-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathbad-words.yaml
55 lines (55 loc) · 2.41 KB
/
bad-words.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
rules:
- id: raptor-bad-words
metadata:
author: Marco Ivaldi <raptor@0xdeadbeef.info>
references:
- https://cwe.mitre.org/data/definitions/546
- https://cwe.mitre.org/data/definitions/615
- https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
confidence: LOW
message: >-
The code contains comments that suggest the presence of bugs,
incomplete functionality, or weaknesses.
Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2,
TODO, in the code indicate missing security functionality and
checking. Others indicate code problems that programmers should fix,
such as hard-coded variables, error handling, not using stored
procedures, and performance issues.
severity: INFO
languages:
- generic
pattern-either:
# interesting comments
- pattern-regex: (TODO|XXX|FIXME|BUG|HACK|LATER|CVE-)
- pattern-regex: (?i)(unsafe|insecure|dangerous|warning|overflow)
# credentials
- pattern-regex: (?i)(password|private|token|secret)
# - pattern-regex: (?i)(key|JWT|JKS|JWK|JKU)
# other "bad words" examples
# privilege management
# - pattern-regex: (?i)(privilege|permission|capabilit|role|rbac|polic|authorization|claim)
# - pattern-regex: (?i)(validate|verify)
# memory management
# - pattern-regex: (?i)(alloc|free)
# lower level abstractions
# - pattern-regex: (?i)(raw)
# code injection
# - pattern-regex: (eval|run)
# command injection
# - pattern-regex: (process|system|popen|exec|spawn)
# reflection
# - pattern-regex: (?i)(reflect|klass|constantize|forname)
# serialization
# - pattern-regex: (?i)(pickle|yaml|serialize|marshal|objectinput)
# merge or clone
# - pattern-regex: (?i)(merge|clone)
# file access
# - pattern-regex: (?i)(parse|open|request)
# crypto
# - pattern-regex: (?i)(AES|RSA|DSA|DES|CBC|ECB|HMAC|GCM|MD5|SHA)
# xml
# - pattern-regex: (?i)(xml|xerces|sax|etree|xpath|documentbuilder)
# other words of power, words of destruction (Vulns1001)
# - pattern-regex: (?i)(encode|decode|convert|interpret|compress|fragment|reassemble)
# other words of power, words of destruction (Vulns1002)
# - pattern-regex: (?i)(mutex|lock|toctou|parallelism|semaphore|retain|release|garbage|mutual)