This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: detect-child-process | |
metadata: | |
cwe: | |
"CWE-78: Improper Neutralization of Special Elements used in an OS Command | |
('OS Command Injection')" | |
owasp: | |
- A03:2021 - Injection | |
- A01:2017 - Injection | |
references: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: tainted-sql-string | |
languages: | |
- java | |
severity: ERROR | |
message: User data flows into this manually-constructed SQL string. User data | |
can be safely inserted into SQL strings using prepared statements or an | |
object-relational mapper (ORM). Manually-constructed SQL strings is a | |
possible indicator of SQL injection, which could let an attacker steal or | |
manipulate data from the database. Instead, use prepared statements |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: nan-injection | |
message: blah | |
languages: [python] | |
severity: ERROR | |
mode: taint | |
pattern-sources: | |
- pattern: flask.request | |
pattern-sinks: | |
- pattern-either: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: spring-sql-injection | |
message: >- | |
SQLi | |
severity: ERROR | |
mode: join | |
join: | |
refs: | |
- rule: https://raw.githubusercontent.com/minusworld/semgrep-library/main/rules/java/spring/user-input.yaml | |
as: spring-user-input |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import boto3 | |
import os | |
import io | |
BUCKET="YOUR_BUCKET_HERE" | |
s3 = boto3.client("s3") | |
def lambda_handler(event, context): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from collections import defaultdict | |
def group(items: List[Any], key: Callable[[Any], Any]) -> Dict[Any, Any]: | |
dd = defaultdict(list) | |
for item in items: | |
k = key(item) | |
dd[k].append(item) | |
return dd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Individual Contributor | |
License Agreement | |
("Agreement") V2.0 | |
Thank you for your interest in The Apache Software Foundation (the | |
"Foundation"). In order to clarify the intellectual property license | |
granted with Contributions from any person or entity, the Foundation | |
must have a Contributor License Agreement ("CLA") on file that has | |
been signed by each Contributor, indicating agreement to the license | |
terms below. This license is for your protection as a Contributor as | |
well as the protection of the Foundation and its users; it does not |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: user-input-unescaped-extension | |
mode: join | |
join: | |
refs: | |
- rule: https://raw.githubusercontent.com/minusworld/semgrep-library/main/rules/flask/flask-user-input.yaml | |
as: user-input | |
- rule: https://raw.githubusercontent.com/minusworld/semgrep-library/main/rules/flask/unescaped-template-extension.yaml | |
as: unescaped-extensions | |
- rule: https://raw.githubusercontent.com/minusworld/semgrep-library/main/rules/flask/any-template-var.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: user-input-escaped-with-safe | |
mode: join | |
join: | |
refs: | |
- rule: https://raw.githubusercontent.com/minusworld/semgrep-library/main/rules/flask/flask-user-input.yaml | |
as: user-input | |
- rule: https://raw.githubusercontent.com/minusworld/semgrep-library/main/rules/flask/render-template-input.yaml | |
as: render-template-input | |
- rule: https://raw.githubusercontent.com/minusworld/semgrep-library/main/rules/flask/template-var-safe.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: detected-aws-secret-access-key-new | |
pattern-regex: |- | |
(("|'|`)?((?i)aws)_?\w*((?i)secret)_?\w*("|'|`)?\s{0,50}(:|=>|=)\s{0,50}("|'|`)?[A-Za-z0-9/+=]{40}("|'|`)?) | |
languages: [regex] | |
message: AWS Secret Access Key detected | |
severity: ERROR | |
metadata: | |
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go | |
- id: detected-aws-secret-access-key-old |
NewerOlder