diff --git a/DevSkim-DotNet/Microsoft.DevSkim/Resources/devskim-rules.json b/DevSkim-DotNet/Microsoft.DevSkim/Resources/devskim-rules.json deleted file mode 100644 index 076426bb..00000000 --- a/DevSkim-DotNet/Microsoft.DevSkim/Resources/devskim-rules.json +++ /dev/null @@ -1 +0,0 @@ -[{"id":"DS165348","name":"Do not attempt to access device UDID","overrides":null,"schema_version":0,"tags":["Implementation.Mobile.iOS.DataProtection.Privacy.UDID"],"applies_to":["objective-c"],"severity":"important","confidence":0,"description":"Access to the device UDID (via [[UIDevice currentDevice] uniqueIdentifier]) is deprecated as of iOS 5 and should not be used or relied upon.","recommendation":"[[UIDevice currentDevice] identifierForVendor]","rule_info":"DS165348.md","patterns":[{"pattern":"\\buniqueIdentifier\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS173237","name":"Do not store tokens or keys in source code.","overrides":null,"schema_version":0,"tags":["Implementation.Privacy.Token"],"applies_to":null,"severity":"important","confidence":0,"description":"A token or key was found in source code. If this represents a secret, it should be moved somewhere else.","recommendation":"","rule_info":"DS173237.md","patterns":[{"pattern":"[\"'][a-f0-9]{30,}[\"']","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS117838","name":"Do not store tokens or keys in source code.","overrides":["DS173237"],"schema_version":0,"tags":["Implementation.Privacy.Token"],"applies_to":null,"severity":"critical","confidence":0,"description":"A token or key was found in source code. If this represents a secret, it should be moved somewhere else.","recommendation":"","rule_info":"DS117838.md","patterns":[{"pattern":"(secret|license|key|pass).*[a-f0-9]{30,}","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS101155","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":null,"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS101155.md","patterns":[{"pattern":"encrypt\\s*=\\s*false","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"encryption\\s*=\\s*false","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"unencrypted.*password","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"TODO.*crypt","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS101159","name":"Initializing Security Context","overrides":null,"schema_version":0,"tags":["Cryptography.SecurityContext.Initialization"],"applies_to":["cpp"],"severity":"manual-review","confidence":0,"description":"SecurityContext initialization, look here for cryptography functions.","recommendation":"","rule_info":"DS101159.md","patterns":[{"pattern":"\\bInitializeSecurityContext\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS126858","name":"Weak/Broken Hash Algorithm","overrides":null,"schema_version":0,"tags":["Cryptography.BannedHashAlgorithm"],"applies_to":null,"severity":"critical","confidence":0,"description":"A weak or broken hash algorithm was detected.","recommendation":"Consider switching to use SHA-256 or SHA-512 instead.","rule_info":"DS126858.md","patterns":[{"pattern":"(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to \"SHA256\"","type":"regex-replace","pattern":{"pattern":"(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"SHA256"},{"name":"Change to \"SHA512\"","type":"regex-replace","pattern":{"pattern":"(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"SHA512"}]},{"id":"DS197800","name":"Weak/Broken Hash Algorithm","overrides":["DS126858"],"schema_version":0,"tags":["Cryptography.HashAlgorithm.BrokenOrWeak"],"applies_to":["objective-c"],"severity":"critical","confidence":0,"description":"A weak or broken hash algorithm was detected.","recommendation":"Use CC_SHA256 or CC_SHA512 instead.","rule_info":"DS197800.md","patterns":[{"pattern":"CC_(MD2|MD4|MD5|SHA1)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to SHA-256","type":"regex-replace","pattern":{"pattern":"CC_(MD2|MD4|MD5|SHA1)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"CC_SHA256"},{"name":"Change to SHA-512","type":"regex-replace","pattern":{"pattern":"CC_(MD2|MD4|MD5|SHA1)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"CC_SHA512"}]},{"id":"DS128420","name":"Weak/Broken Hash Algorithm","overrides":["DS126858"],"schema_version":0,"tags":["Cryptography.HashAlgorithm.BrokenOrWeak"],"applies_to":["php"],"severity":"critical","confidence":0,"description":"A weak or broken hash algorithm was detected.","recommendation":"When using hash(), use sha256 or sha512 as the algorithms instead","rule_info":"DS128420.md","patterns":[{"pattern":"hash\\s*\\(\\s*[\\'\\\"](md2|md4|md5|sha1|sha224|ripemd128|ripemd160|ripemd256|ripemd320)[\\'\\\"](.