This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0xPolygon/chain-indexer-framework | |
0xPolygonHermez/pil-stark | |
0xPolygonHermez/pilcom | |
0xPolygonHermez/zkevm-node | |
0xPolygonHermez/zkevm-prover | |
0xPolygonHermez/zkevm-proverjs | |
0xPolygonHermez/zkevm-rom | |
18f/federalist | |
18f/federalist-builder | |
18f/federalist-docker-build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: allowed-unsecure-commands | |
languages: | |
- yaml | |
severity: WARNING | |
message: smth found | |
patterns: | |
- pattern-either: | |
- patterns: | |
- pattern-inside: "{on: ...}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import express from 'express' | |
import mongoose from 'mongoose' | |
const app = express() | |
const port = 3000 | |
// const { BlogPost } = require('./models') | |
import {BlogPost} from './models' | |
async function main() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors. | |
* SPDX-License-Identifier: MIT | |
*/ | |
import { | |
Model, | |
InferAttributes, | |
InferCreationAttributes, | |
DataTypes, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: lambda-tainted-func-go | |
languages: [go] | |
severity: WARNING | |
message: >- | |
Tainted func found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern-either: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: java-spring-sink-source | |
mode: taint | |
pattern-sinks: | |
- pattern: | | |
$SINK(...) | |
pattern-sources: | |
- patterns: | |
- pattern: $VAR | |
- pattern-either: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: rails-sink-source | |
mode: taint | |
pattern-sources: | |
- pattern: params[$X] | |
pattern-sinks: | |
- pattern: $WHATEVER(...) | |
message: | | |
sink for RoR found | |
languages: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: expressjs-source-sink-research | |
mode: taint | |
languages: | |
- js | |
- typescript | |
message: >- | |
Found a sink for Express.js app | |
severity: WARNING | |
pattern-sinks: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: symfony-permissive-cors | |
languages: | |
- php | |
message: Access-Control-Allow-Origin response header is set to "*". This will | |
disable CORS Same Origin Policy restrictions. | |
metadata: | |
category: security | |
cwe: "CWE-346: Origin Validation Error" | |
license: Commons Clause License Condition v1.0[LGPL-2.1-only] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: doctrine-dbal-dangerous-query | |
languages: | |
- php | |
message: Detected string concatenation with a non-literal variable in a Doctrine DBAL query method. This could lead to SQL | |
injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized | |
queries or prepared statements instead. | |
metadata: | |
category: security | |
cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" |
NewerOlder