Vasilii Ermilov inkz

## orgs_to_scan.txt
0xPolygon/chain-indexer-framework
0xPolygonHermez/pil-stark
0xPolygonHermez/pilcom
0xPolygonHermez/zkevm-node
0xPolygonHermez/zkevm-prover
0xPolygonHermez/zkevm-proverjs
0xPolygonHermez/zkevm-rom
18f/federalist
18f/federalist-builder
18f/federalist-docker-build

## gh-actions.yaml
rules:
- id: allowed-unsecure-commands
  languages:
  - yaml
  severity: WARNING
  message: smth found
  patterns:
  - pattern-either:
    - patterns:
      - pattern-inside: "{on: ...}"

## index_example.ts
import express from 'express'
import mongoose from 'mongoose'
const app = express()
const port = 3000

// const { BlogPost } = require('./models')
import {BlogPost} from './models'

async function main() {

## captcha_model.ts
/*
 * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
 * SPDX-License-Identifier: MIT
 */

import {
  Model,
  InferAttributes,
  InferCreationAttributes,
  DataTypes,

## lambda_recon_2021.yaml
rules:
- id: lambda-tainted-func-go
  languages: [go]
  severity: WARNING
  message: >-
    Tainted func found
  mode: taint
  pattern-sources:
  - patterns:
    - pattern-either:

## java-spring-sink-source.yaml
rules:
- id: java-spring-sink-source
  mode: taint
  pattern-sinks:
    - pattern: |
        $SINK(...)
  pattern-sources:
    - patterns:
      - pattern: $VAR
      - pattern-either:

## rails-sink-source.yaml
rules:
  - id: rails-sink-source
    mode: taint
    pattern-sources:
      - pattern: params[$X]
    pattern-sinks:
      - pattern: $WHATEVER(...)
    message: |
      sink for RoR found
    languages:

## expressjs-source-sink-research.yaml
rules:
- id: expressjs-source-sink-research
  mode: taint
  languages:
  - js
  - typescript
  message: >-
    Found a sink for Express.js app
  severity: WARNING
  pattern-sinks:

## symfony-permissive-cors.yaml
rules:
  - id: symfony-permissive-cors
    languages:
      - php
    message: Access-Control-Allow-Origin response header is set to "*". This will
      disable CORS Same Origin Policy restrictions.
    metadata:
      category: security
      cwe: "CWE-346: Origin Validation Error"
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

## new-php-rules.yaml
rules:
- id: doctrine-dbal-dangerous-query
  languages:
  - php
  message: Detected string concatenation with a non-literal variable in a Doctrine DBAL query method. This could lead to SQL
    injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized
    queries or prepared statements instead.
  metadata:
    category: security
    cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
	0xPolygon/chain-indexer-framework
	0xPolygonHermez/pil-stark
	0xPolygonHermez/pilcom
	0xPolygonHermez/zkevm-node
	0xPolygonHermez/zkevm-prover
	0xPolygonHermez/zkevm-proverjs
	0xPolygonHermez/zkevm-rom
	18f/federalist
	18f/federalist-builder
	18f/federalist-docker-build
	rules:
	- id: allowed-unsecure-commands
	languages:
	- yaml
	severity: WARNING
	message: smth found
	patterns:
	- pattern-either:
	- patterns:
	- pattern-inside: "{on: ...}"
	import express from 'express'
	import mongoose from 'mongoose'
	const app = express()
	const port = 3000

	// const { BlogPost } = require('./models')
	import {BlogPost} from './models'

	async function main() {
	/*
	* Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
	* SPDX-License-Identifier: MIT
	*/

	import {
	Model,
	InferAttributes,
	InferCreationAttributes,
	DataTypes,
	rules:
	- id: lambda-tainted-func-go
	languages: [go]
	severity: WARNING
	message: >-
	Tainted func found
	mode: taint
	pattern-sources:
	- patterns:
	- pattern-either:
	rules:
	- id: java-spring-sink-source
	mode: taint
	pattern-sinks:
	- pattern: \|
	$SINK(...)
	pattern-sources:
	- patterns:
	- pattern: $VAR
	- pattern-either:
	rules:
	- id: rails-sink-source
	mode: taint
	pattern-sources:
	- pattern: params[$X]
	pattern-sinks:
	- pattern: $WHATEVER(...)
	message: \|
	sink for RoR found
	languages:
	rules:
	- id: expressjs-source-sink-research
	mode: taint
	languages:
	- js
	- typescript
	message: >-
	Found a sink for Express.js app
	severity: WARNING
	pattern-sinks:
	rules:
	- id: symfony-permissive-cors
	languages:
	- php
	message: Access-Control-Allow-Origin response header is set to "*". This will
	disable CORS Same Origin Policy restrictions.
	metadata:
	category: security
	cwe: "CWE-346: Origin Validation Error"
	license: Commons Clause License Condition v1.0[LGPL-2.1-only]
	rules:
	- id: doctrine-dbal-dangerous-query
	languages:
	- php
	message: Detected string concatenation with a non-literal variable in a Doctrine DBAL query method. This could lead to SQL
	injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized
	queries or prepared statements instead.
	metadata:
	category: security
	cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"