*)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to SHA-256","type":"regex-replace","pattern":{"pattern":"hash\\s*\\(\\s*[\\'\\\"](md2|md4|md5|sha1|sha224|ripemd128|ripemd160|ripemd256|ripemd320)[\\'\\\"](.*)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"hash('sha256'$2);"},{"name":"Change to SHA-512","type":"regex-replace","pattern":{"pattern":"hash\\s*\\(\\s*[\\'\\\"](md2|md4|md5|sha1|sha224|ripemd128|ripemd160|ripemd256|ripemd320)[\\'\\\"](.*)\\)\\s*;","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"hash('sha512'$2);"}]},{"id":"DS108647","name":"Do not use broken/weak cryptographic hash algorithms","overrides":["DS126858"],"schema_version":0,"tags":["Cryptography.HashAlgorithm.BrokenOrWeak"],"applies_to":["ruby"],"severity":"critical","confidence":0,"description":"Avoid using broken or weak hash algorithms.","recommendation":"Use Digest::SHA256 or Digest::SHA512","rule_info":"DS108647.md","patterns":[{"pattern":"Digest::(MD5|RMD160|SHA1)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to SHA-256","type":"regex-replace","pattern":{"pattern":"Digest::(MD5|RMD160|SHA1)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"Digest::SHA256"},{"name":"Change to SHA-512","type":"regex-replace","pattern":{"pattern":"Digest::(MD5|RMD160|SHA1)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"Digest::SHA512"}]},{"id":"DS196098","name":"Do not use broken/weak cryptographic hash algorithms","overrides":["DS126858"],"schema_version":0,"tags":["Cryptography.HashAlgorithm.BrokenOrWeak"],"applies_to":["python"],"severity":"critical","confidence":0,"description":"Avoid using broken or weak hash algorithms.","recommendation":"Use hashlib.sha256 instead.","rule_info":"DS196098.md","patterns":[{"pattern":"(md5|sha)\\.new\\(","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to hashlib.sha256","type":"regex-replace","pattern":{"pattern":"(md5|sha)\\.new\\(","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"hashlib.sha256("},{"name":"Change to hashlib.sha512","type":"regex-replace","pattern":{"pattern":"(md5|sha)\\.new\\(","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"hashlib.sha512("}]},{"id":"DS168931","name":"Do not use broken/weak cryptographic hash algorithms","overrides":["DS126858"],"schema_version":0,"tags":["Cryptography.HashAlgorithm.BrokenOrWeak"],"applies_to":["csharp"],"severity":"critical","confidence":0,"description":"A potentially weak hashing algorithm was used.","recommendation":"Use SHA-256 instead.","rule_info":"DS168931.md","patterns":[{"pattern":"MD5CryptoServiceProvider","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to SHA-256","type":"regex-replace","pattern":{"pattern":"MD5CryptoServiceProvider","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"SHA256CryptoServiceProvider"},{"name":"Change to SHA-512","type":"regex-replace","pattern":{"pattern":"MD5CryptoServiceProvider","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"SHA512CryptoServiceProvider"}]},{"id":"DS197836","name":"Do not take the hash of low-entropy content.","overrides":null,"schema_version":0,"tags":["Cryptography.HashAlgorithm.InsufficientEntropy"],"applies_to":null,"severity":"important","confidence":0,"description":"Taking a hash of a time value is suspicious, as there is insufficient entropy to protect against brute-force attacks.","recommendation":"","rule_info":"DS197836.md","patterns":[{"pattern":"(MD4|MD5|(SHA(1|224|256|384|512))).*Time","type":"regex","modifiers":["i"],"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS175862","name":"Do not use the mcrypt module, use OpenSSL instead.","overrides":null,"schema_version":0,"tags":["Cryptography.Library.Abandoned"],"applies_to":["php"],"severity":"moderate","confidence":0,"description":"The PHP mcrypt module is based on libmcrypt, which has been abanonded since 2007.","recommendation":"OpenSSL","rule_info":"DS175862.md","patterns":[{"pattern":"mcrypt","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS109501","name":"Do not use the 3DES symmetric block cipher.","overrides":["DS106864"],"schema_version":0,"tags":["Cryptography.Symmetric.PotentiallyWeakAlgorithm"],"applies_to":["csharp"],"severity":"moderate","confidence":0,"description":"The 3DES cipher was found, which is only secure if three independent keys are used.","recommendation":"Use AES instead.","rule_info":"DS109501.md","patterns":[{"pattern":"\\bTripleDESCryptoServiceProvider\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to