Skip to content

Commit

Permalink
Merge pull request #74 from EMSeek/master
Browse files Browse the repository at this point in the history 
xmas update
  • Loading branch information
@wireghoul
wireghoul authored Dec 20, 2024
2 parents 132db32 + ce2d9f5 commit f7962eb
Show file tree
Hide file tree
Showing 21 changed files with 73 additions and 26 deletions.
14 changes: 14 additions & 0 deletions Changelog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
3.7 2024 Dec 20
Updated javascript rules
Updated typescript rules
Updated sqli rules
Updated ruby rules
Updated php rules
Updated dotnet rules
Updated java rules
Updated fruit rules
Updated secret rules
Updated xss rules
Reduced false positives in default rules
Reduced false positives in fruit rules

3.6 2024 Apr 09
Updated ruby rules
Updated JavaScript rules
Expand Down
4 changes: 2 additions & 2 deletions graudit
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
set -- $GRARGS $@
set -e
set -o pipefail
VERSION='3.6'
VERSION='3.7'
basedir=$(dirname "$0")
BINFILE=$(which grep)

Expand Down Expand Up @@ -44,7 +44,7 @@ banner() {
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v3.6 written by @Wireghoul
v3.7 written by @Wireghoul
=================================[justanotherhacker.com]==='
fi
}
Expand Down
2 changes: 1 addition & 1 deletion signatures/dotnet.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ new[[:space:]]+Cli[[:space:]]*\(.*
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*[Rr]equest
(LIMIT|limit)[[:space:]]+([0-9]+,[[:space:]]*[Rr]equest\..*|[Rr]request\..*)
Process.Start[[:space:]]*\(.*\+
\.Arguments[[:space:]]*=(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|.*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
\.Arguments[[:space:]]*=([^;\)]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|[^;\)]*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
\.SelectNodes[[:space:]]*\(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
ReadAllBytes[[:space:]]*\(.*[Rr]equest
# DotNet input controls
Expand Down
2 changes: 1 addition & 1 deletion signatures/dotnet/fruit.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*[Rr]equest
(LIMIT|limit)[[:space:]]+([0-9]+,[[:space:]]*[Rr]equest\..*|[Rr]request\..*)
Process.Start[[:space:]]*\(.*\+
\.Arguments[[:space:]]*=(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|.*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
\.Arguments[[:space:]]*=([^;\)]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|[^;\)]*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
\.SelectNodes[[:space:]]*\(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
ReadAllBytes[[:space:]]*\(.*[Rr]equest
17 changes: 10 additions & 7 deletions signatures/fruit.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ strnc(at|py)[[:space:]]*\([^,]+,[^,]+,[[:space:]]*strlen[[:space:]]*\([^\)]+\)[[
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*[Rr]equest
(LIMIT|limit)[[:space:]]+([0-9]+,[[:space:]]*[Rr]equest\..*|[Rr]request\..*)
Process.Start[[:space:]]*\(.*\+
\.Arguments[[:space:]]*=(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|.*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
\.Arguments[[:space:]]*=([^;\)]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|[^;\)]*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
\.SelectNodes[[:space:]]*\(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
ReadAllBytes[[:space:]]*\(.*[Rr]equest
\.Write(String)?[[:space:]]*\(.*URL\.Query[[:space:]]*\(.*\)
Expand All @@ -41,17 +41,17 @@ out\.print(ln)?.*([Rr]eq(uest)?|\.[Gg]et[Pp]aram)
\.exec[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+.*
(execute|create|new)Query[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
queryforObject[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
eval[[:space:]]*\([^\)\;]*([Rr]eq(uest)?|\.[Gg]et[Pp]aram).*\)
eval[[:space:]]*\([^\)\;\"]*([Rr]eq(uest)?[\.\)]|\.[Gg]et[Pp]aram[[:space:]]*[\[\(]).*\)
\.getDocument[[:space:]]*\([^\)\;]+([Rr]eq(uest)?|\.g[Gg]et[Pp]aram).*\)
(WHERE|where)[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
(WHERE|where)[[:space:]]+[^;]+=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
[\'\" ]+AND[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIKE|like)[[:space:]]+[\'\"A-Za-z0-9%]+[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIMIT|limit)[[:space:]]+([0-9,]+)?[;:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
\.query\(.*[\'\"][[:space:]]*\+.*
\.query\([^\);]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
eval[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
<%-[[:space:]]+.*%>
\.(spawn|exec)(File)?(Sync)?\([^\)]+([\'\"] *\+|\$\{)
\.(spawn|exec)(File)?(Sync)?\([^\);]*([\'\"] *\+|\$\{)
asm[[:space:]]+[\'\"].*
unsafeAddr
execShellCmd[[:space:]]*\(
Expand Down Expand Up @@ -94,7 +94,7 @@ require[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\
require_once[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
fopen[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
readfile[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file_get_contents[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file_(get|put)_contents[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
(is_dir|file_exists|unlink)[[:space:]]*\(\"?\$(_ENV|_GET|_POST|_COOKE|_REQUEST|_SERVER|HTTP|http).*\)
show_source[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
preg_replace[[:space:]]*\([\'"](.).*\1[igsu]*e
Expand All @@ -113,10 +113,13 @@ pg_query[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
(LIMIT|limit)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
\.execute[[:space:]]*\([\"\'].*%.*[\"\'][[:space:]]*%.*\)
^[[:space:]]*`[^`]*#\{[^\}]+\}.*`
[=\(][[:space:]]*`[^`]*#\{[^\}]+.*\}
render[[:space:]]+:?(text|plain):?.*#\{[Pp][Aa][Rr][Aa][Mm][^\}]*\}
Source\.fromFile[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
sql\".*\#\$.*\"\.as\[.*
SQL[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
(WHERE|where)[[:space:]]+[^;]+(=|[Ii][[Nn][[:space:]]+).*\$\{
(WHERE|where)[[:space:]]+[^\;:\)]+(=|[Ii][[Nn][[:space:]]+[\+\"\(]).*\$\{
[\'\" ]+AND[[:space:]]+.*=[[:space:]]?\$\{[^\}]+\}
(LIKE|like)[[:space:]]+(['"][^\'\"]*)?\$\{[^\}]+\}
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\$\{[^\}]+\}
Expand Down
4 changes: 2 additions & 2 deletions signatures/java.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ out\.print(ln)?.*([Rr]eq(uest)?|\.[Gg]et[Pp]aram)
\.exec[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+.*
(execute|create|new)Query[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
queryforObject[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
eval[[:space:]]*\([^\)\;]*([Rr]eq(uest)?|\.[Gg]et[Pp]aram).*\)
eval[[:space:]]*\([^\)\;\"]*([Rr]eq(uest)?[\.\)]|\.[Gg]et[Pp]aram[[:space:]]*[\[\(]).*\)
\.getDocument[[:space:]]*\([^\)\;]+([Rr]eq(uest)?|\.g[Gg]et[Pp]aram).*\)
(WHERE|where)[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
(WHERE|where)[[:space:]]+[^;]+=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
[\'\" ]+AND[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIKE|like)[[:space:]]+[\'\"A-Za-z0-9%]+[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
Expand Down
4 changes: 2 additions & 2 deletions signatures/java/fruit.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ out\.print(ln)?.*([Rr]eq(uest)?|\.[Gg]et[Pp]aram)
\.exec[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+.*
(execute|create|new)Query[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
