Created
November 5, 2021 04:22
-
-
Save inkz/c6440efd0f97ea115216e5136f83dfad to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: lambda-tainted-func-go | |
| languages: [go] | |
| severity: WARNING | |
| message: >- | |
| Tainted func found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern-either: | |
| - pattern-inside: | | |
| func $HANDLER($CTX $CTXTYPE, $EVENT $TYPE, ...) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - patterns: | |
| - pattern-inside: | | |
| func $HANDLER($EVENT $TYPE) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - pattern-not-inside: | | |
| func $HANDLER($EVENT context.Context) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - pattern: $EVENT | |
| pattern-sinks: | |
| - patterns: | |
| - pattern: $FUNC(...) | |
| - id: lambda-tainted-func-java | |
| languages: [java] | |
| severity: WARNING | |
| message: >- | |
| Tainted func found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern: $EVENT | |
| - pattern-either: | |
| - pattern-inside: | | |
| $HANDLERTYPE $HANDLER($TYPE $EVENT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
| ... | |
| } | |
| - pattern-inside: | | |
| $HANDLERTYPE $HANDLER(InputStream $EVENT, OutputStream $OUT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
| ... | |
| } | |
| pattern-sinks: | |
| - patterns: | |
| - pattern: $FUNC(...) | |
| - id: lambda-tainted-func-js | |
| severity: WARNING | |
| message: >- | |
| Tainted func found | |
| languages: | |
| - javascript | |
| - typescript | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern-either: | |
| - pattern-inside: | | |
| exports.handler = function ($EVENT, ...) { | |
| ... | |
| } | |
| - pattern-inside: | | |
| function $FUNC ($EVENT, ...) {...} | |
| ... | |
| exports.handler = $FUNC | |
| - pattern-inside: | | |
| $FUNC = function ($EVENT, ...) {...} | |
| ... | |
| exports.handler = $FUNC | |
| - pattern: $EVENT | |
| pattern-sinks: | |
| - patterns: | |
| - pattern: $FUNC(...) | |
| - id: lambda-tainted-func-python | |
| languages: | |
| - python | |
| message: >- | |
| Tainted func found | |
| mode: taint | |
| pattern-sinks: | |
| - patterns: | |
| - pattern: $FUNC(...) | |
| pattern-sources: | |
| - patterns: | |
| - pattern: $EVENT | |
| - pattern-inside: | | |
| def $HANDLER($EVENT, $CONTEXT): | |
| ... | |
| severity: WARNING | |
| - id: lambda-tainted-func-ruby | |
| languages: [ruby] | |
| severity: WARNING | |
| message: >- | |
| Tainted func found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern: event | |
| - pattern-inside: | | |
| def $HANDLER(event, context) | |
| ... | |
| end | |
| pattern-sinks: | |
| - patterns: | |
| - pattern: | | |
| $FUNC(...) | |
| - id: lambda-tainted-object-go | |
| languages: [go] | |
| severity: WARNING | |
| message: >- | |
| Tainted object found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern-either: | |
| - pattern-inside: | | |
| func $HANDLER($CTX $CTXTYPE, $EVENT $TYPE, ...) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - patterns: | |
| - pattern-inside: | | |
| func $HANDLER($EVENT $TYPE) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - pattern-not-inside: | | |
| func $HANDLER($EVENT context.Context) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - pattern: $EVENT | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: | | |
| $OBJ[...] = ... | |
| - pattern: | | |
| $OBJ.$FOO = ... | |
| - id: lambda-tainted-object-js | |
| severity: WARNING | |
| message: >- | |
| Tainted object found | |
| languages: | |
| - javascript | |
| - typescript | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern-either: | |
| - pattern-inside: | | |
| exports.handler = function ($EVENT, ...) { | |
| ... | |
| } | |
| - pattern-inside: | | |
| function $FUNC ($EVENT, ...) {...} | |
| ... | |
| exports.handler = $FUNC | |
| - pattern-inside: | | |
| $FUNC = function ($EVENT, ...) {...} | |
| ... | |
| exports.handler = $FUNC | |
| - pattern: $EVENT | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: | | |
| {...} | |
| - pattern: | | |
| {...$Y,...} | |
| - pattern: | | |
| $OBJ[...] = ... | |
| - id: lambda-tainted-object-python | |
| languages: | |
| - python | |
| message: >- | |
| Tainted object found | |
| mode: taint | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: dict(...) | |
