89j - url: https://semgrep.dev/playground/r/YDT89j/java.lang.security.audit.sqli.jdo-sqli.jdo-sqli + version_id: O9Tyvn + url: https://semgrep.dev/playground/r/O9Tyvn/java.lang.security.audit.sqli.jdo-sqli.jdo-sqli origin: community - id: java.lang.security.audit.sqli.jpa-sqli.jpa-sqli message: Detected a formatted string in a SQL statement. This could lead to SQL @@ -9045,13 +9378,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.jpa-sqli.jpa-sqli shortlink: https://sg.run/DoOd semgrep.dev: rule: rule_id: pKUO7y - version_id: JdTZ9Y - url: https://semgrep.dev/playground/r/JdTZ9Y/java.lang.security.audit.sqli.jpa-sqli.jpa-sqli + version_id: e1TxZ8 + url: https://semgrep.dev/playground/r/e1TxZ8/java.lang.security.audit.sqli.jpa-sqli.jpa-sqli origin: community - id: java.lang.security.audit.sqli.turbine-sqli.turbine-sqli pattern-either: @@ -9146,13 +9481,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.turbine-sqli.turbine-sqli shortlink: https://sg.run/W8zL semgrep.dev: rule: rule_id: 2ZUbJ3 - version_id: GxTWd3 - url: https://semgrep.dev/playground/r/GxTWd3/java.lang.security.audit.sqli.turbine-sqli.turbine-sqli + version_id: d6TD6l + url: https://semgrep.dev/playground/r/d6TD6l/java.lang.security.audit.sqli.turbine-sqli.turbine-sqli origin: community - id: java.lang.security.audit.sqli.vertx-sqli.vertx-sqli message: Detected a formatted string in a SQL statement. This could lead to SQL @@ -9223,13 +9560,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/java.lang.security.audit.sqli.vertx-sqli.vertx-sqli shortlink: https://sg.run/0QKB semgrep.dev: rule: rule_id: X5U86z - version_id: RGTw47 - url: https://semgrep.dev/playground/r/RGTw47/java.lang.security.audit.sqli.vertx-sqli.vertx-sqli + version_id: ZRTweO + url: https://semgrep.dev/playground/r/ZRTweO/java.lang.security.audit.sqli.vertx-sqli.vertx-sqli origin: community - id: java.lang.security.audit.unsafe-reflection.unsafe-reflection patterns: @@ -9266,13 +9605,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/java.lang.security.audit.unsafe-reflection.unsafe-reflection shortlink: https://sg.run/R8X8 semgrep.dev: rule: rule_id: DbUW1W - version_id: 0bT6Pb - url: https://semgrep.dev/playground/r/0bT6Pb/java.lang.security.audit.unsafe-reflection.unsafe-reflection + version_id: 8KTbv9 + url: https://semgrep.dev/playground/r/8KTbv9/java.lang.security.audit.unsafe-reflection.unsafe-reflection origin: community severity: WARNING languages: @@ -9297,13 +9638,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/java.lang.security.audit.weak-ssl-context.weak-ssl-context shortlink: https://sg.run/4x7E semgrep.dev: rule: rule_id: KxUb1k - version_id: l4TNn0 - url: https://semgrep.dev/playground/r/l4TNn0/java.lang.security.audit.weak-ssl-context.weak-ssl-context + version_id: 3ZTdLR + url: https://semgrep.dev/playground/r/3ZTdLR/java.lang.security.audit.weak-ssl-context.weak-ssl-context origin: community message: An insecure SSL context was detected. TLS versions 1.0, 1.1, and all SSL versions are considered weak encryption and are deprecated. Use SSLContext.getInstance("TLSv1.2") @@ -9345,13 +9688,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.audit.xml-decoder.xml-decoder shortlink: https://sg.run/PJjq semgrep.dev: rule: rule_id: qNUj3y - version_id: gEToDQ - url: https://semgrep.dev/playground/r/gEToDQ/java.lang.security.audit.xml-decoder.xml-decoder + version_id: 44Toeb + url: https://semgrep.dev/playground/r/44Toeb/java.lang.security.audit.xml-decoder.xml-decoder origin: community severity: WARNING languages: @@ -9396,13 +9741,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled shortlink: https://sg.run/qxne semgrep.dev: rule: rule_id: 10UKqE - version_id: K3T63x - url: https://semgrep.dev/playground/r/K3T63x/java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled + version_id: PkTYj2 + url: https://semgrep.dev/playground/r/PkTYj2/java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled origin: community pattern-regex: ".*escape.*?=.*?false.*" paths: @@ -9434,13 +9781,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/java.lang.security.audit.xssrequestwrapper-is-insecure.xssrequestwrapper-is-insecure shortlink: https://sg.run/J96Q semgrep.dev: rule: rule_id: lBU9Gj - version_id: X0TJNW - url: https://semgrep.dev/playground/r/X0TJNW/java.lang.security.audit.xssrequestwrapper-is-insecure.xssrequestwrapper-is-insecure + version_id: A8TRNx + url: https://semgrep.dev/playground/r/A8TRNx/java.lang.security.audit.xssrequestwrapper-is-insecure.xssrequestwrapper-is-insecure origin: community message: It looks like you're using an implementation of XSSRequestWrapper from dzone. (https://www.javacodegeeks.com/2012/07/anti-cross-site-scripting-xss-filter.html) @@ -9480,13 +9829,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/java.lang.security.do-privileged-use.do-privileged-use shortlink: https://sg.run/6n76 semgrep.dev: rule: rule_id: bwUw28 - version_id: rxT8zk - url: https://semgrep.dev/playground/r/rxT8zk/java.lang.security.do-privileged-use.do-privileged-use + version_id: l4T5Xb + url: https://semgrep.dev/playground/r/l4T5Xb/java.lang.security.do-privileged-use.do-privileged-use origin: community message: Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called @@ -9568,13 +9919,15 @@ rules: technology: - jackson license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.lang.security.jackson-unsafe-deserialization.jackson-unsafe-deserialization shortlink: https://sg.run/GDop semgrep.dev: rule: rule_id: QrUD20 - version_id: 2KT21B - url: https://semgrep.dev/playground/r/2KT21B/java.lang.security.jackson-unsafe-deserialization.jackson-unsafe-deserialization + version_id: o5TnK6 + url: https://semgrep.dev/playground/r/o5TnK6/java.lang.security.jackson-unsafe-deserialization.jackson-unsafe-deserialization origin: community - id: java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor languages: @@ -9598,13 +9951,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor shortlink: https://sg.run/L8qY semgrep.dev: rule: rule_id: 6JU67x - version_id: w8T0xA - url: https://semgrep.dev/playground/r/w8T0xA/java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor + version_id: pZTrbj + url: https://semgrep.dev/playground/r/pZTrbj/java.lang.security.use-snakeyaml-constructor.use-snakeyaml-constructor origin: community message: Used SnakeYAML org.yaml.snakeyaml.Yaml() constructor with no arguments, which is vulnerable to deserialization attacks. Use the one-argument Yaml(...) @@ -9643,13 +9998,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/java.lang.security.xmlinputfactory-external-entities-enabled.xmlinputfactory-external-entities-enabled shortlink: https://sg.run/2x75 semgrep.dev: rule: rule_id: x8Unkq - version_id: JdTYjW - url: https://semgrep.dev/playground/r/JdTYjW/java.lang.security.xmlinputfactory-external-entities-enabled.xmlinputfactory-external-entities-enabled + version_id: 2KT1dO + url: https://semgrep.dev/playground/r/2KT1dO/java.lang.security.xmlinputfactory-external-entities-enabled.xmlinputfactory-external-entities-enabled origin: community message: XML external entities are enabled for this XMLInputFactory. This is vulnerable to XML external entity attacks. Disable external entities by setting "javax.xml.stream.isSupportingExternalEntities" @@ -9679,13 +10036,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/java.log4j.security.log4j-message-lookup-injection.log4j-message-lookup-injection shortlink: https://sg.run/eX1Z semgrep.dev: rule: rule_id: 9AUZeQ - version_id: RGT5AA - url: https://semgrep.dev/playground/r/RGT5AA/java.log4j.security.log4j-message-lookup-injection.log4j-message-lookup-injection + version_id: jQTKw2 + url: https://semgrep.dev/playground/r/jQTKw2/java.log4j.security.log4j-message-lookup-injection.log4j-message-lookup-injection origin: community message: This rule is deprecated. patterns: @@ -9717,13 +10076,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.rmi.security.server-dangerous-class-deserialization.server-dangerous-class-deserialization shortlink: https://sg.run/oxg6 semgrep.dev: rule: rule_id: bwUwj4 - version_id: vdT3z8 - url: https://semgrep.dev/playground/r/vdT3z8/java.rmi.security.server-dangerous-class-deserialization.server-dangerous-class-deserialization + version_id: 9lTzAg + url: https://semgrep.dev/playground/r/9lTzAg/java.rmi.security.server-dangerous-class-deserialization.server-dangerous-class-deserialization origin: community message: Using a non-primitive class with Java RMI may be an insecure deserialization vulnerability. Depending on the underlying implementation. This object could be @@ -9760,13 +10121,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/java.rmi.security.server-dangerous-object-deserialization.server-dangerous-object-deserialization shortlink: https://sg.run/zvnl semgrep.dev: rule: rule_id: NbUkw5 - version_id: d6TbGy - url: https://semgrep.dev/playground/r/d6TbGy/java.rmi.security.server-dangerous-object-deserialization.server-dangerous-object-deserialization + version_id: yeTXD6 + url: https://semgrep.dev/playground/r/yeTXD6/java.rmi.security.server-dangerous-object-deserialization.server-dangerous-object-deserialization origin: community message: Using an arbitrary object ('Object $PARAM') with Java RMI is an insecure deserialization vulnerability. This object can be manipulated by a malicious actor @@ -9810,13 +10173,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/java.servlets.security.cookie-issecure-false.cookie-issecure-false shortlink: https://sg.run/pxn0 semgrep.dev: rule: rule_id: kxUkn9 - version_id: ZRTyP2 - url: https://semgrep.dev/playground/r/ZRTyP2/java.servlets.security.cookie-issecure-false.cookie-issecure-false + version_id: rxTxjx + url: https://semgrep.dev/playground/r/rxTxjx/java.servlets.security.cookie-issecure-false.cookie-issecure-false origin: community languages: - java @@ -9842,13 +10207,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.spring.security.audit.spel-injection.spel-injection shortlink: https://sg.run/XBp4 semgrep.dev: rule: rule_id: x8Un7b - version_id: nWTw4Q - url: https://semgrep.dev/playground/r/nWTw4Q/java.spring.security.audit.spel-injection.spel-injection + version_id: bZTGLk + url: https://semgrep.dev/playground/r/bZTGLk/java.spring.security.audit.spel-injection.spel-injection origin: community severity: WARNING languages: @@ -9956,13 +10323,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/java.spring.security.audit.spring-csrf-disabled.spring-csrf-disabled shortlink: https://sg.run/jRnl semgrep.dev: rule: rule_id: OrU3gK - version_id: X0TEgX - url: https://semgrep.dev/playground/r/X0TEgX/java.spring.security.audit.spring-csrf-disabled.spring-csrf-disabled + version_id: O9TyXn + url: https://semgrep.dev/playground/r/O9TyXn/java.spring.security.audit.spring-csrf-disabled.spring-csrf-disabled origin: community severity: WARNING languages: @@ -9993,13 +10362,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/java.spring.security.audit.spring-jsp-eval.spring-jsp-eval shortlink: https://sg.run/Q88o semgrep.dev: rule: rule_id: PeUkkL - version_id: QkTQrL - url: https://semgrep.dev/playground/r/QkTQrL/java.spring.security.audit.spring-jsp-eval.spring-jsp-eval + version_id: e1Tx98 + url: https://semgrep.dev/playground/r/e1Tx98/java.spring.security.audit.spring-jsp-eval.spring-jsp-eval origin: community paths: include: @@ -10041,13 +10412,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/java.spring.security.unrestricted-request-mapping.unrestricted-request-mapping shortlink: https://sg.run/2xlq semgrep.dev: rule: rule_id: wdUJ7q - version_id: BjTG0R - url: https://semgrep.dev/playground/r/BjTG0R/java.spring.security.unrestricted-request-mapping.unrestricted-request-mapping + version_id: gETqeO + url: https://semgrep.dev/playground/r/gETqeO/java.spring.security.unrestricted-request-mapping.unrestricted-request-mapping origin: community languages: - java @@ -10071,13 +10444,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true shortlink: https://sg.run/d2jY semgrep.dev: rule: rule_id: PeUo5X - version_id: 5PTGO0 - url: https://semgrep.dev/playground/r/5PTGO0/javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true + version_id: QkTJZG + url: https://semgrep.dev/playground/r/QkTJZG/javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true origin: community languages: - javascript @@ -10123,13 +10498,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-open-redirect.detect-angular-open-redirect shortlink: https://sg.run/rdn1 semgrep.dev: rule: rule_id: ZqU5Yn - version_id: K3TOqL - url: https://semgrep.dev/playground/r/K3TOqL/javascript.angular.security.detect-angular-open-redirect.detect-angular-open-redirect + version_id: PkTYQ2 + url: https://semgrep.dev/playground/r/PkTYQ2/javascript.angular.security.detect-angular-open-redirect.detect-angular-open-redirect origin: community languages: - javascript @@ -10164,13 +10541,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-resource-loading.detect-angular-resource-loading shortlink: https://sg.run/b7kd semgrep.dev: rule: rule_id: nJUzgX - version_id: qkTKn7 - url: https://semgrep.dev/playground/r/qkTKn7/javascript.angular.security.detect-angular-resource-loading.detect-angular-resource-loading + version_id: JdTqDK + url: https://semgrep.dev/playground/r/JdTqDK/javascript.angular.security.detect-angular-resource-loading.detect-angular-resource-loading origin: community languages: - javascript @@ -10207,13 +10586,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-css.detect-angular-trust-as-css-method shortlink: https://sg.run/kXgo semgrep.dev: rule: rule_id: 7KUQ4k - version_id: YDT80y - url: https://semgrep.dev/playground/r/YDT80y/javascript.angular.security.detect-angular-trust-as-css.detect-angular-trust-as-css-method + version_id: GxT2PW + url: https://semgrep.dev/playground/r/GxT2PW/javascript.angular.security.detect-angular-trust-as-css.detect-angular-trust-as-css-method origin: community languages: - javascript @@ -10253,13 +10634,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-html-method.detect-angular-trust-as-html-method shortlink: https://sg.run/wenn semgrep.dev: rule: rule_id: L1Uy88 - version_id: 6xT0gd - url: https://semgrep.dev/playground/r/6xT0gd/javascript.angular.security.detect-angular-trust-as-html-method.detect-angular-trust-as-html-method + version_id: RGTbAB + url: https://semgrep.dev/playground/r/RGTbAB/javascript.angular.security.detect-angular-trust-as-html-method.detect-angular-trust-as-html-method origin: community languages: - javascript @@ -10299,13 +10682,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-js-method.detect-angular-trust-as-js-method shortlink: https://sg.run/x1nA semgrep.dev: rule: rule_id: 8GUj8k - version_id: o5T5E7 - url: https://semgrep.dev/playground/r/o5T5E7/javascript.angular.security.detect-angular-trust-as-js-method.detect-angular-trust-as-js-method + version_id: A8TRJx + url: https://semgrep.dev/playground/r/A8TRJx/javascript.angular.security.detect-angular-trust-as-js-method.detect-angular-trust-as-js-method origin: community languages: - javascript @@ -10345,13 +10730,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-resourceurl-method.detect-angular-trust-as-resourceurl-method shortlink: https://sg.run/eLOd semgrep.dev: rule: rule_id: QrUzeq - version_id: pZTQjl - url: https://semgrep.dev/playground/r/pZTQjl/javascript.angular.security.detect-angular-trust-as-resourceurl-method.detect-angular-trust-as-resourceurl-method + version_id: DkTQNo + url: https://semgrep.dev/playground/r/DkTQNo/javascript.angular.security.detect-angular-trust-as-resourceurl-method.detect-angular-trust-as-resourceurl-method origin: community languages: - javascript @@ -10391,13 +10778,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-angular-trust-as-url-method.detect-angular-trust-as-url-method shortlink: https://sg.run/vznl semgrep.dev: rule: rule_id: 3qUP01 - version_id: 2KT6xW - url: https://semgrep.dev/playground/r/2KT6xW/javascript.angular.security.detect-angular-trust-as-url-method.detect-angular-trust-as-url-method + version_id: WrTbE2 + url: https://semgrep.dev/playground/r/WrTbE2/javascript.angular.security.detect-angular-trust-as-url-method.detect-angular-trust-as-url-method origin: community languages: - javascript @@ -10438,13 +10827,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.angular.security.detect-third-party-angular-translate.detect-angular-translateprovider-translations-method shortlink: https://sg.run/ZvXp semgrep.dev: rule: rule_id: PeUZPg - version_id: X0TJKW - url: https://semgrep.dev/playground/r/X0TJKW/javascript.angular.security.detect-third-party-angular-translate.detect-angular-translateprovider-translations-method + version_id: 0bTv1Y + url: https://semgrep.dev/playground/r/0bTv1Y/javascript.angular.security.detect-third-party-angular-translate.detect-angular-translateprovider-translations-method origin: community languages: - javascript @@ -10481,13 +10872,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.apollo.security.apollo-axios-ssrf.apollo-axios-ssrf shortlink: https://sg.run/jkEZ semgrep.dev: rule: rule_id: AbUGBR - version_id: GxTX7K - url: https://semgrep.dev/playground/r/GxTX7K/javascript.apollo.security.apollo-axios-ssrf.apollo-axios-ssrf + version_id: K3TlJD + url: https://semgrep.dev/playground/r/K3TlJD/javascript.apollo.security.apollo-axios-ssrf.apollo-axios-ssrf origin: community languages: - javascript @@ -10534,13 +10927,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.audit.detect-replaceall-sanitization.detect-replaceall-sanitization shortlink: https://sg.run/AzoB semgrep.dev: rule: rule_id: kxUYE9 - version_id: 9lTn7o - url: https://semgrep.dev/playground/r/9lTn7o/javascript.audit.detect-replaceall-sanitization.detect-replaceall-sanitization + version_id: l4T5xb + url: https://semgrep.dev/playground/r/l4T5xb/javascript.audit.detect-replaceall-sanitization.detect-replaceall-sanitization origin: community languages: - javascript @@ -10582,13 +10977,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.browser.security.dom-based-xss.dom-based-xss shortlink: https://sg.run/EkeL semgrep.dev: rule: rule_id: 5rUOg6 - version_id: nWTwNQ - url: https://semgrep.dev/playground/r/nWTwNQ/javascript.browser.security.dom-based-xss.dom-based-xss + version_id: l4T5xP + url: https://semgrep.dev/playground/r/l4T5xP/javascript.browser.security.dom-based-xss.dom-based-xss origin: community languages: - javascript @@ -10624,13 +11021,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.browser.security.eval-detected.eval-detected shortlink: https://sg.run/7ope semgrep.dev: rule: rule_id: GdU7dw - version_id: ExTYWv - url: https://semgrep.dev/playground/r/ExTYWv/javascript.browser.security.eval-detected.eval-detected + version_id: YDTovX + url: https://semgrep.dev/playground/r/YDTovX/javascript.browser.security.eval-detected.eval-detected origin: community languages: - javascript @@ -10662,13 +11061,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.browser.security.insecure-document-method.insecure-document-method shortlink: https://sg.run/LwA9 semgrep.dev: rule: rule_id: ReUg41 - version_id: 7ZTYRP - url: https://semgrep.dev/playground/r/7ZTYRP/javascript.browser.security.insecure-document-method.insecure-document-method + version_id: 6xTeJb + url: https://semgrep.dev/playground/r/6xTeJb/javascript.browser.security.insecure-document-method.insecure-document-method origin: community languages: - javascript @@ -10706,13 +11107,15 @@ rules: references: - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.browser.security.insufficient-postmessage-origin-validation.insufficient-postmessage-origin-validation shortlink: https://sg.run/gL9x semgrep.dev: rule: rule_id: BYUN0X - version_id: 8KTLlL - url: https://semgrep.dev/playground/r/8KTLlL/javascript.browser.security.insufficient-postmessage-origin-validation.insufficient-postmessage-origin-validation + version_id: zyT58j + url: https://semgrep.dev/playground/r/zyT58j/javascript.browser.security.insufficient-postmessage-origin-validation.insufficient-postmessage-origin-validation origin: community languages: - javascript @@ -10768,13 +11171,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.browser.security.new-function-detected.new-function-detected shortlink: https://sg.run/Q5Pk semgrep.dev: rule: rule_id: DbUp0q - version_id: gET5XL - url: https://semgrep.dev/playground/r/gET5XL/javascript.browser.security.new-function-detected.new-function-detected + version_id: pZTry6 + url: https://semgrep.dev/playground/r/pZTry6/javascript.browser.security.new-function-detected.new-function-detected origin: community languages: - javascript @@ -10803,13 +11208,15 @@ rules: references: - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.browser.security.wildcard-postmessage-configuration.wildcard-postmessage-configuration shortlink: https://sg.run/PJ4p semgrep.dev: rule: rule_id: KxUbq4 - version_id: JdTZRY - url: https://semgrep.dev/playground/r/JdTZRY/javascript.browser.security.wildcard-postmessage-configuration.wildcard-postmessage-configuration + version_id: 9lTzWZ + url: https://semgrep.dev/playground/r/9lTzWZ/javascript.browser.security.wildcard-postmessage-configuration.wildcard-postmessage-configuration origin: community languages: - javascript @@ -10836,13 +11243,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-evaluate-injection.chrome-remote-interface-evaluate-injection shortlink: https://sg.run/5QBD semgrep.dev: rule: rule_id: lBU9O8 - version_id: GxTWX3 - url: https://semgrep.dev/playground/r/GxTWX3/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-evaluate-injection.chrome-remote-interface-evaluate-injection + version_id: rxTxLj + url: https://semgrep.dev/playground/r/rxTxLj/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-evaluate-injection.chrome-remote-interface-evaluate-injection origin: community languages: - javascript @@ -10871,13 +11280,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-navigate-injection.chrome-remote-interface-navigate-injection shortlink: https://sg.run/Gery semgrep.dev: rule: rule_id: YGUR0A - version_id: RGTwx7 - url: https://semgrep.dev/playground/r/RGTwx7/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-navigate-injection.chrome-remote-interface-navigate-injection + version_id: bZTG1X + url: https://semgrep.dev/playground/r/bZTG1X/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-navigate-injection.chrome-remote-interface-navigate-injection origin: community languages: - javascript @@ -10906,13 +11317,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-printtopdf-injection.chrome-remote-interface-printtopdf-injection shortlink: https://sg.run/RoJg semgrep.dev: rule: rule_id: 6JUjgD - version_id: A8TnlD - url: https://semgrep.dev/playground/r/A8TnlD/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-printtopdf-injection.chrome-remote-interface-printtopdf-injection + version_id: NdT1dd + url: https://semgrep.dev/playground/r/NdT1dd/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-printtopdf-injection.chrome-remote-interface-printtopdf-injection origin: community languages: - javascript @@ -10941,13 +11354,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-setdocumentcontent-injection.chrome-remote-interface-setdocumentcontent-injection shortlink: https://sg.run/Av2L semgrep.dev: rule: rule_id: oqUeEK - version_id: BjTGLR - url: https://semgrep.dev/playground/r/BjTGLR/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-setdocumentcontent-injection.chrome-remote-interface-setdocumentcontent-injection + version_id: kbT7xL + url: https://semgrep.dev/playground/r/kbT7xL/javascript.chrome-remote-interface.security.audit.chrome-remote-interface-setdocumentcontent-injection.chrome-remote-interface-setdocumentcontent-injection origin: community languages: - javascript @@ -10956,54 +11371,6 @@ rules: patterns: - pattern: a() - pattern: b() -- id: javascript.dompurify.harden-dompurify-usage - message: DOMPurify.sanitize() was called without using RETURN_DOM or RETURN_DOM_FRAGMENT. - This is prone to mutation XSS, which could possibly bypass existing XSS filters. - Adding one of these options will harden against potential future DOMPurify exploits. - metadata: - category: security - cwe: - - 'CWE-79: Improper Neutralization of Input During Web Page Generation (''Cross-site - Scripting'')' - technology: - - javascript - - typescript - references: - - https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ - owasp: - - A07:2017 - Cross-Site Scripting (XSS) - - A03:2021 - Injection - cwe2022-top25: true - cwe2021-top25: true - subcategory: - - audit - likelihood: LOW - impact: MEDIUM - confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] - source: https://semgrep.dev/r/javascript.dompurify.harden-dompurify-usage - shortlink: https://sg.run/XNYA - semgrep.dev: - rule: - rule_id: KxU5xj - version_id: RGTxg6 - url: https://semgrep.dev/playground/r/RGTxg6/javascript.dompurify.harden-dompurify-usage - origin: community - languages: - - javascript - - typescript - severity: ERROR - patterns: - - pattern: DOMPurify.sanitize($X, ...) - - pattern-not: 'DOMPurify.sanitize($X, {RETURN_DOM_FRAGMENT: true}) - - ' - - pattern-not: 'DOMPurify.sanitize($X, {RETURN_DOM: true}) - - ' - fix: 'DOMPurify.sanitize($X, {RETURN_DOM: true}) - - ' - id: javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage message: A CSRF middleware was not detected in your express application. Ensure you are either using one such as `csurf` or `csrf` (see rule references) and/or @@ -11030,13 +11397,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage shortlink: https://sg.run/BxzR semgrep.dev: rule: rule_id: wdUKEq - version_id: BjT3d6 - url: https://semgrep.dev/playground/r/BjT3d6/javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage + version_id: O9TyOQ + url: https://semgrep.dev/playground/r/O9TyOQ/javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage origin: community languages: - javascript @@ -11081,13 +11450,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/javascript.express.security.audit.express-detect-notevil-usage.express-detect-notevil-usage shortlink: https://sg.run/W70E semgrep.dev: rule: rule_id: OrUX9K - version_id: l4TND0 - url: https://semgrep.dev/playground/r/l4TND0/javascript.express.security.audit.express-detect-notevil-usage.express-detect-notevil-usage + version_id: LjT0Qd + url: https://semgrep.dev/playground/r/LjT0Qd/javascript.express.security.audit.express-detect-notevil-usage.express-detect-notevil-usage origin: community languages: - javascript @@ -11143,13 +11514,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.express.security.audit.express-libxml-vm-noent.express-libxml-vm-noent shortlink: https://sg.run/n8Ag semgrep.dev: rule: rule_id: 2ZUY52 - version_id: 5PTYGv - url: https://semgrep.dev/playground/r/5PTYGv/javascript.express.security.audit.express-libxml-vm-noent.express-libxml-vm-noent + version_id: QkTJ0Y + url: https://semgrep.dev/playground/r/QkTJ0Y/javascript.express.security.audit.express-libxml-vm-noent.express-libxml-vm-noent origin: community languages: - javascript @@ -11203,13 +11576,15 @@ rules: references: - https://owasp.org/Top10/A01_2021-Broken_Access_Control license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect shortlink: https://sg.run/OPv2 semgrep.dev: rule: rule_id: gxU12X - version_id: K3TOkb - url: https://semgrep.dev/playground/r/K3TOkb/javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect + version_id: A8TR5l + url: https://semgrep.dev/playground/r/A8TR5l/javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect origin: community languages: - javascript @@ -11252,13 +11627,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.explicit-unescape.template-explicit-unescape shortlink: https://sg.run/dKXQ semgrep.dev: rule: rule_id: 4bUkPO - version_id: 6xT09E - url: https://semgrep.dev/playground/r/6xT09E/javascript.express.security.audit.xss.ejs.explicit-unescape.template-explicit-unescape + version_id: 0bTvlA + url: https://semgrep.dev/playground/r/0bTvlA/javascript.express.security.audit.xss.ejs.explicit-unescape.template-explicit-unescape origin: community languages: - regex @@ -11298,13 +11675,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.var-in-href.var-in-href shortlink: https://sg.run/Zv0p semgrep.dev: rule: rule_id: PeUZrg - version_id: o5T5DB - url: https://semgrep.dev/playground/r/o5T5DB/javascript.express.security.audit.xss.ejs.var-in-href.var-in-href + version_id: K3Tljp + url: https://semgrep.dev/playground/r/K3Tljp/javascript.express.security.audit.xss.ejs.var-in-href.var-in-href origin: community languages: - regex @@ -11342,13 +11721,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.var-in-script-src.var-in-script-src shortlink: https://sg.run/ndxZ semgrep.dev: rule: rule_id: JDUyrJ - version_id: zyTe2G - url: https://semgrep.dev/playground/r/zyTe2G/javascript.express.security.audit.xss.ejs.var-in-script-src.var-in-script-src + version_id: qkTNxN + url: https://semgrep.dev/playground/r/qkTNxN/javascript.express.security.audit.xss.ejs.var-in-script-src.var-in-script-src origin: community languages: - generic @@ -11390,13 +11771,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.ejs.var-in-script-tag.var-in-script-tag shortlink: https://sg.run/Ek9L semgrep.dev: rule: rule_id: 5rUOD6 - version_id: pZTQ3N - url: https://semgrep.dev/playground/r/pZTQ3N/javascript.express.security.audit.xss.ejs.var-in-script-tag.var-in-script-tag + version_id: l4T5vP + url: https://semgrep.dev/playground/r/l4T5vP/javascript.express.security.audit.xss.ejs.var-in-script-tag.var-in-script-tag origin: community languages: - generic @@ -11435,13 +11818,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.mustache.escape-function-overwrite.escape-function-overwrite shortlink: https://sg.run/7oWe semgrep.dev: rule: rule_id: GdU7Ew - version_id: 2KT62r - url: https://semgrep.dev/playground/r/2KT62r/javascript.express.security.audit.xss.mustache.escape-function-overwrite.escape-function-overwrite + version_id: YDTo2X + url: https://semgrep.dev/playground/r/YDTo2X/javascript.express.security.audit.xss.mustache.escape-function-overwrite.escape-function-overwrite origin: community languages: - javascript @@ -11480,13 +11865,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.mustache.explicit-unescape.template-explicit-unescape shortlink: https://sg.run/Lwx9 semgrep.dev: rule: rule_id: ReUgG1 - version_id: A8TZ2Y - url: https://semgrep.dev/playground/r/A8TZ2Y/javascript.express.security.audit.xss.mustache.explicit-unescape.template-explicit-unescape + version_id: 6xTeQb + url: https://semgrep.dev/playground/r/6xTeQb/javascript.express.security.audit.xss.mustache.explicit-unescape.template-explicit-unescape origin: community languages: - regex @@ -11523,13 +11910,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.and-attributes.template-and-attributes shortlink: https://sg.run/Q5jk semgrep.dev: rule: rule_id: DbUpyq - version_id: 9lTnb3 - url: https://semgrep.dev/playground/r/9lTnb3/javascript.express.security.audit.xss.pug.and-attributes.template-and-attributes + version_id: pZTrL6 + url: https://semgrep.dev/playground/r/pZTrL6/javascript.express.security.audit.xss.pug.and-attributes.template-and-attributes origin: community languages: - regex @@ -11564,13 +11953,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.explicit-unescape.template-explicit-unescape shortlink: https://sg.run/3xbe semgrep.dev: rule: rule_id: WAUonl - version_id: yeTdpG - url: https://semgrep.dev/playground/r/yeTdpG/javascript.express.security.audit.xss.pug.explicit-unescape.template-explicit-unescape + version_id: 2KT13b + url: https://semgrep.dev/playground/r/2KT13b/javascript.express.security.audit.xss.pug.explicit-unescape.template-explicit-unescape origin: community languages: - regex @@ -11608,13 +11999,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.var-in-href.var-in-href shortlink: https://sg.run/4xNx semgrep.dev: rule: rule_id: 0oU535 - version_id: rxT8KN - url: https://semgrep.dev/playground/r/rxT8KN/javascript.express.security.audit.xss.pug.var-in-href.var-in-href + version_id: X0TP2Z + url: https://semgrep.dev/playground/r/X0TP2Z/javascript.express.security.audit.xss.pug.var-in-href.var-in-href origin: community languages: - regex @@ -11650,13 +12043,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.express.security.audit.xss.pug.var-in-script-tag.var-in-script-tag shortlink: https://sg.run/PJXp semgrep.dev: rule: rule_id: KxUbL4 - version_id: bZT436 - url: https://semgrep.dev/playground/r/bZT436/javascript.express.security.audit.xss.pug.var-in-script-tag.var-in-script-tag + version_id: jQTKyR + url: https://semgrep.dev/playground/r/jQTKyR/javascript.express.security.audit.xss.pug.var-in-script-tag.var-in-script-tag origin: community languages: - regex @@ -11693,13 +12088,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/javascript.express.security.express-data-exfiltration.express-data-exfiltration shortlink: https://sg.run/pkpL semgrep.dev: rule: rule_id: ReUo60 - version_id: kbTZGr - url: https://semgrep.dev/playground/r/kbTZGr/javascript.express.security.express-data-exfiltration.express-data-exfiltration + version_id: 9lTz5Z + url: https://semgrep.dev/playground/r/9lTz5Z/javascript.express.security.express-data-exfiltration.express-data-exfiltration origin: community languages: - javascript @@ -11765,13 +12162,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.express.security.express-jwt-hardcoded-secret.express-jwt-hardcoded-secret shortlink: https://sg.run/Do1d semgrep.dev: rule: rule_id: pKUOjy - version_id: WrT4yp - url: https://semgrep.dev/playground/r/WrT4yp/javascript.express.security.express-jwt-hardcoded-secret.express-jwt-hardcoded-secret + version_id: bZTG9X + url: https://semgrep.dev/playground/r/bZTG9X/javascript.express.security.express-jwt-hardcoded-secret.express-jwt-hardcoded-secret origin: community languages: - javascript @@ -11823,13 +12222,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.fbjs.security.audit.insecure-createnodesfrommarkup.insecure-createnodesfrommarkup shortlink: https://sg.run/J9Yj semgrep.dev: rule: rule_id: qNUjwb - version_id: 3ZTxXX - url: https://semgrep.dev/playground/r/3ZTxXX/javascript.fbjs.security.audit.insecure-createnodesfrommarkup.insecure-createnodesfrommarkup + version_id: LjT0Ad + url: https://semgrep.dev/playground/r/LjT0Ad/javascript.fbjs.security.audit.insecure-createnodesfrommarkup.insecure-createnodesfrommarkup origin: community languages: - javascript @@ -11864,13 +12265,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/javascript.grpc.security.grpc-nodejs-insecure-connection.grpc-nodejs-insecure-connection shortlink: https://sg.run/5QkD semgrep.dev: rule: rule_id: lBU9D8 - version_id: 44TYjd - url: https://semgrep.dev/playground/r/44TYjd/javascript.grpc.security.grpc-nodejs-insecure-connection.grpc-nodejs-insecure-connection + version_id: 8KTbyO + url: https://semgrep.dev/playground/r/8KTbyO/javascript.grpc.security.grpc-nodejs-insecure-connection.grpc-nodejs-insecure-connection origin: community languages: - javascript @@ -11906,7 +12309,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.2 Static API keys or secret @@ -11925,13 +12328,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.jose.security.audit.jose-exposed-data.jose-exposed-data shortlink: https://sg.run/BkAx semgrep.dev: rule: rule_id: GdU7XP - version_id: PkTn36 - url: https://semgrep.dev/playground/r/PkTn36/javascript.jose.security.audit.jose-exposed-data.jose-exposed-data + version_id: QkTJwY + url: https://semgrep.dev/playground/r/QkTJwY/javascript.jose.security.audit.jose-exposed-data.jose-exposed-data origin: community languages: - javascript @@ -11973,13 +12378,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.jose.security.jwt-exposed-credentials.jwt-exposed-credentials shortlink: https://sg.run/GeKy semgrep.dev: rule: rule_id: PeUZG0 - version_id: JdTZxd - url: https://semgrep.dev/playground/r/JdTZxd/javascript.jose.security.jwt-exposed-credentials.jwt-exposed-credentials + version_id: 3ZTdrZ + url: https://semgrep.dev/playground/r/3ZTdrZ/javascript.jose.security.jwt-exposed-credentials.jwt-exposed-credentials origin: community languages: - javascript @@ -11998,7 +12405,7 @@ rules: - 'CWE-345: Insufficient Verification of Data Authenticity' owasp: - A08:2021 - Software and Data Integrity Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -12015,13 +12422,15 @@ rules: references: - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/javascript.jsonwebtoken.security.audit.jwt-decode-without-verify.jwt-decode-without-verify shortlink: https://sg.run/J9YP semgrep.dev: rule: rule_id: KxUbL3 - version_id: DkTej6 - url: https://semgrep.dev/playground/r/DkTej6/javascript.jsonwebtoken.security.audit.jwt-decode-without-verify.jwt-decode-without-verify + version_id: RGTbRG + url: https://semgrep.dev/playground/r/RGTbRG/javascript.jsonwebtoken.security.audit.jwt-decode-without-verify.jwt-decode-without-verify origin: community languages: - javascript @@ -12049,7 +12458,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.3 Insecue Stateless Session Tokens @@ -12067,13 +12476,15 @@ rules: references: - https://owasp.org/Top10/A04_2021-Insecure_Design license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.jsonwebtoken.security.audit.jwt-exposed-data.jwt-exposed-data shortlink: https://sg.run/5Qkj semgrep.dev: rule: rule_id: qNUjwe - version_id: WrT6wO - url: https://semgrep.dev/playground/r/WrT6wO/javascript.jsonwebtoken.security.audit.jwt-exposed-data.jwt-exposed-data + version_id: A8TRXl + url: https://semgrep.dev/playground/r/A8TRXl/javascript.jsonwebtoken.security.audit.jwt-exposed-data.jwt-exposed-data origin: community languages: - javascript @@ -12113,13 +12524,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.jsonwebtoken.security.jwt-exposed-credentials.jwt-exposed-credentials shortlink: https://sg.run/Kl6L semgrep.dev: rule: rule_id: DbUpyk - version_id: 0bT6X7 - url: https://semgrep.dev/playground/r/0bT6X7/javascript.jsonwebtoken.security.jwt-exposed-credentials.jwt-exposed-credentials + version_id: BjTEpZ + url: https://semgrep.dev/playground/r/BjTEpZ/javascript.jsonwebtoken.security.jwt-exposed-credentials.jwt-exposed-credentials origin: community languages: - javascript @@ -12153,13 +12566,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/javascript.lang.security.audit.hardcoded-hmac-key.hardcoded-hmac-key shortlink: https://sg.run/K9bn semgrep.dev: rule: rule_id: v8UGEw - version_id: vdTE4G - url: https://semgrep.dev/playground/r/vdTE4G/javascript.lang.security.audit.hardcoded-hmac-key.hardcoded-hmac-key + version_id: 5PT6od + url: https://semgrep.dev/playground/r/5PT6od/javascript.lang.security.audit.hardcoded-hmac-key.hardcoded-hmac-key origin: community languages: - javascript @@ -12193,13 +12608,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Encoding source: https://semgrep.dev/r/javascript.lang.security.audit.incomplete-sanitization.incomplete-sanitization shortlink: https://sg.run/1GbQ semgrep.dev: rule: rule_id: d8UlRq - version_id: 0bT35j - url: https://semgrep.dev/playground/r/0bT35j/javascript.lang.security.audit.incomplete-sanitization.incomplete-sanitization + version_id: GxT2kj + url: https://semgrep.dev/playground/r/GxT2kj/javascript.lang.security.audit.incomplete-sanitization.incomplete-sanitization origin: community languages: - javascript @@ -12233,13 +12650,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/javascript.lang.security.audit.non-constant-sql-query.non-constant-sql-query shortlink: https://sg.run/jRKP semgrep.dev: rule: rule_id: x8Unr5 - version_id: 1QTXv2 - url: https://semgrep.dev/playground/r/1QTXv2/javascript.lang.security.audit.non-constant-sql-query.non-constant-sql-query + version_id: A8TRgz + url: https://semgrep.dev/playground/r/A8TRgz/javascript.lang.security.audit.non-constant-sql-query.non-constant-sql-query origin: community languages: - javascript @@ -12274,13 +12693,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop shortlink: https://sg.run/w1DB semgrep.dev: rule: rule_id: QrUpbJ - version_id: bZT4d6 - url: https://semgrep.dev/playground/r/bZT4d6/javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop + version_id: 0bTvKr + url: https://semgrep.dev/playground/r/0bTvKr/javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop origin: community languages: - typescript @@ -12343,13 +12764,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.lang.security.audit.spawn-shell-true.spawn-shell-true shortlink: https://sg.run/Wgeo semgrep.dev: rule: rule_id: lBUdr5 - version_id: NdTQjQ - url: https://semgrep.dev/playground/r/NdTQjQ/javascript.lang.security.audit.spawn-shell-true.spawn-shell-true + version_id: K3TlKr + url: https://semgrep.dev/playground/r/K3TlKr/javascript.lang.security.audit.spawn-shell-true.spawn-shell-true origin: community languages: - javascript @@ -12398,13 +12821,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag shortlink: https://sg.run/1Zy1 semgrep.dev: rule: rule_id: OrU37Y - version_id: e1TAOX - url: https://semgrep.dev/playground/r/e1TAOX/javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag + version_id: o5Tnbb + url: https://semgrep.dev/playground/r/o5Tnbb/javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag origin: community languages: - javascript @@ -12437,13 +12862,15 @@ rules: references: - https://cwe.mitre.org/data/definitions/134.html license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring shortlink: https://sg.run/7Y5R semgrep.dev: rule: rule_id: ReU3OJ - version_id: rxTQzo - url: https://semgrep.dev/playground/r/rxTQzo/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring + version_id: pZTr02 + url: https://semgrep.dev/playground/r/pZTr02/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring origin: community languages: - javascript @@ -12497,13 +12924,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-compilefunction-code-injection shortlink: https://sg.run/x17y semgrep.dev: rule: rule_id: L1Uyg7 - version_id: 1QTWwR - url: https://semgrep.dev/playground/r/1QTWwR/javascript.lang.security.audit.vm-injection.vm-compilefunction-code-injection + version_id: NdT1z0 + url: https://semgrep.dev/playground/r/NdT1z0/javascript.lang.security.audit.vm-injection.vm-compilefunction-code-injection origin: community patterns: - pattern: a() @@ -12531,13 +12960,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-compilefunction-context-injection shortlink: https://sg.run/rd2J semgrep.dev: rule: rule_id: d8UjgD - version_id: o5TQpW - url: https://semgrep.dev/playground/r/o5TQpW/javascript.lang.security.audit.vm-injection.vm-compilefunction-context-injection + version_id: jQTKnN + url: https://semgrep.dev/playground/r/jQTKnN/javascript.lang.security.audit.vm-injection.vm-compilefunction-context-injection origin: community patterns: - pattern: a() @@ -12565,13 +12996,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runincontext-code-injection shortlink: https://sg.run/N4pN semgrep.dev: rule: rule_id: nJUzNq - version_id: 2KTNoN - url: https://semgrep.dev/playground/r/2KTNoN/javascript.lang.security.audit.vm-injection.vm-runincontext-code-injection + version_id: yeTXxz + url: https://semgrep.dev/playground/r/yeTXxz/javascript.lang.security.audit.vm-injection.vm-runincontext-code-injection origin: community patterns: - pattern: a() @@ -12599,13 +13032,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runincontext-context-injection shortlink: https://sg.run/9oey semgrep.dev: rule: rule_id: eqU8KW - version_id: YDTGKO - url: https://semgrep.dev/playground/r/YDTGKO/javascript.lang.security.audit.vm-injection.vm-runincontext-context-injection + version_id: 2KT1v5 + url: https://semgrep.dev/playground/r/2KT1v5/javascript.lang.security.audit.vm-injection.vm-runincontext-context-injection origin: community mode: taint pattern-sources: @@ -12680,13 +13115,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-code-injection shortlink: https://sg.run/kX7A semgrep.dev: rule: rule_id: EwU2x8 - version_id: X0Te0X - url: https://semgrep.dev/playground/r/X0Te0X/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-code-injection + version_id: rxTxAB + url: https://semgrep.dev/playground/r/rxTxAB/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-code-injection origin: community patterns: - pattern: a() @@ -12714,13 +13151,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-context-injection shortlink: https://sg.run/ydbA semgrep.dev: rule: rule_id: v8UnQZ - version_id: 6xT7w0 - url: https://semgrep.dev/playground/r/6xT7w0/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-context-injection + version_id: X0TPzn + url: https://semgrep.dev/playground/r/X0TPzn/javascript.lang.security.audit.vm-injection.vm-runinnewcontext-context-injection origin: community patterns: - pattern: a() @@ -12748,13 +13187,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-runinthiscontext-code-injection shortlink: https://sg.run/we7d semgrep.dev: rule: rule_id: 7KUQ3g - version_id: jQTe00 - url: https://semgrep.dev/playground/r/jQTe00/javascript.lang.security.audit.vm-injection.vm-runinthiscontext-code-injection + version_id: bZTG5W + url: https://semgrep.dev/playground/r/bZTG5W/javascript.lang.security.audit.vm-injection.vm-runinthiscontext-code-injection origin: community patterns: - pattern: a() @@ -12782,13 +13223,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-script-code-injection shortlink: https://sg.run/b75v semgrep.dev: rule: rule_id: ZqU5dE - version_id: zyTg09 - url: https://semgrep.dev/playground/r/zyTg09/javascript.lang.security.audit.vm-injection.vm-script-code-injection + version_id: 1QTjyX + url: https://semgrep.dev/playground/r/1QTjyX/javascript.lang.security.audit.vm-injection.vm-script-code-injection origin: community patterns: - pattern: a() @@ -12816,13 +13259,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.audit.vm-injection.vm-sourcetextmodule-code-injection shortlink: https://sg.run/0ngr semgrep.dev: rule: rule_id: YGUr6P - version_id: pZTg4R - url: https://semgrep.dev/playground/r/pZTg4R/javascript.lang.security.audit.vm-injection.vm-sourcetextmodule-code-injection + version_id: 9lTz4E + url: https://semgrep.dev/playground/r/9lTz4E/javascript.lang.security.audit.vm-injection.vm-sourcetextmodule-code-injection origin: community patterns: - pattern: a() @@ -12848,13 +13293,15 @@ rules: references: - https://cwe.mitre.org/data/definitions/119.html license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Memory Issues source: https://semgrep.dev/r/javascript.lang.security.detect-buffer-noassert.detect-buffer-noassert shortlink: https://sg.run/qxpO semgrep.dev: rule: rule_id: j2Uvj8 - version_id: nWTwRj - url: https://semgrep.dev/playground/r/nWTwRj/javascript.lang.security.detect-buffer-noassert.detect-buffer-noassert + version_id: kbT7zy + url: https://semgrep.dev/playground/r/kbT7zy/javascript.lang.security.detect-buffer-noassert.detect-buffer-noassert origin: community languages: - javascript @@ -12891,13 +13338,15 @@ rules: likelihood: LOW impact: HIGH confidence: LOW + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.lang.security.detect-child-process.detect-child-process shortlink: https://sg.run/l2lo semgrep.dev: rule: rule_id: 10UKNB - version_id: JdT9LJ - url: https://semgrep.dev/playground/r/JdT9LJ/javascript.lang.security.detect-child-process.detect-child-process + version_id: w8T3RP + url: https://semgrep.dev/playground/r/w8T3RP/javascript.lang.security.detect-child-process.detect-child-process origin: community languages: - javascript @@ -12972,13 +13421,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Encoding source: https://semgrep.dev/r/javascript.lang.security.detect-disable-mustache-escape.detect-disable-mustache-escape shortlink: https://sg.run/Yvwd semgrep.dev: rule: rule_id: 9AU17r - version_id: 7ZTYy8 - url: https://semgrep.dev/playground/r/7ZTYy8/javascript.lang.security.detect-disable-mustache-escape.detect-disable-mustache-escape + version_id: xyT4jE + url: https://semgrep.dev/playground/r/xyT4jE/javascript.lang.security.detect-disable-mustache-escape.detect-disable-mustache-escape origin: community languages: - javascript @@ -13010,13 +13461,15 @@ rules: references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket shortlink: https://sg.run/GWyz semgrep.dev: rule: rule_id: AbUWeE - version_id: 8KTLZ8 - url: https://semgrep.dev/playground/r/8KTLZ8/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket + version_id: e1TxyQ + url: https://semgrep.dev/playground/r/e1TxyQ/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket origin: community languages: - regex @@ -13046,13 +13499,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/javascript.lang.security.detect-no-csrf-before-method-override.detect-no-csrf-before-method-override shortlink: https://sg.run/oxoX semgrep.dev: rule: rule_id: r6UrvQ - version_id: qkTDwX - url: https://semgrep.dev/playground/r/qkTDwX/javascript.lang.security.detect-no-csrf-before-method-override.detect-no-csrf-before-method-override + version_id: vdT20l + url: https://semgrep.dev/playground/r/vdT20l/javascript.lang.security.detect-no-csrf-before-method-override.detect-no-csrf-before-method-override origin: community languages: - javascript @@ -13082,13 +13537,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.lang.security.detect-non-literal-require.detect-non-literal-require shortlink: https://sg.run/zvNn semgrep.dev: rule: rule_id: bwUwoj - version_id: QkTQON - url: https://semgrep.dev/playground/r/QkTQON/javascript.lang.security.detect-non-literal-require.detect-non-literal-require + version_id: d6TDyJ + url: https://semgrep.dev/playground/r/d6TDyJ/javascript.lang.security.detect-non-literal-require.detect-non-literal-require origin: community languages: - javascript @@ -13122,13 +13579,15 @@ rules: references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/javascript.lang.security.detect-pseudorandombytes.detect-pseudoRandomBytes shortlink: https://sg.run/pxze semgrep.dev: rule: rule_id: NbUkR2 - version_id: 3ZTx1X - url: https://semgrep.dev/playground/r/3ZTx1X/javascript.lang.security.detect-pseudorandombytes.detect-pseudoRandomBytes + version_id: ZRTwKY + url: https://semgrep.dev/playground/r/ZRTwKY/javascript.lang.security.detect-pseudorandombytes.detect-pseudoRandomBytes origin: community languages: - javascript @@ -13160,13 +13619,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.lang.security.spawn-git-clone.spawn-git-clone shortlink: https://sg.run/2xrr semgrep.dev: rule: rule_id: kxUkPP - version_id: JdTZjd - url: https://semgrep.dev/playground/r/JdTZjd/javascript.lang.security.spawn-git-clone.spawn-git-clone + version_id: 7ZTOE3 + url: https://semgrep.dev/playground/r/7ZTOE3/javascript.lang.security.spawn-git-clone.spawn-git-clone origin: community languages: - javascript @@ -13207,13 +13668,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.monaco-editor.security.audit.monaco-hover-htmlsupport.monaco-hover-htmlsupport shortlink: https://sg.run/Jx7R semgrep.dev: rule: rule_id: zdUYQb - version_id: 5PTYzv - url: https://semgrep.dev/playground/r/5PTYzv/javascript.monaco-editor.security.audit.monaco-hover-htmlsupport.monaco-hover-htmlsupport + version_id: LjT0k3 + url: https://semgrep.dev/playground/r/LjT0k3/javascript.monaco-editor.security.audit.monaco-hover-htmlsupport.monaco-hover-htmlsupport origin: community languages: - typescript @@ -13256,13 +13719,15 @@ rules: references: - https://owasp.org/Top10/A05_2021-Security_Misconfiguration license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.node-expat.security.audit.expat-xxe.expat-xxe shortlink: https://sg.run/eLdL semgrep.dev: rule: rule_id: gxU171 - version_id: GxTWR2 - url: https://semgrep.dev/playground/r/GxTWR2/javascript.node-expat.security.audit.expat-xxe.expat-xxe + version_id: 8KTb51 + url: https://semgrep.dev/playground/r/8KTb51/javascript.node-expat.security.audit.expat-xxe.expat-xxe origin: community languages: - javascript @@ -13347,13 +13812,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.phantom.security.audit.phantom-injection.phantom-injection shortlink: https://sg.run/dKv0 semgrep.dev: rule: rule_id: 3qUPXE - version_id: A8Tn2b - url: https://semgrep.dev/playground/r/A8Tn2b/javascript.phantom.security.audit.phantom-injection.phantom-injection + version_id: QkTJG4 + url: https://semgrep.dev/playground/r/QkTJG4/javascript.phantom.security.audit.phantom-injection.phantom-injection origin: community languages: - javascript @@ -13395,13 +13862,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-addinitscript-code-injection.playwright-addinitscript-code-injection shortlink: https://sg.run/Zv94 semgrep.dev: rule: rule_id: 4bUkj1 - version_id: BjTGPW - url: https://semgrep.dev/playground/r/BjTGPW/javascript.playwright.security.audit.playwright-addinitscript-code-injection.playwright-addinitscript-code-injection + version_id: 3ZTd4d + url: https://semgrep.dev/playground/r/3ZTd4d/javascript.playwright.security.audit.playwright-addinitscript-code-injection.playwright-addinitscript-code-injection origin: community languages: - javascript @@ -13438,13 +13907,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-evaluate-arg-injection.playwright-evaluate-arg-injection shortlink: https://sg.run/ndgr semgrep.dev: rule: rule_id: PeUZ30 - version_id: DkTe56 - url: https://semgrep.dev/playground/r/DkTe56/javascript.playwright.security.audit.playwright-evaluate-arg-injection.playwright-evaluate-arg-injection + version_id: 44ToE3 + url: https://semgrep.dev/playground/r/44ToE3/javascript.playwright.security.audit.playwright-evaluate-arg-injection.playwright-evaluate-arg-injection origin: community languages: - javascript @@ -13481,13 +13952,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-evaluate-code-injection.playwright-evaluate-code-injection shortlink: https://sg.run/EkJB semgrep.dev: rule: rule_id: JDUyxl - version_id: WrT61O - url: https://semgrep.dev/playground/r/WrT61O/javascript.playwright.security.audit.playwright-evaluate-code-injection.playwright-evaluate-code-injection + version_id: PkTYRA + url: https://semgrep.dev/playground/r/PkTYRA/javascript.playwright.security.audit.playwright-evaluate-code-injection.playwright-evaluate-code-injection origin: community languages: - javascript @@ -13530,13 +14003,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-exposed-chrome-devtools.playwright-exposed-chrome-devtools shortlink: https://sg.run/7oEQ semgrep.dev: rule: rule_id: 5rUO1N - version_id: 0bT6d7 - url: https://semgrep.dev/playground/r/0bT6d7/javascript.playwright.security.audit.playwright-exposed-chrome-devtools.playwright-exposed-chrome-devtools + version_id: JdTqk1 + url: https://semgrep.dev/playground/r/JdTqk1/javascript.playwright.security.audit.playwright-exposed-chrome-devtools.playwright-exposed-chrome-devtools origin: community languages: - javascript @@ -13572,13 +14047,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-goto-injection.playwright-goto-injection shortlink: https://sg.run/LwWY semgrep.dev: rule: rule_id: GdU7eP - version_id: K3TO0b - url: https://semgrep.dev/playground/r/K3TO0b/javascript.playwright.security.audit.playwright-goto-injection.playwright-goto-injection + version_id: 5PT6qd + url: https://semgrep.dev/playground/r/5PT6qd/javascript.playwright.security.audit.playwright-goto-injection.playwright-goto-injection origin: community languages: - javascript @@ -13617,13 +14094,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.playwright.security.audit.playwright-setcontent-injection.playwright-setcontent-injection shortlink: https://sg.run/8yEQ semgrep.dev: rule: rule_id: ReUgLk - version_id: qkTKZo - url: https://semgrep.dev/playground/r/qkTKZo/javascript.playwright.security.audit.playwright-setcontent-injection.playwright-setcontent-injection + version_id: GxT2qj + url: https://semgrep.dev/playground/r/GxT2qj/javascript.playwright.security.audit.playwright-setcontent-injection.playwright-setcontent-injection origin: community languages: - javascript @@ -13662,13 +14141,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-evaluate-arg-injection.puppeteer-evaluate-arg-injection shortlink: https://sg.run/gLQ5 semgrep.dev: rule: rule_id: AbUzdX - version_id: l4TNjz - url: https://semgrep.dev/playground/r/l4TNjz/javascript.puppeteer.security.audit.puppeteer-evaluate-arg-injection.puppeteer-evaluate-arg-injection + version_id: RGTbpQ + url: https://semgrep.dev/playground/r/RGTbpQ/javascript.puppeteer.security.audit.puppeteer-evaluate-arg-injection.puppeteer-evaluate-arg-injection origin: community languages: - javascript @@ -13706,13 +14187,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-evaluate-code-injection.puppeteer-evaluate-code-injection shortlink: https://sg.run/Q5Yq semgrep.dev: rule: rule_id: BYUNZk - version_id: YDT8yD - url: https://semgrep.dev/playground/r/YDT8yD/javascript.puppeteer.security.audit.puppeteer-evaluate-code-injection.puppeteer-evaluate-code-injection + version_id: A8TRqz + url: https://semgrep.dev/playground/r/A8TRqz/javascript.puppeteer.security.audit.puppeteer-evaluate-code-injection.puppeteer-evaluate-code-injection origin: community languages: - javascript @@ -13755,13 +14238,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-exposed-chrome-devtools.puppeteer-exposed-chrome-devtools shortlink: https://sg.run/3xEW semgrep.dev: rule: rule_id: DbUpbk - version_id: JdTZW6 - url: https://semgrep.dev/playground/r/JdTZW6/javascript.puppeteer.security.audit.puppeteer-exposed-chrome-devtools.puppeteer-exposed-chrome-devtools + version_id: BjTEbB + url: https://semgrep.dev/playground/r/BjTEbB/javascript.puppeteer.security.audit.puppeteer-exposed-chrome-devtools.puppeteer-exposed-chrome-devtools origin: community languages: - javascript @@ -13797,13 +14282,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-goto-injection.puppeteer-goto-injection shortlink: https://sg.run/4xE9 semgrep.dev: rule: rule_id: WAUoK7 - version_id: 5PTYwy - url: https://semgrep.dev/playground/r/5PTYwy/javascript.puppeteer.security.audit.puppeteer-goto-injection.puppeteer-goto-injection + version_id: DkTQkK + url: https://semgrep.dev/playground/r/DkTQkK/javascript.puppeteer.security.audit.puppeteer-goto-injection.puppeteer-goto-injection origin: community languages: - javascript @@ -13842,13 +14329,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.puppeteer.security.audit.puppeteer-setcontent-injection.puppeteer-setcontent-injection shortlink: https://sg.run/PJlv semgrep.dev: rule: rule_id: 0oU5zg - version_id: GxTWAo - url: https://semgrep.dev/playground/r/GxTWAo/javascript.puppeteer.security.audit.puppeteer-setcontent-injection.puppeteer-setcontent-injection + version_id: WrTb8y + url: https://semgrep.dev/playground/r/WrTb8y/javascript.puppeteer.security.audit.puppeteer-setcontent-injection.puppeteer-setcontent-injection origin: community languages: - javascript @@ -13884,13 +14373,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.sandbox.security.audit.sandbox-code-injection.sandbox-code-injection shortlink: https://sg.run/J9BP semgrep.dev: rule: rule_id: KxUbk3 - version_id: RGTwzA - url: https://semgrep.dev/playground/r/RGTwzA/javascript.sandbox.security.audit.sandbox-code-injection.sandbox-code-injection + version_id: 0bTvor + url: https://semgrep.dev/playground/r/0bTvor/javascript.sandbox.security.audit.sandbox-code-injection.sandbox-code-injection origin: community languages: - javascript @@ -13943,13 +14434,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.sax.security.audit.sax-xxe.sax-xxe shortlink: https://sg.run/5QEj semgrep.dev: rule: rule_id: qNUj7e - version_id: A8Tn45 - url: https://semgrep.dev/playground/r/A8Tn45/javascript.sax.security.audit.sax-xxe.sax-xxe + version_id: K3Tlor + url: https://semgrep.dev/playground/r/K3Tlor/javascript.sax.security.audit.sax-xxe.sax-xxe origin: community languages: - javascript @@ -13989,13 +14482,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-enforce-tls.sequelize-enforce-tls shortlink: https://sg.run/yz6Z semgrep.dev: rule: rule_id: NbUAYW - version_id: BjTGPp - url: https://semgrep.dev/playground/r/BjTGPp/javascript.sequelize.security.audit.sequelize-enforce-tls.sequelize-enforce-tls + version_id: qkTNOp + url: https://semgrep.dev/playground/r/qkTNOp/javascript.sequelize.security.audit.sequelize-enforce-tls.sequelize-enforce-tls origin: community languages: - javascript @@ -14057,13 +14552,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-tls-disabled-cert-validation.sequelize-tls-disabled-cert-validation shortlink: https://sg.run/rAkj semgrep.dev: rule: rule_id: kxUR80 - version_id: 0bT6dG - url: https://semgrep.dev/playground/r/0bT6dG/javascript.sequelize.security.audit.sequelize-tls-disabled-cert-validation.sequelize-tls-disabled-cert-validation + version_id: o5Tndb + url: https://semgrep.dev/playground/r/o5Tndb/javascript.sequelize.security.audit.sequelize-tls-disabled-cert-validation.sequelize-tls-disabled-cert-validation origin: community languages: - javascript @@ -14111,13 +14608,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-weak-tls-version.sequelize-weak-tls-version shortlink: https://sg.run/bDrq semgrep.dev: rule: rule_id: wdU8GB - version_id: gETG6K - url: https://semgrep.dev/playground/r/gETG6K/javascript.sequelize.security.audit.sequelize-weak-tls-version.sequelize-weak-tls-version + version_id: zyT5LL + url: https://semgrep.dev/playground/r/zyT5LL/javascript.sequelize.security.audit.sequelize-weak-tls-version.sequelize-weak-tls-version origin: community languages: - javascript @@ -14164,13 +14663,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.serialize-javascript.security.audit.unsafe-serialize-javascript.unsafe-serialize-javascript shortlink: https://sg.run/Ro6N semgrep.dev: rule: rule_id: YGURez - version_id: qkTKZJ - url: https://semgrep.dev/playground/r/qkTKZJ/javascript.serialize-javascript.security.audit.unsafe-serialize-javascript.unsafe-serialize-javascript + version_id: pZTrn2 + url: https://semgrep.dev/playground/r/pZTrn2/javascript.serialize-javascript.security.audit.unsafe-serialize-javascript.unsafe-serialize-javascript origin: community languages: - javascript @@ -14206,13 +14707,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/javascript.shelljs.security.shelljs-exec-injection.shelljs-exec-injection shortlink: https://sg.run/AvEB semgrep.dev: rule: rule_id: 6JUj9k - version_id: l4TNj2 - url: https://semgrep.dev/playground/r/l4TNj2/javascript.shelljs.security.shelljs-exec-injection.shelljs-exec-injection + version_id: 2KT1p5 + url: https://semgrep.dev/playground/r/2KT1p5/javascript.shelljs.security.shelljs-exec-injection.shelljs-exec-injection origin: community languages: - javascript @@ -14248,13 +14751,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.thenify.security.audit.multiargs-code-execution.multiargs-code-execution shortlink: https://sg.run/BkER semgrep.dev: rule: rule_id: oqUeDG - version_id: YDT8y8 - url: https://semgrep.dev/playground/r/YDT8y8/javascript.thenify.security.audit.multiargs-code-execution.multiargs-code-execution + version_id: X0TP4n + url: https://semgrep.dev/playground/r/X0TP4n/javascript.thenify.security.audit.multiargs-code-execution.multiargs-code-execution origin: community languages: - javascript @@ -14298,13 +14803,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.vm2.security.audit.vm2-code-injection.vm2-code-injection shortlink: https://sg.run/DoPG semgrep.dev: rule: rule_id: zdUk2g - version_id: 6xT0YA - url: https://semgrep.dev/playground/r/6xT0YA/javascript.vm2.security.audit.vm2-code-injection.vm2-code-injection + version_id: jQTKBN + url: https://semgrep.dev/playground/r/jQTKBN/javascript.vm2.security.audit.vm2-code-injection.vm2-code-injection origin: community languages: - javascript @@ -14374,13 +14881,15 @@ rules: references: - https://owasp.org/Top10/A03_2021-Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/javascript.vm2.security.audit.vm2-context-injection.vm2-context-injection shortlink: https://sg.run/W8XE semgrep.dev: rule: rule_id: pKUO3v - version_id: o5T5NP - url: https://semgrep.dev/playground/r/o5T5NP/javascript.vm2.security.audit.vm2-context-injection.vm2-context-injection + version_id: 1QTj2X + url: https://semgrep.dev/playground/r/1QTj2X/javascript.vm2.security.audit.vm2-context-injection.vm2-context-injection origin: community languages: - javascript @@ -14735,13 +15244,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/javascript.vue.security.audit.xss.templates.avoid-v-html.avoid-v-html shortlink: https://sg.run/0QEw semgrep.dev: rule: rule_id: 2ZUb2o - version_id: zyTe46 - url: https://semgrep.dev/playground/r/zyTe46/javascript.vue.security.audit.xss.templates.avoid-v-html.avoid-v-html + version_id: 9lTzlE + url: https://semgrep.dev/playground/r/9lTzlE/javascript.vue.security.audit.xss.templates.avoid-v-html.avoid-v-html origin: community languages: - regex @@ -14771,13 +15282,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.wkhtmltoimage.security.audit.wkhtmltoimage-injection.wkhtmltoimage-injection shortlink: https://sg.run/KlDn semgrep.dev: rule: rule_id: X5U8yj - version_id: pZTQWg - url: https://semgrep.dev/playground/r/pZTQWg/javascript.wkhtmltoimage.security.audit.wkhtmltoimage-injection.wkhtmltoimage-injection + version_id: yeTXOz + url: https://semgrep.dev/playground/r/yeTXOz/javascript.wkhtmltoimage.security.audit.wkhtmltoimage-injection.wkhtmltoimage-injection origin: community languages: - javascript @@ -14813,13 +15326,15 @@ rules: references: - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29 license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/javascript.wkhtmltopdf.security.audit.wkhtmltopdf-injection.wkhtmltopdf-injection shortlink: https://sg.run/qx8O semgrep.dev: rule: rule_id: j2Uv58 - version_id: 2KT6qB - url: https://semgrep.dev/playground/r/2KT6qB/javascript.wkhtmltopdf.security.audit.wkhtmltopdf-injection.wkhtmltopdf-injection + version_id: rxTx1B + url: https://semgrep.dev/playground/r/rxTx1B/javascript.wkhtmltopdf.security.audit.wkhtmltopdf-injection.wkhtmltopdf-injection origin: community languages: - javascript @@ -14861,13 +15376,15 @@ rules: references: - https://owasp.org/Top10/A05_2021-Security_Misconfiguration license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/javascript.xml2json.security.audit.xml2json-xxe.xml2json-xxe shortlink: https://sg.run/l27o semgrep.dev: rule: rule_id: 10UKpB - version_id: X0TJ90 - url: https://semgrep.dev/playground/r/X0TJ90/javascript.xml2json.security.audit.xml2json-xxe.xml2json-xxe + version_id: bZTGZW + url: https://semgrep.dev/playground/r/bZTGZW/javascript.xml2json.security.audit.xml2json-xxe.xml2json-xxe origin: community languages: - javascript @@ -14905,13 +15422,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/kotlin.lang.security.bad-hexa-conversion.bad-hexa-conversion shortlink: https://sg.run/b25p semgrep.dev: rule: rule_id: d8UegG - version_id: zyT0rZ - url: https://semgrep.dev/playground/r/zyT0rZ/kotlin.lang.security.bad-hexa-conversion.bad-hexa-conversion + version_id: e1TxeQ + url: https://semgrep.dev/playground/r/e1TxeQ/kotlin.lang.security.bad-hexa-conversion.bad-hexa-conversion origin: community message: '''Integer.toHexString()'' strips leading zeroes from each byte if read byte-by-byte. This mistake weakens the hash value computed since it introduces @@ -14954,13 +15473,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/kotlin.lang.security.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call shortlink: https://sg.run/6nEK semgrep.dev: rule: rule_id: yyUnpo - version_id: RGTBrK - url: https://semgrep.dev/playground/r/RGTBrK/kotlin.lang.security.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call + version_id: vdT2Xl + url: https://semgrep.dev/playground/r/vdT2Xl/kotlin.lang.security.command-injection-formatted-runtime-call.command-injection-formatted-runtime-call origin: community severity: ERROR languages: @@ -14988,13 +15509,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/kotlin.lang.security.cookie-missing-httponly.cookie-missing-httponly shortlink: https://sg.run/ox7X semgrep.dev: rule: rule_id: r6UrKQ - version_id: A8TyLN - url: https://semgrep.dev/playground/r/A8TyLN/kotlin.lang.security.cookie-missing-httponly.cookie-missing-httponly + version_id: d6TD3J + url: https://semgrep.dev/playground/r/d6TD3J/kotlin.lang.security.cookie-missing-httponly.cookie-missing-httponly origin: community message: A cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading @@ -15031,13 +15554,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/kotlin.lang.security.cookie-missing-secure-flag.cookie-missing-secure-flag shortlink: https://sg.run/zv7n semgrep.dev: rule: rule_id: bwUw3j - version_id: BjTQ81 - url: https://semgrep.dev/playground/r/BjTQ81/kotlin.lang.security.cookie-missing-secure-flag.cookie-missing-secure-flag + version_id: ZRTw2Y + url: https://semgrep.dev/playground/r/ZRTw2Y/kotlin.lang.security.cookie-missing-secure-flag.cookie-missing-secure-flag origin: community message: A cookie was detected without setting the 'secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels @@ -15080,13 +15605,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated shortlink: https://sg.run/RXEK semgrep.dev: rule: rule_id: ReU3Yb - version_id: DkT3vn - url: https://semgrep.dev/playground/r/DkT3vn/kotlin.lang.security.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated + version_id: nWT794 + url: https://semgrep.dev/playground/r/nWT794/kotlin.lang.security.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated origin: community message: DefaultHttpClient is deprecated. Further, it does not support connections using TLS1.2, which makes using DefaultHttpClient a security hazard. Use SystemDefaultHttpClient @@ -15115,13 +15642,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.gcm-detection.gcm-detection shortlink: https://sg.run/WpPA semgrep.dev: rule: rule_id: WAUyAW - version_id: 44TW7P - url: https://semgrep.dev/playground/r/44TW7P/kotlin.lang.security.gcm-detection.gcm-detection + version_id: 7ZTOB3 + url: https://semgrep.dev/playground/r/7ZTOB3/kotlin.lang.security.gcm-detection.gcm-detection origin: community languages: - kt @@ -15163,13 +15692,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/kotlin.lang.security.unencrypted-socket.unencrypted-socket shortlink: https://sg.run/KXZd semgrep.dev: rule: rule_id: KxU76z - version_id: qkT9ev - url: https://semgrep.dev/playground/r/qkT9ev/kotlin.lang.security.unencrypted-socket.unencrypted-socket + version_id: 8KTbN1 + url: https://semgrep.dev/playground/r/8KTbN1/kotlin.lang.security.unencrypted-socket.unencrypted-socket origin: community message: This socket is not encrypted. The traffic could be read by an attacker intercepting the network traffic. Use an SSLSocket created by 'SSLSocketFactory' @@ -15208,13 +15739,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/kotlin.lang.security.weak-rsa.use-of-weak-rsa-key shortlink: https://sg.run/krq7 semgrep.dev: rule: rule_id: nJUZNL - version_id: JdT2ee - url: https://semgrep.dev/playground/r/JdT2ee/kotlin.lang.security.weak-rsa.use-of-weak-rsa-key + version_id: 3ZTdRd + url: https://semgrep.dev/playground/r/3ZTdRd/kotlin.lang.security.weak-rsa.use-of-weak-rsa-key origin: community patterns: - pattern-either: @@ -15253,13 +15786,15 @@ rules: likelihood: LOW impact: HIGH confidence: LOW + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.doctrine.security.audit.doctrine-dbal-dangerous-query.doctrine-dbal-dangerous-query shortlink: https://sg.run/KXWn semgrep.dev: rule: rule_id: X5UdZj - version_id: GxTpxW - url: https://semgrep.dev/playground/r/GxTpxW/php.doctrine.security.audit.doctrine-dbal-dangerous-query.doctrine-dbal-dangerous-query + version_id: 44To93 + url: https://semgrep.dev/playground/r/44To93/php.doctrine.security.audit.doctrine-dbal-dangerous-query.doctrine-dbal-dangerous-query origin: community patterns: - pattern-either: @@ -15352,13 +15887,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/php.lang.security.audit.openssl-decrypt-validate.openssl-decrypt-validate shortlink: https://sg.run/kzn7 semgrep.dev: rule: rule_id: YGUAoe - version_id: BjTQ8j - url: https://semgrep.dev/playground/r/BjTQ8j/php.lang.security.audit.openssl-decrypt-validate.openssl-decrypt-validate + version_id: GxT2lj + url: https://semgrep.dev/playground/r/GxT2lj/php.lang.security.audit.openssl-decrypt-validate.openssl-decrypt-validate origin: community - id: php.lang.security.backticks-use.backticks-use pattern: "`...