queryforObject[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
eval[[:space:]]*\([^\)\;]*([Rr]eq(uest)?|\.[Gg]et[Pp]aram).*\)
eval[[:space:]]*\([^\)\;\"]*([Rr]eq(uest)?[\.\)]|\.[Gg]et[Pp]aram[[:space:]]*[\[\(]).*\)
\.getDocument[[:space:]]*\([^\)\;]+([Rr]eq(uest)?|\.g[Gg]et[Pp]aram).*\)
(WHERE|where)[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
(WHERE|where)[[:space:]]+[^;]+=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
[\'\" ]+AND[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIKE|like)[[:space:]]+[\'\"A-Za-z0-9%]+[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
Expand Down
4 changes: 2 additions & 2 deletions signatures/js.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ additionalArguments
enableWebSQL
openExternal[[:space:]]*\(
ELECTRON_RUN_AS_NODE
\.query\(.*[\'\"][[:space:]]*\+.*
\.query\([^\);]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
eval[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
<%-[[:space:]]+.*%>
\.(spawn|exec)(File)?(Sync)?\([^\)]+([\'\"] *\+|\$\{)
\.(spawn|exec)(File)?(Sync)?\([^\);]*([\'\"] *\+|\$\{)
eval[[:space:]]*\(
dangerouslySetInnerHTML
trustAsHtml
Expand Down
4 changes: 2 additions & 2 deletions signatures/js/fruit.db
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
\.query\(.*[\'\"][[:space:]]*\+.*
\.query\([^\);]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
eval[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
<%-[[:space:]]+.*%>
\.(spawn|exec)(File)?(Sync)?\([^\)]+([\'\"] *\+|\$\{)
\.(spawn|exec)(File)?(Sync)?\([^\);]*([\'\"] *\+|\$\{)
7 changes: 6 additions & 1 deletion signatures/php.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ require[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\
require_once[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
fopen[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
readfile[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file_get_contents[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file_(get|put)_contents[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
(is_dir|file_exists|unlink)[[:space:]]*\(\"?\$(_ENV|_GET|_POST|_COOKE|_REQUEST|_SERVER|HTTP|http).*\)
show_source[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
preg_replace[[:space:]]*\([\'"](.).*\1[igsu]*e
Expand Down Expand Up @@ -238,6 +238,8 @@ px_.*[[:space:]]*\(.*\$.*\)
ovrimos_.*[[:space:]]*\(.*\$.*\)
maxdb_.*[[:space:]]*\(.*\$.*\)
db2_.*[[:space:]]*\(.*\$.*\)
->sqliteCreate(Agregate|Collation|Function)[[:space:]]*\(
->createFunction[[:space:]]*\(
CURLOPT_SSL_VERIFY(HOST|PEER), *([Ff][Aa][Ll][Ss][Ee]|0)
unserialize[[:space:]]*\(.*\$.*
file_exists[[:space:]]*\(\"?\$.*
Expand All @@ -248,6 +250,9 @@ filesize[[:space:]]*\(\"?\$.*
file_get_contents[[:space:]]*\(.*\$.*
fopen[[:space:]]*\(.*\$.*
file[[:space:]]*\(.*\$.*
file_(get|put)_contents[[:space:]]*\(.*\$
fread[[:space:]]*\(
fwrite[[:space:]]*\(
scandir[[:space:]]*\(.*
php://stdin
php://stdout
Expand Down
2 changes: 1 addition & 1 deletion signatures/php/fruit.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ require[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\
require_once[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
fopen[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
readfile[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file_get_contents[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file_(get|put)_contents[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
(is_dir|file_exists|unlink)[[:space:]]*\(\"?\$(_ENV|_GET|_POST|_COOKE|_REQUEST|_SERVER|HTTP|http).*\)
show_source[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
preg_replace[[:space:]]*\([\'"](.).*\1[igsu]*e
Expand Down
2 changes: 2 additions & 0 deletions signatures/php/sql.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,5 @@ px_.*[[:space:]]*\(.*\$.*\)
ovrimos_.*[[:space:]]*\(.*\$.*\)
maxdb_.*[[:space:]]*\(.*\$.*\)
db2_.*[[:space:]]*\(.*\$.*\)
->sqliteCreate(Agregate|Collation|Function)[[:space:]]*\(
->createFunction[[:space:]]*\(
3 changes: 3 additions & 0 deletions signatures/php/streams.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ filesize[[:space:]]*\(\"?\$.*
file_get_contents[[:space:]]*\(.*\$.*
fopen[[:space:]]*\(.*\$.*
file[[:space:]]*\(.*\$.*
file_(get|put)_contents[[:space:]]*\(.*\$
fread[[:space:]]*\(
fwrite[[:space:]]*\(
scandir[[:space:]]*\(.*
php://stdin
php://stdout
Expand Down
5 changes: 5 additions & 0 deletions signatures/ruby.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ system[[:space:]]*\(
\.(public_)?send[[:space:]]*\(
`.*#\{[^`]+`
File\.(read|new|open|delete)[[:space:]]*\(
^[[:space:]]*`[^`]*#\{[^\}]+\}.*`
[=\(][[:space:]]*`[^`]*#\{[^\}]+.*\}
render[[:space:]]+:?(text|plain):?.*#\{[Pp][Aa][Rr][Aa][Mm][^\}]*\}
# Ruby - Execution
_send_[[:space:]]*\(
__send__[[:space:]]*\(
Expand All @@ -30,3 +33,5 @@ new[[:space:]]*\(params\[:[a-zA-Z0-9_]+\]
\.(calculate|average|count|maximum|minimum|sum|join|lock|(re)?select)[[:space:]]*\(.*\[:
\.exists\?.*:
\.find_(or_(create|initialize)_)?by!?.*:
I18n.t[[:space:]]*\(['"][^'"]+['"][[:space:]]*,[[:space:]]*query:[[:space:]]*@.*
render[[:space:]]+:?(text|plain):?.*#\{[^\}]+\}
3 changes: 3 additions & 0 deletions signatures/ruby/fruit.db
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
^[[:space:]]*`[^`]*#\{[^\}]+\}.*`
[=\(][[:space:]]*`[^`]*#\{[^\}]+.*\}
render[[:space:]]+:?(text|plain):?.*#\{[Pp][Aa][Rr][Aa][Mm][^\}]*\}
2 changes: 2 additions & 0 deletions signatures/ruby/xss.db
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
I18n.t[[:space:]]*\(['"][^'"]+['"][[:space:]]*,[[:space:]]*query:[[:space:]]*@.*
render[[:space:]]+:?(text|plain):?.*#\{[^\}]+\}
12 changes: 9 additions & 3 deletions signatures/secrets.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
A[SK]IA[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]+
[Aa][Cc][Cc][Ee][Ss][Ss][_\.\-]?[Kk][Ee][Yy]([_\-\.]?[Ii][Dd])?[\'\"]?[[:space:]]*[=:][[:space:]]*[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-][a-zA-Z0-9+=_\-]+[\'\" ]
[Aa][Cc][Cc][Ee][Ss][Ss][_\.\-]?[Kk][Ee][Yy]([_\-\.]?[Ii][Dd])?[\'\"]?[[:space:]]*[=:][[:space:]]*[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-]+[a-zA-Z0-9\'\"=_\-]$
[_\.\-]?[Aa][Pp][Ii][_\.\-]?[Kk][Ee][Yy][\'\"]?[[:space:]]*[=:][[:space:]]*[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-][a-zA-Z0-9+=_\-]+[\'\" ]
[_\.\-]?[Aa][Pp][Ii][_\.\-]?[Kk][Ee][Yy][\'\"]?[[:space:]]*[=:][[:space:]]*[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-]+[a-zA-Z0-9+=\'\"_\-]$
[_\.\-]?[Aa][Pp][Ii][_\.\-]?[Kk][Ee][Yy]\\?[\'\"]?[[:space:]]*[=:][[:space:]]*\\?[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-][a-zA-Z0-9+=_\-]+[\'\" ]
[_\.\-]?[Aa][Pp][Ii][_\.\-]?[Kk][Ee][Yy]\\?[\'\"]?[[:space:]]*[=:][[:space:]]*\\?[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-]+[a-zA-Z0-9+=\'\"_\-]$
[_\.\-][Oo][Aa][Uu][Tt][Hh][[:space:]]*=
(client_secret|CLIENT_SECRET)[\'\"]?[[:space:]]*[=:][[:space:]]*[a-zA-Z0-9+=\'\"_\-][a-zA-Z0-9+=\'\"_\-]+
[Ss][Ee][Cc][Rr][Ee][Tt][_\-\.]?([Kk][Ee][Yy])?[\'\"]?[[:space:]]*[=:][[:space:]]*[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-][a-zA-Z0-9+=_\-]+[\'\" ]
Expand All @@ -16,16 +16,22 @@ A[SK]IA[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z
[Pp][Rr][Ii][Vv]([Aa][Tt][Ee])?[_\.\-]?[Kk][Ee][Yy][\'\"]?[[:space:]]*[=:][[:space:]]*[a-zA-Z0-9\'\"_\-][a-zA-Z0-9/+_\-][a-zA-Z0-9/+_\-]+[a-zA-Z0-9/+=_\-][a-zA-Z0-9+=_\-]+
PuTTY-User-Key-File-2\:
SG\.......................\............................................
https://events\.pagerduty\.com/integration/[0-9a-fA-F]+/enqueue
https://hooks.slack.com/services/[a-zA-Z0-9_]+/B[a-zA-Z0-9_]+/[a-zA-Z0-9_]+
SessionCryptoPassphrase(File)?[[:space:]]
sk_live_.*
xox([pbrcseoa]|a-2|e-1)-[0-9][0-9][0-9][0-9][0-9][0-9]+-[0-9][0-9][0-9][0-9][0-9][0-9]+-([a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9])+
[Gg][Rr][Aa][Nn][Tt].*[Ii][Dd][Ee][Nn][Tt][Ii][Ff][Ii][Ee][Dd][[:space:]]+[Bb][Yy].*
[Ii][Nn][Ss][Ee][Rr][Tt][[:space:]]+[Ii][Nn][Tt][Oo].*'[0-9a-fA-F]{32}'.*
[Ii][Nn][Ss][Ee][rR][Tt][[:space:]]+[Ii][Nn][Tt][Oo].*'[0-9a-fA-F]{40}'.*
PHP_AUTH_(USER|PW).*[\!\=][\!\=].+
[Cc]onnection[Ss]tring.*([Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]|[Pp][Ww][Dd])[[:space:]]*=.*
[Cc]onnection[Ss]tring.*([Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]|[Pp][Ww][Dd])[[:space:]]*=[^;]+
[Dd][Bb][Cc]:.*([Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]|[Pp][Ww][Dd])[[:space:]]*=[^;]+
\.connect[[:space:]]*\(.*([Pp][Ww][Dd]|[Tt][Oo][Kk][Ee][Nn])=.*
://[^:/@;]+:[^:@/;]+@.*
mysqldump[[:space:]]+.*--password[= ].+
curl[[:space:]]+.*-?-([UEu](ser)?[^:]+:[^ ]+|tlspassword .*|pass .*|cert *[^: ]+:[^ ]+)
curl_setopt[[:space:]]*\(.*CURLOPT_USERPWD.*\)
([Aa][Uu][Tt][Hh].*[\'\"]|Authorization: )[Bb]asic[[:space:]]+([a-zA-Z0-9/\+\.\-][a-zA-Z0-9/\+\.\-][a-zA-Z0-9/\+\.=\-][a-zA-Z0-9/\+\.=\-])+[\'\" ]
--data-urlencode.*[Pp][Aa][Ss][Ss][Ww][Oo]?[Rr]?[Dd]?=.+
JWT::decode[[:space:]]*\([^,]+,[[:space:]]*new Key[[:space:]]*\(['"][^'"]+
2 changes: 2 additions & 0 deletions signatures/sql.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,8 @@ px_.*[[:space:]]*\(.*\$.*\)
ovrimos_.*[[:space:]]*\(.*\$.*\)
maxdb_.*[[:space:]]*\(.*\$.*\)
db2_.*[[:space:]]*\(.*\$.*\)
->sqliteCreate(Agregate|Collation|Function)[[:space:]]*\(
->createFunction[[:space:]]*\(
[Ww][Hh][Ee][Rr][Ee][[:space:]]+.*=[[:space:]]*\{\}
[Aa][Nn][Dd][[:space:]]+.*=[[:space:]]*\{\}
(WHERE|where)[[:space:]]+.*=.*[\'\"][[:space:]]*\+.*
Expand Down
2 changes: 1 addition & 1 deletion signatures/typescript.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ require[[:space:]]*\([[:space:]]*.(child_process|execa).
\.readFileSync[[:space:]]*\(
dotfiles.?[[:space:]]*:[[:space:]]*['"][Aa][Ll][Ll][Oo][Ww]['"]
\.chmod(Sync)?[[:space:]]*\(
(WHERE|where)[[:space:]]+[^;]+(=|[Ii][[Nn][[:space:]]+).*\$\{
(WHERE|where)[[:space:]]+[^\;:\)]+(=|[Ii][[Nn][[:space:]]+[\+\"\(]).*\$\{
[\'\" ]+AND[[:space:]]+.*=[[:space:]]?\$\{[^\}]+\}
(LIKE|like)[[:space:]]+(['"][^\'\"]*)?\$\{[^\}]+\}
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\$\{[^\}]+\}
Expand Down
2 changes: 1 addition & 1 deletion signatures/typescript/fruit.db
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
(WHERE|where)[[:space:]]+[^;]+(=|[Ii][[Nn][[:space:]]+).*\$\{
(WHERE|where)[[:space:]]+[^\;:\)]+(=|[Ii][[Nn][[:space:]]+[\+\"\(]).*\$\{
[\'\" ]+AND[[:space:]]+.*=[[:space:]]?\$\{[^\}]+\}
(LIKE|like)[[:space:]]+(['"][^\'\"]*)?\$\{[^\}]+\}
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\$\{[^\}]+\}
Expand Down
2 changes: 2 additions & 0 deletions signatures/xss.db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,5 @@ echo[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
print[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
print_r([[:space:]]*\(|[[:space:]]+).*\)?\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
\<[\?\%]\=\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
I18n.t[[:space:]]*\(['"][^'"]+['"][[:space:]]*,[[:space:]]*query:[[:space:]]*@.*
render[[:space:]]+:?(text|plain):?.*#\{[^\}]+\}

0 comments on commit f7962eb

Please sign in to comment.