AESCryptoServiceProvider","type":"regex-replace","pattern":{"pattern":"TripleDESCryptoServiceProvider","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"AESCryptoServiceProvider"}]},{"id":"DS106863","name":"Do not use the DES symmetric block cipher.","overrides":null,"schema_version":0,"tags":["Cryptography.Symmetric.WeakOrBrokenAlgorithm"],"applies_to":[],"severity":"critical","confidence":0,"description":"The DES cipher was found, which is widely considered to be broken.","recommendation":"Use AES instead.","rule_info":"DS106863.md","patterns":[{"pattern":"\\bDES\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to AES","type":"regex-replace","pattern":{"pattern":"DES","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"AES"}]},{"id":"DS106864","name":"Do not use the DES symmetric block cipher.","overrides":null,"schema_version":0,"tags":["Cryptography.Symmetric.WeakOrBrokenAlgorithm"],"applies_to":["csharp"],"severity":"critical","confidence":0,"description":"The DES cipher was found, which is widely considered to be broken.","recommendation":"Use AES instead.","rule_info":"DS106864.md","patterns":[{"pattern":"\\bDESCryptoServiceProvider\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to AESCryptoServiceProvider","type":"regex-replace","pattern":{"pattern":"DESCryptoServiceProvider","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"AESCryptoServiceProvider"}]},{"id":"DS106865","name":"Do not use the DES symmetric block cipher.","overrides":null,"schema_version":0,"tags":["Cryptography.Symmetric.WeakOrBrokenAlgorithm.DES"],"applies_to":["javascript"],"severity":"critical","confidence":0,"description":"The DES cipher was found, which is widely considered to be broken.","recommendation":"Use AES instead.","rule_info":"DS106865.md","patterns":[{"pattern":"['\"](?:DES(?:-(?:C(?:BC|FB[18]?)|E(?:CB|DE(?:-(?:C(?:BC|FB)|OFB))?)|OFB))?)['\"]","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to AES-128-CBC","type":"regex-replace","pattern":{"pattern":"(?:DES(?:-(?:C(?:BC|FB[18]?)|E(?:CB|DE(?:-(?:C(?:BC|FB)|OFB))?)|OFB))?)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"AES-128-CBC"}]},{"id":"DS106866","name":"Do not use the DES symmetric block cipher.","overrides":null,"schema_version":0,"tags":["Cryptography.Symmetric.WeakOrBrokenAlgorithm.DES"],"applies_to":["java"],"severity":"critical","confidence":0,"description":"The DES cipher was found, which is widely considered to be broken.","recommendation":"Use AES instead.","rule_info":"DS106866.md","patterns":[{"pattern":"DESEngine|DESedeEngine","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to AESEngine","type":"regex-replace","pattern":{"pattern":"DESEngine|DESedeEngine","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"AESEngine"}]},{"id":"DS156431","name":"Do not use the RC2 symmetric block cipher.","overrides":null,"schema_version":0,"tags":["Cryptography.Symmetric.WeakOrBrokenAlgorithm.RC2"],"applies_to":["csharp"],"severity":"critical","confidence":0,"description":"The RC2 cipher was found, which is considered to be broken.","recommendation":"Use AES instead.","rule_info":"DS156431.md","patterns":[{"pattern":"\\bRC2CryptoServiceProvider\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to AESCryptoServiceProvider","type":"regex-replace","pattern":{"pattern":"RC2CryptoServiceProvider","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"AESCryptoServiceProvider"}]},{"id":"DS187371","name":"A weak cipher mode of operation was used","overrides":null,"schema_version":0,"tags":["Cryptography.Symmetric.CipherMode.Weak"],"applies_to":null,"severity":"important","confidence":0,"description":"A potentially weak cipher mode of operation was used.","recommendation":"Consider using CBC, CTR, or GCM.","rule_info":"DS187371.md","patterns":[{"pattern":"\\b(ECB|OFB|CFB|CTS|PCBC|GMAC|XCBC|IACBC|IAPM|EAX|OCB|CWC|AEAD|LRW|XEX|XTS|CMC|EME|CBCMAC|OMAC|PMAC)\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS182720","name":"A weak cipher mode of operation was used","overrides":null,"schema_version":0,"tags":["Cryptography.Symmetric.CipherMode.Weak"],"applies_to":["php"],"severity":"important","confidence":0,"description":"A potentially weak cipher mode of operation was used.","recommendation":"Consider using CBC, CTR, or GCM.","rule_info":"DS182720.md","patterns":[{"pattern":"\\bMCRYPT_MODE_(ECB|CFB|OFB|NOFB|STREAM)\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change cipher mode to