`;" @@ -15381,13 +15918,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.backticks-use.backticks-use shortlink: https://sg.run/4xj9 semgrep.dev: rule: rule_id: WAUow7 - version_id: DkT3v4 - url: https://semgrep.dev/playground/r/DkT3v4/php.lang.security.backticks-use.backticks-use + version_id: RGTbEQ + url: https://semgrep.dev/playground/r/RGTbEQ/php.lang.security.backticks-use.backticks-use origin: community languages: - php @@ -15418,13 +15957,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/php.lang.security.eval-use.eval-use shortlink: https://sg.run/J9AP semgrep.dev: rule: rule_id: KxUbX3 - version_id: K3TPQZ - url: https://semgrep.dev/playground/r/K3TPQZ/php.lang.security.eval-use.eval-use + version_id: DkTQwK + url: https://semgrep.dev/playground/r/DkTQwK/php.lang.security.eval-use.eval-use origin: community languages: - php @@ -15454,13 +15995,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.exec-use.exec-use shortlink: https://sg.run/5Q1j semgrep.dev: rule: rule_id: qNUjye - version_id: qkT9eG - url: https://semgrep.dev/playground/r/qkT9eG/php.lang.security.exec-use.exec-use + version_id: WrTb7y + url: https://semgrep.dev/playground/r/WrTb7y/php.lang.security.exec-use.exec-use origin: community languages: - php @@ -15490,13 +16033,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.file-inclusion.file-inclusion shortlink: https://sg.run/Ge56 semgrep.dev: rule: rule_id: lBU90N - version_id: 8KTo3Z - url: https://semgrep.dev/playground/r/8KTo3Z/php.lang.security.file-inclusion.file-inclusion + version_id: 0bTvGr + url: https://semgrep.dev/playground/r/0bTvGr/php.lang.security.file-inclusion.file-inclusion origin: community languages: - php @@ -15551,13 +16096,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/php.lang.security.ftp-use.ftp-use shortlink: https://sg.run/RoYN semgrep.dev: rule: rule_id: PeUZyE - version_id: YDTzOL - url: https://semgrep.dev/playground/r/YDTzOL/php.lang.security.ftp-use.ftp-use + version_id: K3Tlgr + url: https://semgrep.dev/playground/r/K3Tlgr/php.lang.security.ftp-use.ftp-use origin: community languages: - php @@ -15591,13 +16138,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/php.lang.security.ldap-bind-without-password.ldap-bind-without-password shortlink: https://sg.run/18Rv semgrep.dev: rule: rule_id: wdUjA5 - version_id: K3T0EY - url: https://semgrep.dev/playground/r/K3T0EY/php.lang.security.ldap-bind-without-password.ldap-bind-without-password + version_id: GxT2lq + url: https://semgrep.dev/playground/r/GxT2lq/php.lang.security.ldap-bind-without-password.ldap-bind-without-password origin: community languages: - php @@ -15627,13 +16176,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.mb-ereg-replace-eval.mb-ereg-replace-eval shortlink: https://sg.run/AvdB semgrep.dev: rule: rule_id: JDUyj4 - version_id: jQTLNx - url: https://semgrep.dev/playground/r/jQTLNx/php.lang.security.mb-ereg-replace-eval.mb-ereg-replace-eval + version_id: RGTbEE + url: https://semgrep.dev/playground/r/RGTbEE/php.lang.security.mb-ereg-replace-eval.mb-ereg-replace-eval origin: community languages: - php @@ -15661,13 +16212,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/php.lang.security.mcrypt-use.mcrypt-use shortlink: https://sg.run/BkZR semgrep.dev: rule: rule_id: 5rUOzK - version_id: 1QT0k9 - url: https://semgrep.dev/playground/r/1QT0k9/php.lang.security.mcrypt-use.mcrypt-use + version_id: A8TRE0 + url: https://semgrep.dev/playground/r/A8TRE0/php.lang.security.mcrypt-use.mcrypt-use origin: community languages: - php @@ -15698,13 +16251,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/php.lang.security.md5-loose-equality.md5-loose-equality shortlink: https://sg.run/Do4G semgrep.dev: rule: rule_id: GdU7RO - version_id: 9lTEXj - url: https://semgrep.dev/playground/r/9lTEXj/php.lang.security.md5-loose-equality.md5-loose-equality + version_id: BjTEyv + url: https://semgrep.dev/playground/r/BjTEyv/php.lang.security.md5-loose-equality.md5-loose-equality origin: community languages: - php @@ -15735,13 +16290,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/php.lang.security.non-literal-header.non-literal-header shortlink: https://sg.run/9rL8 semgrep.dev: rule: rule_id: x8UxNQ - version_id: qkTZ6X - url: https://semgrep.dev/playground/r/qkTZ6X/php.lang.security.non-literal-header.non-literal-header + version_id: WrTb76 + url: https://semgrep.dev/playground/r/WrTb76/php.lang.security.non-literal-header.non-literal-header origin: community languages: - php @@ -15775,13 +16332,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/php.lang.security.php-permissive-cors.php-permissive-cors shortlink: https://sg.run/y1XR semgrep.dev: rule: rule_id: OrU6JZ - version_id: NdT5QD - url: https://semgrep.dev/playground/r/NdT5QD/php.lang.security.php-permissive-cors.php-permissive-cors + version_id: K3TlgR + url: https://semgrep.dev/playground/r/K3TlgR/php.lang.security.php-permissive-cors.php-permissive-cors origin: community languages: - php @@ -15811,13 +16370,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.lang.security.preg-replace-eval.preg-replace-eval shortlink: https://sg.run/0Qzw semgrep.dev: rule: rule_id: AbUz2Z - version_id: BjTnA2 - url: https://semgrep.dev/playground/r/BjTnA2/php.lang.security.preg-replace-eval.preg-replace-eval + version_id: YDTowj + url: https://semgrep.dev/playground/r/YDTowj/php.lang.security.preg-replace-eval.preg-replace-eval origin: community languages: - php @@ -15850,13 +16411,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/php.lang.security.unlink-use.unlink-use shortlink: https://sg.run/rYeR semgrep.dev: rule: rule_id: eqUzDE - version_id: xyT93A - url: https://semgrep.dev/playground/r/xyT93A/php.lang.security.unlink-use.unlink-use + version_id: o5TnL3 + url: https://semgrep.dev/playground/r/o5TnL3/php.lang.security.unlink-use.unlink-use origin: community languages: - php @@ -15888,13 +16451,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/php.lang.security.unserialize-use.unserialize-use shortlink: https://sg.run/b24E semgrep.dev: rule: rule_id: v8U9OJ - version_id: l4TjkW - url: https://semgrep.dev/playground/r/l4TjkW/php.lang.security.unserialize-use.unserialize-use + version_id: zyT5BO + url: https://semgrep.dev/playground/r/zyT5BO/php.lang.security.unserialize-use.unserialize-use origin: community languages: - php @@ -15924,13 +16489,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/php.lang.security.weak-crypto.weak-crypto shortlink: https://sg.run/KlBn semgrep.dev: rule: rule_id: BYUNAg - version_id: e1TEAv - url: https://semgrep.dev/playground/r/e1TEAv/php.lang.security.weak-crypto.weak-crypto + version_id: pZTr2o + url: https://semgrep.dev/playground/r/pZTr2o/php.lang.security.weak-crypto.weak-crypto origin: community languages: - php @@ -15978,13 +16545,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/php.symfony.security.audit.symfony-csrf-protection-disabled.symfony-csrf-protection-disabled shortlink: https://sg.run/N1gz semgrep.dev: rule: rule_id: d8UeKO - version_id: 9lT2Zv - url: https://semgrep.dev/playground/r/9lT2Zv/php.symfony.security.audit.symfony-csrf-protection-disabled.symfony-csrf-protection-disabled + version_id: xyT4R4 + url: https://semgrep.dev/playground/r/xyT4R4/php.symfony.security.audit.symfony-csrf-protection-disabled.symfony-csrf-protection-disabled origin: community languages: - php @@ -16017,13 +16586,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/php.symfony.security.audit.symfony-non-literal-redirect.symfony-non-literal-redirect shortlink: https://sg.run/4ey5 semgrep.dev: rule: rule_id: j2U3q8 - version_id: PkTEnb - url: https://semgrep.dev/playground/r/PkTEnb/php.symfony.security.audit.symfony-non-literal-redirect.symfony-non-literal-redirect + version_id: O9TyQ0 + url: https://semgrep.dev/playground/r/O9TyQ0/php.symfony.security.audit.symfony-non-literal-redirect.symfony-non-literal-redirect origin: community severity: WARNING - id: php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors @@ -16070,13 +16641,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors shortlink: https://sg.run/kr92 semgrep.dev: rule: rule_id: ZqUOlR - version_id: JdT2Ze - url: https://semgrep.dev/playground/r/JdT2Ze/php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors + version_id: e1Tx47 + url: https://semgrep.dev/playground/r/e1Tx47/php.symfony.security.audit.symfony-permissive-cors.symfony-permissive-cors origin: community languages: - php @@ -16113,13 +16686,15 @@ rules: cwe: - 'CWE-285: Improper Authorization' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-ajax-no-auth-and-auth-hooks-audit.wp-ajax-no-auth-and-auth-hooks-audit shortlink: https://sg.run/B0eA semgrep.dev: rule: rule_id: DbUe2y - version_id: jQT0JK - url: https://semgrep.dev/playground/r/jQT0JK/php.wordpress-plugins.security.audit.wp-ajax-no-auth-and-auth-hooks-audit.wp-ajax-no-auth-and-auth-hooks-audit + version_id: vdT2or + url: https://semgrep.dev/playground/r/vdT2or/php.wordpress-plugins.security.audit.wp-ajax-no-auth-and-auth-hooks-audit.wp-ajax-no-auth-and-auth-hooks-audit origin: community - id: php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit patterns: @@ -16151,13 +16726,15 @@ rules: cwe: - 'CWE-285: Improper Authorization' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit shortlink: https://sg.run/DqeP semgrep.dev: rule: rule_id: WAU6YK - version_id: 1QTwQx - url: https://semgrep.dev/playground/r/1QTwQx/php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit + version_id: d6TD7r + url: https://semgrep.dev/playground/r/d6TD7r/php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit origin: community - id: php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit patterns: @@ -16190,13 +16767,15 @@ rules: cwe: - 'CWE-94: Improper Control of Generation of Code (''Code Injection'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit shortlink: https://sg.run/WKD2 semgrep.dev: rule: rule_id: 0oU6pX - version_id: 9lT96D - url: https://semgrep.dev/playground/r/9lT96D/php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit + version_id: ZRTwx6 + url: https://semgrep.dev/playground/r/ZRTwx6/php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit origin: community - id: php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit patterns: @@ -16231,13 +16810,15 @@ rules: - 'CWE-78: Improper Neutralization of Special Elements used in an OS Command (''OS Command Injection'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit shortlink: https://sg.run/01Wj semgrep.dev: rule: rule_id: KxUOw0 - version_id: yeTW5k - url: https://semgrep.dev/playground/r/yeTW5k/php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit + version_id: nWT7J8 + url: https://semgrep.dev/playground/r/nWT7J8/php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit origin: community - id: php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit pattern: check_ajax_referer(...,...,false) @@ -16266,13 +16847,15 @@ rules: cwe: - 'CWE-352: Cross-Site Request Forgery (CSRF)' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit shortlink: https://sg.run/K2y5 semgrep.dev: rule: rule_id: qNUKpk - version_id: rxTJGy - url: https://semgrep.dev/playground/r/rxTJGy/php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit + version_id: ExTnv2 + url: https://semgrep.dev/playground/r/ExTnv2/php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit origin: community - id: php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit patterns: @@ -16305,13 +16888,15 @@ rules: owasp: - A01:2021 - Broken Access Control license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit shortlink: https://sg.run/4gkz semgrep.dev: rule: rule_id: lBUNXL - version_id: bZTg6R - url: https://semgrep.dev/playground/r/bZTg6R/php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit + version_id: 7ZTOZe + url: https://semgrep.dev/playground/r/7ZTOZe/php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit origin: community - id: php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit patterns: @@ -16352,13 +16937,16 @@ rules: - 'CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (''PHP Remote File Inclusion'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal + - Code Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit shortlink: https://sg.run/PGPW semgrep.dev: rule: rule_id: YGU8Yo - version_id: NdTpr9 - url: https://semgrep.dev/playground/r/NdTpr9/php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit + version_id: ZRTEN7 + url: https://semgrep.dev/playground/r/ZRTEN7/php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit origin: community - id: php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit patterns: @@ -16395,13 +16983,16 @@ rules: - 'CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (''PHP Remote File Inclusion'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal + - Code Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit shortlink: https://sg.run/JpwW semgrep.dev: rule: rule_id: 6JU0yK - version_id: kbTyek - url: https://semgrep.dev/playground/r/kbTyek/php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit + version_id: nWTePz + url: https://semgrep.dev/playground/r/nWTePz/php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit origin: community - id: php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit pattern: wp_redirect(...) @@ -16431,13 +17022,15 @@ rules: owasp: - A05:2021 - Security Misconfiguration license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit shortlink: https://sg.run/5nZX semgrep.dev: rule: rule_id: oqU5KY - version_id: w8TBy8 - url: https://semgrep.dev/playground/r/w8TBy8/php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit + version_id: gETqEJ + url: https://semgrep.dev/playground/r/gETqEJ/php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit origin: community - id: php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit patterns: @@ -16470,13 +17063,15 @@ rules: owasp: - A03:2021 - Injection license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit shortlink: https://sg.run/G6X2 semgrep.dev: rule: rule_id: zdUelq - version_id: xyTDQ2 - url: https://semgrep.dev/playground/r/xyTDQ2/php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit + version_id: QkTJAk + url: https://semgrep.dev/playground/r/QkTJAk/php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit origin: community - id: php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit patterns: @@ -16519,13 +17114,15 @@ rules: - 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command (''SQL Injection'')' license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit shortlink: https://sg.run/RAbe semgrep.dev: rule: rule_id: pKUQN1 - version_id: O9T2R6 - url: https://semgrep.dev/playground/r/O9T2R6/php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit + version_id: 3ZTdWL + url: https://semgrep.dev/playground/r/3ZTdWL/php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit origin: community - id: problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request message: Insecure transport rules to catch socket connections to http, telnet, and @@ -16547,13 +17144,15 @@ rules: - java vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request shortlink: https://sg.run/2x9L semgrep.dev: rule: rule_id: NbUkl9 - version_id: BjTn8g - url: https://semgrep.dev/playground/r/BjTn8g/problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request + version_id: X0TPkR + url: https://semgrep.dev/playground/r/X0TPkR/problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request origin: community languages: - java @@ -16600,13 +17199,15 @@ rules: - node.js vulnerability: Insecure Transport license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server shortlink: https://sg.run/x1zL semgrep.dev: rule: rule_id: 7KUQAE - version_id: 0bTk8o - url: https://semgrep.dev/playground/r/0bTk8o/problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server + version_id: O9TyE0 + url: https://semgrep.dev/playground/r/O9TyE0/problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server origin: community languages: - javascript @@ -16643,13 +17244,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.airflow.security.audit.formatted-string-bashoperator.formatted-string-bashoperator shortlink: https://sg.run/ndBY semgrep.dev: rule: rule_id: 4bUkOY - version_id: jQT9x4 - url: https://semgrep.dev/playground/r/jQT9x4/python.airflow.security.audit.formatted-string-bashoperator.formatted-string-bashoperator + version_id: ExTn62 + url: https://semgrep.dev/playground/r/ExTn62/python.airflow.security.audit.formatted-string-bashoperator.formatted-string-bashoperator origin: community languages: - python @@ -16716,13 +17319,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insecure-cipher-mode-ecb.insecure-cipher-mode-ecb shortlink: https://sg.run/4xr5 semgrep.dev: rule: rule_id: DbUp5g - version_id: 3ZTxvB - url: https://semgrep.dev/playground/r/3ZTxvB/python.cryptography.security.insecure-cipher-mode-ecb.insecure-cipher-mode-ecb + version_id: 5PT6ER + url: https://semgrep.dev/playground/r/5PT6ER/python.cryptography.security.insecure-cipher-mode-ecb.insecure-cipher-mode-ecb origin: community severity: WARNING languages: @@ -16762,13 +17367,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insufficient-ec-key-size.insufficient-ec-key-size shortlink: https://sg.run/GeQq semgrep.dev: rule: rule_id: qNUjZ3 - version_id: WrT5GP - url: https://semgrep.dev/playground/r/WrT5GP/python.cryptography.security.insufficient-ec-key-size.insufficient-ec-key-size + version_id: BjTEvR + url: https://semgrep.dev/playground/r/BjTEvR/python.cryptography.security.insufficient-ec-key-size.insufficient-ec-key-size origin: community languages: - python @@ -16803,13 +17410,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.insufficient-rsa-key-size.insufficient-rsa-key-size shortlink: https://sg.run/RoQq semgrep.dev: rule: rule_id: lBU9jn - version_id: GxTWQo - url: https://semgrep.dev/playground/r/GxTWQo/python.cryptography.security.insufficient-rsa-key-size.insufficient-rsa-key-size + version_id: DkTQ7A + url: https://semgrep.dev/playground/r/DkTQ7A/python.cryptography.security.insufficient-rsa-key-size.insufficient-rsa-key-size origin: community languages: - python @@ -16838,13 +17447,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.cryptography.security.mode-without-authentication.crypto-mode-without-authentication shortlink: https://sg.run/N9JL semgrep.dev: rule: rule_id: lBUpNZ - version_id: o5T82K - url: https://semgrep.dev/playground/r/o5T82K/python.cryptography.security.mode-without-authentication.crypto-mode-without-authentication + version_id: WrTbJ4 + url: https://semgrep.dev/playground/r/WrTbJ4/python.cryptography.security.mode-without-authentication.crypto-mode-without-authentication origin: community patterns: - pattern-either: @@ -16898,13 +17509,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.avoid-mark-safe.avoid-mark-safe shortlink: https://sg.run/yd0P semgrep.dev: rule: rule_id: eqU8Wr - version_id: DkTeDR - url: https://semgrep.dev/playground/r/DkTeDR/python.django.security.audit.avoid-mark-safe.avoid-mark-safe + version_id: qkTNJ7 + url: https://semgrep.dev/playground/r/qkTNJ7/python.django.security.audit.avoid-mark-safe.avoid-mark-safe origin: community languages: - python @@ -16925,7 +17538,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/expressions/#django.db.models.Func.as_sql - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -16937,13 +17550,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.custom-expression-as-sql.custom-expression-as-sql shortlink: https://sg.run/b7bW semgrep.dev: rule: rule_id: d8Ujk6 - version_id: 0bT6AG - url: https://semgrep.dev/playground/r/0bT6AG/python.django.security.audit.custom-expression-as-sql.custom-expression-as-sql + version_id: YDTo4y + url: https://semgrep.dev/playground/r/YDTo4y/python.django.security.audit.custom-expression-as-sql.custom-expression-as-sql origin: community pattern: "$EXPRESSION.as_sql(...)" severity: WARNING @@ -16980,13 +17595,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config shortlink: https://sg.run/vzBY semgrep.dev: rule: rule_id: gxU1wE - version_id: qkTKkJ - url: https://semgrep.dev/playground/r/qkTKkJ/python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config + version_id: o5TnJ7 + url: https://semgrep.dev/playground/r/o5TnJ7/python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config origin: community severity: WARNING languages: @@ -17007,7 +17624,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/expressions/#avoiding-sql-injection - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -17019,13 +17636,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.extends-custom-expression.extends-custom-expression shortlink: https://sg.run/N4Ay semgrep.dev: rule: rule_id: ZqU5z3 - version_id: l4TN72 - url: https://semgrep.dev/playground/r/l4TN72/python.django.security.audit.extends-custom-expression.extends-custom-expression + version_id: zyT5r5 + url: https://semgrep.dev/playground/r/zyT5r5/python.django.security.audit.extends-custom-expression.extends-custom-expression origin: community severity: WARNING pattern-either: @@ -17158,7 +17777,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/querysets/#django.db.models.query.QuerySet.extra - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -17170,13 +17789,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.query-set-extra.avoid-query-set-extra shortlink: https://sg.run/kXZP semgrep.dev: rule: rule_id: nJUzBP - version_id: YDT8J8 - url: https://semgrep.dev/playground/r/YDT8J8/python.django.security.audit.query-set-extra.avoid-query-set-extra + version_id: pZTrAl + url: https://semgrep.dev/playground/r/pZTrAl/python.django.security.audit.query-set-extra.avoid-query-set-extra origin: community languages: - python @@ -17199,7 +17820,7 @@ rules: - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/models/expressions/#raw-sql-expressions - - https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/ + - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/ category: security technology: - django @@ -17211,13 +17832,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.django.security.audit.raw-query.avoid-raw-sql shortlink: https://sg.run/weDA semgrep.dev: rule: rule_id: EwU2JA - version_id: rxTXz1 - url: https://semgrep.dev/playground/r/rxTXz1/python.django.security.audit.raw-query.avoid-raw-sql + version_id: 2KT1EW + url: https://semgrep.dev/playground/r/2KT1EW/python.django.security.audit.raw-query.avoid-raw-sql origin: community languages: - python @@ -17273,7 +17896,7 @@ rules: version: '4' references: - https://docs.djangoproject.com/en/3.0/ref/request-response/#django.http.HttpResponse.set_cookie - - https://blog.r2c.dev/2020/bento-check-keeping-cookies-safe-in-flask/ + - https://semgrep.dev/blog/2020/bento-check-keeping-cookies-safe-in-flask/ - https://bento.dev/checks/flask/secure-set-cookie/ category: security technology: @@ -17284,13 +17907,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.django.security.audit.secure-cookies.django-secure-set-cookie shortlink: https://sg.run/x1WL semgrep.dev: rule: rule_id: 7KUQ2E - version_id: BjTOxE - url: https://semgrep.dev/playground/r/BjTOxE/python.django.security.audit.secure-cookies.django-secure-set-cookie + version_id: X0TPlW + url: https://semgrep.dev/playground/r/X0TPlW/python.django.security.audit.secure-cookies.django-secure-set-cookie origin: community languages: - python @@ -17320,13 +17945,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.django.security.audit.templates.debug-template-tag.debug-template-tag shortlink: https://sg.run/dK3E semgrep.dev: rule: rule_id: QrUzb2 - version_id: K3T6O2 - url: https://semgrep.dev/playground/r/K3T6O2/python.django.security.audit.templates.debug-template-tag.debug-template-tag + version_id: jQTKNg + url: https://semgrep.dev/playground/r/jQTKNg/python.django.security.audit.templates.debug-template-tag.debug-template-tag origin: community - id: python.django.security.audit.unvalidated-password.unvalidated-password patterns: @@ -17377,13 +18004,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.django.security.audit.unvalidated-password.unvalidated-password shortlink: https://sg.run/OPBL semgrep.dev: rule: rule_id: L1UywG - version_id: pZTQKg - url: https://semgrep.dev/playground/r/pZTQKg/python.django.security.audit.unvalidated-password.unvalidated-password + version_id: 1QTjkz + url: https://semgrep.dev/playground/r/1QTjkz/python.django.security.audit.unvalidated-password.unvalidated-password origin: community languages: - python @@ -17415,13 +18044,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.class-extends-safestring.class-extends-safestring shortlink: https://sg.run/Zvpw semgrep.dev: rule: rule_id: 3qUPve - version_id: 2KT6gB - url: https://semgrep.dev/playground/r/2KT6gB/python.django.security.audit.xss.class-extends-safestring.class-extends-safestring + version_id: 9lTzXo + url: https://semgrep.dev/playground/r/9lTzXo/python.django.security.audit.xss.class-extends-safestring.class-extends-safestring origin: community languages: - python @@ -17461,13 +18092,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.context-autoescape-off.context-autoescape-off shortlink: https://sg.run/nd7Y semgrep.dev: rule: rule_id: 4bUknY - version_id: 0bTkg2 - url: https://semgrep.dev/playground/r/0bTkg2/python.django.security.audit.xss.context-autoescape-off.context-autoescape-off + version_id: yeTX5n + url: https://semgrep.dev/playground/r/yeTX5n/python.django.security.audit.xss.context-autoescape-off.context-autoescape-off origin: community languages: - python @@ -17515,13 +18148,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.direct-use-of-httpresponse.direct-use-of-httpresponse shortlink: https://sg.run/EknN semgrep.dev: rule: rule_id: PeUZgE - version_id: jQT9b4 - url: https://semgrep.dev/playground/r/jQT9b4/python.django.security.audit.xss.direct-use-of-httpresponse.direct-use-of-httpresponse + version_id: rxTxGk + url: https://semgrep.dev/playground/r/rxTxGk/python.django.security.audit.xss.direct-use-of-httpresponse.direct-use-of-httpresponse origin: community languages: - python @@ -17584,13 +18219,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.filter-with-is-safe.filter-with-is-safe shortlink: https://sg.run/7o12 semgrep.dev: rule: rule_id: JDUyd4 - version_id: 1QTX9r - url: https://semgrep.dev/playground/r/1QTX9r/python.django.security.audit.xss.filter-with-is-safe.filter-with-is-safe + version_id: bZTG6N + url: https://semgrep.dev/playground/r/bZTG6N/python.django.security.audit.xss.filter-with-is-safe.filter-with-is-safe origin: community languages: - python @@ -17625,13 +18262,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.formathtml-fstring-parameter.formathtml-fstring-parameter shortlink: https://sg.run/lxQo semgrep.dev: rule: rule_id: v8UjKg - version_id: 9lTng2 - url: https://semgrep.dev/playground/r/9lTng2/python.django.security.audit.xss.formathtml-fstring-parameter.formathtml-fstring-parameter + version_id: NdT1rN + url: https://semgrep.dev/playground/r/NdT1rN/python.django.security.audit.xss.formathtml-fstring-parameter.formathtml-fstring-parameter origin: community languages: - python @@ -17665,13 +18304,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.global-autoescape-off.global-autoescape-off shortlink: https://sg.run/LwG6 semgrep.dev: rule: rule_id: 5rUOXK - version_id: K3T985 - url: https://semgrep.dev/playground/r/K3T985/python.django.security.audit.xss.global-autoescape-off.global-autoescape-off + version_id: kbT7e6 + url: https://semgrep.dev/playground/r/kbT7e6/python.django.security.audit.xss.global-autoescape-off.global-autoescape-off origin: community languages: - python @@ -17715,13 +18356,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.html-magic-method.html-magic-method shortlink: https://sg.run/8y9N semgrep.dev: rule: rule_id: GdU7QO - version_id: rxT8ZW - url: https://semgrep.dev/playground/r/rxT8ZW/python.django.security.audit.xss.html-magic-method.html-magic-method + version_id: w8T3yA + url: https://semgrep.dev/playground/r/w8T3yA/python.django.security.audit.xss.html-magic-method.html-magic-method origin: community languages: - python @@ -17761,13 +18404,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.html-safe.html-safe shortlink: https://sg.run/gLO0 semgrep.dev: rule: rule_id: ReUg5Y - version_id: bZT4q2 - url: https://semgrep.dev/playground/r/bZT4q2/python.django.security.audit.xss.html-safe.html-safe + version_id: xyT4Qd + url: https://semgrep.dev/playground/r/xyT4Qd/python.django.security.audit.xss.html-safe.html-safe origin: community languages: - python @@ -17803,13 +18448,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-autoescape-off.template-autoescape-off shortlink: https://sg.run/Q5WZ semgrep.dev: rule: rule_id: AbUzAZ - version_id: NdTQ8w - url: https://semgrep.dev/playground/r/NdTQ8w/python.django.security.audit.xss.template-autoescape-off.template-autoescape-off + version_id: O9TyRX + url: https://semgrep.dev/playground/r/O9TyRX/python.django.security.audit.xss.template-autoescape-off.template-autoescape-off origin: community languages: - regex @@ -17864,13 +18511,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-blocktranslate-no-escape.template-blocktranslate-no-escape shortlink: https://sg.run/3xpK semgrep.dev: rule: rule_id: BYUNwg - version_id: kbTZql - url: https://semgrep.dev/playground/r/kbTZql/python.django.security.audit.xss.template-blocktranslate-no-escape.template-blocktranslate-no-escape + version_id: e1TxG1 + url: https://semgrep.dev/playground/r/e1TxG1/python.django.security.audit.xss.template-blocktranslate-no-escape.template-blocktranslate-no-escape origin: community - id: python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape languages: @@ -18003,13 +18652,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape shortlink: https://sg.run/PJDz semgrep.dev: rule: rule_id: WAUov9 - version_id: xyT3Xz - url: https://semgrep.dev/playground/r/xyT3Xz/python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape + version_id: d6TDpy + url: https://semgrep.dev/playground/r/d6TDpy/python.django.security.audit.xss.template-translate-as-no-escape.template-translate-as-no-escape origin: community - id: python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape languages: @@ -18041,13 +18692,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape shortlink: https://sg.run/J9Jy semgrep.dev: rule: rule_id: 0oU5AN - version_id: O9TZeb - url: https://semgrep.dev/playground/r/O9TZeb/python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape + version_id: ZRTwX2 + url: https://semgrep.dev/playground/r/ZRTwX2/python.django.security.audit.xss.template-translate-no-escape.template-translate-no-escape origin: community - id: python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq message: Detected a template variable where autoescaping is explicitly disabled @@ -18074,13 +18727,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq shortlink: https://sg.run/5Q30 semgrep.dev: rule: rule_id: KxUbdx - version_id: e1TAWn - url: https://semgrep.dev/playground/r/e1TAWn/python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq + version_id: nWT70Q + url: https://semgrep.dev/playground/r/nWT70Q/python.django.security.audit.xss.template-var-unescaped-with-safeseq.template-var-unescaped-with-safeseq origin: community languages: - regex @@ -18118,13 +18773,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.globals-as-template-context.globals-as-template-context shortlink: https://sg.run/7GYv semgrep.dev: rule: rule_id: j2UR3n - version_id: d6TbkB - url: https://semgrep.dev/playground/r/d6TbkB/python.django.security.globals-as-template-context.globals-as-template-context + version_id: 7ZTOXP + url: https://semgrep.dev/playground/r/7ZTOXP/python.django.security.globals-as-template-context.globals-as-template-context origin: community pattern-either: - pattern: django.shortcuts.render(..., globals(...), ...) @@ -18158,13 +18815,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.injection.code.globals-misuse-code-execution.globals-misuse-code-execution shortlink: https://sg.run/Kl55 semgrep.dev: rule: rule_id: AbUzAA - version_id: ZRTyzw - url: https://semgrep.dev/playground/r/ZRTyzw/python.django.security.injection.code.globals-misuse-code-execution.globals-misuse-code-execution + version_id: LjT0ll + url: https://semgrep.dev/playground/r/LjT0ll/python.django.security.injection.code.globals-misuse-code-execution.globals-misuse-code-execution origin: community languages: - python @@ -18392,13 +19051,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/python.django.security.injection.mass-assignment.mass-assignment shortlink: https://sg.run/Ro0q semgrep.dev: rule: rule_id: lBU97n - version_id: PkTnpo - url: https://semgrep.dev/playground/r/PkTnpo/python.django.security.injection.mass-assignment.mass-assignment + version_id: RGTbr7 + url: https://semgrep.dev/playground/r/RGTbr7/python.django.security.injection.mass-assignment.mass-assignment origin: community pattern-either: - pattern: "$MODEL.objects.create(**request.