| - pattern: | | |
| {...} | |
| - pattern: | | |
| $OBJ[...] = ... | |
| pattern-sources: | |
| - patterns: | |
| - pattern: $EVENT | |
| - pattern-inside: | | |
| def $HANDLER($EVENT, $CONTEXT): | |
| ... | |
| severity: WARNING | |
| - id: lambda-tainted-string-ruby | |
| languages: [ruby] | |
| severity: WARNING | |
| message: >- | |
| Tainted object found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern: event | |
| - pattern-inside: | | |
| def $HANDLER(event, context) | |
| ... | |
| end | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: | | |
| {...} | |
| - pattern: | | |
| $OBJ[...] = ... | |
| - id: lambda-tainted-string-go | |
| languages: [go] | |
| severity: WARNING | |
| message: >- | |
| Tainted string found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern-either: | |
| - pattern-inside: | | |
| func $HANDLER($CTX $CTXTYPE, $EVENT $TYPE, ...) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - patterns: | |
| - pattern-inside: | | |
| func $HANDLER($EVENT $TYPE) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - pattern-not-inside: | | |
| func $HANDLER($EVENT context.Context) {...} | |
| ... | |
| lambda.Start($HANDLER, ...) | |
| - pattern: $EVENT | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: fmt.Printf("$STR", ...) | |
| - pattern: fmt.Sprintf("$STR", ...) | |
| - pattern: fmt.Fprintf($W, "$STR", ...) | |
| - pattern: '"$STR" + ...' | |
| - id: lambda-tainted-string-java | |
| languages: [java] | |
| severity: WARNING | |
| message: >- | |
| Tainted string found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern: $EVENT | |
| - pattern-either: | |
| - pattern-inside: | | |
| $HANDLERTYPE $HANDLER($TYPE $EVENT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
| ... | |
| } | |
| - pattern-inside: | | |
| $HANDLERTYPE $HANDLER(InputStream $EVENT, OutputStream $OUT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { | |
| ... | |
| } | |
| pattern-sinks: | |
| - patterns: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: | | |
| "$STR" + ... | |
| - pattern: | | |
| "$STR".concat(...) | |
| - patterns: | |
| - pattern-inside: | | |
| StringBuilder $SB = new StringBuilder("$STR"); | |
| ... | |
| - pattern: $SB.append(...) | |
| - patterns: | |
| - pattern-inside: | | |
| $VAR = "$STR"; | |
| ... | |
| - pattern: $VAR += ... | |
| - pattern: String.format("$STR", ...) | |
| - id: lambda-tainted-string-js | |
| severity: WARNING | |
| message: >- | |
| Tainted string found | |
| languages: | |
| - javascript | |
| - typescript | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern-either: | |
| - pattern-inside: | | |
| exports.handler = function ($EVENT, ...) { | |
| ... | |
| } | |
| - pattern-inside: | | |
| function $FUNC ($EVENT, ...) {...} | |
| ... | |
| exports.handler = $FUNC | |
| - pattern-inside: | | |
| $FUNC = function ($EVENT, ...) {...} | |
| ... | |
| exports.handler = $FUNC | |
| - pattern: $EVENT | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: | | |
| "$HTMLSTR" + $EXPR | |
| - pattern: | | |
| "$STR".concat(...) | |
| - pattern: | | |
| $UTIL.format(...) | |
| - pattern: | | |
| `...` | |
| - id: lambda-tainted-string-python | |
| languages: | |
| - python | |
| message: >- | |
| Tainted string found | |
| mode: taint | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: '"$STR" % ...' | |
| - pattern: '"$STR".format(...)' | |
| - pattern: '"$STR" + ...' | |
| - pattern: f"...{...}..." | |
| - patterns: | |
| - pattern-inside: | | |
| $SMTH = "$STR" | |
| ... | |
| - pattern: $SMTH += ... | |
| pattern-sources: | |
| - patterns: | |
| - pattern: $EVENT | |
| - pattern-inside: | | |
| def $HANDLER($EVENT, $CONTEXT): | |
| ... | |
| severity: WARNING | |
| - id: lambda-tainted-string-ruby | |
| languages: [ruby] | |
| severity: WARNING | |
| message: >- | |
| Tainted string found | |
| mode: taint | |
| pattern-sources: | |
| - patterns: | |
| - pattern: event | |
| - pattern-inside: | | |
| def $HANDLER(event, context) | |
| ... | |
| end | |
| pattern-sinks: | |
| - patterns: | |
| - pattern-either: | |
| - pattern: | | |
| "...#{...}..." | |
| - pattern: Kernel::sprintf("$SQLSTR", ...) | |
| - pattern: | | |
| "$SQLSTR" + $EXPR | |
| - pattern: | | |
| "$SQLSTR" % $EXPR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment