Vasilii Ermilov inkz
inkz
/ orgs_to_scan.txt
Last active
January 7, 2026 02:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0xPolygon/auto-claim-service | |
| 0xPolygon/chain-indexer-framework | |
| 0xPolygon/heimdall-v2 | |
| 0xPolygon/lxly | |
| 0xPolygon/proof-generation-api | |
| 0xPolygon/static | |
| Aiven | |
| Aiven-Open | |
| Automattic/WP-Job-Manager | |
| Automattic/jetpack |
inkz
/ gh-actions.yaml
Created
September 1, 2022 06:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: allowed-unsecure-commands | |
| languages: | |
| - yaml | |
| severity: WARNING | |
| message: smth found | |
| patterns: | |
| - pattern-either: | |
| - patterns: | |
| - pattern-inside: "{on: ...}" |
inkz
/ index_example.ts
Created
July 11, 2022 04:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import express from 'express' | |
| import mongoose from 'mongoose' | |
| const app = express() | |
| const port = 3000 | |
| // const { BlogPost } = require('./models') | |
| import {BlogPost} from './models' | |
| async function main() { |
inkz
/ captcha_model.ts
Created
July 11, 2022 04:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors. | |
| * SPDX-License-Identifier: MIT | |
| */ | |
| import { | |
| Model, | |
| InferAttributes, | |
| InferCreationAttributes, | |
| DataTypes, |
inkz
/ lambda_recon_2021.yaml
Created
November 5, 2021 04:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: lambda-tainted-func-go | |
| languages: [go] | |
| severity: WARNING | |
| message: >- | |
| Tainted func found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern-either: |
inkz
/ java-spring-sink-source.yaml
Created
October 18, 2021 08:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: java-spring-sink-source | |
| mode: taint | |
| pattern-sinks: | |
| - pattern: | | |
| $SINK(...) | |
| pattern-sources: | |
| - patterns: | |
| - pattern: $VAR | |
| - pattern-either: |
inkz
/ rails-sink-source.yaml
Created
October 15, 2021 06:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: rails-sink-source | |
| mode: taint | |
| pattern-sources: | |
| - pattern: params[$X] | |
| pattern-sinks: | |
| - pattern: $WHATEVER(...) | |
| message: | | |
| sink for RoR found | |
| languages: |
inkz
/ expressjs-source-sink-research.yaml
Created
September 29, 2021 06:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: expressjs-source-sink-research | |
| mode: taint | |
| languages: | |
| - js | |
| - typescript | |
| message: >- | |
| Found a sink for Express.js app | |
| severity: WARNING | |
| pattern-sinks: |
inkz
/ symfony-permissive-cors.yaml
Created
September 28, 2021 08:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: symfony-permissive-cors | |
| languages: | |
| - php | |
| message: Access-Control-Allow-Origin response header is set to "*". This will | |
| disable CORS Same Origin Policy restrictions. | |
| metadata: | |
| category: security | |
| cwe: "CWE-346: Origin Validation Error" | |
| license: Commons Clause License Condition v1.0[LGPL-2.1-only] |
inkz
/ new-php-rules.yaml
Last active
October 1, 2021 04:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: doctrine-dbal-dangerous-query | |
| languages: | |
| - php | |
| message: Detected string concatenation with a non-literal variable in a Doctrine DBAL query method. This could lead to SQL | |
| injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized | |
| queries or prepared statements instead. | |
| metadata: | |
| category: security | |
| cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" |
NewerOlder