Created
November 5, 2021 04:22
-
-
Save inkz/c6440efd0f97ea115216e5136f83dfad to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: lambda-tainted-func-go | |
languages: [go] | |
severity: WARNING | |
message: >- | |
Tainted func found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern-either: | |
- pattern-inside: | | |
func $HANDLER($CTX $CTXTYPE, $EVENT $TYPE, ...) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- patterns: | |
- pattern-inside: | | |
func $HANDLER($EVENT $TYPE) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- pattern-not-inside: | | |
func $HANDLER($EVENT context.Context) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- pattern: $EVENT | |
pattern-sinks: | |
- patterns: | |
- pattern: $FUNC(...) | |
- id: lambda-tainted-func-java | |
languages: [java] | |
severity: WARNING | |
message: >- | |
Tainted func found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern: $EVENT | |
- pattern-either: | |
- pattern-inside: | | |
$HANDLERTYPE $HANDLER($TYPE $EVENT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
... | |
} | |
- pattern-inside: | | |
$HANDLERTYPE $HANDLER(InputStream $EVENT, OutputStream $OUT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
... | |
} | |
pattern-sinks: | |
- patterns: | |
- pattern: $FUNC(...) | |
- id: lambda-tainted-func-js | |
severity: WARNING | |
message: >- | |
Tainted func found | |
languages: | |
- javascript | |
- typescript | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern-either: | |
- pattern-inside: | | |
exports.handler = function ($EVENT, ...) { | |
... | |
} | |
- pattern-inside: | | |
function $FUNC ($EVENT, ...) {...} | |
... | |
exports.handler = $FUNC | |
- pattern-inside: | | |
$FUNC = function ($EVENT, ...) {...} | |
... | |
exports.handler = $FUNC | |
- pattern: $EVENT | |
pattern-sinks: | |
- patterns: | |
- pattern: $FUNC(...) | |
- id: lambda-tainted-func-python | |
languages: | |
- python | |
message: >- | |
Tainted func found | |
mode: taint | |
pattern-sinks: | |
- patterns: | |
- pattern: $FUNC(...) | |
pattern-sources: | |
- patterns: | |
- pattern: $EVENT | |
- pattern-inside: | | |
def $HANDLER($EVENT, $CONTEXT): | |
... | |
severity: WARNING | |
- id: lambda-tainted-func-ruby | |
languages: [ruby] | |
severity: WARNING | |
message: >- | |
Tainted func found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern: event | |
- pattern-inside: | | |
def $HANDLER(event, context) | |
... | |
end | |
pattern-sinks: | |
- patterns: | |
- pattern: | | |
$FUNC(...) | |
- id: lambda-tainted-object-go | |
languages: [go] | |
severity: WARNING | |
message: >- | |
Tainted object found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern-either: | |
- pattern-inside: | | |
func $HANDLER($CTX $CTXTYPE, $EVENT $TYPE, ...) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- patterns: | |
- pattern-inside: | | |
func $HANDLER($EVENT $TYPE) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- pattern-not-inside: | | |
func $HANDLER($EVENT context.Context) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- pattern: $EVENT | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: | | |
$OBJ[...] = ... | |
- pattern: | | |
$OBJ.$FOO = ... | |
- id: lambda-tainted-object-js | |
severity: WARNING | |
message: >- | |
Tainted object found | |
languages: | |
- javascript | |
- typescript | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern-either: | |
- pattern-inside: | | |
exports.handler = function ($EVENT, ...) { | |
... | |
} | |
- pattern-inside: | | |
function $FUNC ($EVENT, ...) {...} | |
... | |
exports.handler = $FUNC | |
- pattern-inside: | | |
$FUNC = function ($EVENT, ...) {...} | |
... | |
exports.handler = $FUNC | |
- pattern: $EVENT | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: | | |
{...} | |
- pattern: | | |
{...$Y,...} | |
- pattern: | | |
$OBJ[...] = ... | |
- id: lambda-tainted-object-python | |
languages: | |
- python | |
message: >- | |
Tainted object found | |
mode: taint | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: dict(...) | |
- pattern: | | |
{...} | |
- pattern: | | |
$OBJ[...] = ... | |
pattern-sources: | |
- patterns: | |
- pattern: $EVENT | |
- pattern-inside: | | |
def $HANDLER($EVENT, $CONTEXT): | |
... | |
severity: WARNING | |
- id: lambda-tainted-string-ruby | |
languages: [ruby] | |
severity: WARNING | |
message: >- | |
Tainted object found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern: event | |
- pattern-inside: | | |
def $HANDLER(event, context) | |
... | |
end | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: | | |
{...} | |
- pattern: | | |
$OBJ[...] = ... | |
- id: lambda-tainted-string-go | |
languages: [go] | |
severity: WARNING | |
message: >- | |
Tainted string found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern-either: | |
- pattern-inside: | | |
func $HANDLER($CTX $CTXTYPE, $EVENT $TYPE, ...) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- patterns: | |
- pattern-inside: | | |
func $HANDLER($EVENT $TYPE) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- pattern-not-inside: | | |
func $HANDLER($EVENT context.Context) {...} | |
... | |
lambda.Start($HANDLER, ...) | |
- pattern: $EVENT | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: fmt.Printf("$STR", ...) | |
- pattern: fmt.Sprintf("$STR", ...) | |
- pattern: fmt.Fprintf($W, "$STR", ...) | |
- pattern: '"$STR" + ...' | |
- id: lambda-tainted-string-java | |
languages: [java] | |
severity: WARNING | |
message: >- | |
Tainted string found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern: $EVENT | |
- pattern-either: | |
- pattern-inside: | | |
$HANDLERTYPE $HANDLER($TYPE $EVENT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
... | |
} | |
- pattern-inside: | | |
$HANDLERTYPE $HANDLER(InputStream $EVENT, OutputStream $OUT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
... | |
} | |
pattern-sinks: | |
- patterns: | |
- patterns: | |
- pattern-either: | |
- pattern: | | |
"$STR" + ... | |
- pattern: | | |
"$STR".concat(...) | |
- patterns: | |
- pattern-inside: | | |
StringBuilder $SB = new StringBuilder("$STR"); | |
... | |
- pattern: $SB.append(...) | |
- patterns: | |
- pattern-inside: | | |
$VAR = "$STR"; | |
... | |
- pattern: $VAR += ... | |
- pattern: String.format("$STR", ...) | |
- id: lambda-tainted-string-js | |
severity: WARNING | |
message: >- | |
Tainted string found | |
languages: | |
- javascript | |
- typescript | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern-either: | |
- pattern-inside: | | |
exports.handler = function ($EVENT, ...) { | |
... | |
} | |
- pattern-inside: | | |
function $FUNC ($EVENT, ...) {...} | |
... | |
exports.handler = $FUNC | |
- pattern-inside: | | |
$FUNC = function ($EVENT, ...) {...} | |
... | |
exports.handler = $FUNC | |
- pattern: $EVENT | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: | | |
"$HTMLSTR" + $EXPR | |
- pattern: | | |
"$STR".concat(...) | |
- pattern: | | |
$UTIL.format(...) | |
- pattern: | | |
`...` | |
- id: lambda-tainted-string-python | |
languages: | |
- python | |
message: >- | |
Tainted string found | |
mode: taint | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: '"$STR" % ...' | |
- pattern: '"$STR".format(...)' | |
- pattern: '"$STR" + ...' | |
- pattern: f"...{...}..." | |
- patterns: | |
- pattern-inside: | | |
$SMTH = "$STR" | |
... | |
- pattern: $SMTH += ... | |
pattern-sources: | |
- patterns: | |
- pattern: $EVENT | |
- pattern-inside: | | |
def $HANDLER($EVENT, $CONTEXT): | |
... | |
severity: WARNING | |
- id: lambda-tainted-string-ruby | |
languages: [ruby] | |
severity: WARNING | |
message: >- | |
Tainted string found | |
mode: taint | |
pattern-sources: | |
- patterns: | |
- pattern: event | |
- pattern-inside: | | |
def $HANDLER(event, context) | |
... | |
end | |
pattern-sinks: | |
- patterns: | |
- pattern-either: | |
- pattern: | | |
"...#{...}..." | |
- pattern: Kernel::sprintf("$SQLSTR", ...) | |
- pattern: | | |
"$SQLSTR" + $EXPR | |
- pattern: | | |
"$SQLSTR" % $EXPR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment