CVE | Description | CVSS 3 Base score |
---|---|---|
CVE-2021-29505 | XStream is vulnerable to a Remote Command Execution attack. | 8.8 |
CVE-2021-21341 | XStream can cause a Denial of Service. | 7.5 |
CVE-2021-21342 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. | 9.1 |
CVE-2021-21343 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. | 7.5 |
CVE-2021-21344 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
CVE-2021-21345 | XStream is vulnerable to a Remote Command Execution attack. | 9.9 |
CVE-2021-21346 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
CVE-2021-21347 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Protect the master branch. Enforce that ci/tests and shiftleft should pass to allow merges | |
# Allow PR to be dismissed by sem-user and managers team | |
resource "github_branch_protection" "protect_master" { | |
repository = "${github_repository_name}" | |
branch = "master" | |
enforce_admins = true | |
require_signed_commits = false | |
required_status_checks { | |
strict = false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"reachables" : [ | |
{ | |
"flows" : [ | |
{ | |
"id" : 44, | |
"label" : "METHOD_PARAMETER_IN", | |
"name" : "this", | |
"fullName" : "", | |
"signature" : "", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
definitions: | |
steps: | |
- step: &build | |
name: Build microservices jar | |
script: | |
- mvn package | |
artifacts: | |
- target/** | |
- step: &build-react | |
name: Build React app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<xsl:stylesheet version="1.0" xmlns:bom="http://cyclonedx.org/schema/bom/1.1" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
<xsl:output method="text" /> | |
<xsl:template match="/"> | |
<xsl:text>## Project dependencies</xsl:text> | |
<xsl:text>

</xsl:text> | |
<xsl:text>| Vendor | Name | Version | License Id | </xsl:text> | |
<xsl:text>
</xsl:text> | |
<xsl:text>| -------|------|---------|------------|</xsl:text> | |
<xsl:text>
</xsl:text> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// git clone https://github.com/OWASP/NodeGoat | |
// Install joern | |
// importCode("NodeGoat") | |
val requestPattern = | |
"req\\.(originalUrl|path|protocol|route|secure|signedCookies|stale|subdomains|xhr|app|pipe|file|files|baseUrl|fresh|hostname|ip|url|ips|method|body|param|params|query|cookies)" | |
val taintSourcePattern = "(?s)(?i).*" + requestPattern + ".*" | |
val responsePattern = | |
"res\\.(append|attachment|cookie|clearCookie|download|end|format|get|json|jsonp|links|location|redirect|render|send|sendFile|sendStatus|set|status|type|vary)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Script to clone top repos on github based on language and invoke ShiftLeft Scan against the repos to find vulnerabilities | |
# Use case 1: Scan the top repos on GitHub and write a state of opensource report to criticize opensource! | |
# Use case 2: Scan the top repos on GitHub and sell your magical security product to guard organizations against opensource vulnerabilities! | |
CURR_DIR=$(pwd) | |
mkdir -p reports_dir | |
mkdir -p work_dir && cd work_dir | |
# Get the latest scan image | |
docker pull shiftleft/scan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /usr/bin/env python3 | |
# python3 bidi-check.py <file or directory> | |
# This script looks for bi-directional unicode characters. Useful to look for CVE-2021-42574 / https://trojansource.codes/ | |
import argparse | |
import codecs | |
import os | |
import sys | |
import unicodedata | |
bidi_dict = {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# grep -w Bidi_Control /usr/share/unicode/PropList.txt | |
061C ; Bidi_Control # Cf ARABIC LETTER MARK | |
200E..200F ; Bidi_Control # Cf [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK | |
202A..202E ; Bidi_Control # Cf [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE | |
2066..2069 ; Bidi_Control # Cf [4] LEFT-TO-RIGHT ISOLATE..POP DIRECTIONAL ISOLATE | |
# Check your files for U+061C, U+200E, U+200F, U+202A, U+202B, U+202C, U+202D, U+202E, U+2066, U+2067, U+2068, U+2069 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# apt install unicode-data | |
# Copied from /usr/share/unicode/BidiBrackets.txt | |
# BidiBrackets-13.0.0.txt | |
# Date: 2019-09-09, 19:31:00 GMT [AG, LI, KW] | |
# © 2019 Unicode®, Inc. | |
# Unicode and the Unicode Logo are registered trademarks of Unicode, Inc. in the U.S. and other countries. | |
# For terms of use, see http://www.unicode.org/terms_of_use.html | |
# | |
# Unicode Character Database | |
# For documentation, see http://www.unicode.org/reports/tr44/ |
NewerOlder