$W)" @@ -18430,13 +19091,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.django.security.injection.path-traversal.path-traversal-join.path-traversal-join shortlink: https://sg.run/Dovo semgrep.dev: rule: rule_id: 6JUjLj - version_id: pZT7zy - url: https://semgrep.dev/playground/r/pZT7zy/python.django.security.injection.path-traversal.path-traversal-join.path-traversal-join + version_id: DkTQvA + url: https://semgrep.dev/playground/r/DkTQvA/python.django.security.injection.path-traversal.path-traversal-join.path-traversal-join origin: community patterns: - pattern-inside: | @@ -18540,13 +19203,15 @@ rules: likelihood: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/python.django.security.injection.tainted-sql-string.tainted-sql-string shortlink: https://sg.run/PbZp semgrep.dev: rule: rule_id: lBU8Ad - version_id: GxTWGb - url: https://semgrep.dev/playground/r/GxTWGb/python.django.security.injection.tainted-sql-string.tainted-sql-string + version_id: jQTK9g + url: https://semgrep.dev/playground/r/jQTK9g/python.django.security.injection.tainted-sql-string.tainted-sql-string origin: community severity: ERROR languages: @@ -18602,13 +19267,15 @@ rules: impact: MEDIUM likelihood: LOW confidence: LOW + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/python.django.security.injection.tainted-url-host.tainted-url-host shortlink: https://sg.run/oYz6 semgrep.dev: rule: rule_id: 6JU1l0 - version_id: RGTwXW - url: https://semgrep.dev/playground/r/RGTwXW/python.django.security.injection.tainted-url-host.tainted-url-host + version_id: 1QTjXz + url: https://semgrep.dev/playground/r/1QTjXz/python.django.security.injection.tainted-url-host.tainted-url-host origin: community mode: taint pattern-sinks: @@ -18681,13 +19348,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.django.security.locals-as-template-context.locals-as-template-context shortlink: https://sg.run/L8XL semgrep.dev: rule: rule_id: 10Ued2 - version_id: A8Tn61 - url: https://semgrep.dev/playground/r/A8Tn61/python.django.security.locals-as-template-context.locals-as-template-context + version_id: 9lTzno + url: https://semgrep.dev/playground/r/9lTzno/python.django.security.locals-as-template-context.locals-as-template-context origin: community pattern-either: - pattern: django.shortcuts.render(..., locals(...), ...) @@ -18737,13 +19406,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/python.docker.security.audit.docker-arbitrary-container-run.docker-arbitrary-container-run shortlink: https://sg.run/pxEL semgrep.dev: rule: rule_id: r6Ur5A - version_id: 0bT64B - url: https://semgrep.dev/playground/r/0bT64B/python.docker.security.audit.docker-arbitrary-container-run.docker-arbitrary-container-run + version_id: NdT1QN + url: https://semgrep.dev/playground/r/NdT1QN/python.docker.security.audit.docker-arbitrary-container-run.docker-arbitrary-container-run origin: community - id: python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG message: Hardcoded variable `DEBUG` detected. Set this by using FLASK_DEBUG environment @@ -18767,13 +19438,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG shortlink: https://sg.run/LwPo semgrep.dev: rule: rule_id: JDUyJR - version_id: o5Tp5z - url: https://semgrep.dev/playground/r/o5Tp5z/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG + version_id: ZRTwy2 + url: https://semgrep.dev/playground/r/ZRTwy2/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_DEBUG origin: community languages: - python @@ -18804,13 +19477,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_ENV shortlink: https://sg.run/7oXW semgrep.dev: rule: rule_id: PeUZpr - version_id: 6xTw0j - url: https://semgrep.dev/playground/r/6xTw0j/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_ENV + version_id: d6TDby + url: https://semgrep.dev/playground/r/d6TDby/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_ENV origin: community languages: - python @@ -18839,13 +19514,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_SECRET_KEY shortlink: https://sg.run/Ekde semgrep.dev: rule: rule_id: 4bUkX0 - version_id: YDTK86 - url: https://semgrep.dev/playground/r/YDTK86/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_SECRET_KEY + version_id: vdT238 + url: https://semgrep.dev/playground/r/vdT238/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_SECRET_KEY origin: community languages: - python @@ -18874,13 +19551,15 @@ rules: technology: - flask license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_TESTING shortlink: https://sg.run/ndZ2 semgrep.dev: rule: rule_id: 3qUPoy - version_id: l4TANl - url: https://semgrep.dev/playground/r/l4TANl/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_TESTING + version_id: e1TxA1 + url: https://semgrep.dev/playground/r/e1TxA1/python.flask.security.audit.hardcoded-config.avoid_hardcoded_config_TESTING origin: community languages: - python @@ -18908,13 +19587,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.flask.security.audit.render-template-string.render-template-string shortlink: https://sg.run/8yjE semgrep.dev: rule: rule_id: 5rUOv1 - version_id: o5T571 - url: https://semgrep.dev/playground/r/o5T571/python.flask.security.audit.render-template-string.render-template-string + version_id: ExTnYv + url: https://semgrep.dev/playground/r/ExTnYv/python.flask.security.audit.render-template-string.render-template-string origin: community message: Found a template created with string formatting. This is susceptible to server-side template injection and cross-site scripting attacks. @@ -18945,7 +19626,7 @@ rules: owasp: - A05:2021 - Security Misconfiguration references: - - https://blog.r2c.dev/2020/bento-check-keeping-cookies-safe-in-flask/ + - https://semgrep.dev/blog/2020/bento-check-keeping-cookies-safe-in-flask/ - https://bento.dev/checks/flask/secure-set-cookie/ - https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options category: security @@ -18957,13 +19638,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/python.flask.security.audit.secure-set-cookie.secure-set-cookie shortlink: https://sg.run/gLkZ semgrep.dev: rule: rule_id: GdU7GR - version_id: zyTex2 - url: https://semgrep.dev/playground/r/zyTex2/python.flask.security.audit.secure-set-cookie.secure-set-cookie + version_id: 7ZTOYP + url: https://semgrep.dev/playground/r/7ZTOYP/python.flask.security.audit.secure-set-cookie.secure-set-cookie origin: community languages: - python @@ -18988,13 +19671,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/python.flask.security.audit.wtf-csrf-disabled.flask-wtf-csrf-disabled shortlink: https://sg.run/Q5AQ semgrep.dev: rule: rule_id: ReUgXz - version_id: pZTQBY - url: https://semgrep.dev/playground/r/pZTQBY/python.flask.security.audit.wtf-csrf-disabled.flask-wtf-csrf-disabled + version_id: LjT0pl + url: https://semgrep.dev/playground/r/LjT0pl/python.flask.security.audit.wtf-csrf-disabled.flask-wtf-csrf-disabled origin: community severity: WARNING languages: @@ -19050,13 +19735,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.audit.xss.make-response-with-unknown-content.make-response-with-unknown-content shortlink: https://sg.run/3x3p semgrep.dev: rule: rule_id: AbUz6A - version_id: 2KT6Dq - url: https://semgrep.dev/playground/r/2KT6Dq/python.flask.security.audit.xss.make-response-with-unknown-content.make-response-with-unknown-content + version_id: 8KTbLL + url: https://semgrep.dev/playground/r/8KTbLL/python.flask.security.audit.xss.make-response-with-unknown-content.make-response-with-unknown-content origin: community languages: - python @@ -19081,13 +19768,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.flask.security.dangerous-template-string.dangerous-template-string shortlink: https://sg.run/b79E semgrep.dev: rule: rule_id: v8UnZJ - version_id: X0TJvb - url: https://semgrep.dev/playground/r/X0TJvb/python.flask.security.dangerous-template-string.dangerous-template-string + version_id: gETq5L + url: https://semgrep.dev/playground/r/gETq5L/python.flask.security.dangerous-template-string.dangerous-template-string origin: community languages: - python @@ -19165,13 +19854,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.flask.security.flask-api-method-string-format.flask-api-method-string-format shortlink: https://sg.run/bDWr semgrep.dev: rule: rule_id: NbUAeY - version_id: jQT9EE - url: https://semgrep.dev/playground/r/jQT9EE/python.flask.security.flask-api-method-string-format.flask-api-method-string-format + version_id: QkTJQL + url: https://semgrep.dev/playground/r/QkTJQL/python.flask.security.flask-api-method-string-format.flask-api-method-string-format origin: community - id: python.flask.security.injection.os-system-injection.os-system-injection languages: @@ -19200,13 +19891,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.flask.security.injection.os-system-injection.os-system-injection shortlink: https://sg.run/4xzz semgrep.dev: rule: rule_id: BYUN99 - version_id: yeTd6w - url: https://semgrep.dev/playground/r/yeTd6w/python.flask.security.injection.os-system-injection.os-system-injection + version_id: PkTYnq + url: https://semgrep.dev/playground/r/PkTYnq/python.flask.security.injection.os-system-injection.os-system-injection origin: community pattern-either: - patterns: @@ -19278,13 +19971,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.flask.security.injection.path-traversal-open.path-traversal-open shortlink: https://sg.run/PJRW semgrep.dev: rule: rule_id: DbUpOQ - version_id: rxT8xO - url: https://semgrep.dev/playground/r/rxT8xO/python.flask.security.injection.path-traversal-open.path-traversal-open + version_id: JdTqZY + url: https://semgrep.dev/playground/r/JdTqZY/python.flask.security.injection.path-traversal-open.path-traversal-open origin: community pattern-either: - patterns: @@ -19384,13 +20079,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.flask.security.insecure-deserialization.insecure-deserialization shortlink: https://sg.run/N45z semgrep.dev: rule: rule_id: d8UjBO - version_id: vdT324 - url: https://semgrep.dev/playground/r/vdT324/python.flask.security.insecure-deserialization.insecure-deserialization + version_id: 0bTv6b + url: https://semgrep.dev/playground/r/0bTv6b/python.flask.security.insecure-deserialization.insecure-deserialization origin: community message: Detected the use of an insecure deserialization library in a Flask route. These libraries are prone to code execution vulnerabilities. Ensure user data @@ -19472,13 +20169,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/python.flask.security.open-redirect.open-redirect shortlink: https://sg.run/kXe2 semgrep.dev: rule: rule_id: ZqU5LR - version_id: 5PTBYY - url: https://semgrep.dev/playground/r/5PTBYY/python.flask.security.open-redirect.open-redirect + version_id: K3TlOL + url: https://semgrep.dev/playground/r/K3TlOL/python.flask.security.open-redirect.open-redirect origin: community languages: - python @@ -19509,13 +20208,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/python.flask.security.secure-static-file-serve.avoid_send_file_without_path_sanitization shortlink: https://sg.run/weGP semgrep.dev: rule: rule_id: nJUz6A - version_id: ZRTywe - url: https://semgrep.dev/playground/r/ZRTywe/python.flask.security.secure-static-file-serve.avoid_send_file_without_path_sanitization + version_id: qkTNK7 + url: https://semgrep.dev/playground/r/qkTNK7/python.flask.security.secure-static-file-serve.avoid_send_file_without_path_sanitization origin: community languages: - python @@ -19535,7 +20236,7 @@ rules: source-rule-url: https://pypi.org/project/flake8-flask/ references: - https://flask.palletsprojects.com/en/1.1.x/templating/#jinja-setup - - https://blog.r2c.dev/2020/bento-check-unescaped-template-extensions-in-flask/ + - https://semgrep.dev/blog/2020/bento-check-unescaped-template-extensions-in-flask/ - https://bento.dev/checks/flask/unescaped-file-extension/ category: security technology: @@ -19548,13 +20249,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.unescaped-template-extension.unescaped-template-extension shortlink: https://sg.run/x1Rg semgrep.dev: rule: rule_id: EwU293 - version_id: nWTw7p - url: https://semgrep.dev/playground/r/nWTw7p/python.flask.security.unescaped-template-extension.unescaped-template-extension + version_id: l4T5N0 + url: https://semgrep.dev/playground/r/l4T5N0/python.flask.security.unescaped-template-extension.unescaped-template-extension origin: community patterns: - pattern-not: flask.render_template("=~/.+\.html$/", ...) @@ -19609,13 +20312,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.unsanitized-input.response-contains-unsanitized-input shortlink: https://sg.run/OPGn semgrep.dev: rule: rule_id: 7KUQLl - version_id: ExTYnN - url: https://semgrep.dev/playground/r/ExTYnN/python.flask.security.unsanitized-input.response-contains-unsanitized-input + version_id: YDTo8y + url: https://semgrep.dev/playground/r/YDTo8y/python.flask.security.unsanitized-input.response-contains-unsanitized-input origin: community languages: - python @@ -19662,13 +20367,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 shortlink: https://sg.run/RoKe semgrep.dev: rule: rule_id: qNUjN2 - version_id: 7ZTYOn - url: https://semgrep.dev/playground/r/7ZTYOn/python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 + version_id: JdTqZd + url: https://semgrep.dev/playground/r/JdTqZd/python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 origin: community languages: - python @@ -19711,13 +20418,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.xss.audit.explicit-unescape-with-markup.explicit-unescape-with-markup shortlink: https://sg.run/AvZ8 semgrep.dev: rule: rule_id: lBU95l - version_id: LjTp0k - url: https://semgrep.dev/playground/r/LjTp0k/python.flask.security.xss.audit.explicit-unescape-with-markup.explicit-unescape-with-markup + version_id: 5PT6Yv + url: https://semgrep.dev/playground/r/5PT6Yv/python.flask.security.xss.audit.explicit-unescape-with-markup.explicit-unescape-with-markup origin: community languages: - python @@ -19753,13 +20462,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.flask.security.xss.audit.template-autoescape-off.template-autoescape-off shortlink: https://sg.run/Bkn2 semgrep.dev: rule: rule_id: YGURo6 - version_id: 8KTLbN - url: https://semgrep.dev/playground/r/8KTLbN/python.flask.security.xss.audit.template-autoescape-off.template-autoescape-off + version_id: GxT2W2 + url: https://semgrep.dev/playground/r/GxT2W2/python.flask.security.xss.audit.template-autoescape-off.template-autoescape-off origin: community languages: - regex @@ -19778,7 +20489,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -19791,13 +20502,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.jwt.security.audit.jwt-exposed-data.jwt-python-exposed-data shortlink: https://sg.run/ox8R semgrep.dev: rule: rule_id: 9AU1zW - version_id: JdTZq2 - url: https://semgrep.dev/playground/r/JdTZq2/python.jwt.security.audit.jwt-exposed-data.jwt-python-exposed-data + version_id: 0bTvQ7 + url: https://semgrep.dev/playground/r/0bTvQ7/python.jwt.security.audit.jwt-exposed-data.jwt-python-exposed-data origin: community languages: - python @@ -19815,7 +20528,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ references: - https://cwe.mitre.org/data/definitions/522.html category: security @@ -19828,13 +20541,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.jwt.security.jwt-exposed-credentials.jwt-python-exposed-credentials shortlink: https://sg.run/qxPy semgrep.dev: rule: rule_id: 2ZUb1L - version_id: 5PTY6x - url: https://semgrep.dev/playground/r/5PTY6x/python.jwt.security.jwt-exposed-credentials.jwt-python-exposed-credentials + version_id: K3TlPb + url: https://semgrep.dev/playground/r/K3TlPb/python.jwt.security.jwt-exposed-credentials.jwt-python-exposed-credentials origin: community message: Password is exposed through JWT token payload. This is not encrypted and the password could be compromised. Do not store passwords in JWT tokens. @@ -19873,13 +20588,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.jwt.security.unverified-jwt-decode.unverified-jwt-decode shortlink: https://sg.run/6nyB semgrep.dev: rule: rule_id: 10UKjo - version_id: A8TnR1 - url: https://semgrep.dev/playground/r/A8TnR1/python.jwt.security.unverified-jwt-decode.unverified-jwt-decode + version_id: YDTozD + url: https://semgrep.dev/playground/r/YDTozD/python.jwt.security.unverified-jwt-decode.unverified-jwt-decode origin: community fix-regex: regex: "(verify\\s*=\\s*)False" @@ -19914,13 +20631,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.audit.conn_recv.multiprocessing-recv shortlink: https://sg.run/x1lz semgrep.dev: rule: rule_id: nJUzeK - version_id: BjTGEn - url: https://semgrep.dev/playground/r/BjTGEn/python.lang.security.audit.conn_recv.multiprocessing-recv + version_id: 6xTeAE + url: https://semgrep.dev/playground/r/6xTeAE/python.lang.security.audit.conn_recv.multiprocessing-recv origin: community pattern-either: - pattern: multiprocessing.connection.Connection.recv(...) @@ -19961,13 +20680,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage shortlink: https://sg.run/8R6J semgrep.dev: rule: rule_id: 9AUkR3 - version_id: DkTeQP - url: https://semgrep.dev/playground/r/DkTeQP/python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage + version_id: o5TnWB + url: https://semgrep.dev/playground/r/o5TnWB/python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage origin: community languages: - python @@ -20024,19 +20745,22 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected shortlink: https://sg.run/dKZZ semgrep.dev: rule: rule_id: 8GUj22 - version_id: X0T0J5 - url: https://semgrep.dev/playground/r/X0T0J5/python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected + version_id: 7ZTO58 + url: https://semgrep.dev/playground/r/7ZTO58/python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected origin: community languages: - python severity: WARNING - id: python.lang.security.audit.eval-detected.eval-detected patterns: + - pattern-not: eval(f"") - pattern-not: eval("...") - pattern: eval(...) message: Detected the use of eval(). eval() can be dangerous if used to evaluate @@ -20066,13 +20790,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.eval-detected.eval-detected shortlink: https://sg.run/ZvrD semgrep.dev: rule: rule_id: gxU149 - version_id: O9TZ0D - url: https://semgrep.dev/playground/r/O9TZ0D/python.lang.security.audit.eval-detected.eval-detected + version_id: X0T3nj + url: https://semgrep.dev/playground/r/X0T3nj/python.lang.security.audit.eval-detected.eval-detected origin: community languages: - python @@ -20108,13 +20834,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.exec-detected.exec-detected shortlink: https://sg.run/ndRX semgrep.dev: rule: rule_id: QrUzKv - version_id: e1TAdz - url: https://semgrep.dev/playground/r/e1TAdz/python.lang.security.audit.exec-detected.exec-detected + version_id: 8KTbW8 + url: https://semgrep.dev/playground/r/8KTbW8/python.lang.security.audit.exec-detected.exec-detected origin: community languages: - python @@ -20141,13 +20869,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.formatted-sql-query.formatted-sql-query shortlink: https://sg.run/EkWw semgrep.dev: rule: rule_id: 3qUP9k - version_id: vdT3k4 - url: https://semgrep.dev/playground/r/vdT3k4/python.lang.security.audit.formatted-sql-query.formatted-sql-query + version_id: gETqL2 + url: https://semgrep.dev/playground/r/gETqL2/python.lang.security.audit.formatted-sql-query.formatted-sql-query origin: community severity: WARNING languages: @@ -20191,13 +20921,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.ftplib.ftplib shortlink: https://sg.run/7oyZ semgrep.dev: rule: rule_id: 4bUkv7 - version_id: d6TbRK - url: https://semgrep.dev/playground/r/d6TbRK/python.lang.security.audit.ftplib.ftplib + version_id: QkTJBN + url: https://semgrep.dev/playground/r/QkTJBN/python.lang.security.audit.ftplib.ftplib origin: community severity: WARNING languages: @@ -20233,13 +20965,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/python.lang.security.audit.hardcoded-password-default-argument.hardcoded-password-default-argument shortlink: https://sg.run/Lw9r semgrep.dev: rule: rule_id: PeUZAW - version_id: 9lTwgD - url: https://semgrep.dev/playground/r/9lTwgD/python.lang.security.audit.hardcoded-password-default-argument.hardcoded-password-default-argument + version_id: 3ZTd7X + url: https://semgrep.dev/playground/r/3ZTd7X/python.lang.security.audit.hardcoded-password-default-argument.hardcoded-password-default-argument origin: community - id: python.lang.security.audit.httpsconnection-detected.httpsconnection-detected message: The HTTPSConnection API has changed frequently with minor releases of Python. @@ -20264,13 +20998,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.lang.security.audit.httpsconnection-detected.httpsconnection-detected shortlink: https://sg.run/8yby semgrep.dev: rule: rule_id: JDUy7y - version_id: nWTwep - url: https://semgrep.dev/playground/r/nWTwep/python.lang.security.audit.httpsconnection-detected.httpsconnection-detected + version_id: 44Toxd + url: https://semgrep.dev/playground/r/44Toxd/python.lang.security.audit.httpsconnection-detected.httpsconnection-detected origin: community severity: WARNING languages: @@ -20303,13 +21039,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls shortlink: https://sg.run/AvPp semgrep.dev: rule: rule_id: qNUjlR - version_id: 7ZTY7n - url: https://semgrep.dev/playground/r/7ZTY7n/python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls + version_id: JdTq2d + url: https://semgrep.dev/playground/r/JdTq2d/python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls origin: community severity: WARNING languages: @@ -20367,13 +21105,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.requests.request-session-http-in-with-context.request-session-http-in-with-context shortlink: https://sg.run/Bk5W semgrep.dev: rule: rule_id: lBU9BZ - version_id: zyTgNb - url: https://semgrep.dev/playground/r/zyTgNb/python.lang.security.audit.insecure-transport.requests.request-session-http-in-with-context.request-session-http-in-with-context + version_id: 5PT6Bv + url: https://semgrep.dev/playground/r/5PT6Bv/python.lang.security.audit.insecure-transport.requests.request-session-http-in-with-context.request-session-http-in-with-context origin: community languages: - python @@ -20431,13 +21171,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.requests.request-session-with-http.request-session-with-http shortlink: https://sg.run/DoBY semgrep.dev: rule: rule_id: YGURXw - version_id: pZTgen - url: https://semgrep.dev/playground/r/pZTgen/python.lang.security.audit.insecure-transport.requests.request-session-with-http.request-session-with-http + version_id: GxT242 + url: https://semgrep.dev/playground/r/GxT242/python.lang.security.audit.insecure-transport.requests.request-session-with-http.request-session-with-http origin: community - id: python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http fix-regex: @@ -20469,13 +21211,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http shortlink: https://sg.run/W8J4 semgrep.dev: rule: rule_id: 6JUjpG - version_id: 2KTN5R - url: https://semgrep.dev/playground/r/2KTN5R/python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http + version_id: RGTbBv + url: https://semgrep.dev/playground/r/RGTbBv/python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http origin: community languages: - python @@ -20530,13 +21274,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.ssl.no-set-ciphers.no-set-ciphers shortlink: https://sg.run/0Q0v semgrep.dev: rule: rule_id: oqUeYJ - version_id: QkTQyA - url: https://semgrep.dev/playground/r/QkTQyA/python.lang.security.audit.insecure-transport.ssl.no-set-ciphers.no-set-ciphers + version_id: A8TRyb + url: https://semgrep.dev/playground/r/A8TRyb/python.lang.security.audit.insecure-transport.ssl.no-set-ciphers.no-set-ciphers origin: community languages: - python @@ -20563,13 +21309,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open-ftp.insecure-openerdirector-open-ftp shortlink: https://sg.run/Klj7 semgrep.dev: rule: rule_id: zdUkPQ - version_id: 3ZTxJb - url: https://semgrep.dev/playground/r/3ZTxJb/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open-ftp.insecure-openerdirector-open-ftp + version_id: BjTEoW + url: https://semgrep.dev/playground/r/BjTEoW/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open-ftp.insecure-openerdirector-open-ftp origin: community severity: WARNING languages: @@ -20624,13 +21372,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open.insecure-openerdirector-open shortlink: https://sg.run/qxKz semgrep.dev: rule: rule_id: pKUO9Q - version_id: 44TY3G - url: https://semgrep.dev/playground/r/44TY3G/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open.insecure-openerdirector-open + version_id: DkTQL6 + url: https://semgrep.dev/playground/r/DkTQL6/python.lang.security.audit.insecure-transport.urllib.insecure-openerdirector-open.insecure-openerdirector-open origin: community severity: WARNING languages: @@ -20692,13 +21442,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-request-object-ftp.insecure-request-object-ftp shortlink: https://sg.run/l2Py semgrep.dev: rule: rule_id: 2ZUbWA - version_id: PkTnLn - url: https://semgrep.dev/playground/r/PkTnLn/python.lang.security.audit.insecure-transport.urllib.insecure-request-object-ftp.insecure-request-object-ftp + version_id: WrTbgO + url: https://semgrep.dev/playground/r/WrTbgO/python.lang.security.audit.insecure-transport.urllib.insecure-request-object-ftp.insecure-request-object-ftp origin: community severity: WARNING languages: @@ -20733,13 +21485,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-request-object.insecure-request-object shortlink: https://sg.run/YvAe semgrep.dev: rule: rule_id: X5U8Bp - version_id: JdTZg2 - url: https://semgrep.dev/playground/r/JdTZg2/python.lang.security.audit.insecure-transport.urllib.insecure-request-object.insecure-request-object + version_id: 0bTvZ7 + url: https://semgrep.dev/playground/r/0bTvZ7/python.lang.security.audit.insecure-transport.urllib.insecure-request-object.insecure-request-object origin: community severity: WARNING languages: @@ -20779,13 +21533,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen-ftp.insecure-urlopen-ftp shortlink: https://sg.run/6n1o semgrep.dev: rule: rule_id: j2UvOG - version_id: 5PTY5x - url: https://semgrep.dev/playground/r/5PTY5x/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen-ftp.insecure-urlopen-ftp + version_id: K3TlRb + url: https://semgrep.dev/playground/r/K3TlRb/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen-ftp.insecure-urlopen-ftp origin: community severity: WARNING languages: @@ -20820,13 +21576,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen.insecure-urlopen shortlink: https://sg.run/oxB9 semgrep.dev: rule: rule_id: 10UKgW - version_id: GxTWwb - url: https://semgrep.dev/playground/r/GxTWwb/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen.insecure-urlopen + version_id: qkTNro + url: https://semgrep.dev/playground/r/qkTNro/python.lang.security.audit.insecure-transport.urllib.insecure-urlopen.insecure-urlopen origin: community severity: WARNING languages: @@ -20865,13 +21623,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open-ftp.insecure-urlopener-open-ftp shortlink: https://sg.run/zvwG semgrep.dev: rule: rule_id: 9AU1DY - version_id: RGTwvW - url: https://semgrep.dev/playground/r/RGTwvW/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open-ftp.insecure-urlopener-open-ftp + version_id: l4T5Yz + url: https://semgrep.dev/playground/r/l4T5Yz/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open-ftp.insecure-urlopener-open-ftp origin: community severity: WARNING languages: @@ -20926,13 +21686,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open.insecure-urlopener-open shortlink: https://sg.run/pxWg semgrep.dev: rule: rule_id: yyUnwW - version_id: A8TnY1 - url: https://semgrep.dev/playground/r/A8TnY1/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open.insecure-urlopener-open + version_id: YDToxD + url: https://semgrep.dev/playground/r/YDToxD/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-open.insecure-urlopener-open origin: community severity: WARNING languages: @@ -20992,13 +21754,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve-ftp.insecure-urlopener-retrieve-ftp shortlink: https://sg.run/2xY0 semgrep.dev: rule: rule_id: r6UrPp - version_id: BjTGYn - url: https://semgrep.dev/playground/r/BjTGYn/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve-ftp.insecure-urlopener-retrieve-ftp + version_id: 6xTekE + url: https://semgrep.dev/playground/r/6xTekE/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve-ftp.insecure-urlopener-retrieve-ftp origin: community severity: WARNING languages: @@ -21053,13 +21817,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve.insecure-urlopener-retrieve shortlink: https://sg.run/XBGK semgrep.dev: rule: rule_id: bwUw0n - version_id: DkTe8P - url: https://semgrep.dev/playground/r/DkTe8P/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve.insecure-urlopener-retrieve + version_id: o5TnPB + url: https://semgrep.dev/playground/r/o5TnPB/python.lang.security.audit.insecure-transport.urllib.insecure-urlopener-retrieve.insecure-urlopener-retrieve origin: community severity: WARNING languages: @@ -21119,13 +21885,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve-ftp.insecure-urlretrieve-ftp shortlink: https://sg.run/jR8Y semgrep.dev: rule: rule_id: NbUknL - version_id: WrT6xD - url: https://semgrep.dev/playground/r/WrT6xD/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve-ftp.insecure-urlretrieve-ftp + version_id: zyT59G + url: https://semgrep.dev/playground/r/zyT59G/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve-ftp.insecure-urlretrieve-ftp origin: community severity: WARNING languages: @@ -21160,13 +21928,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve.insecure-urlretrieve shortlink: https://sg.run/1Zqw semgrep.dev: rule: rule_id: kxUk4N - version_id: 0bT6OB - url: https://semgrep.dev/playground/r/0bT6OB/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve.insecure-urlretrieve + version_id: pZTrJN + url: https://semgrep.dev/playground/r/pZTrJN/python.lang.security.audit.insecure-transport.urllib.insecure-urlretrieve.insecure-urlretrieve origin: community severity: WARNING languages: @@ -21210,13 +21980,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.audit.logging.listeneval.listen-eval shortlink: https://sg.run/9okY semgrep.dev: rule: rule_id: wdUJQY - version_id: K3TOyE - url: https://semgrep.dev/playground/r/K3TOyE/python.lang.security.audit.logging.listeneval.listen-eval + version_id: 2KT1Xr + url: https://semgrep.dev/playground/r/2KT1Xr/python.lang.security.audit.logging.listeneval.listen-eval origin: community severity: WARNING pattern: logging.config.listen(...) @@ -21248,13 +22020,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/python.lang.security.audit.mako-templates-detected.mako-templates-detected shortlink: https://sg.run/Q5v4 semgrep.dev: rule: rule_id: GdU79Z - version_id: l4TNPG - url: https://semgrep.dev/playground/r/l4TNPG/python.lang.security.audit.mako-templates-detected.mako-templates-detected + version_id: jQTKpn + url: https://semgrep.dev/playground/r/jQTKpn/python.lang.security.audit.mako-templates-detected.mako-templates-detected origin: community languages: - python @@ -21284,13 +22058,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.audit.marshal.marshal-usage shortlink: https://sg.run/3xor semgrep.dev: rule: rule_id: ReUg13 - version_id: YDT8P9 - url: https://semgrep.dev/playground/r/YDT8P9/python.lang.security.audit.marshal.marshal-usage + version_id: 1QTjn2 + url: https://semgrep.dev/playground/r/1QTjn2/python.lang.security.audit.marshal.marshal-usage origin: community pattern-either: - pattern: marshal.dump(...) @@ -21318,13 +22094,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.network.http-not-https-connection.http-not-https-connection shortlink: https://sg.run/N4Np semgrep.dev: rule: rule_id: v8UnWQ - version_id: RGTwvl - url: https://semgrep.dev/playground/r/RGTwvl/python.lang.security.audit.network.http-not-https-connection.http-not-https-connection + version_id: bZTGJ6 + url: https://semgrep.dev/playground/r/bZTGJ6/python.lang.security.audit.network.http-not-https-connection.http-not-https-connection origin: community languages: - python @@ -21359,13 +22137,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/python.lang.security.audit.non-literal-import.non-literal-import shortlink: https://sg.run/y6Jk semgrep.dev: rule: rule_id: AbUGN5 - version_id: A8TnY4 - url: https://semgrep.dev/playground/r/A8TnY4/python.lang.security.audit.non-literal-import.non-literal-import + version_id: NdT1EQ + url: https://semgrep.dev/playground/r/NdT1EQ/python.lang.security.audit.non-literal-import.non-literal-import origin: community languages: - python @@ -21399,13 +22179,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key shortlink: https://sg.run/4xpl semgrep.dev: rule: rule_id: AbUzbe - version_id: DkTe8O - url: https://semgrep.dev/playground/r/DkTe8O/python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key + version_id: w8T3vv + url: https://semgrep.dev/playground/r/w8T3vv/python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key origin: community languages: - python @@ -21441,13 +22223,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command shortlink: https://sg.run/kXQ7 semgrep.dev: rule: rule_id: d8Uj9x - version_id: BjTGYw - url: https://semgrep.dev/playground/r/BjTGYw/python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command + version_id: kbT79r + url: https://semgrep.dev/playground/r/kbT79r/python.lang.security.audit.paramiko.paramiko-exec-command.paramiko-exec-command origin: community severity: ERROR languages: @@ -21482,13 +22266,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.lang.security.audit.python-reverse-shell.python-reverse-shell shortlink: https://sg.run/gYZJ semgrep.dev: rule: rule_id: nJUZRY - version_id: WrT6xb - url: https://semgrep.dev/playground/r/WrT6xb/python.lang.security.audit.python-reverse-shell.python-reverse-shell + version_id: xyT41l + url: https://semgrep.dev/playground/r/xyT41l/python.lang.security.audit.python-reverse-shell.python-reverse-shell origin: community languages: - python @@ -21521,13 +22307,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.aiopg-sqli.aiopg-sqli shortlink: https://sg.run/WgGL semgrep.dev: rule: rule_id: DbUWRY - version_id: 0bT6OO - url: https://semgrep.dev/playground/r/0bT6OO/python.lang.security.audit.sqli.aiopg-sqli.aiopg-sqli + version_id: e1TxwX + url: https://semgrep.dev/playground/r/e1TxwX/python.lang.security.audit.sqli.aiopg-sqli.aiopg-sqli origin: community patterns: - pattern-either: @@ -21633,13 +22421,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.asyncpg-sqli.asyncpg-sqli shortlink: https://sg.run/0nBB semgrep.dev: rule: rule_id: WAUZqq - version_id: K3T1zD - url: https://semgrep.dev/playground/r/K3T1zD/python.lang.security.audit.sqli.asyncpg-sqli.asyncpg-sqli + version_id: vdT2JA + url: https://semgrep.dev/playground/r/vdT2JA/python.lang.security.audit.sqli.asyncpg-sqli.asyncpg-sqli origin: community patterns: - pattern-either: @@ -21729,13 +22519,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.pg8000-sqli.pg8000-sqli shortlink: https://sg.run/KWAL semgrep.dev: rule: rule_id: 0oUEKo - version_id: qkT31E - url: https://semgrep.dev/playground/r/qkT31E/python.lang.security.audit.sqli.pg8000-sqli.pg8000-sqli + version_id: d6TDE0 + url: https://semgrep.dev/playground/r/d6TDE0/python.lang.security.audit.sqli.pg8000-sqli.pg8000-sqli origin: community patterns: - pattern-either: @@ -21824,13 +22616,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.lang.security.audit.sqli.psycopg-sqli.psycopg-sqli shortlink: https://sg.run/qrLe semgrep.dev: rule: rule_id: KxU4Kg - version_id: l4TGrb - url: https://semgrep.dev/playground/r/l4TGrb/python.lang.security.audit.sqli.psycopg-sqli.psycopg-sqli + version_id: ZRTwJ8 + url: https://semgrep.dev/playground/r/ZRTwJ8/python.lang.security.audit.sqli.psycopg-sqli.psycopg-sqli origin: community patterns: - pattern-either: @@ -21917,13 +22711,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/python.lang.security.audit.system-wildcard-detected.system-wildcard-detected shortlink: https://sg.run/5QXA semgrep.dev: rule: rule_id: WAUorE - version_id: 1QTwXo - url: https://semgrep.dev/playground/r/1QTwXo/python.lang.security.audit.system-wildcard-detected.system-wildcard-detected + version_id: 7ZTOw8 + url: https://semgrep.dev/playground/r/7ZTOw8/python.lang.security.audit.system-wildcard-detected.system-wildcard-detected origin: community languages: - python @@ -21950,13 +22746,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.lang.security.audit.telnetlib.telnetlib shortlink: https://sg.run/Gelp semgrep.dev: rule: rule_id: 0oU5Wl - version_id: zyTePy - url: https://semgrep.dev/playground/r/zyTePy/python.lang.security.audit.telnetlib.telnetlib + version_id: LjT0Jv + url: https://semgrep.dev/playground/r/LjT0Jv/python.lang.security.audit.telnetlib.telnetlib origin: community severity: WARNING languages: @@ -21990,13 +22788,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.audit.weak-ssl-version.weak-ssl-version shortlink: https://sg.run/RoZO semgrep.dev: rule: rule_id: KxUbNG - version_id: pZTQ9w - url: https://semgrep.dev/playground/r/pZTQ9w/python.lang.security.audit.weak-ssl-version.weak-ssl-version + version_id: 8KTb08 + url: https://semgrep.dev/playground/r/8KTb08/python.lang.security.audit.weak-ssl-version.weak-ssl-version origin: community languages: - python @@ -22062,13 +22862,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/python.lang.security.dangerous-globals-use.dangerous-globals-use shortlink: https://sg.run/jNzn semgrep.dev: rule: rule_id: 9AUOZP - version_id: X0TJBg - url: https://semgrep.dev/playground/r/X0TJBg/python.lang.security.dangerous-globals-use.dangerous-globals-use + version_id: QkTJLN + url: https://semgrep.dev/playground/r/QkTJLN/python.lang.security.dangerous-globals-use.dangerous-globals-use origin: community severity: WARNING languages: @@ -22101,13 +22903,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.avoid-jsonpickle.avoid-jsonpickle shortlink: https://sg.run/rkNP semgrep.dev: rule: rule_id: BYU7Kp - version_id: NdTQnZ - url: https://semgrep.dev/playground/r/NdTQnZ/python.lang.security.deserialization.avoid-jsonpickle.avoid-jsonpickle + version_id: RGTbdv + url: https://semgrep.dev/playground/r/RGTbdv/python.lang.security.deserialization.avoid-jsonpickle.avoid-jsonpickle origin: community message: Avoid using `jsonpickle`, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. @@ -22136,13 +22940,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.avoid-pyyaml-load.avoid-pyyaml-load shortlink: https://sg.run/we9Y semgrep.dev: rule: rule_id: ZqU5jZ - version_id: kbTZ4W - url: https://semgrep.dev/playground/r/kbTZ4W/python.lang.security.deserialization.avoid-pyyaml-load.avoid-pyyaml-load + version_id: A8TRxb + url: https://semgrep.dev/playground/r/A8TRxb/python.lang.security.deserialization.avoid-pyyaml-load.avoid-pyyaml-load origin: community languages: - python @@ -22192,13 +22998,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.avoid-unsafe-ruamel.avoid-unsafe-ruamel shortlink: https://sg.run/x1rz semgrep.dev: rule: rule_id: nJUzqK - version_id: w8T0QN - url: https://semgrep.dev/playground/r/w8T0QN/python.lang.security.deserialization.avoid-unsafe-ruamel.avoid-unsafe-ruamel + version_id: BjTE4W + url: https://semgrep.dev/playground/r/BjTE4W/python.lang.security.deserialization.avoid-unsafe-ruamel.avoid-unsafe-ruamel origin: community languages: - python @@ -22229,13 +23037,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-cPickle shortlink: https://sg.run/eLxb semgrep.dev: rule: rule_id: 7KUQNL - version_id: 1QTW3k - url: https://semgrep.dev/playground/r/1QTW3k/python.lang.security.deserialization.pickle.avoid-cPickle + version_id: WrTbeO + url: https://semgrep.dev/playground/r/WrTbeO/python.lang.security.deserialization.pickle.avoid-cPickle origin: community languages: - python @@ -22267,13 +23077,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-dill shortlink: https://sg.run/vzjA semgrep.dev: rule: rule_id: L1Uy60 - version_id: 9lTNqn - url: https://semgrep.dev/playground/r/9lTNqn/python.lang.security.deserialization.pickle.avoid-dill + version_id: 0bTv07 + url: https://semgrep.dev/playground/r/0bTv07/python.lang.security.deserialization.pickle.avoid-dill origin: community languages: - python @@ -22305,13 +23117,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-pickle shortlink: https://sg.run/OPwB semgrep.dev: rule: rule_id: EwU2BJ - version_id: jQTeDJ - url: https://semgrep.dev/playground/r/jQTeDJ/python.lang.security.deserialization.pickle.avoid-pickle + version_id: DkTQB6 + url: https://semgrep.dev/playground/r/DkTQB6/python.lang.security.deserialization.pickle.avoid-pickle origin: community languages: - python @@ -22346,13 +23160,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-shelve shortlink: https://sg.run/dKkZ semgrep.dev: rule: rule_id: 8GUje2 - version_id: yeTbGQ - url: https://semgrep.dev/playground/r/yeTbGQ/python.lang.security.deserialization.pickle.avoid-shelve + version_id: K3TlAb + url: https://semgrep.dev/playground/r/K3TlAb/python.lang.security.deserialization.pickle.avoid-shelve origin: community languages: - python @@ -22391,13 +23207,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/python.lang.security.insecure-hash-function.insecure-hash-function shortlink: https://sg.run/rdBn semgrep.dev: rule: rule_id: OrU30g - version_id: vdT3WD - url: https://semgrep.dev/playground/r/vdT3WD/python.lang.security.insecure-hash-function.insecure-hash-function + version_id: YDTogD + url: https://semgrep.dev/playground/r/YDTogD/python.lang.security.insecure-hash-function.insecure-hash-function origin: community languages: - python @@ -22426,13 +23244,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/python.lang.security.unquoted-csv-writer.unquoted-csv-writer shortlink: https://sg.run/b7vp semgrep.dev: rule: rule_id: eqU8dk - version_id: d6Tb9E - url: https://semgrep.dev/playground/r/d6Tb9E/python.lang.security.unquoted-csv-writer.unquoted-csv-writer + version_id: JdTqO6 + url: https://semgrep.dev/playground/r/JdTqO6/python.lang.security.unquoted-csv-writer.unquoted-csv-writer origin: community fix-regex: regex: "(.*)\\)" @@ -22468,13 +23288,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.lang.security.unverified-ssl-context.unverified-ssl-context shortlink: https://sg.run/N4lp semgrep.dev: rule: rule_id: v8UnkQ - version_id: bZTJeE - url: https://semgrep.dev/playground/r/bZTJeE/python.lang.security.unverified-ssl-context.unverified-ssl-context + version_id: 5PT6Ky + url: https://semgrep.dev/playground/r/5PT6Ky/python.lang.security.unverified-ssl-context.unverified-ssl-context origin: community severity: ERROR languages: @@ -22499,13 +23321,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/python.requests.security.disabled-cert-validation.disabled-cert-validation shortlink: https://sg.run/AlYp semgrep.dev: rule: rule_id: qNUoYR - version_id: rxTbO4 - url: https://semgrep.dev/playground/r/rxTbO4/python.requests.security.disabled-cert-validation.disabled-cert-validation + version_id: ExTnyB + url: https://semgrep.dev/playground/r/ExTnyB/python.requests.security.disabled-cert-validation.disabled-cert-validation origin: community languages: - python @@ -22538,7 +23362,7 @@ rules: - A02:2021 - Cryptographic Failures source-rule-url: https://pypi.org/project/flake8-flask/ references: - - https://blog.r2c.dev/2020/bento-check-no-auth-over-http/ + - https://semgrep.dev/blog/2020/bento-check-no-auth-over-http/ - https://bento.dev/checks/requests/no-auth-over-http/ category: security technology: @@ -22549,13 +23373,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/python.requests.security.no-auth-over-http.no-auth-over-http shortlink: https://sg.run/B4NW semgrep.dev: rule: rule_id: lBUdQZ - version_id: bZTxA5 - url: https://semgrep.dev/playground/r/bZTxA5/python.requests.security.no-auth-over-http.no-auth-over-http + version_id: 7ZTO6z + url: https://semgrep.dev/playground/r/7ZTO6z/python.requests.security.no-auth-over-http.no-auth-over-http origin: community languages: - python @@ -22593,13 +23419,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/python.sh.security.string-concat.string-concat shortlink: https://sg.run/Wg34 semgrep.dev: rule: rule_id: JDUP1G - version_id: NdT5DZ - url: https://semgrep.dev/playground/r/NdT5DZ/python.sh.security.string-concat.string-concat + version_id: LjT0dq + url: https://semgrep.dev/playground/r/LjT0dq/python.sh.security.string-concat.string-concat origin: community pattern-either: - pattern: sh.$BIN($X + $Y) @@ -22633,13 +23461,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.sqlalchemy.security.audit.avoid-sqlalchemy-text.avoid-sqlalchemy-text shortlink: https://sg.run/yP1O semgrep.dev: rule: rule_id: r6U2wE - version_id: kbTrKW - url: https://semgrep.dev/playground/r/kbTrKW/python.sqlalchemy.security.audit.avoid-sqlalchemy-text.avoid-sqlalchemy-text + version_id: 8KTbo4 + url: https://semgrep.dev/playground/r/8KTbo4/python.sqlalchemy.security.audit.avoid-sqlalchemy-text.avoid-sqlalchemy-text origin: community languages: - python @@ -22673,13 +23503,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query shortlink: https://sg.run/2b1L semgrep.dev: rule: rule_id: oqUz5y - version_id: YDTd6W - url: https://semgrep.dev/playground/r/YDTd6W/python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query + version_id: gETq8A + url: https://semgrep.dev/playground/r/gETq8A/python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query origin: community severity: ERROR languages: @@ -23663,75 +24495,6 @@ rules: - pattern-not-inside: "$PTR = ($CAST)realloc(...);\n...\nfree($PTR); \n" - pattern-not-inside: "$PTR = strdup(...);\n...\nfree($PTR); \n" - pattern-not-inside: "$PTR = strndup(...);\n...\nfree($PTR); \n" -- id: raptor-mismatched-memory-management-cpp - metadata: - author: Marco Ivaldi - references: - - https://cwe.mitre.org/data/definitions/762 - - https://cwe.mitre.org/data/definitions/590 - - https://github.com/struct/mms - - https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples - confidence: LOW - license: MIT - category: security - subcategory: - - audit - source: https://github.com/0xdea/semgrep-rules/blob/main/c/mismatched-memory-management-cpp.yaml - message: The software attempts to return a memory resource to the system, but it - calls a release function that is not compatible with the function that was originally - used to allocate that resource. When the memory management functions are mismatched, - the consequences may be as severe as code execution, memory corruption, or program - crash. Consequences and ease of exploit will vary depending on the implementation - of the routines and the object being managed. Due to inherent limitations of Semgrep, - this rule might generate many false positives and should therefore be customized - for your codebase. - severity: INFO - languages: - - cpp - pattern-either: - - patterns: - - pattern: free($PTR); - - pattern-not-inside: | - $PTR = malloc(...); - ... - free($PTR); - - pattern-not-inside: | - $PTR = ($CAST)malloc(...); - ... - free($PTR); - - pattern-not-inside: | - $PTR = calloc(...); - ... - free($PTR); - - pattern-not-inside: | - $PTR = ($CAST)calloc(...); - ... - free($PTR); - - pattern-not-inside: | - $PTR = realloc(...); - ... - free($PTR); - - pattern-not-inside: "$PTR = ($CAST)realloc(...);\n...\nfree($PTR); \n" - - pattern-not-inside: "$PTR = strdup(...);\n...\nfree($PTR); \n" - - pattern-not-inside: "$PTR = strndup(...);\n...\nfree($PTR); \n" - - patterns: - - pattern: delete[]($PTR); - - pattern-not-inside: | - $PTR = new $OBJ[$SIZE]; - ... - delete[]($PTR); - - patterns: - - pattern: delete($PTR); - - pattern-not-inside: | - $PTR = new $OBJ; - ... - delete($PTR); - - patterns: - - pattern: delete($PTR); - - pattern-inside: | - $PTR = new $OBJ[$SIZE]; - ... - delete($PTR); - id: raptor-off-by-one metadata: author: Marco Ivaldi @@ -23760,8 +24523,16 @@ rules: $TYPE $BUF[$SIZE]; ... $BUF[$SIZE] = $EXPR; - - pattern: for (<... $I = 0 ...>; <... $I <= $SIZE ...>; <... $I++ ...>) ... - - pattern: for ($TYPE $I = 0; <... $I <= $SIZE ...>; <... $I++ ...>) ... + - patterns: + - pattern: "*($BUF + $SIZE) = $EXPR\n" + - pattern-inside: | + $TYPE $BUF[$SIZE]; + ... + *($BUF + $SIZE) = $EXPR; + - pattern: for (<... $I = $NUM ...>; <... $I <= $SIZE ...>; <... $I++ ...>) ... + - pattern: for (<... $I = $NUM ...>; <... $I <= $SIZE ...>; <... ++$I ...>) ... + - pattern: for ($TYPE $I = $NUM; <... $I <= $SIZE ...>; <... $I++ ...>) ... + - pattern: for ($TYPE $I = $NUM; <... $I <= $SIZE ...>; <... ++$I ...>) ... - pattern: while (<... $I <= $SIZE ...>) ... - pattern: do ... while (<... $I <= $SIZE ...>); - pattern: strlen($SRC) > sizeof($DST) @@ -23883,6 +24654,38 @@ rules: - pattern-inside: | $TYPE $VAR = $EXPR; ... +- id: raptor-suspicious-assert + metadata: + author: Marco Ivaldi + references: + - https://legends2k.github.io/note/assert_vs_if/ + - https://github.com/struct/mms + confidence: MEDIUM + license: MIT + category: security + subcategory: + - audit + source: https://github.com/0xdea/semgrep-rules/blob/main/c/suspicious-assert.yaml + message: Most codebases define assertion macros which compile to a no-op on non-debug + builds. If assertions are the only line of defense against untrusted input, the + software may be exposed to attacks that leverage the lack of proper input checks. + severity: WARNING + languages: + - c + - cpp + patterns: + - pattern-either: + - pattern: "$ASSERT(<... $A < $B ...>)" + - pattern: "$ASSERT(<... $A < $B ...>, ...)" + - pattern: "$ASSERT(<... $A <= $B ...>)" + - pattern: "$ASSERT(<... $A <= $B ...>, ...)" + - pattern: "$ASSERT(<... $A > $B ...>)" + - pattern: "$ASSERT(<... $A > $B ...>, ...)" + - pattern: "$ASSERT(<... $A >= $B ...>)" + - pattern: "$ASSERT(<... $A >= $B ...>, ...)" + - metavariable-regex: + metavariable: "$ASSERT" + regex: "(?i)^\\w*assert\\w*\\s*$" - id: raptor-unchecked-ret-malloc-calloc-realloc metadata: author: Marco Ivaldi @@ -24415,7 +25218,7 @@ rules: - 'CWE-345: Insufficient Verification of Data Authenticity' owasp: - A08:2021 - Software and Data Integrity Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -24427,13 +25230,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/ruby.jwt.security.audit.jwt-decode-without-verify.ruby-jwt-decode-without-verify shortlink: https://sg.run/AlYg semgrep.dev: rule: rule_id: KxU426 - version_id: 0bTQ68 - url: https://semgrep.dev/playground/r/0bTQ68/ruby.jwt.security.audit.jwt-decode-without-verify.ruby-jwt-decode-without-verify + version_id: RGTbWA + url: https://semgrep.dev/playground/r/RGTbWA/ruby.jwt.security.audit.jwt-decode-without-verify.ruby-jwt-decode-without-verify origin: community languages: - ruby @@ -24453,7 +25258,7 @@ rules: - A04:2021 - Insecure Design cwe: - 'CWE-522: Insufficiently Protected Credentials' - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -24466,13 +25271,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.audit.jwt-exposed-data.ruby-jwt-exposed-data shortlink: https://sg.run/B4Nb semgrep.dev: rule: rule_id: qNUoYd - version_id: K3TPOZ - url: https://semgrep.dev/playground/r/K3TPOZ/ruby.jwt.security.audit.jwt-exposed-data.ruby-jwt-exposed-data + version_id: A8TRP5 + url: https://semgrep.dev/playground/r/A8TRP5/ruby.jwt.security.audit.jwt-exposed-data.ruby-jwt-exposed-data origin: community languages: - ruby @@ -24496,7 +25303,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ references: - https://cwe.mitre.org/data/definitions/522.html category: security @@ -24509,13 +25316,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.jwt-exposed-credentials.ruby-jwt-exposed-credentials shortlink: https://sg.run/58Y6 semgrep.dev: rule: rule_id: DbUWdB - version_id: qkT9KG - url: https://semgrep.dev/playground/r/qkT9KG/ruby.jwt.security.jwt-exposed-credentials.ruby-jwt-exposed-credentials + version_id: BjTEjp + url: https://semgrep.dev/playground/r/BjTEjp/ruby.jwt.security.jwt-exposed-credentials.ruby-jwt-exposed-credentials origin: community message: Password is exposed through JWT token payload. This is not encrypted and the password could be compromised. Do not store passwords in JWT tokens. @@ -24539,7 +25348,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -24552,13 +25361,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.jwt-hardcode.ruby-jwt-hardcoded-secret shortlink: https://sg.run/GW2B semgrep.dev: rule: rule_id: WAUZz5 - version_id: l4TeNk - url: https://semgrep.dev/playground/r/l4TeNk/ruby.jwt.security.jwt-hardcode.ruby-jwt-hardcoded-secret + version_id: DkTQoR + url: https://semgrep.dev/playground/r/DkTQoR/ruby.jwt.security.jwt-hardcode.ruby-jwt-hardcoded-secret origin: community patterns: - pattern-inside: | @@ -24599,7 +25410,7 @@ rules: owasp: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt @@ -24611,13 +25422,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.jwt.security.jwt-none-alg.ruby-jwt-none-alg shortlink: https://sg.run/R8kE semgrep.dev: rule: rule_id: 0oUExR - version_id: YDTz8L - url: https://semgrep.dev/playground/r/YDTz8L/ruby.jwt.security.jwt-none-alg.ruby-jwt-none-alg + version_id: WrTb58 + url: https://semgrep.dev/playground/r/WrTb58/ruby.jwt.security.jwt-none-alg.ruby-jwt-none-alg origin: community languages: - ruby @@ -24651,13 +25464,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.cookie-serialization.cookie-serialization shortlink: https://sg.run/Wg3y semgrep.dev: rule: rule_id: YGUrq5 - version_id: zyTXeJ - url: https://semgrep.dev/playground/r/zyTXeJ/ruby.lang.security.cookie-serialization.cookie-serialization + version_id: l4T5q2 + url: https://semgrep.dev/playground/r/l4T5q2/ruby.lang.security.cookie-serialization.cookie-serialization origin: community languages: - ruby @@ -24695,13 +25510,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.create-with.create-with shortlink: https://sg.run/0nLk semgrep.dev: rule: rule_id: 6JUqbn - version_id: pZTqQD - url: https://semgrep.dev/playground/r/pZTqQD/ruby.lang.security.create-with.create-with + version_id: YDToG8 + url: https://semgrep.dev/playground/r/YDToG8/ruby.lang.security.create-with.create-with origin: community languages: - ruby @@ -24737,13 +25554,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-open.dangerous-open shortlink: https://sg.run/Al8Q semgrep.dev: rule: rule_id: 0oUEyd - version_id: X0ToJq - url: https://semgrep.dev/playground/r/X0ToJq/ruby.lang.security.dangerous-open.dangerous-open + version_id: o5TnQP + url: https://semgrep.dev/playground/r/o5TnQP/ruby.lang.security.dangerous-open.dangerous-open origin: community severity: WARNING languages: @@ -24779,13 +25598,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-open3-pipeline.dangerous-open3-pipeline shortlink: https://sg.run/B4jv semgrep.dev: rule: rule_id: KxU4nd - version_id: jQTL9x - url: https://semgrep.dev/playground/r/jQTL9x/ruby.lang.security.dangerous-open3-pipeline.dangerous-open3-pipeline + version_id: zyT5g6 + url: https://semgrep.dev/playground/r/zyT5g6/ruby.lang.security.dangerous-open3-pipeline.dangerous-open3-pipeline origin: community severity: WARNING languages: @@ -24819,13 +25640,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-subshell.dangerous-subshell shortlink: https://sg.run/NrxL semgrep.dev: rule: rule_id: OrUGn8 - version_id: 1QT0X9 - url: https://semgrep.dev/playground/r/1QT0X9/ruby.lang.security.dangerous-subshell.dangerous-subshell + version_id: pZTrgg + url: https://semgrep.dev/playground/r/pZTrgg/ruby.lang.security.dangerous-subshell.dangerous-subshell origin: community severity: WARNING languages: @@ -24853,13 +25676,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.dangerous-syscall.dangerous-syscall shortlink: https://sg.run/DJkv semgrep.dev: rule: rule_id: qNUo50 - version_id: 9lTEnj - url: https://semgrep.dev/playground/r/9lTEnj/ruby.lang.security.dangerous-syscall.dangerous-syscall + version_id: 2KT1NB + url: https://semgrep.dev/playground/r/2KT1NB/ruby.lang.security.dangerous-syscall.dangerous-syscall origin: community severity: WARNING languages: @@ -24889,13 +25714,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.lang.security.file-disclosure.file-disclosure shortlink: https://sg.run/qrR1 semgrep.dev: rule: rule_id: zdUyqE - version_id: rxTb8Y - url: https://semgrep.dev/playground/r/rxTb8Y/ruby.lang.security.file-disclosure.file-disclosure + version_id: jQTKe4 + url: https://semgrep.dev/playground/r/jQTKe4/ruby.lang.security.file-disclosure.file-disclosure origin: community languages: - ruby @@ -24932,13 +25759,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/ruby.lang.security.filter-skipping.filter-skipping shortlink: https://sg.run/ljNL semgrep.dev: rule: rule_id: pKUGP7 - version_id: bZTx40 - url: https://semgrep.dev/playground/r/bZTx40/ruby.lang.security.filter-skipping.filter-skipping + version_id: 1QTjWr + url: https://semgrep.dev/playground/r/1QTjWr/ruby.lang.security.filter-skipping.filter-skipping origin: community languages: - ruby @@ -24975,13 +25804,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Hard-coded Secrets source: https://semgrep.dev/r/ruby.lang.security.hardcoded-http-auth-in-controller.hardcoded-http-auth-in-controller shortlink: https://sg.run/6r0w semgrep.dev: rule: rule_id: X5UZWK - version_id: bZTWQP - url: https://semgrep.dev/playground/r/bZTWQP/ruby.lang.security.hardcoded-http-auth-in-controller.hardcoded-http-auth-in-controller + version_id: yeTXbl + url: https://semgrep.dev/playground/r/yeTXbl/ruby.lang.security.hardcoded-http-auth-in-controller.hardcoded-http-auth-in-controller origin: community languages: - ruby @@ -25009,13 +25840,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/ruby.lang.security.jruby-xml.jruby-xml shortlink: https://sg.run/ok07 semgrep.dev: rule: rule_id: j2Uqk5 - version_id: l4T72K - url: https://semgrep.dev/playground/r/l4T72K/ruby.lang.security.jruby-xml.jruby-xml + version_id: NdT1Ww + url: https://semgrep.dev/playground/r/NdT1Ww/ruby.lang.security.jruby-xml.jruby-xml origin: community languages: - ruby @@ -25051,13 +25884,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.lang.security.json-entity-escape.json-entity-escape shortlink: https://sg.run/plr3 semgrep.dev: rule: rule_id: 9AUOQB - version_id: vdTDDj - url: https://semgrep.dev/playground/r/vdTDDj/ruby.lang.security.json-entity-escape.json-entity-escape + version_id: w8T3gb + url: https://semgrep.dev/playground/r/w8T3gb/ruby.lang.security.json-entity-escape.json-entity-escape origin: community languages: - ruby @@ -25086,13 +25921,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.mass-assignment-protection-disabled.mass-assignment-protection-disabled shortlink: https://sg.run/2byz semgrep.dev: rule: rule_id: yyUvkJ - version_id: d6Tnne - url: https://semgrep.dev/playground/r/d6Tnne/ruby.lang.security.mass-assignment-protection-disabled.mass-assignment-protection-disabled + version_id: xyT4bz + url: https://semgrep.dev/playground/r/xyT4bz/ruby.lang.security.mass-assignment-protection-disabled.mass-assignment-protection-disabled origin: community severity: WARNING languages: @@ -25136,13 +25973,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/ruby.lang.security.missing-csrf-protection.missing-csrf-protection shortlink: https://sg.run/XLel semgrep.dev: rule: rule_id: r6UkO5 - version_id: nWTddy - url: https://semgrep.dev/playground/r/nWTddy/ruby.lang.security.missing-csrf-protection.missing-csrf-protection + version_id: e1TxPn + url: https://semgrep.dev/playground/r/e1TxPn/ruby.lang.security.missing-csrf-protection.missing-csrf-protection origin: community languages: - ruby @@ -25169,13 +26008,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.model-attr-accessible.model-attr-accessible shortlink: https://sg.run/jNrZ semgrep.dev: rule: rule_id: bwUOAG - version_id: ExTdd1 - url: https://semgrep.dev/playground/r/ExTdd1/ruby.lang.security.model-attr-accessible.model-attr-accessible + version_id: vdT2bq + url: https://semgrep.dev/playground/r/vdT2bq/ruby.lang.security.model-attr-accessible.model-attr-accessible origin: community languages: - ruby @@ -25242,13 +26083,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.model-attributes-attr-accessible.model-attributes-attr-accessible shortlink: https://sg.run/1nrb semgrep.dev: rule: rule_id: NbUADO - version_id: w8TL7k - url: https://semgrep.dev/playground/r/w8TL7k/ruby.lang.security.model-attributes-attr-accessible.model-attributes-attr-accessible + version_id: d6TDNB + url: https://semgrep.dev/playground/r/d6TDNB/ruby.lang.security.model-attributes-attr-accessible.model-attributes-attr-accessible origin: community languages: - ruby @@ -25273,13 +26116,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/ruby.lang.security.model-attributes-attr-protected.model-attributes-attr-protected shortlink: https://sg.run/9qZk semgrep.dev: rule: rule_id: kxURK4 - version_id: 6xTdz3 - url: https://semgrep.dev/playground/r/6xTdz3/ruby.lang.security.model-attributes-attr-protected.model-attributes-attr-protected + version_id: ZRTwRw + url: https://semgrep.dev/playground/r/ZRTwRw/ruby.lang.security.model-attributes-attr-protected.model-attributes-attr-protected origin: community languages: - ruby @@ -25307,13 +26152,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.nested-attributes-bypass.nested-attributes-bypass shortlink: https://sg.run/yzy8 semgrep.dev: rule: rule_id: wdU891 - version_id: A8TAJ5 - url: https://semgrep.dev/playground/r/A8TAJ5/ruby.lang.security.nested-attributes-bypass.nested-attributes-bypass + version_id: nWT7De + url: https://semgrep.dev/playground/r/nWT7De/ruby.lang.security.nested-attributes-bypass.nested-attributes-bypass origin: community languages: - ruby @@ -25342,13 +26189,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.lang.security.nested-attributes.nested-attributes shortlink: https://sg.run/rA66 semgrep.dev: rule: rule_id: x8UWKK - version_id: o5T0Rq - url: https://semgrep.dev/playground/r/o5T0Rq/ruby.lang.security.nested-attributes.nested-attributes + version_id: ExTn5B + url: https://semgrep.dev/playground/r/ExTn5B/ruby.lang.security.nested-attributes.nested-attributes origin: community languages: - ruby @@ -25379,13 +26228,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.no-send.bad-send shortlink: https://sg.run/Nrbx semgrep.dev: rule: rule_id: eqUv0L - version_id: K3TBzv - url: https://semgrep.dev/playground/r/K3TBzv/ruby.lang.security.no-send.bad-send + version_id: LjT0Dq + url: https://semgrep.dev/playground/r/LjT0Dq/ruby.lang.security.no-send.bad-send origin: community languages: - ruby @@ -25424,13 +26275,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/ruby.lang.security.timing-attack.timing-attack shortlink: https://sg.run/wxdx semgrep.dev: rule: rule_id: d8Uzrz - version_id: zyTpQz - url: https://semgrep.dev/playground/r/zyTpQz/ruby.lang.security.timing-attack.timing-attack + version_id: gETqGA + url: https://semgrep.dev/playground/r/gETqGA/ruby.lang.security.timing-attack.timing-attack origin: community languages: - ruby @@ -25470,27 +26323,27 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.lang.security.unprotected-mass-assign.mass-assignment-vuln shortlink: https://sg.run/xY8e semgrep.dev: rule: rule_id: ZqUqQg - version_id: JdT22e - url: https://semgrep.dev/playground/r/JdT22e/ruby.lang.security.unprotected-mass-assign.mass-assignment-vuln + version_id: QkTJlz + url: https://semgrep.dev/playground/r/QkTJlz/ruby.lang.security.unprotected-mass-assign.mass-assignment-vuln origin: community languages: - ruby severity: WARNING - id: ruby.lang.security.yaml-parsing.yaml-parsing - message: Detected enabled YAML parsing. This is vulnerable to remote code execution - in Rails 2.x versions up to 2.3.14. To fix, delete this line. - fix-regex: - regex: ActionController.*:yaml - replacement: " " + message: This rule is deprecated. severity: WARNING languages: - ruby - pattern: ActionController::Base.param_parsers[Mime::YAML] = :yaml + patterns: + - pattern: a() + - pattern: b() metadata: cwe: - 'CWE-94: Improper Control of Generation of Code (''Code Injection'')' @@ -25508,13 +26361,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.lang.security.yaml-parsing.yaml-parsing shortlink: https://sg.run/v08X semgrep.dev: rule: rule_id: 7KUegx - version_id: RGTBBd - url: https://semgrep.dev/playground/r/RGTBBd/ruby.lang.security.yaml-parsing.yaml-parsing + version_id: jQTZJ8 + url: https://semgrep.dev/playground/r/jQTZJ8/ruby.lang.security.yaml-parsing.yaml-parsing origin: community - id: ruby.rails.security.audit.detailed-exceptions.detailed-exceptions metadata: @@ -25535,13 +26390,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/ruby.rails.security.audit.detailed-exceptions.detailed-exceptions shortlink: https://sg.run/Je0d semgrep.dev: rule: rule_id: 8GUAo4 - version_id: kbTn69 - url: https://semgrep.dev/playground/r/kbTn69/ruby.rails.security.audit.detailed-exceptions.detailed-exceptions + version_id: BjTEOp + url: https://semgrep.dev/playground/r/BjTEOp/ruby.rails.security.audit.detailed-exceptions.detailed-exceptions origin: community message: Found that the setting for providing detailed exception reports in Rails is set to true. This can lead to information exposure, where sensitive system @@ -25594,13 +26451,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.mail-to-erb.mail-to-erb shortlink: https://sg.run/GyBe semgrep.dev: rule: rule_id: QrUn3z - version_id: pZTKx5 - url: https://semgrep.dev/playground/r/pZTKx5/ruby.rails.security.audit.mail-to-erb.mail-to-erb + version_id: WrTb28 + url: https://semgrep.dev/playground/r/WrTb28/ruby.rails.security.audit.mail-to-erb.mail-to-erb origin: community message: This rule is deprecated. languages: @@ -25631,13 +26490,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.mail-to.mail-to shortlink: https://sg.run/Ryp8 semgrep.dev: rule: rule_id: 3qU6KB - version_id: 2KTgwJ - url: https://semgrep.dev/playground/r/2KTgwJ/ruby.rails.security.audit.mail-to.mail-to + version_id: 0bTvRG + url: https://semgrep.dev/playground/r/0bTvRG/ruby.rails.security.audit.mail-to.mail-to origin: community message: This rule is deprecated. languages: @@ -25664,13 +26525,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Denial-of-Service (DoS) source: https://semgrep.dev/r/ruby.rails.security.audit.mime-type-dos.mime-type-dos shortlink: https://sg.run/Oy3p semgrep.dev: rule: rule_id: 10U56J - version_id: BjTw1p - url: https://semgrep.dev/playground/r/BjTw1p/ruby.rails.security.audit.mime-type-dos.mime-type-dos + version_id: K3TlB8 + url: https://semgrep.dev/playground/r/K3TlB8/ruby.rails.security.audit.mime-type-dos.mime-type-dos origin: community message: This rule is deprecated. languages: @@ -25701,13 +26564,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.number-to-currency-erb.number-to-currency-erb shortlink: https://sg.run/eX7l semgrep.dev: rule: rule_id: 9AUZrN - version_id: X0TblN - url: https://semgrep.dev/playground/r/X0TblN/ruby.rails.security.audit.number-to-currency-erb.number-to-currency-erb + version_id: qkTNzJ + url: https://semgrep.dev/playground/r/qkTNzJ/ruby.rails.security.audit.number-to-currency-erb.number-to-currency-erb origin: community message: This rule is deprecated. languages: @@ -25743,13 +26608,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-header-dos.rails-check-header-dos shortlink: https://sg.run/5LY6 semgrep.dev: rule: rule_id: eqUDRY - version_id: 9lTgXw - url: https://semgrep.dev/playground/r/9lTgXw/ruby.rails.security.audit.rails-check-header-dos.rails-check-header-dos + version_id: JdTqA2 + url: https://semgrep.dev/playground/r/JdTqA2/ruby.rails.security.audit.rails-check-header-dos.rails-check-header-dos origin: community - id: ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve patterns: @@ -25781,13 +26648,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve shortlink: https://sg.run/Gg2B semgrep.dev: rule: rule_id: v8UOrb - version_id: DkTDNR - url: https://semgrep.dev/playground/r/DkTDNR/ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve + version_id: 5PT60x + url: https://semgrep.dev/playground/r/5PT60x/ruby.rails.security.audit.rails-check-page-caching-cve.rails-check-page-caching-cve origin: community - id: ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem patterns: @@ -25819,13 +26688,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem shortlink: https://sg.run/RgkE semgrep.dev: rule: rule_id: d8UKw2 - version_id: yeTJ5j - url: https://semgrep.dev/playground/r/yeTJ5j/ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem + version_id: GxT25b + url: https://semgrep.dev/playground/r/GxT25b/ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem origin: community - id: ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos patterns: @@ -25855,13 +26726,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos shortlink: https://sg.run/A5Yg semgrep.dev: rule: rule_id: ZqUl4v - version_id: WrTvE8 - url: https://semgrep.dev/playground/r/WrTvE8/ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos + version_id: RGTbYW + url: https://semgrep.dev/playground/r/RGTbYW/ruby.rails.security.audit.rails-check-render-dos-cve.rails-check-render-dos origin: community - id: ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos patterns: @@ -25891,13 +26764,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos shortlink: https://sg.run/BGNb semgrep.dev: rule: rule_id: nJUyWb - version_id: rxTZGZ - url: https://semgrep.dev/playground/r/rxTZGZ/ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos + version_id: A8TR11 + url: https://semgrep.dev/playground/r/A8TR11/ruby.rails.security.audit.rails-check-render-dos-gem.rails-check-render-dos origin: community - id: ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting patterns: @@ -25925,13 +26800,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting shortlink: https://sg.run/DAj2 semgrep.dev: rule: rule_id: EwUr8l - version_id: bZTq6Y - url: https://semgrep.dev/playground/r/bZTq6Y/ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting + version_id: BjTEOn + url: https://semgrep.dev/playground/r/BjTEOn/ruby.rails.security.audit.rails-check-response-splitting.rails-check-response-splitting origin: community - id: ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection pattern: skip_forgery_protection @@ -25957,13 +26834,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site Request Forgery (CSRF) source: https://semgrep.dev/r/ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection shortlink: https://sg.run/PgwY semgrep.dev: rule: rule_id: QrUnEk - version_id: qkT99q - url: https://semgrep.dev/playground/r/qkT99q/ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection + version_id: DkTQ4P + url: https://semgrep.dev/playground/r/DkTQ4P/ruby.rails.security.audit.rails-skip-forgery-protection.rails-skip-forgery-protection origin: community - id: ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag metadata: @@ -25988,13 +26867,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag shortlink: https://sg.run/dg8P semgrep.dev: rule: rule_id: L1U4qz - version_id: YDTzxq - url: https://semgrep.dev/playground/r/YDTzxq/ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag + version_id: 0bTvRB + url: https://semgrep.dev/playground/r/0bTvRB/ruby.rails.security.audit.xss.avoid-content-tag.avoid-content-tag origin: community message: "'content_tag()' bypasses HTML escaping for some portion of the content. If external data can reach here, this exposes your application to cross-site scripting @@ -26024,13 +26905,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-default-routes.avoid-default-routes shortlink: https://sg.run/Pbrq semgrep.dev: rule: rule_id: qNUXYy - version_id: 6xTAkv - url: https://semgrep.dev/playground/r/6xTAkv/ruby.rails.security.audit.xss.avoid-default-routes.avoid-default-routes + version_id: K3TlBE + url: https://semgrep.dev/playground/r/K3TlBE/ruby.rails.security.audit.xss.avoid-default-routes.avoid-default-routes origin: community message: Default routes are enabled in this routes file. This means any public method on a controller can be called as an action. It is very easy to accidentally expose @@ -26069,13 +26952,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-html-safe.avoid-html-safe shortlink: https://sg.run/Zeq7 semgrep.dev: rule: rule_id: 8GUEQK - version_id: o5TWPk - url: https://semgrep.dev/playground/r/o5TWPk/ruby.rails.security.audit.xss.avoid-html-safe.avoid-html-safe + version_id: qkTNzD + url: https://semgrep.dev/playground/r/qkTNzD/ruby.rails.security.audit.xss.avoid-html-safe.avoid-html-safe origin: community message: "'html_safe()' does not make the supplied string safe. 'html_safe()' bypasses HTML escaping. If external data can reach here, this exposes your application @@ -26109,13 +26994,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-raw.avoid-raw shortlink: https://sg.run/nqJG semgrep.dev: rule: rule_id: gxUW3x - version_id: pZTqJO - url: https://semgrep.dev/playground/r/pZTqJO/ruby.rails.security.audit.xss.avoid-raw.avoid-raw + version_id: YDToj9 + url: https://semgrep.dev/playground/r/YDToj9/ruby.rails.security.audit.xss.avoid-raw.avoid-raw origin: community message: "'raw()' bypasses HTML escaping. If external data can reach here, this exposes your application to cross-site scripting (XSS) attacks. If you must do @@ -26147,13 +27034,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-render-inline.avoid-render-inline shortlink: https://sg.run/E5w8 semgrep.dev: rule: rule_id: QrU6Ww - version_id: jQTLp3 - url: https://semgrep.dev/playground/r/jQTLp3/ruby.rails.security.audit.xss.avoid-render-inline.avoid-render-inline + version_id: zyT5v2 + url: https://semgrep.dev/playground/r/zyT5v2/ruby.rails.security.audit.xss.avoid-render-inline.avoid-render-inline origin: community message: "'render inline: ...' renders an entire ERB template inline and is dangerous. If external data can reach here, this exposes your application to server-side @@ -26185,13 +27074,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.avoid-render-text.avoid-render-text shortlink: https://sg.run/70Kv semgrep.dev: rule: rule_id: 3qUBk4 - version_id: 1QT0n5 - url: https://semgrep.dev/playground/r/1QT0n5/ruby.rails.security.audit.xss.avoid-render-text.avoid-render-text + version_id: pZTrvY + url: https://semgrep.dev/playground/r/pZTrvY/ruby.rails.security.audit.xss.avoid-render-text.avoid-render-text origin: community message: "'render text: ...' actually sets the content-type to 'text/html'. If external data can reach here, this exposes your application to cross-site scripting (XSS) @@ -26225,13 +27116,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.manual-template-creation.manual-template-creation shortlink: https://sg.run/L01L semgrep.dev: rule: rule_id: 4bUzR9 - version_id: 9lTELJ - url: https://semgrep.dev/playground/r/9lTELJ/ruby.rails.security.audit.xss.manual-template-creation.manual-template-creation + version_id: 2KT1Bq + url: https://semgrep.dev/playground/r/2KT1Bq/ruby.rails.security.audit.xss.manual-template-creation.manual-template-creation origin: community message: Detected manual creation of an ERB template. Manual creation of templates may expose your application to server-side template injection (SSTI) or cross-site @@ -26268,13 +27161,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.alias-for-html-safe.alias-for-html-safe shortlink: https://sg.run/8nGJ semgrep.dev: rule: rule_id: PeUkJe - version_id: yeTQzD - url: https://semgrep.dev/playground/r/yeTQzD/ruby.rails.security.audit.xss.templates.alias-for-html-safe.alias-for-html-safe + version_id: X0TPXb + url: https://semgrep.dev/playground/r/X0TPXb/ruby.rails.security.audit.xss.templates.alias-for-html-safe.alias-for-html-safe origin: community languages: - generic @@ -26312,13 +27207,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.avoid-content-tag.avoid-content-tag shortlink: https://sg.run/gJxo semgrep.dev: rule: rule_id: JDUPNG - version_id: rxTbX6 - url: https://semgrep.dev/playground/r/rxTbX6/ruby.rails.security.audit.xss.templates.avoid-content-tag.avoid-content-tag + version_id: jQTKAE + url: https://semgrep.dev/playground/r/jQTKAE/ruby.rails.security.audit.xss.templates.avoid-content-tag.avoid-content-tag origin: community languages: - generic @@ -26356,13 +27253,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.avoid-html-safe.avoid-html-safe shortlink: https://sg.run/Q8rD semgrep.dev: rule: rule_id: 5rU4dE - version_id: bZTxJ1 - url: https://semgrep.dev/playground/r/bZTxJ1/ruby.rails.security.audit.xss.templates.avoid-html-safe.avoid-html-safe + version_id: 1QTjAj + url: https://semgrep.dev/playground/r/1QTjAj/ruby.rails.security.audit.xss.templates.avoid-html-safe.avoid-html-safe origin: community languages: - generic @@ -26400,13 +27299,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.avoid-raw.avoid-raw shortlink: https://sg.run/3Aqg semgrep.dev: rule: rule_id: GdU0vJ - version_id: NdT5Eo - url: https://semgrep.dev/playground/r/NdT5Eo/ruby.rails.security.audit.xss.templates.avoid-raw.avoid-raw + version_id: 9lTzYK + url: https://semgrep.dev/playground/r/9lTzYK/ruby.rails.security.audit.xss.templates.avoid-raw.avoid-raw origin: community languages: - generic @@ -26442,13 +27343,15 @@ rules: likelihood: LOW impact: MEDIUM confidence: LOW + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute shortlink: https://sg.run/PpeN semgrep.dev: rule: rule_id: AbUW9y - version_id: w8T4vp - url: https://semgrep.dev/playground/r/w8T4vp/ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute + version_id: rxTxJO + url: https://semgrep.dev/playground/r/rxTxJO/ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute origin: community languages: - generic @@ -26493,13 +27396,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.var-in-href.var-in-href shortlink: https://sg.run/J3Do semgrep.dev: rule: rule_id: BYUBXo - version_id: xyT91R - url: https://semgrep.dev/playground/r/xyT91R/ruby.rails.security.audit.xss.templates.var-in-href.var-in-href + version_id: bZTGgb + url: https://semgrep.dev/playground/r/bZTGgb/ruby.rails.security.audit.xss.templates.var-in-href.var-in-href origin: community languages: - generic @@ -26539,13 +27444,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/ruby.rails.security.audit.xss.templates.var-in-script-tag.var-in-script-tag shortlink: https://sg.run/58r6 semgrep.dev: rule: rule_id: DbUW6B - version_id: O9T4rE - url: https://semgrep.dev/playground/r/O9T4rE/ruby.rails.security.audit.xss.templates.var-in-script-tag.var-in-script-tag + version_id: NdT1pg + url: https://semgrep.dev/playground/r/NdT1pg/ruby.rails.security.audit.xss.templates.var-in-script-tag.var-in-script-tag origin: community languages: - generic @@ -26597,13 +27504,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cookie Security source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-cookie-store-session-security-attributes.check-cookie-store-session-security-attributes shortlink: https://sg.run/WDYA semgrep.dev: rule: rule_id: KxUw3v - version_id: kbTXXJ - url: https://semgrep.dev/playground/r/kbTXXJ/ruby.rails.security.brakeman.check-cookie-store-session-security-attributes.check-cookie-store-session-security-attributes + version_id: O9Ty2D + url: https://semgrep.dev/playground/r/O9Ty2D/ruby.rails.security.brakeman.check-cookie-store-session-security-attributes.check-cookie-store-session-security-attributes origin: community - id: ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high patterns: @@ -26635,13 +27544,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high shortlink: https://sg.run/4k0Z semgrep.dev: rule: rule_id: 5rUNql - version_id: 7ZT5w6 - url: https://semgrep.dev/playground/r/7ZT5w6/ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high + version_id: d6TD5K + url: https://semgrep.dev/playground/r/d6TD5K/ruby.rails.security.brakeman.check-permit-attributes-high.check-permit-attributes-high origin: community - id: ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium patterns: @@ -26673,13 +27584,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mass Assignment source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium shortlink: https://sg.run/PPLE semgrep.dev: rule: rule_id: GdUoq5 - version_id: LjTxJD - url: https://semgrep.dev/playground/r/LjTxJD/ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium + version_id: ZRTwve + url: https://semgrep.dev/playground/r/ZRTwve/ruby.rails.security.brakeman.check-permit-attributes-medium.check-permit-attributes-medium origin: community - id: ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml paths: @@ -26724,13 +27637,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml shortlink: https://sg.run/0Wvb semgrep.dev: rule: rule_id: qNUpJ5 - version_id: d6Td4o - url: https://semgrep.dev/playground/r/d6Td4o/ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml + version_id: nWT71p + url: https://semgrep.dev/playground/r/nWT71p/ruby.rails.security.brakeman.check-rails-secret-yaml.check-rails-secret-yaml origin: community - id: ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce patterns: @@ -26759,13 +27674,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce shortlink: https://sg.run/Wj3y semgrep.dev: rule: rule_id: 7KUxzd - version_id: NdT8r1 - url: https://semgrep.dev/playground/r/NdT8r1/ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce + version_id: RGTbZW + url: https://semgrep.dev/playground/r/RGTbZW/ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce origin: community - id: rust.lang.security.args-os.args-os message: 'args_os should not be used for security operations. From the docs: "The @@ -26785,13 +27702,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.args-os.args-os shortlink: https://sg.run/G6k6 semgrep.dev: rule: rule_id: DbUeEe - version_id: 0bTkvq - url: https://semgrep.dev/playground/r/0bTkvq/rust.lang.security.args-os.args-os + version_id: l4TPRR + url: https://semgrep.dev/playground/r/l4TPRR/rust.lang.security.args-os.args-os origin: community languages: - rust @@ -26814,13 +27733,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.args.args shortlink: https://sg.run/RADN semgrep.dev: rule: rule_id: WAU6Lk - version_id: K3T9lQ - url: https://semgrep.dev/playground/r/K3T9lQ/rust.lang.security.args.args + version_id: YDTPe7 + url: https://semgrep.dev/playground/r/YDTPe7/rust.lang.security.args.args origin: community languages: - rust @@ -26843,13 +27764,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.current-exe.current-exe shortlink: https://sg.run/AW1B semgrep.dev: rule: rule_id: 0oU6nZ - version_id: qkTgNK - url: https://semgrep.dev/playground/r/qkTgNK/rust.lang.security.current-exe.current-exe + version_id: 6xTK9Y + url: https://semgrep.dev/playground/r/6xTK9Y/rust.lang.security.current-exe.current-exe origin: community languages: - rust @@ -26877,13 +27800,15 @@ rules: impact: MEDIUM subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insecure Hashing Algorithm source: https://semgrep.dev/r/rust.lang.security.insecure-hashes.insecure-hashes shortlink: https://sg.run/B09R semgrep.dev: rule: rule_id: KxUOxA - version_id: l4Tq5e - url: https://semgrep.dev/playground/r/l4Tq5e/rust.lang.security.insecure-hashes.insecure-hashes + version_id: qkTNPD + url: https://semgrep.dev/playground/r/qkTNPD/rust.lang.security.insecure-hashes.insecure-hashes origin: community languages: - rust @@ -26931,13 +27856,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.reqwest-set-sensitive.reqwest-set-sensitive shortlink: https://sg.run/WKlE semgrep.dev: rule: rule_id: lBUNEw - version_id: 6xT7e4 - url: https://semgrep.dev/playground/r/6xT7e4/rust.lang.security.reqwest-set-sensitive.reqwest-set-sensitive + version_id: YDToK9 + url: https://semgrep.dev/playground/r/YDToK9/rust.lang.security.reqwest-set-sensitive.reqwest-set-sensitive origin: community languages: - rust @@ -26962,13 +27889,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/rust.lang.security.temp-dir.temp-dir shortlink: https://sg.run/qzEO semgrep.dev: rule: rule_id: oqU5AO - version_id: pZTgr4 - url: https://semgrep.dev/playground/r/pZTgr4/rust.lang.security.temp-dir.temp-dir + version_id: o5TxD0 + url: https://semgrep.dev/playground/r/o5TxD0/rust.lang.security.temp-dir.temp-dir origin: community languages: - rust @@ -26988,13 +27917,15 @@ rules: impact: LOW subcategory: audit license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/rust.lang.security.unsafe-usage.unsafe-usage shortlink: https://sg.run/lqgo semgrep.dev: rule: rule_id: zdUezd - version_id: 2KTN1k - url: https://semgrep.dev/playground/r/2KTN1k/rust.lang.security.unsafe-usage.unsafe-usage + version_id: pZTr4Y + url: https://semgrep.dev/playground/r/pZTr4Y/rust.lang.security.unsafe-usage.unsafe-usage origin: community languages: - rust @@ -27040,13 +27971,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/scala.lang.security.audit.dangerous-seq-run.dangerous-seq-run shortlink: https://sg.run/79b2 semgrep.dev: rule: rule_id: JDUle4 - version_id: e1TExk - url: https://semgrep.dev/playground/r/e1TExk/scala.lang.security.audit.dangerous-seq-run.dangerous-seq-run + version_id: X0TP0b + url: https://semgrep.dev/playground/r/X0TP0b/scala.lang.security.audit.dangerous-seq-run.dangerous-seq-run origin: community - id: scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run patterns: @@ -27092,13 +28025,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run shortlink: https://sg.run/Lg76 semgrep.dev: rule: rule_id: 5rUy3K - version_id: vdTD2Q - url: https://semgrep.dev/playground/r/vdTD2Q/scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run + version_id: jQTK0E + url: https://semgrep.dev/playground/r/jQTK0E/scala.lang.security.audit.dangerous-shell-run.dangerous-shell-run origin: community - id: scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf patterns: @@ -27140,13 +28075,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf shortlink: https://sg.run/gR6J semgrep.dev: rule: rule_id: 5rUyl4 - version_id: d6TnDx - url: https://semgrep.dev/playground/r/d6TnDx/scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf + version_id: 1QTjwj + url: https://semgrep.dev/playground/r/1QTjwj/scala.lang.security.audit.dispatch-ssrf.dispatch-ssrf origin: community languages: - scala @@ -27171,13 +28108,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/scala.lang.security.audit.insecure-random.insecure-random shortlink: https://sg.run/JxAw semgrep.dev: rule: rule_id: gxUgDk - version_id: nWTd7K - url: https://semgrep.dev/playground/r/nWTd7K/scala.lang.security.audit.insecure-random.insecure-random + version_id: yeTXWw + url: https://semgrep.dev/playground/r/yeTXWw/scala.lang.security.audit.insecure-random.insecure-random origin: community message: Flags the use of a predictable random value from `scala.util.Random`. This can lead to vulnerabilities when used in security contexts, such as in a CSRF @@ -27231,13 +28170,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.lang.security.audit.io-source-ssrf.io-source-ssrf shortlink: https://sg.run/Qbz4 semgrep.dev: rule: rule_id: GdUDOZ - version_id: ExTdnJ - url: https://semgrep.dev/playground/r/ExTdnJ/scala.lang.security.audit.io-source-ssrf.io-source-ssrf + version_id: rxTxpO + url: https://semgrep.dev/playground/r/rxTxpO/scala.lang.security.audit.io-source-ssrf.io-source-ssrf origin: community languages: - scala @@ -27265,13 +28206,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Path Traversal source: https://semgrep.dev/r/scala.lang.security.audit.path-traversal-fromfile.path-traversal-fromfile shortlink: https://sg.run/5D1A semgrep.dev: rule: rule_id: QrUdOZ - version_id: 7ZT5OL - url: https://semgrep.dev/playground/r/7ZT5OL/scala.lang.security.audit.path-traversal-fromfile.path-traversal-fromfile + version_id: bZTG7b + url: https://semgrep.dev/playground/r/bZTG7b/scala.lang.security.audit.path-traversal-fromfile.path-traversal-fromfile origin: community message: Flags cases of possible path traversal. If an unfiltered parameter is passed into 'fromFile', file from an arbitrary filesystem location could be read. This @@ -27327,13 +28270,15 @@ rules: - audit likelihood: MEDIUM impact: MEDIUM + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/scala.lang.security.audit.rsa-padding-set.rsa-padding-set shortlink: https://sg.run/GO5p semgrep.dev: rule: rule_id: 3qUj1Q - version_id: o5Tjyr - url: https://semgrep.dev/playground/r/o5Tjyr/scala.lang.security.audit.rsa-padding-set.rsa-padding-set + version_id: NdT1Kg + url: https://semgrep.dev/playground/r/NdT1Kg/scala.lang.security.audit.rsa-padding-set.rsa-padding-set origin: community message: Usage of RSA without OAEP (Optimal Asymmetric Encryption Padding) may weaken encryption. This could lead to sensitive data exposure. Instead, use RSA with @@ -27417,13 +28362,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/scala.lang.security.audit.sax-dtd-enabled.sax-dtd-enabled shortlink: https://sg.run/QbYP semgrep.dev: rule: rule_id: KxUrkq - version_id: 8KTWb2 - url: https://semgrep.dev/playground/r/8KTWb2/scala.lang.security.audit.sax-dtd-enabled.sax-dtd-enabled + version_id: kbT7Bj + url: https://semgrep.dev/playground/r/kbT7Bj/scala.lang.security.audit.sax-dtd-enabled.sax-dtd-enabled origin: community - id: scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run patterns: @@ -27484,13 +28431,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run shortlink: https://sg.run/wZBY semgrep.dev: rule: rule_id: 6JUEeo - version_id: gETLq9 - url: https://semgrep.dev/playground/r/gETLq9/scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run + version_id: w8T3PJ + url: https://semgrep.dev/playground/r/w8T3PJ/scala.lang.security.audit.scala-dangerous-process-run.scala-dangerous-process-run origin: community - id: scala.lang.security.audit.scalac-debug.scalac-debug patterns: @@ -27522,13 +28471,15 @@ rules: likelihood: LOW impact: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/scala.lang.security.audit.scalac-debug.scalac-debug shortlink: https://sg.run/QbGd semgrep.dev: rule: rule_id: JDUlE0 - version_id: bZTg4Z - url: https://semgrep.dev/playground/r/bZTg4Z/scala.lang.security.audit.scalac-debug.scalac-debug + version_id: xyT4gW + url: https://semgrep.dev/playground/r/xyT4gW/scala.lang.security.audit.scalac-debug.scalac-debug origin: community - id: scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf patterns: @@ -27570,13 +28521,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf shortlink: https://sg.run/OgjB semgrep.dev: rule: rule_id: AbU3xA - version_id: 3ZT7Jk - url: https://semgrep.dev/playground/r/3ZT7Jk/scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf + version_id: O9TyqD + url: https://semgrep.dev/playground/r/O9TyqD/scala.lang.security.audit.scalaj-http-ssrf.scalaj-http-ssrf origin: community languages: - scala @@ -27618,13 +28571,15 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - XML Injection source: https://semgrep.dev/r/scala.lang.security.audit.xmlinputfactory-dtd-enabled.xmlinputfactory-dtd-enabled shortlink: https://sg.run/3BEb semgrep.dev: rule: rule_id: qNUQ7w - version_id: JdT2gy - url: https://semgrep.dev/playground/r/JdT2gy/scala.lang.security.audit.xmlinputfactory-dtd-enabled.xmlinputfactory-dtd-enabled + version_id: d6TD0K + url: https://semgrep.dev/playground/r/d6TD0K/scala.lang.security.audit.xmlinputfactory-dtd-enabled.xmlinputfactory-dtd-enabled origin: community - id: scala.play.security.webservice-ssrf.webservice-ssrf patterns: @@ -27675,13 +28630,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Server-Side Request Forgery (SSRF) source: https://semgrep.dev/r/scala.play.security.webservice-ssrf.webservice-ssrf shortlink: https://sg.run/reRR semgrep.dev: rule: rule_id: PeUxEE - version_id: WrTkxE - url: https://semgrep.dev/playground/r/WrTkxE/scala.play.security.webservice-ssrf.webservice-ssrf + version_id: gETqRr + url: https://semgrep.dev/playground/r/gETqRr/scala.play.security.webservice-ssrf.webservice-ssrf origin: community languages: - scala @@ -27700,7 +28657,7 @@ rules: owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design - source-rule-url: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ + source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ technology: - jwt confidence: HIGH @@ -27712,13 +28669,15 @@ rules: likelihood: MEDIUM impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/scala.scala-jwt.security.jwt-hardcode.scala-jwt-hardcoded-secret shortlink: https://sg.run/Z40o semgrep.dev: rule: rule_id: OrU6W1 - version_id: 0bTQOl - url: https://semgrep.dev/playground/r/0bTQOl/scala.scala-jwt.security.jwt-hardcode.scala-jwt-hardcoded-secret + version_id: QkTJYA + url: https://semgrep.dev/playground/r/QkTJYA/scala.scala-jwt.security.jwt-hardcode.scala-jwt-hardcoded-secret origin: community pattern-either: - pattern: 'com.auth0.jwt.algorithms.Algorithm.HMAC256("..."); @@ -27813,13 +28772,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/scala.slick.security.scala-slick-overridesql-literal.scala-slick-overrideSql-literal shortlink: https://sg.run/PYe0 semgrep.dev: rule: rule_id: wdUA97 - version_id: K3TPyG - url: https://semgrep.dev/playground/r/K3TPyG/scala.slick.security.scala-slick-overridesql-literal.scala-slick-overrideSql-literal + version_id: 3ZTdGb + url: https://semgrep.dev/playground/r/3ZTdGb/scala.slick.security.scala-slick-overridesql-literal.scala-slick-overrideSql-literal origin: community - id: scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal patterns: @@ -27856,13 +28817,15 @@ rules: likelihood: LOW impact: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - SQL Injection source: https://semgrep.dev/r/scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal shortlink: https://sg.run/JgDk semgrep.dev: rule: rule_id: x8UNKe - version_id: qkT9qR - url: https://semgrep.dev/playground/r/qkT9qR/scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal + version_id: 44ToLG + url: https://semgrep.dev/playground/r/44ToLG/scala.slick.security.scala-slick-sql-non-literal.scala-slick-sql-non-literal origin: community - id: terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted patterns: @@ -27918,13 +28881,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted shortlink: https://sg.run/gX7J semgrep.dev: rule: rule_id: NbUXOA - version_id: e1TBKo - url: https://semgrep.dev/playground/r/e1TBKo/terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted + version_id: RGTb6W + url: https://semgrep.dev/playground/r/RGTb6W/terraform.aws.security.aws-athena-workgroup-unencrypted.aws-athena-workgroup-unencrypted origin: community - id: terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted patterns: @@ -27958,13 +28923,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted shortlink: https://sg.run/18yw semgrep.dev: rule: rule_id: x8UxrP - version_id: vdTlQE - url: https://semgrep.dev/playground/r/vdTlQE/terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted + version_id: A8TRO1 + url: https://semgrep.dev/playground/r/A8TRO1/terraform.aws.security.aws-backup-vault-unencrypted.aws-backup-vault-unencrypted origin: community - id: terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk patterns: @@ -27997,13 +28964,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk shortlink: https://sg.run/38kr semgrep.dev: rule: rule_id: wdUl2j - version_id: ZRTbd0 - url: https://semgrep.dev/playground/r/ZRTbd0/terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk + version_id: DkTQPP + url: https://semgrep.dev/playground/r/DkTQPP/terraform.aws.security.aws-cloudtrail-encrypted-with-cmk.aws-cloudtrail-encrypted-with-cmk origin: community languages: - hcl @@ -28045,13 +29014,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-cloudwatch-log-group-unencrypted.aws-cloudwatch-log-group-unencrypted shortlink: https://sg.run/Pg6Y semgrep.dev: rule: rule_id: OrUl0J - version_id: ExTZWz - url: https://semgrep.dev/playground/r/ExTZWz/terraform.aws.security.aws-cloudwatch-log-group-unencrypted.aws-cloudwatch-log-group-unencrypted + version_id: 0bTv8B + url: https://semgrep.dev/playground/r/0bTv8B/terraform.aws.security.aws-cloudwatch-log-group-unencrypted.aws-cloudwatch-log-group-unencrypted origin: community - id: terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted patterns: @@ -28105,13 +29076,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted shortlink: https://sg.run/JeWw semgrep.dev: rule: rule_id: eqUrdZ - version_id: 7ZT8R4 - url: https://semgrep.dev/playground/r/7ZT8R4/terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted + version_id: qkTNdD + url: https://semgrep.dev/playground/r/qkTNdD/terraform.aws.security.aws-codebuild-project-artifacts-unencrypted.aws-codebuild-project-artifacts-unencrypted origin: community - id: terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions pattern-either: @@ -28158,13 +29131,15 @@ rules: impact: MEDIUM confidence: HIGH license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions shortlink: https://sg.run/O6A7 semgrep.dev: rule: rule_id: DbUo7v - version_id: 8KTDll - url: https://semgrep.dev/playground/r/8KTDll/terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions + version_id: YDTo19 + url: https://semgrep.dev/playground/r/YDTo19/terraform.aws.security.aws-config-aggregator-not-all-regions.aws-config-aggregator-not-all-regions origin: community - id: terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk patterns: @@ -28197,13 +29172,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk shortlink: https://sg.run/RyzO semgrep.dev: rule: rule_id: ZqUGEp - version_id: QkT9NO - url: https://semgrep.dev/playground/r/QkT9NO/terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk + version_id: 5PT6RG + url: https://semgrep.dev/playground/r/5PT6RG/terraform.aws.security.aws-docdb-encrypted-with-cmk.aws-docdb-encrypted-with-cmk origin: community languages: - hcl @@ -28244,13 +29221,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.aws.security.aws-documentdb-auditing-disabled.aws-documentdb-auditing-disabled shortlink: https://sg.run/xJYP semgrep.dev: rule: rule_id: AbU1WN - version_id: 3ZT8wN - url: https://semgrep.dev/playground/r/3ZT8wN/terraform.aws.security.aws-documentdb-auditing-disabled.aws-documentdb-auditing-disabled + version_id: GxT2ne + url: https://semgrep.dev/playground/r/GxT2ne/terraform.aws.security.aws-documentdb-auditing-disabled.aws-documentdb-auditing-disabled origin: community - id: terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk patterns: @@ -28286,13 +29265,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk shortlink: https://sg.run/WW14 semgrep.dev: rule: rule_id: L1UPY9 - version_id: RGTyLO - url: https://semgrep.dev/playground/r/RGTyLO/terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk + version_id: 0bTv8O + url: https://semgrep.dev/playground/r/0bTv8O/terraform.aws.security.aws-ebs-volume-encrypted-with-cmk.aws-ebs-volume-encrypted-with-cmk origin: community languages: - hcl @@ -28335,13 +29316,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted shortlink: https://sg.run/6ZbY semgrep.dev: rule: rule_id: YGUKl1 - version_id: A8TBd9 - url: https://semgrep.dev/playground/r/A8TBd9/terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted + version_id: K3TlDN + url: https://semgrep.dev/playground/r/K3TlDN/terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted origin: community - id: terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled patterns: @@ -28394,13 +29377,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled shortlink: https://sg.run/pg9J semgrep.dev: rule: rule_id: zdU0Wo - version_id: 0bTnzE - url: https://semgrep.dev/playground/r/0bTnzE/terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled + version_id: 6xTer5 + url: https://semgrep.dev/playground/r/6xTer5/terraform.aws.security.aws-ec2-launch-template-metadata-service-v1-enabled.aws-ec2-launch-template-metadata-service-v1-enabled origin: community - id: terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags patterns: @@ -28439,13 +29424,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags shortlink: https://sg.run/ZEeL semgrep.dev: rule: rule_id: KxUB4o - version_id: l4TO2x - url: https://semgrep.dev/playground/r/l4TO2x/terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags + version_id: 2KT1ZP + url: https://semgrep.dev/playground/r/2KT1ZP/terraform.aws.security.aws-ecr-mutable-image-tags.aws-ecr-mutable-image-tags origin: community - id: terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk patterns: @@ -28481,13 +29468,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk shortlink: https://sg.run/Kk07 semgrep.dev: rule: rule_id: gxUJ4n - version_id: JdTXxo - url: https://semgrep.dev/playground/r/JdTXxo/terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk + version_id: jQTK8r + url: https://semgrep.dev/playground/r/jQTK8r/terraform.aws.security.aws-efs-filesystem-encrypted-with-cmk.aws-efs-filesystem-encrypted-with-cmk origin: community languages: - hcl @@ -28514,13 +29503,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-elasticache-replication-group-encrypted-with-cmk.aws-elasticache-replication-group-encrypted-with-cmk shortlink: https://sg.run/qyAz semgrep.dev: rule: rule_id: QrUnyQ - version_id: 5PTZ19 - url: https://semgrep.dev/playground/r/5PTZ19/terraform.aws.security.aws-elasticache-replication-group-encrypted-with-cmk.aws-elasticache-replication-group-encrypted-with-cmk + version_id: 1QTjr4 + url: https://semgrep.dev/playground/r/1QTjr4/terraform.aws.security.aws-elasticache-replication-group-encrypted-with-cmk.aws-elasticache-replication-group-encrypted-with-cmk origin: community languages: - hcl @@ -28558,13 +29549,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-emr-encrypted-with-cmk.aws-emr-encrypted-with-cmk shortlink: https://sg.run/6gOo semgrep.dev: rule: rule_id: PeU0L7 - version_id: BjTRZb - url: https://semgrep.dev/playground/r/BjTRZb/terraform.aws.security.aws-emr-encrypted-with-cmk.aws-emr-encrypted-with-cmk + version_id: bZTGn5 + url: https://semgrep.dev/playground/r/bZTGn5/terraform.aws.security.aws-emr-encrypted-with-cmk.aws-emr-encrypted-with-cmk origin: community languages: - hcl @@ -28602,13 +29595,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-lustre-files-ystem.aws-fsx-lustre-filesystem-encrypted-with-cmk shortlink: https://sg.run/oNG9 semgrep.dev: rule: rule_id: JDU6gw - version_id: d6TnOb - url: https://semgrep.dev/playground/r/d6TnOb/terraform.aws.security.aws-fsx-lustre-files-ystem.aws-fsx-lustre-filesystem-encrypted-with-cmk + version_id: NdT1bZ + url: https://semgrep.dev/playground/r/NdT1bZ/terraform.aws.security.aws-fsx-lustre-files-ystem.aws-fsx-lustre-filesystem-encrypted-with-cmk origin: community languages: - hcl @@ -28645,13 +29640,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-lustre-filesystem-encrypted-with-cmk.aws-fsx-lustre-filesystem-encrypted-with-cmk shortlink: https://sg.run/zJ6G semgrep.dev: rule: rule_id: 5rUp50 - version_id: DkTEbw - url: https://semgrep.dev/playground/r/DkTEbw/terraform.aws.security.aws-fsx-lustre-filesystem-encrypted-with-cmk.aws-fsx-lustre-filesystem-encrypted-with-cmk + version_id: kbT7EW + url: https://semgrep.dev/playground/r/kbT7EW/terraform.aws.security.aws-fsx-lustre-filesystem-encrypted-with-cmk.aws-fsx-lustre-filesystem-encrypted-with-cmk origin: community languages: - hcl @@ -28687,13 +29684,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-ontapfs-encrypted-with-cmk.aws-fsx-ontapfs-encrypted-with-cmk shortlink: https://sg.run/pyRg semgrep.dev: rule: rule_id: GdUzwK - version_id: WrTLKG - url: https://semgrep.dev/playground/r/WrTLKG/terraform.aws.security.aws-fsx-ontapfs-encrypted-with-cmk.aws-fsx-ontapfs-encrypted-with-cmk + version_id: w8T3EN + url: https://semgrep.dev/playground/r/w8T3EN/terraform.aws.security.aws-fsx-ontapfs-encrypted-with-cmk.aws-fsx-ontapfs-encrypted-with-cmk origin: community languages: - hcl @@ -28729,13 +29728,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-fsx-windows-encrypted-with-cmk.aws-fsx-windows-encrypted-with-cmk shortlink: https://sg.run/2pN0 semgrep.dev: rule: rule_id: ReUqv6 - version_id: 0bTnzq - url: https://semgrep.dev/playground/r/0bTnzq/terraform.aws.security.aws-fsx-windows-encrypted-with-cmk.aws-fsx-windows-encrypted-with-cmk + version_id: xyT4Ew + url: https://semgrep.dev/playground/r/xyT4Ew/terraform.aws.security.aws-fsx-windows-encrypted-with-cmk.aws-fsx-windows-encrypted-with-cmk origin: community languages: - hcl @@ -28771,13 +29772,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-imagebuilder-component-encrypted-with-cmk.aws-imagebuilder-component-encrypted-with-cmk shortlink: https://sg.run/9vdY semgrep.dev: rule: rule_id: WAUNxL - version_id: YDTLex - url: https://semgrep.dev/playground/r/YDTLex/terraform.aws.security.aws-imagebuilder-component-encrypted-with-cmk.aws-imagebuilder-component-encrypted-with-cmk + version_id: d6TDoE + url: https://semgrep.dev/playground/r/d6TDoE/terraform.aws.security.aws-imagebuilder-component-encrypted-with-cmk.aws-imagebuilder-component-encrypted-with-cmk origin: community languages: - hcl @@ -28813,13 +29816,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-kinesis-stream-encrypted-with-cmk.aws-kinesis-stream-encrypted-with-cmk shortlink: https://sg.run/ryBn semgrep.dev: rule: rule_id: KxU5yW - version_id: zyTz2v - url: https://semgrep.dev/playground/r/zyTz2v/terraform.aws.security.aws-kinesis-stream-encrypted-with-cmk.aws-kinesis-stream-encrypted-with-cmk + version_id: ExTnlP + url: https://semgrep.dev/playground/r/ExTnlP/terraform.aws.security.aws-kinesis-stream-encrypted-with-cmk.aws-kinesis-stream-encrypted-with-cmk origin: community languages: - hcl @@ -28863,13 +29868,15 @@ rules: confidence: MEDIUM rule-origin-note: published from /src/aws-kinesis-stream-unencrypted.yml in None license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-kinesis-stream-unencrypted.aws-kinesis-stream-unencrypted shortlink: https://sg.run/KZ0L semgrep.dev: rule: rule_id: 8GU72N - version_id: DkTA0l - url: https://semgrep.dev/playground/r/DkTA0l/terraform.aws.security.aws-kinesis-stream-unencrypted.aws-kinesis-stream-unencrypted + version_id: 7ZTOGj + url: https://semgrep.dev/playground/r/7ZTOGj/terraform.aws.security.aws-kinesis-stream-unencrypted.aws-kinesis-stream-unencrypted origin: community - id: terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk patterns: @@ -28902,13 +29909,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk shortlink: https://sg.run/bXvp semgrep.dev: rule: rule_id: qNUWqn - version_id: pZTE34 - url: https://semgrep.dev/playground/r/pZTE34/terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk + version_id: LjT0nW + url: https://semgrep.dev/playground/r/LjT0nW/terraform.aws.security.aws-kinesis-video-stream-encrypted-with-cmk.aws-kinesis-video-stream-encrypted-with-cmk origin: community languages: - hcl @@ -28966,13 +29975,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-lambda-environment-unencrypted.aws-lambda-environment-unencrypted shortlink: https://sg.run/x4lz semgrep.dev: rule: rule_id: 5rUp5w - version_id: 1QTGp6 - url: https://semgrep.dev/playground/r/1QTGp6/terraform.aws.security.aws-lambda-environment-unencrypted.aws-lambda-environment-unencrypted + version_id: 3ZTdZ8 + url: https://semgrep.dev/playground/r/3ZTdZ8/terraform.aws.security.aws-lambda-environment-unencrypted.aws-lambda-environment-unencrypted origin: community - id: terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active patterns: @@ -29016,13 +30027,15 @@ rules: impact: LOW confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active shortlink: https://sg.run/wO2Y semgrep.dev: rule: rule_id: eqUl1O - version_id: 9lT0A5 - url: https://semgrep.dev/playground/r/9lT0A5/terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active + version_id: PkTY9P + url: https://semgrep.dev/playground/r/PkTY9P/terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active origin: community - id: terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk patterns: @@ -29056,13 +30069,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk shortlink: https://sg.run/eXnb semgrep.dev: rule: rule_id: ReUqvX - version_id: bZTy3e - url: https://semgrep.dev/playground/r/bZTy3e/terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk + version_id: A8TRK4 + url: https://semgrep.dev/playground/r/A8TRK4/terraform.aws.security.aws-redshift-cluster-encrypted-with-cmk.aws-redshift-cluster-encrypted-with-cmk origin: community languages: - hcl @@ -29098,13 +30113,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-s3-bucket-object-encrypted-with-cmk.aws-s3-bucket-object-encrypted-with-cmk shortlink: https://sg.run/veKA semgrep.dev: rule: rule_id: AbUeYR - version_id: NdT4yR - url: https://semgrep.dev/playground/r/NdT4yR/terraform.aws.security.aws-s3-bucket-object-encrypted-with-cmk.aws-s3-bucket-object-encrypted-with-cmk + version_id: BjTElw + url: https://semgrep.dev/playground/r/BjTElw/terraform.aws.security.aws-s3-bucket-object-encrypted-with-cmk.aws-s3-bucket-object-encrypted-with-cmk origin: community languages: - hcl @@ -29140,13 +30157,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-s3-object-copy-encrypted-with-cmk.aws-s3-object-copy-encrypted-with-cmk shortlink: https://sg.run/d1ZZ semgrep.dev: rule: rule_id: BYUzYY - version_id: kbTJGG - url: https://semgrep.dev/playground/r/kbTJGG/terraform.aws.security.aws-s3-object-copy-encrypted-with-cmk.aws-s3-object-copy-encrypted-with-cmk + version_id: DkTQgO + url: https://semgrep.dev/playground/r/DkTQgO/terraform.aws.security.aws-s3-object-copy-encrypted-with-cmk.aws-s3-object-copy-encrypted-with-cmk origin: community languages: - hcl @@ -29182,13 +30201,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-sagemaker-domain-encrypted-with-cmk.aws-sagemaker-domain-encrypted-with-cmk shortlink: https://sg.run/ZjrD semgrep.dev: rule: rule_id: DbUx8z - version_id: w8TYoL - url: https://semgrep.dev/playground/r/w8TYoL/terraform.aws.security.aws-sagemaker-domain-encrypted-with-cmk.aws-sagemaker-domain-encrypted-with-cmk + version_id: WrTbDb + url: https://semgrep.dev/playground/r/WrTbDb/terraform.aws.security.aws-sagemaker-domain-encrypted-with-cmk.aws-sagemaker-domain-encrypted-with-cmk origin: community languages: - hcl @@ -29231,13 +30252,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-secretsmanager-secret-unencrypted.aws-secretsmanager-secret-unencrypted shortlink: https://sg.run/nrRX semgrep.dev: rule: rule_id: WAUNrz - version_id: xyT6zo - url: https://semgrep.dev/playground/r/xyT6zo/terraform.aws.security.aws-secretsmanager-secret-unencrypted.aws-secretsmanager-secret-unencrypted + version_id: 0bTvDO + url: https://semgrep.dev/playground/r/0bTvDO/terraform.aws.security.aws-secretsmanager-secret-unencrypted.aws-secretsmanager-secret-unencrypted origin: community - id: terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues patterns: @@ -29283,13 +30306,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues shortlink: https://sg.run/EyWw semgrep.dev: rule: rule_id: 0oUrWL - version_id: e1TBj6 - url: https://semgrep.dev/playground/r/e1TBj6/terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues + version_id: 6xTe35 + url: https://semgrep.dev/playground/r/6xTe35/terraform.aws.security.aws-ssm-document-logging-issues.aws-ssm-document-logging-issues origin: community - id: terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address patterns: @@ -29336,13 +30361,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address shortlink: https://sg.run/XJZw semgrep.dev: rule: rule_id: 2ZUo79 - version_id: vdTl62 - url: https://semgrep.dev/playground/r/vdTl62/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address + version_id: o5Tnve + url: https://semgrep.dev/playground/r/o5Tnve/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address origin: community - id: terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk patterns: @@ -29375,13 +30402,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk shortlink: https://sg.run/7nyZ semgrep.dev: rule: rule_id: KxU5Nn - version_id: d6TYxR - url: https://semgrep.dev/playground/r/d6TYxR/terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk + version_id: zyT5dy + url: https://semgrep.dev/playground/r/zyT5dy/terraform.aws.security.aws-timestream-database-encrypted-with-cmk.aws-timestream-database-encrypted-with-cmk origin: community languages: - hcl @@ -29418,13 +30447,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.aws.security.aws-transfer-server-is-public.aws-transfer-server-is-public shortlink: https://sg.run/L39r semgrep.dev: rule: rule_id: qNUWl1 - version_id: ZRTbAj - url: https://semgrep.dev/playground/r/ZRTbAj/terraform.aws.security.aws-transfer-server-is-public.aws-transfer-server-is-public + version_id: pZTrow + url: https://semgrep.dev/playground/r/pZTrow/terraform.aws.security.aws-transfer-server-is-public.aws-transfer-server-is-public origin: community languages: - hcl @@ -29465,13 +30496,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-workspaces-root-volume-unencrypted.aws-workspaces-root-volume-unencrypted shortlink: https://sg.run/8gby semgrep.dev: rule: rule_id: lBUWB9 - version_id: nWT3RW - url: https://semgrep.dev/playground/r/nWT3RW/terraform.aws.security.aws-workspaces-root-volume-unencrypted.aws-workspaces-root-volume-unencrypted + version_id: 2KT1eP + url: https://semgrep.dev/playground/r/2KT1eP/terraform.aws.security.aws-workspaces-root-volume-unencrypted.aws-workspaces-root-volume-unencrypted origin: community - id: terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted patterns: @@ -29508,13 +30541,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted shortlink: https://sg.run/gXdJ semgrep.dev: rule: rule_id: YGUAXr - version_id: ExTZwj - url: https://semgrep.dev/playground/r/ExTZwj/terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted + version_id: X0TPEg + url: https://semgrep.dev/playground/r/X0TPEg/terraform.aws.security.aws-workspaces-user-volume-unencrypted.aws-workspaces-user-volume-unencrypted origin: community - id: terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption patterns: @@ -29550,13 +30585,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption shortlink: https://sg.run/kzro semgrep.dev: rule: rule_id: wdUljO - version_id: LjTj32 - url: https://semgrep.dev/playground/r/LjTj32/terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption + version_id: 1QTjB4 + url: https://semgrep.dev/playground/r/1QTjB4/terraform.aws.security.missing-athena-workgroup-encryption.missing-athena-workgroup-encryption origin: community - id: terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered message: Registering the identity used by an App with AD allows it to interact with @@ -29605,13 +30642,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered shortlink: https://sg.run/PbXY semgrep.dev: rule: rule_id: WAUynd - version_id: qkTDZK - url: https://semgrep.dev/playground/r/qkTDZK/terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered + version_id: w8T3rN + url: https://semgrep.dev/playground/r/w8T3rN/terraform.azure.security.appservice.appservice-account-identity-registered.appservice-account-identity-registered origin: community languages: - hcl @@ -29649,13 +30688,15 @@ rules: impact: MEDIUM confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.azure.security.appservice.azure-appservice-min-tls-version.azure-appservice-min-tls-version shortlink: https://sg.run/rDwn semgrep.dev: rule: rule_id: v8UNL7 - version_id: YDTLyb - url: https://semgrep.dev/playground/r/YDTLyb/terraform.azure.security.appservice.azure-appservice-min-tls-version.azure-appservice-min-tls-version + version_id: 44Topr + url: https://semgrep.dev/playground/r/44Topr/terraform.azure.security.appservice.azure-appservice-min-tls-version.azure-appservice-min-tls-version origin: community languages: - hcl @@ -29711,13 +30752,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authentication source: https://semgrep.dev/r/terraform.azure.security.functionapp.functionapp-authentication-enabled.functionapp-authentication-enabled shortlink: https://sg.run/B6AW semgrep.dev: rule: rule_id: 6JU1X8 - version_id: zyTzp4 - url: https://semgrep.dev/playground/r/zyTzp4/terraform.azure.security.functionapp.functionapp-authentication-enabled.functionapp-authentication-enabled + version_id: e1TxQN + url: https://semgrep.dev/playground/r/e1TxQN/terraform.azure.security.functionapp.functionapp-authentication-enabled.functionapp-authentication-enabled origin: community languages: - hcl @@ -29770,13 +30813,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/terraform.azure.security.functionapp.functionapp-enable-http2.functionapp-enable-http2 shortlink: https://sg.run/DzDY semgrep.dev: rule: rule_id: oqU41L - version_id: pZTEKK - url: https://semgrep.dev/playground/r/pZTEKK/terraform.azure.security.functionapp.functionapp-enable-http2.functionapp-enable-http2 + version_id: vdT2ez + url: https://semgrep.dev/playground/r/vdT2ez/terraform.azure.security.functionapp.functionapp-enable-http2.functionapp-enable-http2 origin: community languages: - hcl @@ -29831,13 +30876,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.azure.security.keyvault.keyvault-specify-network-acl.keyvault-specify-network-acl shortlink: https://sg.run/nKgX semgrep.dev: rule: rule_id: 4bU1jy - version_id: 9lTpjQ - url: https://semgrep.dev/playground/r/9lTpjQ/terraform.azure.security.keyvault.keyvault-specify-network-acl.keyvault-specify-network-acl + version_id: ExTn7G + url: https://semgrep.dev/playground/r/ExTn7G/terraform.azure.security.keyvault.keyvault-specify-network-acl.keyvault-specify-network-acl origin: community languages: - hcl @@ -29901,13 +30948,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.azure.security.storage.storage-allow-microsoft-service-bypass.storage-allow-microsoft-service-bypass shortlink: https://sg.run/WpX4 semgrep.dev: rule: rule_id: GdUreY - version_id: yeTo6R - url: https://semgrep.dev/playground/r/yeTo6R/terraform.azure.security.storage.storage-allow-microsoft-service-bypass.storage-allow-microsoft-service-bypass + version_id: 7ZTO02 + url: https://semgrep.dev/playground/r/7ZTO02/terraform.azure.security.storage.storage-allow-microsoft-service-bypass.storage-allow-microsoft-service-bypass origin: community languages: - hcl @@ -29948,13 +30997,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/terraform.azure.security.storage.storage-default-action-deny.storage-default-action-deny shortlink: https://sg.run/WpN4 semgrep.dev: rule: rule_id: zdUY3N - version_id: rxTW50 - url: https://semgrep.dev/playground/r/rxTW50/terraform.azure.security.storage.storage-default-action-deny.storage-default-action-deny + version_id: LjT0Z1 + url: https://semgrep.dev/playground/r/LjT0Z1/terraform.azure.security.storage.storage-default-action-deny.storage-default-action-deny origin: community languages: - hcl @@ -30009,13 +31060,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.azure.security.storage.storage-queue-services-logging.storage-queue-services-logging shortlink: https://sg.run/0yEv semgrep.dev: rule: rule_id: ReU3L9 - version_id: NdT4xk - url: https://semgrep.dev/playground/r/NdT4xk/terraform.azure.security.storage.storage-queue-services-logging.storage-queue-services-logging + version_id: gETqd4 + url: https://semgrep.dev/playground/r/gETqd4/terraform.azure.security.storage.storage-queue-services-logging.storage-queue-services-logging origin: community languages: - hcl @@ -30058,13 +31111,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/terraform.lang.security.ecr-image-scan-on-push.ecr-image-scan-on-push shortlink: https://sg.run/R8eE semgrep.dev: rule: rule_id: 0oUELR - version_id: 8KTD2R - url: https://semgrep.dev/playground/r/8KTD2R/terraform.lang.security.ecr-image-scan-on-push.ecr-image-scan-on-push + version_id: w8T3OQ + url: https://semgrep.dev/playground/r/w8T3OQ/terraform.lang.security.ecr-image-scan-on-push.ecr-image-scan-on-push origin: community - id: terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging patterns: @@ -30112,13 +31167,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Insufficient Logging source: https://semgrep.dev/r/terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging shortlink: https://sg.run/wZ3n semgrep.dev: rule: rule_id: x8UGx7 - version_id: gETK4K - url: https://semgrep.dev/playground/r/gETK4K/terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging + version_id: xyT47L + url: https://semgrep.dev/playground/r/xyT47L/terraform.lang.security.eks-insufficient-control-plane-logging.eks-insufficient-control-plane-logging origin: community - id: terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled patterns: @@ -30161,13 +31218,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled shortlink: https://sg.run/Albg semgrep.dev: rule: rule_id: KxU4v6 - version_id: QkT9yx - url: https://semgrep.dev/playground/r/QkT9yx/terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled + version_id: O9TygN + url: https://semgrep.dev/playground/r/O9TygN/terraform.lang.security.eks-public-endpoint-enabled.eks-public-endpoint-enabled origin: community - id: terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest patterns: @@ -30209,13 +31268,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest shortlink: https://sg.run/B4Yb semgrep.dev: rule: rule_id: qNUo2d - version_id: 3ZT8J0 - url: https://semgrep.dev/playground/r/3ZT8J0/terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest + version_id: e1TxNg + url: https://semgrep.dev/playground/r/e1TxNg/terraform.lang.security.elastic-search-encryption-at-rest.elastic-search-encryption-at-rest origin: community - id: terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges pattern-either: @@ -30315,13 +31376,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges shortlink: https://sg.run/oY0N semgrep.dev: rule: rule_id: NbUNDX - version_id: 44TD3P - url: https://semgrep.dev/playground/r/44TD3P/terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges + version_id: vdT27p + url: https://semgrep.dev/playground/r/vdT27p/terraform.lang.security.iam.no-iam-admin-privileges.no-iam-admin-privileges origin: community languages: - hcl @@ -30521,13 +31584,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-creds-exposure.no-iam-creds-exposure shortlink: https://sg.run/zxY1 semgrep.dev: rule: rule_id: kxUwK2 - version_id: PkT8LG - url: https://semgrep.dev/playground/r/PkT8LG/terraform.lang.security.iam.no-iam-creds-exposure.no-iam-creds-exposure + version_id: d6TDdj + url: https://semgrep.dev/playground/r/d6TDdj/terraform.lang.security.iam.no-iam-creds-exposure.no-iam-creds-exposure origin: community languages: - hcl @@ -30635,13 +31700,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-data-exfiltration.no-iam-data-exfiltration shortlink: https://sg.run/pYrN semgrep.dev: rule: rule_id: wdUj1k - version_id: JdTXgx - url: https://semgrep.dev/playground/r/JdTXgx/terraform.lang.security.iam.no-iam-data-exfiltration.no-iam-data-exfiltration + version_id: ZRTwYq + url: https://semgrep.dev/playground/r/ZRTwYq/terraform.lang.security.iam.no-iam-data-exfiltration.no-iam-data-exfiltration origin: community languages: - hcl @@ -30748,13 +31815,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-priv-esc-funcs.no-iam-priv-esc-funcs shortlink: https://sg.run/28y5 semgrep.dev: rule: rule_id: x8UxLq - version_id: 5PTZ5z - url: https://semgrep.dev/playground/r/5PTZ5z/terraform.lang.security.iam.no-iam-priv-esc-funcs.no-iam-priv-esc-funcs + version_id: nWT7gr + url: https://semgrep.dev/playground/r/nWT7gr/terraform.lang.security.iam.no-iam-priv-esc-funcs.no-iam-priv-esc-funcs origin: community languages: - hcl @@ -30850,13 +31919,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-priv-esc-other-users.no-iam-priv-esc-other-users shortlink: https://sg.run/XOeA semgrep.dev: rule: rule_id: OrU6jO - version_id: GxT1wA - url: https://semgrep.dev/playground/r/GxT1wA/terraform.lang.security.iam.no-iam-priv-esc-other-users.no-iam-priv-esc-other-users + version_id: ExTn0K + url: https://semgrep.dev/playground/r/ExTn0K/terraform.lang.security.iam.no-iam-priv-esc-other-users.no-iam-priv-esc-other-users origin: community languages: - hcl @@ -30986,13 +32057,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-priv-esc-roles.no-iam-priv-esc-roles shortlink: https://sg.run/jwrA semgrep.dev: rule: rule_id: eqUzR3 - version_id: RGTyv5 - url: https://semgrep.dev/playground/r/RGTyv5/terraform.lang.security.iam.no-iam-priv-esc-roles.no-iam-priv-esc-roles + version_id: 7ZTO4W + url: https://semgrep.dev/playground/r/7ZTO4W/terraform.lang.security.iam.no-iam-priv-esc-roles.no-iam-priv-esc-roles origin: community languages: - hcl @@ -32119,13 +33192,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-resource-exposure.no-iam-resource-exposure shortlink: https://sg.run/18rD semgrep.dev: rule: rule_id: v8U9r0 - version_id: A8TBY6 - url: https://semgrep.dev/playground/r/A8TBY6/terraform.lang.security.iam.no-iam-resource-exposure.no-iam-resource-exposure + version_id: LjT08E + url: https://semgrep.dev/playground/r/LjT08E/terraform.lang.security.iam.no-iam-resource-exposure.no-iam-resource-exposure origin: community languages: - hcl @@ -32198,13 +33273,15 @@ rules: likelihood: LOW impact: LOW confidence: LOW + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.iam.no-iam-star-actions.no-iam-star-actions shortlink: https://sg.run/9rZ4 semgrep.dev: rule: rule_id: d8Uew3 - version_id: BjTRYE - url: https://semgrep.dev/playground/r/BjTRYE/terraform.lang.security.iam.no-iam-star-actions.no-iam-star-actions + version_id: 8KTb8v + url: https://semgrep.dev/playground/r/8KTb8v/terraform.lang.security.iam.no-iam-star-actions.no-iam-star-actions origin: community languages: - hcl @@ -32239,13 +33316,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/terraform.lang.security.rds-public-access.rds-public-access shortlink: https://sg.run/Oye2 semgrep.dev: rule: rule_id: eqUrzK - version_id: WrTLxr - url: https://semgrep.dev/playground/r/WrTLxr/terraform.lang.security.rds-public-access.rds-public-access + version_id: QkTJe0 + url: https://semgrep.dev/playground/r/QkTJe0/terraform.lang.security.rds-public-access.rds-public-access origin: community - id: terraform.lang.security.s3-cors-all-origins.all-origins-allowed patterns: @@ -32272,13 +33351,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/terraform.lang.security.s3-cors-all-origins.all-origins-allowed shortlink: https://sg.run/DJb2 semgrep.dev: rule: rule_id: lBUd4g - version_id: 0bTnWx - url: https://semgrep.dev/playground/r/0bTnWx/terraform.lang.security.s3-cors-all-origins.all-origins-allowed + version_id: 3ZTd0r + url: https://semgrep.dev/playground/r/3ZTd0r/terraform.lang.security.s3-cors-all-origins.all-origins-allowed origin: community - id: terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket patterns: @@ -32314,13 +33395,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket shortlink: https://sg.run/WgAy semgrep.dev: rule: rule_id: YGUrp5 - version_id: K3TxNv - url: https://semgrep.dev/playground/r/K3TxNv/terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket + version_id: 44To0E + url: https://semgrep.dev/playground/r/44To0E/terraform.lang.security.s3-public-read-bucket.s3-public-read-bucket origin: community - id: trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable message: 'Variable `$X` is likely modified and later used on error. In some cases @@ -32342,13 +33425,15 @@ rules: references: - https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable shortlink: https://sg.run/WWQ2 semgrep.dev: rule: rule_id: kxU6Xb - version_id: WrTXA6 - url: https://semgrep.dev/playground/r/WrTXA6/trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable + version_id: PkTpnL + url: https://semgrep.dev/playground/r/PkTpnL/trailofbits.go.invalid-usage-of-modified-variable.invalid-usage-of-modified-variable origin: community patterns: - pattern-either: @@ -32383,13 +33468,15 @@ rules: references: - https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.iterate-over-empty-map.iterate-over-empty-map shortlink: https://sg.run/08jj semgrep.dev: rule: rule_id: wdUlww - version_id: 0bT8YQ - url: https://semgrep.dev/playground/r/0bT8YQ/trailofbits.go.iterate-over-empty-map.iterate-over-empty-map + version_id: JdTJZ7 + url: https://semgrep.dev/playground/r/JdTJZ7/trailofbits.go.iterate-over-empty-map.iterate-over-empty-map origin: community patterns: - pattern: | @@ -32439,13 +33526,15 @@ rules: references: - https://github.com/golang/go/issues/30209 license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.go.string-to-int-signedness-cast.string-to-int-signedness-cast shortlink: https://sg.run/65WB semgrep.dev: rule: rule_id: 4bU2AZ - version_id: zyTw0O - url: https://semgrep.dev/playground/r/zyTw0O/trailofbits.go.string-to-int-signedness-cast.string-to-int-signedness-cast + version_id: WrTRkP + url: https://semgrep.dev/playground/r/WrTRkP/trailofbits.go.string-to-int-signedness-cast.string-to-int-signedness-cast origin: community pattern-either: - patterns: @@ -32564,13 +33653,15 @@ rules: references: - https://www.apollographql.com/docs/apollo-server/v3/security/cors#configuring-cors-options-for-apollo-server license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/trailofbits.javascript.apollo-graphql.v3-cors-audit.v3-potentially-bad-cors shortlink: https://sg.run/ORxR semgrep.dev: rule: rule_id: v8UlNl - version_id: zyT4zv - url: https://semgrep.dev/playground/r/zyT4zv/trailofbits.javascript.apollo-graphql.v3-cors-audit.v3-potentially-bad-cors + version_id: 5PTvBe + url: https://semgrep.dev/playground/r/5PTvBe/trailofbits.javascript.apollo-graphql.v3-cors-audit.v3-potentially-bad-cors origin: community mode: taint pattern-sources: @@ -32608,13 +33699,15 @@ rules: references: - https://pytorch.org/docs/stable/data.html#memory-pinning license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.automatic-memory-pinning.automatic-memory-pinning shortlink: https://sg.run/jz5N semgrep.dev: rule: rule_id: WAUN1Z - version_id: 1QTRwq - url: https://semgrep.dev/playground/r/1QTRwq/trailofbits.python.automatic-memory-pinning.automatic-memory-pinning + version_id: 0bT4Q6 + url: https://semgrep.dev/playground/r/0bT4Q6/trailofbits.python.automatic-memory-pinning.automatic-memory-pinning origin: community pattern-either: - patterns: @@ -32640,13 +33733,15 @@ rules: references: - https://numpy.org/doc/stable/reference/distutils.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.numpy-distutils.numpy-distutils shortlink: https://sg.run/rqGP semgrep.dev: rule: rule_id: GdUgN8 - version_id: yeT4Wg - url: https://semgrep.dev/playground/r/yeT4Wg/trailofbits.python.numpy-distutils.numpy-distutils + version_id: qkT09r + url: https://semgrep.dev/playground/r/qkT09r/trailofbits.python.numpy-distutils.numpy-distutils origin: community patterns: - pattern: 'import numpy.distutils @@ -32672,13 +33767,15 @@ rules: references: - https://numpy.org/doc/stable/f2py/usage.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.numpy-f2py-compile.numpy-f2py-compile shortlink: https://sg.run/bEdP semgrep.dev: rule: rule_id: ReUdJ0 - version_id: rxTpJK - url: https://semgrep.dev/playground/r/rxTpJK/trailofbits.python.numpy-f2py-compile.numpy-f2py-compile + version_id: l4TLe3 + url: https://semgrep.dev/playground/r/l4TLe3/trailofbits.python.numpy-f2py-compile.numpy-f2py-compile origin: community patterns: - pattern: numpy.f2py.compile(...) @@ -32705,47 +33802,15 @@ rules: references: - https://tanelp.github.io/posts/a-bug-that-plagues-thousands-of-open-source-ml-projects license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Cryptographic Issues source: https://semgrep.dev/r/trailofbits.python.numpy-in-pytorch-datasets.numpy-in-pytorch-datasets shortlink: https://sg.run/dnR6 semgrep.dev: rule: rule_id: KxURLn - version_id: bZT7gd - url: https://semgrep.dev/playground/r/bZT7gd/trailofbits.python.numpy-in-pytorch-datasets.numpy-in-pytorch-datasets - origin: community - patterns: - - pattern: | - class $X(torch.utils.data.Dataset): - ... - def __getitem__(...): - ... - numpy.random.randint(...) - ... -- id: trailofbits.python.numpy-in-torch-datasets.numpy-in-torch-datasets - message: 'Using the NumPy RNG inside of a Torch dataset can lead to a number of - issues with loading data, including identical augmentations. Instead, use the - random number generators built into Python and PyTorch ' - languages: - - python - severity: WARNING - metadata: - category: security - cwe: 'CWE-330: Use of Insufficiently Random Values' - subcategory: - - audit - confidence: HIGH - likelihood: MEDIUM - impact: LOW - references: - - https://tanelp.github.io/posts/a-bug-that-plagues-thousands-of-open-source-ml-projects - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.numpy-in-torch-datasets.numpy-in-torch-datasets - shortlink: https://sg.run/yPpP - semgrep.dev: - rule: - rule_id: qNUWZW - version_id: NdTKzk - url: https://semgrep.dev/playground/r/NdTKzk/trailofbits.python.numpy-in-torch-datasets.numpy-in-torch-datasets + version_id: YDT3zG + url: https://semgrep.dev/playground/r/YDT3zG/trailofbits.python.numpy-in-pytorch-datasets.numpy-in-pytorch-datasets origin: community patterns: - pattern: | @@ -32774,13 +33839,15 @@ rules: references: - https://numpy.org/doc/stable/reference/routines.ctypeslib.html#numpy.ctypeslib.load_library license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.numpy-load-library.numpy-load-library shortlink: https://sg.run/NXkL semgrep.dev: rule: rule_id: AbUxDq - version_id: kbTByq - url: https://semgrep.dev/playground/r/kbTByq/trailofbits.python.numpy-load-library.numpy-load-library + version_id: 6xTLAO + url: https://semgrep.dev/playground/r/6xTLAO/trailofbits.python.numpy-load-library.numpy-load-library origin: community patterns: - pattern: numpy.ctypeslib.load_library(...) @@ -32804,13 +33871,15 @@ rules: references: - https://onnxruntime.ai/docs/reference/operators/add-custom-op.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.onnx-session-options.onnx-session-options shortlink: https://sg.run/kRd1 semgrep.dev: rule: rule_id: BYUoqy - version_id: w8TPBe - url: https://semgrep.dev/playground/r/w8TPBe/trailofbits.python.onnx-session-options.onnx-session-options + version_id: o5T7Wp + url: https://semgrep.dev/playground/r/o5T7Wp/trailofbits.python.onnx-session-options.onnx-session-options origin: community patterns: - pattern-inside: | @@ -32837,13 +33906,15 @@ rules: references: - https://pytorch.org/tutorials/advanced/torch_script_custom_classes.html license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.pytorch-classes-load-library.pytorch-classes-load-library shortlink: https://sg.run/nD6d semgrep.dev: rule: rule_id: lBUYD9 - version_id: d6T00r - url: https://semgrep.dev/playground/r/d6T00r/trailofbits.python.pytorch-classes-load-library.pytorch-classes-load-library + version_id: jQTELP + url: https://semgrep.dev/playground/r/jQTELP/trailofbits.python.pytorch-classes-load-library.pytorch-classes-load-library origin: community patterns: - pattern: torch.classes.load_library(...) @@ -32869,13 +33940,15 @@ rules: - https://pytorch.org/docs/1.13/package.html#torch-package - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - 'Insecure Deserialization ' source: https://semgrep.dev/r/trailofbits.python.pytorch-package.pytorch-package shortlink: https://sg.run/EK35 semgrep.dev: rule: rule_id: PeUKGk - version_id: ZRT996 - url: https://semgrep.dev/playground/r/ZRT996/trailofbits.python.pytorch-package.pytorch-package + version_id: 1QTD01 + url: https://semgrep.dev/playground/r/1QTD01/trailofbits.python.pytorch-package.pytorch-package origin: community pattern: import torch.package - id: trailofbits.python.tensorflow-load-library.tensorflow-load-library @@ -32898,13 +33971,15 @@ rules: - https://www.tensorflow.org/api_docs/python/tf/load_library - https://www.tensorflow.org/api_docs/python/tf/load_op_library license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Dangerous Method or Function source: https://semgrep.dev/r/trailofbits.python.tensorflow-load-library.tensorflow-load-library shortlink: https://sg.run/xp0j semgrep.dev: rule: rule_id: WAUgBJ - version_id: LjTWWr - url: https://semgrep.dev/playground/r/LjTWWr/trailofbits.python.tensorflow-load-library.tensorflow-load-library + version_id: rxT5bv + url: https://semgrep.dev/playground/r/rxT5bv/trailofbits.python.tensorflow-load-library.tensorflow-load-library origin: community patterns: - pattern-either: @@ -32912,60 +33987,6 @@ rules: - pattern: tensorflow.load_op_library(...) - pattern-not: tensorflow.load_library("...") - pattern-not: tensorflow.load_op_library("...") -- id: trailofbits.python.torch-classes-load-library.torch-classes-load-library - message: Loading custom operator libraries can result in arbitrary code execution - languages: - - python - severity: ERROR - metadata: - category: security - cwe: 'CWE-676: Use of Potentially Dangerous Function' - subcategory: - - audit - confidence: MEDIUM - likelihood: MEDIUM - impact: HIGH - references: - - https://pytorch.org/tutorials/advanced/torch_script_custom_classes.html - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.torch-classes-load-library.torch-classes-load-library - shortlink: https://sg.run/Oj37 - semgrep.dev: - rule: - rule_id: 0oUZN9 - version_id: nWTb2o - url: https://semgrep.dev/playground/r/nWTb2o/trailofbits.python.torch-classes-load-library.torch-classes-load-library - origin: community - patterns: - - pattern: torch.classes.load_library(...) - - pattern-not: torch.classes.load_library("...") -- id: trailofbits.python.torch-package.torch-package - message: Avoid importing torch.package - it can result in arbitrary code execution - via pickle - languages: - - python - severity: WARNING - metadata: - category: security - cwe: 'CWE-502: Deserialization of Untrusted Data' - subcategory: - - audit - confidence: LOW - likelihood: MEDIUM - impact: HIGH - references: - - https://pytorch.org/docs/1.13/package.html#torch-package - - https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/ - license: CC-BY-NC-SA-4.0 - source: https://semgrep.dev/r/trailofbits.python.torch-package.torch-package - shortlink: https://sg.run/wZoA - semgrep.dev: - rule: - rule_id: GdUzA8 - version_id: ExTLEE - url: https://semgrep.dev/playground/r/ExTLEE/trailofbits.python.torch-package.torch-package - origin: community - pattern: import torch.package - id: trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result message: "`expect` or `unwrap` called in function returning a `Result`" languages: @@ -32985,13 +34006,15 @@ rules: references: - https://doc.rust-lang.org/std/result/ license: CC-BY-NC-SA-4.0 + vulnerability_class: + - Other source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result shortlink: https://sg.run/WpeL semgrep.dev: rule: rule_id: 2ZUPQ3 - version_id: gETRRJ - url: https://semgrep.dev/playground/r/gETRRJ/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result + version_id: NdTx5j + url: https://semgrep.dev/playground/r/NdTx5j/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result origin: community patterns: - pattern-either: @@ -33042,13 +34065,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/typescript.lang.security.audit.cors-regex-wildcard.cors-regex-wildcard shortlink: https://sg.run/w13x semgrep.dev: rule: rule_id: qNUbXo - version_id: o5TWko - url: https://semgrep.dev/playground/r/o5TWko/typescript.lang.security.audit.cors-regex-wildcard.cors-regex-wildcard + version_id: WrTb4e + url: https://semgrep.dev/playground/r/WrTb4e/typescript.lang.security.audit.cors-regex-wildcard.cors-regex-wildcard origin: community languages: - ts @@ -33087,13 +34112,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Validation source: https://semgrep.dev/r/typescript.nestjs.security.audit.nestjs-header-cors-any.nestjs-header-cors-any shortlink: https://sg.run/ljBL semgrep.dev: rule: rule_id: pKUG17 - version_id: zyTXjr - url: https://semgrep.dev/playground/r/zyTXjr/typescript.nestjs.security.audit.nestjs-header-cors-any.nestjs-header-cors-any + version_id: 0bTvPk + url: https://semgrep.dev/playground/r/0bTvPk/typescript.nestjs.security.audit.nestjs-header-cors-any.nestjs-header-cors-any origin: community languages: - typescript @@ -33137,13 +34164,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.nestjs.security.audit.nestjs-header-xss-disabled.nestjs-header-xss-disabled shortlink: https://sg.run/YgGW semgrep.dev: rule: rule_id: 2ZU4zx - version_id: pZTqkx - url: https://semgrep.dev/playground/r/pZTqkx/typescript.nestjs.security.audit.nestjs-header-xss-disabled.nestjs-header-xss-disabled + version_id: K3TlWB + url: https://semgrep.dev/playground/r/K3TlWB/typescript.nestjs.security.audit.nestjs-header-xss-disabled.nestjs-header-xss-disabled origin: community languages: - typescript @@ -33175,13 +34204,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Open Redirect source: https://semgrep.dev/r/typescript.nestjs.security.audit.nestjs-open-redirect.nestjs-open-redirect shortlink: https://sg.run/6rJw semgrep.dev: rule: rule_id: X5UZQK - version_id: 2KTAG6 - url: https://semgrep.dev/playground/r/2KTAG6/typescript.nestjs.security.audit.nestjs-open-redirect.nestjs-open-redirect + version_id: qkTN8P + url: https://semgrep.dev/playground/r/qkTN8P/typescript.nestjs.security.audit.nestjs-open-redirect.nestjs-open-redirect origin: community languages: - typescript @@ -33223,13 +34254,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-css-injection.react-css-injection shortlink: https://sg.run/yze8 semgrep.dev: rule: rule_id: wdU861 - version_id: X0ToOo - url: https://semgrep.dev/playground/r/X0ToOo/typescript.react.security.audit.react-css-injection.react-css-injection + version_id: l4T5nK + url: https://semgrep.dev/playground/r/l4T5nK/typescript.react.security.audit.react-css-injection.react-css-injection origin: community languages: - typescript @@ -33264,13 +34297,15 @@ rules: - audit likelihood: LOW impact: MEDIUM + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-href-var.react-href-var shortlink: https://sg.run/bDZZ semgrep.dev: rule: rule_id: OrUGkk - version_id: BjT3ZO - url: https://semgrep.dev/playground/r/BjT3ZO/typescript.react.security.audit.react-href-var.react-href-var + version_id: 6xTeP3 + url: https://semgrep.dev/playground/r/6xTeP3/typescript.react.security.audit.react-href-var.react-href-var origin: community languages: - typescript @@ -33349,13 +34384,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-http-leak.react-http-leak shortlink: https://sg.run/kLbX semgrep.dev: rule: rule_id: v8U51n - version_id: yeTQ39 - url: https://semgrep.dev/playground/r/yeTQ39/typescript.react.security.audit.react-http-leak.react-http-leak + version_id: zyT57z + url: https://semgrep.dev/playground/r/zyT57z/typescript.react.security.audit.react-http-leak.react-http-leak origin: community languages: - typescript @@ -33382,13 +34419,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-jwt-decoded-property.react-jwt-decoded-property shortlink: https://sg.run/wx8x semgrep.dev: rule: rule_id: d8Uzqz - version_id: rxTb0J - url: https://semgrep.dev/playground/r/rxTb0J/typescript.react.security.audit.react-jwt-decoded-property.react-jwt-decoded-property + version_id: pZTr75 + url: https://semgrep.dev/playground/r/pZTr75/typescript.react.security.audit.react-jwt-decoded-property.react-jwt-decoded-property origin: community languages: - typescript @@ -33421,13 +34460,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-jwt-in-localstorage.react-jwt-in-localstorage shortlink: https://sg.run/xYye semgrep.dev: rule: rule_id: ZqUq6g - version_id: bZTxR7 - url: https://semgrep.dev/playground/r/bZTxR7/typescript.react.security.audit.react-jwt-in-localstorage.react-jwt-in-localstorage + version_id: 2KT1JJ + url: https://semgrep.dev/playground/r/2KT1JJ/typescript.react.security.audit.react-jwt-in-localstorage.react-jwt-in-localstorage origin: community languages: - typescript @@ -33467,13 +34508,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Mishandled Sensitive Information source: https://semgrep.dev/r/typescript.react.security.audit.react-missing-noopener.react-missing-noopener shortlink: https://sg.run/O19e semgrep.dev: rule: rule_id: nJUYOZ - version_id: NdT5gb - url: https://semgrep.dev/playground/r/NdT5gb/typescript.react.security.audit.react-missing-noopener.react-missing-noopener + version_id: X0TP6N + url: https://semgrep.dev/playground/r/X0TP6N/typescript.react.security.audit.react-missing-noopener.react-missing-noopener origin: community languages: - typescript @@ -33505,13 +34548,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-props-injection.react-props-injection shortlink: https://sg.run/dg6P semgrep.dev: rule: rule_id: L1U47z - version_id: xyT9v6 - url: https://semgrep.dev/playground/r/xyT9v6/typescript.react.security.audit.react-props-injection.react-props-injection + version_id: 9lTzPw + url: https://semgrep.dev/playground/r/9lTzPw/typescript.react.security.audit.react-props-injection.react-props-injection origin: community languages: - typescript @@ -33536,7 +34581,7 @@ rules: references: - https://v5.reactrouter.com/web/api/Redirect - https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html - - https://r2c.dev + - https://semgrep.dev cwe2022-top25: true cwe2021-top25: true subcategory: @@ -33545,13 +34590,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-router-redirect.react-router-redirect shortlink: https://sg.run/ZeR7 semgrep.dev: rule: rule_id: 8GUE4K - version_id: O9T4k5 - url: https://semgrep.dev/playground/r/O9T4k5/typescript.react.security.audit.react-router-redirect.react-router-redirect + version_id: yeTX7j + url: https://semgrep.dev/playground/r/yeTX7j/typescript.react.security.audit.react-router-redirect.react-router-redirect origin: community languages: - typescript @@ -33583,13 +34630,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.audit.react-styled-components-injection.react-styled-components-injection shortlink: https://sg.run/nqWG semgrep.dev: rule: rule_id: gxUW6x - version_id: e1TEgN - url: https://semgrep.dev/playground/r/e1TEgN/typescript.react.security.audit.react-styled-components-injection.react-styled-components-injection + version_id: rxTx7Z + url: https://semgrep.dev/playground/r/rxTx7Z/typescript.react.security.audit.react-styled-components-injection.react-styled-components-injection origin: community languages: - typescript @@ -33612,7 +34661,7 @@ rules: - 'CWE-79: Improper Neutralization of Input During Web Page Generation (''Cross-site Scripting'')' references: - - https://r2c.dev + - https://semgrep.dev cwe2022-top25: true cwe2021-top25: true subcategory: @@ -33621,13 +34670,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.react-controlled-component-password.react-controlled-component-password shortlink: https://sg.run/jN2Z semgrep.dev: rule: rule_id: bwUObG - version_id: ZRTB6A - url: https://semgrep.dev/playground/r/ZRTB6A/typescript.react.security.react-controlled-component-password.react-controlled-component-password + version_id: kbT7nA + url: https://semgrep.dev/playground/r/kbT7nA/typescript.react.security.react-controlled-component-password.react-controlled-component-password origin: community languages: - typescript @@ -33660,13 +34711,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/typescript.react.security.react-markdown-insecure-html.react-markdown-insecure-html shortlink: https://sg.run/9qAk semgrep.dev: rule: rule_id: kxURd4 - version_id: ExTdRG - url: https://semgrep.dev/playground/r/ExTdRG/typescript.react.security.react-markdown-insecure-html.react-markdown-insecure-html + version_id: xyT4eL + url: https://semgrep.dev/playground/r/xyT4eL/typescript.react.security.react-markdown-insecure-html.react-markdown-insecure-html origin: community languages: - typescript @@ -33762,13 +34815,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.exposing-docker-socket-volume.exposing-docker-socket-volume shortlink: https://sg.run/O14b semgrep.dev: rule: rule_id: eqUvZ9 - version_id: PkTE9d - url: https://semgrep.dev/playground/r/PkTE9d/yaml.docker-compose.security.exposing-docker-socket-volume.exposing-docker-socket-volume + version_id: e1Txkg + url: https://semgrep.dev/playground/r/e1Txkg/yaml.docker-compose.security.exposing-docker-socket-volume.exposing-docker-socket-volume origin: community languages: - yaml @@ -33815,13 +34870,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.no-new-privileges.no-new-privileges shortlink: https://sg.run/0n8q semgrep.dev: rule: rule_id: qNUoWr - version_id: JdT2Ez - url: https://semgrep.dev/playground/r/JdT2Ez/yaml.docker-compose.security.no-new-privileges.no-new-privileges + version_id: vdT2zp + url: https://semgrep.dev/playground/r/vdT2zp/yaml.docker-compose.security.no-new-privileges.no-new-privileges origin: community languages: - yaml @@ -33860,13 +34917,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.seccomp-confinement-disabled.seccomp-confinement-disabled shortlink: https://sg.run/KWkY semgrep.dev: rule: rule_id: lBUdW3 - version_id: GxT43l - url: https://semgrep.dev/playground/r/GxT43l/yaml.docker-compose.security.seccomp-confinement-disabled.seccomp-confinement-disabled + version_id: ZRTwPq + url: https://semgrep.dev/playground/r/ZRTwPq/yaml.docker-compose.security.seccomp-confinement-disabled.seccomp-confinement-disabled origin: community languages: - yaml @@ -33906,13 +34965,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.selinux-separation-disabled.selinux-separation-disabled shortlink: https://sg.run/qryb semgrep.dev: rule: rule_id: YGUrAG - version_id: RGTB8n - url: https://semgrep.dev/playground/r/RGTB8n/yaml.docker-compose.security.selinux-separation-disabled.selinux-separation-disabled + version_id: nWT74r + url: https://semgrep.dev/playground/r/nWT74r/yaml.docker-compose.security.selinux-separation-disabled.selinux-separation-disabled origin: community languages: - yaml @@ -33960,13 +35021,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service shortlink: https://sg.run/e4JE semgrep.dev: rule: rule_id: v8U5vN - version_id: A8TyKp - url: https://semgrep.dev/playground/r/A8TyKp/yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service + version_id: ExTnDK + url: https://semgrep.dev/playground/r/ExTnDK/yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service origin: community languages: - yaml @@ -34001,13 +35064,15 @@ rules: impact: HIGH confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Command Injection source: https://semgrep.dev/r/yaml.github-actions.security.curl-eval.curl-eval shortlink: https://sg.run/9r7r semgrep.dev: rule: rule_id: X5Udrd - version_id: DkT3ge - url: https://semgrep.dev/playground/r/DkT3ge/yaml.github-actions.security.curl-eval.curl-eval + version_id: LjT0bE + url: https://semgrep.dev/playground/r/LjT0bE/yaml.github-actions.security.curl-eval.curl-eval origin: community patterns: - pattern-inside: 'steps: [...]' @@ -34056,13 +35121,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Code Injection source: https://semgrep.dev/r/yaml.github-actions.security.pull-request-target-code-checkout.pull-request-target-code-checkout shortlink: https://sg.run/jkdn semgrep.dev: rule: rule_id: d8Ulkd - version_id: 0bTQDZ - url: https://semgrep.dev/playground/r/0bTQDZ/yaml.github-actions.security.pull-request-target-code-checkout.pull-request-target-code-checkout + version_id: gETq2e + url: https://semgrep.dev/playground/r/gETq2e/yaml.github-actions.security.pull-request-target-code-checkout.pull-request-target-code-checkout origin: community patterns: - pattern-either: @@ -34123,13 +35190,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Active Debug Code source: https://semgrep.dev/r/yaml.kubernetes.security.env.flask-debugging-enabled.flask-debugging-enabled shortlink: https://sg.run/y6x8 semgrep.dev: rule: rule_id: WAUP0z - version_id: e1T2AE - url: https://semgrep.dev/playground/r/e1T2AE/yaml.kubernetes.security.env.flask-debugging-enabled.flask-debugging-enabled + version_id: 5PT6Dr + url: https://semgrep.dev/playground/r/5PT6Dr/yaml.kubernetes.security.env.flask-debugging-enabled.flask-debugging-enabled origin: community patterns: - pattern-inside: 'env: [...] @@ -34166,13 +35235,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.hostipc-pod.hostipc-pod shortlink: https://sg.run/nqGO semgrep.dev: rule: rule_id: nJUYPE - version_id: 5PTBQQ - url: https://semgrep.dev/playground/r/5PTBQQ/yaml.kubernetes.security.hostipc-pod.hostipc-pod + version_id: RGTbGr + url: https://semgrep.dev/playground/r/RGTbGr/yaml.kubernetes.security.hostipc-pod.hostipc-pod origin: community languages: - yaml @@ -34203,13 +35274,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Other source: https://semgrep.dev/r/yaml.kubernetes.security.hostnetwork-pod.hostnetwork-pod shortlink: https://sg.run/E51A semgrep.dev: rule: rule_id: EwU4NO - version_id: GxT43y - url: https://semgrep.dev/playground/r/GxT43y/yaml.kubernetes.security.hostnetwork-pod.hostnetwork-pod + version_id: A8TR7n + url: https://semgrep.dev/playground/r/A8TR7n/yaml.kubernetes.security.hostnetwork-pod.hostnetwork-pod origin: community languages: - yaml @@ -34241,13 +35314,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.hostpid-pod.hostpid-pod shortlink: https://sg.run/708R semgrep.dev: rule: rule_id: 7KUeo0 - version_id: RGTB8J - url: https://semgrep.dev/playground/r/RGTB8J/yaml.kubernetes.security.hostpid-pod.hostpid-pod + version_id: BjTE0Q + url: https://semgrep.dev/playground/r/BjTE0Q/yaml.kubernetes.security.hostpid-pod.hostpid-pod origin: community languages: - yaml @@ -34309,13 +35384,15 @@ rules: impact: HIGH confidence: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.run-as-non-root-unsafe-value.run-as-non-root-unsafe-value shortlink: https://sg.run/D9No semgrep.dev: rule: rule_id: L1UAxy - version_id: GxTyyA - url: https://semgrep.dev/playground/r/GxTyyA/yaml.kubernetes.security.run-as-non-root-unsafe-value.run-as-non-root-unsafe-value + version_id: qkTNnP + url: https://semgrep.dev/playground/r/qkTNnP/yaml.kubernetes.security.run-as-non-root-unsafe-value.run-as-non-root-unsafe-value origin: community languages: - yaml @@ -34387,13 +35464,15 @@ rules: impact: LOW confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.run-as-non-root.run-as-non-root shortlink: https://sg.run/dgP5 semgrep.dev: rule: rule_id: ZqUqeK - version_id: RGT775 - url: https://semgrep.dev/playground/r/RGT775/yaml.kubernetes.security.run-as-non-root.run-as-non-root + version_id: l4T5OK + url: https://semgrep.dev/playground/r/l4T5OK/yaml.kubernetes.security.run-as-non-root.run-as-non-root origin: community languages: - yaml @@ -34442,13 +35521,15 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] + vulnerability_class: + - Improper Authorization source: https://semgrep.dev/r/yaml.kubernetes.security.writable-filesystem-container.writable-filesystem-container shortlink: https://sg.run/ZePL semgrep.dev: rule: rule_id: nJUYn9 - version_id: l4Tegj - url: https://semgrep.dev/playground/r/l4Tegj/yaml.kubernetes.security.writable-filesystem-container.writable-filesystem-container + version_id: RGTbGj + url: https://semgrep.dev/playground/r/RGTbGj/yaml.kubernetes.security.writable-filesystem-container.writable-filesystem-container origin: community languages: - yaml diff --git a/assets/semgrep_rules/generated/oss/others.yaml b/assets/semgrep_rules/generated/oss/others.yaml index 29614ef7..182e49be 100644 --- a/assets/semgrep_rules/generated/oss/others.yaml +++ b/assets/semgrep_rules/generated/oss/others.yaml @@ -7476,13 +7476,15 @@ rules: masvs: storage-7 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.hidden_ui.android_hidden_ui shortlink: https://sg.run/YeEe semgrep.dev: rule: rule_id: L1UJDJ - version_id: w8TPz2 - url: https://semgrep.dev/playground/r/w8TPz2/mobsf.mobsfscan.android.hidden_ui.android_hidden_ui + version_id: PkTpOL + url: https://semgrep.dev/playground/r/PkTpOL/mobsf.mobsfscan.android.hidden_ui.android_hidden_ui origin: community - id: mobsf.mobsfscan.android.logging.android_logging patterns: @@ -7533,13 +7535,15 @@ rules: masvs: storage-3 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.logging.android_logging shortlink: https://sg.run/6pQo semgrep.dev: rule: rule_id: 8GU0OP - version_id: xyTgAJ - url: https://semgrep.dev/playground/r/xyTgAJ/mobsf.mobsfscan.android.logging.android_logging + version_id: JdTJe7 + url: https://semgrep.dev/playground/r/JdTJe7/mobsf.mobsfscan.android.logging.android_logging origin: community - id: mobsf.mobsfscan.android.secrets.hardcoded_api_key patterns: @@ -7565,13 +7569,15 @@ rules: masvs: storage-14 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#storing-a-key---example license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.secrets.hardcoded_api_key shortlink: https://sg.run/p02g semgrep.dev: rule: rule_id: 3qUgDz - version_id: vdTwn1 - url: https://semgrep.dev/playground/r/vdTwn1/mobsf.mobsfscan.android.secrets.hardcoded_api_key + version_id: RGTXwe + url: https://semgrep.dev/playground/r/RGTXwe/mobsf.mobsfscan.android.secrets.hardcoded_api_key origin: community - id: mobsf.mobsfscan.android.secrets.hardcoded_password patterns: @@ -7597,13 +7603,15 @@ rules: masvs: storage-14 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#storing-a-key---example license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.secrets.hardcoded_password shortlink: https://sg.run/oWp9 semgrep.dev: rule: rule_id: gxUpG8 - version_id: O9Tq3j - url: https://semgrep.dev/playground/r/O9Tq3j/mobsf.mobsfscan.android.secrets.hardcoded_password + version_id: 5PTvYJ + url: https://semgrep.dev/playground/r/5PTvYJ/mobsf.mobsfscan.android.secrets.hardcoded_password origin: community - id: mobsf.mobsfscan.android.secrets.hardcoded_secret patterns: @@ -7629,13 +7637,15 @@ rules: masvs: storage-14 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#storing-a-key---example license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.secrets.hardcoded_secret shortlink: https://sg.run/23O0 semgrep.dev: rule: rule_id: 4bUJWL - version_id: d6T0jQ - url: https://semgrep.dev/playground/r/d6T0jQ/mobsf.mobsfscan.android.secrets.hardcoded_secret + version_id: A8T6nr + url: https://semgrep.dev/playground/r/A8T6nr/mobsf.mobsfscan.android.secrets.hardcoded_secret origin: community - id: mobsf.mobsfscan.android.secrets.hardcoded_username patterns: @@ -7661,13 +7671,15 @@ rules: masvs: storage-14 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#storing-a-key---example license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.secrets.hardcoded_username shortlink: https://sg.run/zXGG semgrep.dev: rule: rule_id: QrULll - version_id: e1To80 - url: https://semgrep.dev/playground/r/e1To80/mobsf.mobsfscan.android.secrets.hardcoded_username + version_id: GxTGWv + url: https://semgrep.dev/playground/r/GxTGWv/mobsf.mobsfscan.android.secrets.hardcoded_username origin: community - id: mobsf.mobsfscan.android.word_readable_writable.world_readable patterns: @@ -7685,13 +7697,15 @@ rules: masvs: storage-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.word_readable_writable.world_readable shortlink: https://sg.run/XxEK semgrep.dev: rule: rule_id: PeUKq9 - version_id: ZRT955 - url: https://semgrep.dev/playground/r/ZRT955/mobsf.mobsfscan.android.word_readable_writable.world_readable + version_id: BjT9GN + url: https://semgrep.dev/playground/r/BjT9GN/mobsf.mobsfscan.android.word_readable_writable.world_readable origin: community - id: mobsf.mobsfscan.android.word_readable_writable.world_writeable patterns: @@ -7710,13 +7724,15 @@ rules: masvs: storage-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.android.word_readable_writable.world_writeable shortlink: https://sg.run/jGlY semgrep.dev: rule: rule_id: JDU4Ab - version_id: nWTbzY - url: https://semgrep.dev/playground/r/nWTbzY/mobsf.mobsfscan.android.word_readable_writable.world_writeable + version_id: DkTOeW + url: https://semgrep.dev/playground/r/DkTOeW/mobsf.mobsfscan.android.word_readable_writable.world_writeable origin: community - id: mobsf.mobsfscan.android_safetynetapi.android_safetynet_api patterns: @@ -7778,13 +7794,15 @@ rules: masvs: resilience-1 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.best_practices.android_safetynetapi.android_safetynet_api shortlink: https://sg.run/1lOw semgrep.dev: rule: rule_id: 5rUx0W - version_id: ExTL2Q - url: https://semgrep.dev/playground/r/ExTL2Q/mobsf.mobsfscan.best_practices.android_safetynetapi.android_safetynet_api + version_id: WrTR6P + url: https://semgrep.dev/playground/r/WrTR6P/mobsf.mobsfscan.best_practices.android_safetynetapi.android_safetynet_api origin: community - id: mobsf.mobsfscan.best_practices.flag_secure.android_prevent_screenshot patterns: @@ -7824,13 +7842,15 @@ rules: masvs: storage-9 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#finding-sensitive-information-in-auto-generated-screenshots-mstg-storage-9 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.best_practices.flag_secure.android_prevent_screenshot shortlink: https://sg.run/9jOY semgrep.dev: rule: rule_id: GdUg51 - version_id: 7ZTlQv - url: https://semgrep.dev/playground/r/7ZTlQv/mobsf.mobsfscan.best_practices.flag_secure.android_prevent_screenshot + version_id: 0bT462 + url: https://semgrep.dev/playground/r/0bT462/mobsf.mobsfscan.best_practices.flag_secure.android_prevent_screenshot origin: community - id: mobsf.mobsfscan.best_practices.root_detection.android_root_detection patterns: @@ -7856,13 +7876,15 @@ rules: masvs: resilience-1 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.best_practices.root_detection.android_root_detection shortlink: https://sg.run/y25x semgrep.dev: rule: rule_id: ReUdYj - version_id: LjTWyP - url: https://semgrep.dev/playground/r/LjTWyP/mobsf.mobsfscan.best_practices.root_detection.android_root_detection + version_id: K3TpO5 + url: https://semgrep.dev/playground/r/K3TpO5/mobsf.mobsfscan.best_practices.root_detection.android_root_detection origin: community - id: mobsf.mobsfscan.best_practices.tapjacking.android_detect_tapjacking patterns: @@ -7880,13 +7902,15 @@ rules: masvs: platform-9 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-overlay-attacks-mstg-platform-9 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.best_practices.tapjacking.android_detect_tapjacking shortlink: https://sg.run/rqjn semgrep.dev: rule: rule_id: AbUx1o - version_id: 8KTJjG - url: https://semgrep.dev/playground/r/8KTJjG/mobsf.mobsfscan.best_practices.tapjacking.android_detect_tapjacking + version_id: qkT0KQ + url: https://semgrep.dev/playground/r/qkT0KQ/mobsf.mobsfscan.best_practices.tapjacking.android_detect_tapjacking origin: community - id: mobsf.mobsfscan.best_practices.tls_certificate_transparency.android_certificate_transparency patterns: @@ -7912,13 +7936,15 @@ rules: masvs: network-4 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.best_practices.tls_certificate_transparency.android_certificate_transparency shortlink: https://sg.run/bERp semgrep.dev: rule: rule_id: BYUoO0 - version_id: gETR1k - url: https://semgrep.dev/playground/r/gETR1k/mobsf.mobsfscan.best_practices.tls_certificate_transparency.android_certificate_transparency + version_id: l4TLNX + url: https://semgrep.dev/playground/r/l4TLNX/mobsf.mobsfscan.best_practices.tls_certificate_transparency.android_certificate_transparency origin: community - id: mobsf.mobsfscan.best_practices.tls_pinning.android_certificate_pinning patterns: @@ -7980,13 +8006,15 @@ rules: masvs: network-4 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.best_practices.tls_pinning.android_certificate_pinning shortlink: https://sg.run/NXEp semgrep.dev: rule: rule_id: DbUL4y - version_id: QkTYzZ - url: https://semgrep.dev/playground/r/QkTYzZ/mobsf.mobsfscan.best_practices.tls_pinning.android_certificate_pinning + version_id: YDT38v + url: https://semgrep.dev/playground/r/YDT38v/mobsf.mobsfscan.best_practices.tls_pinning.android_certificate_pinning origin: community - id: mobsf.mobsfscan.cbc_padding_oracle.cbc_padding_oracle patterns: @@ -8176,13 +8204,15 @@ rules: masvs: crypto-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.aes_ecb.aes_ecb_mode shortlink: https://sg.run/kRY7 semgrep.dev: rule: rule_id: WAUg2K - version_id: 3ZTGPQ - url: https://semgrep.dev/playground/r/3ZTGPQ/mobsf.mobsfscan.crypto.aes_ecb.aes_ecb_mode + version_id: 6xTL0J + url: https://semgrep.dev/playground/r/6xTL0J/mobsf.mobsfscan.crypto.aes_ecb.aes_ecb_mode origin: community - id: mobsf.mobsfscan.crypto.aes_ecb.aes_ecb_mode_default patterns: @@ -8202,13 +8232,15 @@ rules: masvs: crypto-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.aes_ecb.aes_ecb_mode_default shortlink: https://sg.run/wzPY semgrep.dev: rule: rule_id: 0oUZRX - version_id: 44TLk6 - url: https://semgrep.dev/playground/r/44TLk6/mobsf.mobsfscan.crypto.aes_ecb.aes_ecb_mode_default + version_id: o5T759 + url: https://semgrep.dev/playground/r/o5T759/mobsf.mobsfscan.crypto.aes_ecb.aes_ecb_mode_default origin: community - id: mobsf.mobsfscan.crypto.aes_encryption_keys.aes_hardcoded_key patterns: @@ -8232,13 +8264,15 @@ rules: masvs: crypto-1 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#common-configuration-issues-mstg-crypto-1-mstg-crypto-2-and-mstg-crypto-3 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.aes_encryption_keys.aes_hardcoded_key shortlink: https://sg.run/xpJz semgrep.dev: rule: rule_id: KxURB0 - version_id: PkTlZR - url: https://semgrep.dev/playground/r/PkTlZR/mobsf.mobsfscan.crypto.aes_encryption_keys.aes_hardcoded_key + version_id: zyTxeb + url: https://semgrep.dev/playground/r/zyTxeb/mobsf.mobsfscan.crypto.aes_encryption_keys.aes_hardcoded_key origin: community - id: mobsf.mobsfscan.crypto.cbc_padding_oracle.cbc_padding_oracle patterns: @@ -8272,13 +8306,15 @@ rules: masvs: crypto-3 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#padding-oracle-attacks-due-to-weaker-padding-or-block-operation-implementations license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.cbc_padding_oracle.cbc_padding_oracle shortlink: https://sg.run/OjEB semgrep.dev: rule: rule_id: qNUrzk - version_id: JdTByk - url: https://semgrep.dev/playground/r/JdTByk/mobsf.mobsfscan.crypto.cbc_padding_oracle.cbc_padding_oracle + version_id: pZTBQn + url: https://semgrep.dev/playground/r/pZTBQn/mobsf.mobsfscan.crypto.cbc_padding_oracle.cbc_padding_oracle origin: community - id: mobsf.mobsfscan.crypto.cbc_static_iv.cbc_static_iv patterns: @@ -8306,13 +8342,15 @@ rules: masvs: crypto-5 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#predictable-initialization-vector license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.cbc_static_iv.cbc_static_iv shortlink: https://sg.run/egDb semgrep.dev: rule: rule_id: lBUYwL - version_id: 5PTRO7 - url: https://semgrep.dev/playground/r/5PTRO7/mobsf.mobsfscan.crypto.cbc_static_iv.cbc_static_iv + version_id: 2KTD6R + url: https://semgrep.dev/playground/r/2KTD6R/mobsf.mobsfscan.crypto.cbc_static_iv.cbc_static_iv origin: community - id: mobsf.mobsfscan.crypto.insecure_random.java_insecure_random patterns: @@ -8333,13 +8371,15 @@ rules: masvs: crypto-6 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.insecure_random.java_insecure_random shortlink: https://sg.run/vo4A semgrep.dev: rule: rule_id: PeUKqY - version_id: GxTn7Y - url: https://semgrep.dev/playground/r/GxTn7Y/mobsf.mobsfscan.crypto.insecure_random.java_insecure_random + version_id: X0TvJk + url: https://semgrep.dev/playground/r/X0TvJk/mobsf.mobsfscan.crypto.insecure_random.java_insecure_random origin: community - id: mobsf.mobsfscan.crypto.insecure_ssl_v3.insecure_sslv3 patterns: @@ -8357,13 +8397,15 @@ rules: masvs: crypto-4 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.insecure_ssl_v3.insecure_sslv3 shortlink: https://sg.run/dnBZ semgrep.dev: rule: rule_id: JDU4Ag - version_id: RGT6g9 - url: https://semgrep.dev/playground/r/RGT6g9/mobsf.mobsfscan.crypto.insecure_ssl_v3.insecure_sslv3 + version_id: jQTE9J + url: https://semgrep.dev/playground/r/jQTE9J/mobsf.mobsfscan.crypto.insecure_ssl_v3.insecure_sslv3 origin: community - id: mobsf.mobsfscan.crypto.rsa_no_oeap.rsa_no_oeap patterns: @@ -8389,13 +8431,15 @@ rules: masvs: crypto-3 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#mobile-app-cryptography license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.rsa_no_oeap.rsa_no_oeap shortlink: https://sg.run/ZZED semgrep.dev: rule: rule_id: 5rUx0n - version_id: A8TOzL - url: https://semgrep.dev/playground/r/A8TOzL/mobsf.mobsfscan.crypto.rsa_no_oeap.rsa_no_oeap + version_id: 1QTDXk + url: https://semgrep.dev/playground/r/1QTDXk/mobsf.mobsfscan.crypto.rsa_no_oeap.rsa_no_oeap origin: community - id: mobsf.mobsfscan.crypto.sha1_hash.sha1_hash patterns: @@ -8422,13 +8466,15 @@ rules: masvs: crypto-4 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.sha1_hash.sha1_hash shortlink: https://sg.run/nDyX semgrep.dev: rule: rule_id: GdUgKL - version_id: BjTgNG - url: https://semgrep.dev/playground/r/BjTgNG/mobsf.mobsfscan.crypto.sha1_hash.sha1_hash + version_id: 9lTjnn + url: https://semgrep.dev/playground/r/9lTjnn/mobsf.mobsfscan.crypto.sha1_hash.sha1_hash origin: community - id: mobsf.mobsfscan.crypto.weak_ciphers.weak_cipher patterns: @@ -8448,13 +8494,15 @@ rules: masvs: crypto-4 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.weak_ciphers.weak_cipher shortlink: https://sg.run/EKZw semgrep.dev: rule: rule_id: ReUdZD - version_id: DkTPp3 - url: https://semgrep.dev/playground/r/DkTPp3/mobsf.mobsfscan.crypto.weak_ciphers.weak_cipher + version_id: yeT6dQ + url: https://semgrep.dev/playground/r/yeT6dQ/mobsf.mobsfscan.crypto.weak_ciphers.weak_cipher origin: community - id: mobsf.mobsfscan.crypto.weak_hashes.weak_hash patterns: @@ -8482,13 +8530,15 @@ rules: masvs: crypto-4 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.weak_hashes.weak_hash shortlink: https://sg.run/72wZ semgrep.dev: rule: rule_id: AbUxZk - version_id: WrTXog - url: https://semgrep.dev/playground/r/WrTXog/mobsf.mobsfscan.crypto.weak_hashes.weak_hash + version_id: rxT58X + url: https://semgrep.dev/playground/r/rxT58X/mobsf.mobsfscan.crypto.weak_hashes.weak_hash origin: community - id: mobsf.mobsfscan.crypto.weak_iv.weak_iv patterns: @@ -8517,13 +8567,15 @@ rules: masvs: crypto-5 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#mobile-app-cryptography license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.weak_iv.weak_iv shortlink: https://sg.run/LpZr semgrep.dev: rule: rule_id: BYUonD - version_id: 0bT850 - url: https://semgrep.dev/playground/r/0bT850/mobsf.mobsfscan.crypto.weak_iv.weak_iv + version_id: bZTY4P + url: https://semgrep.dev/playground/r/bZTY4P/mobsf.mobsfscan.crypto.weak_iv.weak_iv origin: community - id: mobsf.mobsfscan.crypto.weak_key_size.weak_key_size patterns: @@ -8575,13 +8627,15 @@ rules: masvs: crypto-3 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#common-configuration-issues-mstg-crypto-1-mstg-crypto-2-and-mstg-crypto-3 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.crypto.weak_key_size.weak_key_size shortlink: https://sg.run/8Xey semgrep.dev: rule: rule_id: DbULZp - version_id: K3TDb9 - url: https://semgrep.dev/playground/r/K3TDb9/mobsf.mobsfscan.crypto.weak_key_size.weak_key_size + version_id: NdTxQW + url: https://semgrep.dev/playground/r/NdTxQW/mobsf.mobsfscan.crypto.weak_key_size.weak_key_size origin: community - id: mobsf.mobsfscan.default_http_client_tls.default_http_client_tls patterns: @@ -8628,13 +8682,15 @@ rules: masvs: platform-8 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-object-persistence-mstg-platform-8 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.deserialization.jackson_deserialization.jackson_deserialization shortlink: https://sg.run/gPzJ semgrep.dev: rule: rule_id: WAUgAZ - version_id: qkTdjz - url: https://semgrep.dev/playground/r/qkTdjz/mobsf.mobsfscan.deserialization.jackson_deserialization.jackson_deserialization + version_id: kbToZ0 + url: https://semgrep.dev/playground/r/kbToZ0/mobsf.mobsfscan.deserialization.jackson_deserialization.jackson_deserialization origin: community - id: mobsf.mobsfscan.deserialization.object_deserialization.object_deserialization patterns: @@ -8656,13 +8712,15 @@ rules: masvs: platform-8 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-object-persistence-mstg-platform-8 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.deserialization.object_deserialization.object_deserialization shortlink: https://sg.run/QxZ4 semgrep.dev: rule: rule_id: 0oUZYJ - version_id: l4TK9A - url: https://semgrep.dev/playground/r/l4TK9A/mobsf.mobsfscan.deserialization.object_deserialization.object_deserialization + version_id: w8Te0B + url: https://semgrep.dev/playground/r/w8Te0B/mobsf.mobsfscan.deserialization.object_deserialization.object_deserialization origin: community - id: mobsf.mobsfscan.flag_secure.android_prevent_screenshot patterns: @@ -8760,13 +8818,15 @@ rules: masvs: platform-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.injection.command_injection.command_injection shortlink: https://sg.run/36wr semgrep.dev: rule: rule_id: KxUR67 - version_id: YDT1R1 - url: https://semgrep.dev/playground/r/YDT1R1/mobsf.mobsfscan.injection.command_injection.command_injection + version_id: xyTY3g + url: https://semgrep.dev/playground/r/xyTY3g/mobsf.mobsfscan.injection.command_injection.command_injection origin: community - id: mobsf.mobsfscan.injection.command_injection_formated.command_injection_warning patterns: @@ -8830,13 +8890,15 @@ rules: masvs: platform-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.injection.command_injection_formated.command_injection_warning shortlink: https://sg.run/4oQl semgrep.dev: rule: rule_id: qNUrPW - version_id: 6xTljr - url: https://semgrep.dev/playground/r/6xTljr/mobsf.mobsfscan.injection.command_injection_formated.command_injection_warning + version_id: O9TPZ9 + url: https://semgrep.dev/playground/r/O9TPZ9/mobsf.mobsfscan.injection.command_injection_formated.command_injection_warning origin: community - id: mobsf.mobsfscan.injection.sqlite_injection.sqlite_injection patterns: @@ -8879,13 +8941,15 @@ rules: masvs: platform-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.injection.sqlite_injection.sqlite_injection shortlink: https://sg.run/PxZY semgrep.dev: rule: rule_id: lBUYAy - version_id: o5T3ev - url: https://semgrep.dev/playground/r/o5T3ev/mobsf.mobsfscan.injection.sqlite_injection.sqlite_injection + version_id: e1T6A5 + url: https://semgrep.dev/playground/r/e1T6A5/mobsf.mobsfscan.injection.sqlite_injection.sqlite_injection origin: community - id: mobsf.mobsfscan.insecure_random.java_insecure_random patterns: @@ -9089,13 +9153,15 @@ rules: masvs: network-3 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-endpoint-identify-verification-mstg-network-3 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.network.accept_self_signed.accept_self_signed_certificate shortlink: https://sg.run/JoZw semgrep.dev: rule: rule_id: YGUxKY - version_id: zyTwko - url: https://semgrep.dev/playground/r/zyTwko/mobsf.mobsfscan.network.accept_self_signed.accept_self_signed_certificate + version_id: vdTZ3e + url: https://semgrep.dev/playground/r/vdTZ3e/mobsf.mobsfscan.network.accept_self_signed.accept_self_signed_certificate origin: community - id: mobsf.mobsfscan.network.default_http_client_tls.default_http_client_tls patterns: @@ -9114,13 +9180,15 @@ rules: masvs: network-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04f-Testing-Network-Communication.md#verifying-data-encryption-on-the-network-mstg-network-1-and-mstg-network-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.network.default_http_client_tls.default_http_client_tls shortlink: https://sg.run/5zwA semgrep.dev: rule: rule_id: 6JUkwx - version_id: pZTdOE - url: https://semgrep.dev/playground/r/pZTdOE/mobsf.mobsfscan.network.default_http_client_tls.default_http_client_tls + version_id: d6TBbY + url: https://semgrep.dev/playground/r/d6TBbY/mobsf.mobsfscan.network.default_http_client_tls.default_http_client_tls origin: community - id: mobsf.mobsfscan.object_deserialization.object_deserialization patterns: @@ -9720,13 +9788,15 @@ rules: masvs: resilience-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-anti-debugging-detection-mstg-resilience-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.webview.webview_debugging.webview_debugging shortlink: https://sg.run/G3Zp semgrep.dev: rule: rule_id: oqUPpl - version_id: 2KTkb9 - url: https://semgrep.dev/playground/r/2KTkb9/mobsf.mobsfscan.webview.webview_debugging.webview_debugging + version_id: ZRTLyo + url: https://semgrep.dev/playground/r/ZRTLyo/mobsf.mobsfscan.webview.webview_debugging.webview_debugging origin: community - id: mobsf.mobsfscan.webview.webview_external_storage.webview_external_storage patterns: @@ -9755,13 +9825,15 @@ rules: masvs: platform-6 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-webview-protocol-handlers-mstg-platform-6 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.webview.webview_external_storage.webview_external_storage shortlink: https://sg.run/Rx3O semgrep.dev: rule: rule_id: zdU90D - version_id: X0Tj86 - url: https://semgrep.dev/playground/r/X0Tj86/mobsf.mobsfscan.webview.webview_external_storage.webview_external_storage + version_id: nWT6wg + url: https://semgrep.dev/playground/r/nWT6wg/mobsf.mobsfscan.webview.webview_external_storage.webview_external_storage origin: community - id: mobsf.mobsfscan.webview.webview_file_access.webview_set_allow_file_access patterns: @@ -9778,13 +9850,15 @@ rules: masvs: platform-6 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md/#testing-webview-protocol-handlers-mstg-platform-6 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.webview.webview_file_access.webview_set_allow_file_access shortlink: https://sg.run/ABgp semgrep.dev: rule: rule_id: pKUJ40 - version_id: jQT4vX - url: https://semgrep.dev/playground/r/jQT4vX/mobsf.mobsfscan.webview.webview_file_access.webview_set_allow_file_access + version_id: ExT9YD + url: https://semgrep.dev/playground/r/ExT9YD/mobsf.mobsfscan.webview.webview_file_access.webview_set_allow_file_access origin: community - id: mobsf.mobsfscan.webview.webview_ignore_ssl_errors.ignore_ssl_certificate_errors patterns: @@ -9805,13 +9879,15 @@ rules: masvs: network-3 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.webview.webview_ignore_ssl_errors.ignore_ssl_certificate_errors shortlink: https://sg.run/BDgW semgrep.dev: rule: rule_id: 2ZUXop - version_id: 1QTRKN - url: https://semgrep.dev/playground/r/1QTRKN/mobsf.mobsfscan.webview.webview_ignore_ssl_errors.ignore_ssl_certificate_errors + version_id: 7ZTLYR + url: https://semgrep.dev/playground/r/7ZTLYR/mobsf.mobsfscan.webview.webview_ignore_ssl_errors.ignore_ssl_certificate_errors origin: community - id: mobsf.mobsfscan.webview.webview_javascript_interface.webview_javascript_interface patterns: @@ -9831,13 +9907,15 @@ rules: masvs: platform-7 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#determining-whether-java-objects-are-exposed-through-webviews-mstg-platform-7 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.webview.webview_javascript_interface.webview_javascript_interface shortlink: https://sg.run/D0LY semgrep.dev: rule: rule_id: X5Up0Y - version_id: 9lTG1b - url: https://semgrep.dev/playground/r/9lTG1b/mobsf.mobsfscan.webview.webview_javascript_interface.webview_javascript_interface + version_id: LjT1pg + url: https://semgrep.dev/playground/r/LjT1pg/mobsf.mobsfscan.webview.webview_javascript_interface.webview_javascript_interface origin: community - id: mobsf.mobsfscan.webview_debugging.webview_debugging patterns: @@ -10169,13 +10247,15 @@ rules: masvs: platform-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.xxe.xmldecoder_xxe.xml_decoder_xxe shortlink: https://sg.run/WxP4 semgrep.dev: rule: rule_id: j2Up0D - version_id: yeT4nr - url: https://semgrep.dev/playground/r/yeT4nr/mobsf.mobsfscan.xxe.xmldecoder_xxe.xml_decoder_xxe + version_id: 8KTdLZ + url: https://semgrep.dev/playground/r/8KTdLZ/mobsf.mobsfscan.xxe.xmldecoder_xxe.xml_decoder_xxe origin: community - id: mobsf.mobsfscan.xxe.xmlfactory_external_entities_enabled.xmlinputfactory_xxe_enabled pattern: $XMLFACTORY.setProperty("javax.xml.stream.isSupportingExternalEntities", @@ -10194,13 +10274,15 @@ rules: masvs: platform-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.xxe.xmlfactory_external_entities_enabled.xmlinputfactory_xxe_enabled shortlink: https://sg.run/0qwv semgrep.dev: rule: rule_id: 10UnwQ - version_id: rxTpr3 - url: https://semgrep.dev/playground/r/rxTpr3/mobsf.mobsfscan.xxe.xmlfactory_external_entities_enabled.xmlinputfactory_xxe_enabled + version_id: gETb5l + url: https://semgrep.dev/playground/r/gETb5l/mobsf.mobsfscan.xxe.xmlfactory_external_entities_enabled.xmlinputfactory_xxe_enabled origin: community - id: mobsf.mobsfscan.xxe.xmlfactory_xxe.xmlinputfactory_xxe patterns: @@ -10234,11 +10316,13 @@ rules: masvs: platform-2 reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 license: LGPL-3.0-or-later + vulnerability_class: + - Other source: https://semgrep.dev/r/mobsf.mobsfscan.xxe.xmlfactory_xxe.xmlinputfactory_xxe shortlink: https://sg.run/KzZ7 semgrep.dev: rule: rule_id: 9AUL9X - version_id: bZT7wq - url: https://semgrep.dev/playground/r/bZT7wq/mobsf.mobsfscan.xxe.xmlfactory_xxe.xmlinputfactory_xxe + version_id: QkT4Qb + url: https://semgrep.dev/playground/r/QkT4Qb/mobsf.mobsfscan.xxe.xmlfactory_xxe.xmlinputfactory_xxe origin: community diff --git a/assets/semgrep_rules/generated/oss/vulns.yaml b/assets/semgrep_rules/generated/oss/vulns.yaml index da07fac5..1c20bab3 100644 --- a/assets/semgrep_rules/generated/oss/vulns.yaml +++ b/assets/semgrep_rules/generated/oss/vulns.yaml @@ -28,14 +28,16 @@ rules: - java - servlets interfile: true - license: proprietary license - copyright © r2c + license: proprietary license - copyright © Semgrep, Inc. + vulnerability_class: + - Cross-Site-Scripting (XSS) source: https://semgrep.dev/r/java.lang.security.audit.xss.no-direct-response-writer.no-direct-response-writer shortlink: https://sg.run/KlRL semgrep.dev: rule: rule_id: j2Uv7B - version_id: WrTn0E - url: https://semgrep.dev/playground/r/WrTn0E/java.lang.security.audit.xss.no-direct-response-writer.no-direct-response-writer + version_id: RGTb2B + url: https://semgrep.dev/playground/r/RGTb2B/java.lang.security.audit.xss.no-direct-response-writer.no-direct-response-writer origin: community languages: - java diff --git a/assets/semgrep_rules/update-ruleset.rb b/assets/semgrep_rules/update-ruleset.rb index a29a368d..6ca96c19 100644 --- a/assets/semgrep_rules/update-ruleset.rb +++ b/assets/semgrep_rules/update-ruleset.rb @@ -52,7 +52,7 @@ 'wordpress', 'react-best-practices', 'trailofbits', - 'rust' + 'rust' ] HOST = 'https://semgrep.dev' @@ -138,29 +138,97 @@ end end -puts "oss/vulns.yaml containing #{vuln_rules.length} rules" -puts "oss/audit.yaml containing #{audit_rules.length} rules" -puts "oss/others.yaml containing #{others_rules.length} rules" -puts "oss/security_noaudit_novuln.yaml containing #{security_noaudit_novuln_rules.length} rules" +OSS = "oss" +NONFREE = "nonfree" + +VULNS_FILE = "vulns.yaml" +SECURITY_NOAUDIT_NOVULN_FILE = "security_noaudit_novuln.yaml" +AUDIT_FILE = "audit.yaml" +OTHERS_FILE = "others.yaml" + +vuln_rules_id = Set.new vuln_rules.map { |o| o['id'] } +security_noaudit_novuln_rules_id = Set.new security_noaudit_novuln_rules.map { |o| o['id'] } +audit_rules_id = Set.new audit_rules.map { |o| o['id'] } +others_rules_id = Set.new others_rules.map { |o| o['id'] } + +old_vuln_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{OSS}/#{VULNS_FILE}"))['rules'].map { |o| o['id'] } +old_security_noaudit_novuln_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{OSS}/#{SECURITY_NOAUDIT_NOVULN_FILE}"))['rules'].map { |o| o['id'] } +old_audit_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{OSS}/#{AUDIT_FILE}"))['rules'].map { |o| o['id'] } +old_others_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{OSS}/#{OTHERS_FILE}"))['rules'].map { |o| o['id'] } + +nonfree_vuln_rules_id = Set.new nonfree_vuln_rules.map { |o| o['id'] } +nonfree_security_noaudit_novuln_rules_id = Set.new nonfree_security_noaudit_novuln_rules.map { |o| o['id'] } +nonfree_audit_rules_id = Set.new nonfree_audit_rules.map { |o| o['id'] } +nonfree_others_rules_id = Set.new nonfree_others_rules.map { |o| o['id'] } + +old_nonfree_vuln_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{NONFREE}/#{VULNS_FILE}"))['rules'].map { |o| o['id'] } +old_nonfree_security_noaudit_novuln_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{NONFREE}/#{SECURITY_NOAUDIT_NOVULN_FILE}"))['rules'].map { |o| o['id'] } +old_nonfree_audit_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{NONFREE}/#{AUDIT_FILE}"))['rules'].map { |o| o['id'] } +old_nonfree_others_rules_id = Set.new YAML.load(File.read("#{GENERATED_DIR}/#{NONFREE}/#{OTHERS_FILE}"))['rules'].map { |o| o['id'] } + +def format_diff(math_sym, diff) + output = "" + if diff.length > 0 + output += "\n#{diff.length} #{math_sym}\n" + end + output += diff.map { |elem| "#{math_sym} #{elem}" }.join("\n") + output +end + +puts """ +# OSS Rules + +vulns: +#{format_diff('-', old_vuln_rules_id - vuln_rules_id)} +#{format_diff('+', vuln_rules_id - old_vuln_rules_id)} + +security noaudit novulns: +#{format_diff('-', old_security_noaudit_novuln_rules_id - security_noaudit_novuln_rules_id)} +#{format_diff('+', security_noaudit_novuln_rules_id - old_security_noaudit_novuln_rules_id)} + +audit: +#{format_diff('-', old_audit_rules_id - audit_rules_id)} +#{format_diff('+', audit_rules_id - old_audit_rules_id)} + +others: +#{format_diff('-', old_others_rules_id - others_rules_id)} +#{format_diff('+', others_rules_id - old_others_rules_id)} +""" + +puts """ +# Nonfree Rules + +vulns: +#{format_diff('-', old_nonfree_vuln_rules_id - nonfree_vuln_rules_id)} +#{format_diff('+', nonfree_vuln_rules_id - old_nonfree_vuln_rules_id)} + +security noaudit novulns: +#{format_diff('-', old_nonfree_security_noaudit_novuln_rules_id - nonfree_security_noaudit_novuln_rules_id)} +#{format_diff('+', nonfree_security_noaudit_novuln_rules_id - old_nonfree_security_noaudit_novuln_rules_id)} + +audit: +#{format_diff('-', old_nonfree_audit_rules_id - nonfree_audit_rules_id)} +#{format_diff('+', nonfree_audit_rules_id - old_nonfree_audit_rules_id)} + +others: +#{format_diff('-', old_nonfree_others_rules_id - nonfree_others_rules_id)} +#{format_diff('+', nonfree_others_rules_id - old_nonfree_others_rules_id)} -FileUtils.mkdir_p("#{GENERATED_DIR}/oss") +""" -File.write("#{GENERATED_DIR}/oss/vulns.yaml", YAML.dump({"rules" => vuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) -File.write("#{GENERATED_DIR}/oss/security_noaudit_novuln.yaml", YAML.dump({"rules" => security_noaudit_novuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) -File.write("#{GENERATED_DIR}/oss/audit.yaml", YAML.dump({"rules" => audit_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) -File.write("#{GENERATED_DIR}/oss/others.yaml", YAML.dump({"rules" => others_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +FileUtils.mkdir_p("#{GENERATED_DIR}/#{OSS}") -puts "nonfree/vulns.yaml containing #{nonfree_vuln_rules.length} rules" -puts "nonfree/audit.yaml containing #{nonfree_audit_rules.length} rules" -puts "nonfree/others.yaml containing #{nonfree_others_rules.length} rules" -puts "nonfree/security_noaudit_novuln.yaml containing #{nonfree_security_noaudit_novuln_rules.length} rules" +File.write("#{GENERATED_DIR}/#{OSS}/#{VULNS_FILE}", YAML.dump({"rules" => vuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +File.write("#{GENERATED_DIR}/#{OSS}/#{SECURITY_NOAUDIT_NOVULN_FILE}", YAML.dump({"rules" => security_noaudit_novuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +File.write("#{GENERATED_DIR}/#{OSS}/#{AUDIT_FILE}", YAML.dump({"rules" => audit_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +File.write("#{GENERATED_DIR}/#{OSS}/#{OTHERS_FILE}", YAML.dump({"rules" => others_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) -FileUtils.mkdir_p("#{GENERATED_DIR}/nonfree") +FileUtils.mkdir_p("#{GENERATED_DIR}/#{NONFREE}") -File.write("#{GENERATED_DIR}/nonfree/vulns.yaml", YAML.dump({"rules" => nonfree_vuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) -File.write("#{GENERATED_DIR}/nonfree/security_noaudit_novuln.yaml", YAML.dump({"rules" => nonfree_security_noaudit_novuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) -File.write("#{GENERATED_DIR}/nonfree/audit.yaml", YAML.dump({"rules" => nonfree_audit_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) -File.write("#{GENERATED_DIR}/nonfree/others.yaml", YAML.dump({"rules" => nonfree_others_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +File.write("#{GENERATED_DIR}/#{NONFREE}/#{VULNS_FILE}", YAML.dump({"rules" => nonfree_vuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +File.write("#{GENERATED_DIR}/#{NONFREE}/#{SECURITY_NOAUDIT_NOVULN_FILE}", YAML.dump({"rules" => nonfree_security_noaudit_novuln_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +File.write("#{GENERATED_DIR}/#{NONFREE}/#{AUDIT_FILE}", YAML.dump({"rules" => nonfree_audit_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) +File.write("#{GENERATED_DIR}/#{NONFREE}/#{OTHERS_FILE}", YAML.dump({"rules" => nonfree_others_rules.to_a.sort {|a,b| a['id'] <=> b['id']}})) # require 'pry' # binding.pry