CBC","type":"regex-replace","pattern":{"pattern":"MCRYPT_MODE_(ECB|CFB|OFB|NOFB|STREAM)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"MCRYPT_MODE_CBC"}]},{"id":"DS109733","name":"Source implementation of a weak/broken cryptography hash function","overrides":null,"schema_version":0,"tags":["Cryptography.HashAlgorithm.WeakOrBrokenImplementation"],"applies_to":null,"severity":"critical","confidence":0,"description":"An implementation of a weak/broken hash function was found in source code.","recommendation":"Do not use MD5, and always prefer OS- or library-provided cryptography implementations.","rule_info":"DS109733.md","patterns":[{"pattern":"242070db|02441453|db702024|53144402|3572445317","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"98BADCFE|FEDCBC98|C3D2E1F0|F0E1D2C3","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS148264","name":"Do not use weak/non-cryptographic random number generators","overrides":null,"schema_version":0,"tags":["Cryptography.PRNG.Weak"],"applies_to":null,"severity":"important","confidence":0,"description":"Use cryptographic random numbers generators for anything even close to a security function.","recommendation":"Replacements depend on language.","rule_info":"DS148264.md","patterns":[{"pattern":"\\bDUAL_EC_DRBG\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bpseudoRandomBytes\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\brand\\(","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"random_shuffle\\(","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bshuffle\\(","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bRAND_MAX\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\brand\\(\\s*\\)\\s*%","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bmwc1616\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b(32969|18273)\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSystem\\.Random\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\bRandom\\(\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\barc4random\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS149435","name":"Do not seed randomness based on system time or a static value.","overrides":null,"schema_version":0,"tags":["Cryptography.WeakRandomness"],"applies_to":null,"severity":"critical","confidence":0,"description":"Passing a predicable value to srand() is very insecure and should be avoided.","recommendation":"","rule_info":"DS149435.md","patterns":[{"pattern":"\\bsrand\\(\\s*time\\(","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bsrand\\(\\s*\\d+\\s*\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440000","name":"Generic: Do not hardcode SSL/TLS versions within an application.","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hardcoded"],"applies_to":[],"severity":"important","confidence":0,"description":"SSL/TLS version usage should be based on an OS or external configuration.","recommendation":"","rule_info":"DS440000.md","patterns":[{"pattern":"(SSL|D?TLS)(v|[123_\\.])+","type":"regex","modifiers":["i"],"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440010","name":"OpenSSL: Do not hardcode SSL/TLS versions within an application.","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hardcoded"],"applies_to":[],"severity":"important","confidence":0,"description":"SSL/TLS version usage should be based on an OS or external configuration.","recommendation":"","rule_info":"DS440000.md","patterns":[{"pattern":"SSLv2?3_method|D?TLSv1_([123]_)?(client_|server_)?method","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"DTLSv1_listen|SSL_stateless","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_(CTX_)?set_(min|max)_proto_version","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_EXT_TLS_ONLY|SSL_EXT_DTLS_ONLY|SSL_EXT_TLS_IMPLEMENTATION_ONLY|SSL_EXT_SSL3_ALLOWED|SSL_EXT_TLS1_2_AND_BELOW_ONLY|SSL_EXT|TLS1_3_ONLY|SSL_EXT_TLS1_2_SERVER_HELLO|SSL_EXT_TLS1_3_SERVER_HELLO","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_OP_(NO_(SSLv3|TLSv1|TLSv1_1|TLSv1_2|TLSv1_3|DTLSv1|DTLSv1_2))","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_OP_[A-Z0-9_]+","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"(AES|DH|DHE|ADH|CAMELLIA|EDH|EXP|DES|IDEA|RC4|NULL|GOST|EXP|ECDH|ECDHE|AECDH|PSK)[A-Z0-9\\-]+-?(SHA|MD|GOST)[A-Z0-9\\-]*","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440020","name":".NET - Do not hardcode SSL/TLS versions within an application.","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hardcoded"],"applies_to":["csharp","powershell","vb"],"severity":"important","confidence":0,"description":".NET- Do not hardcode SSL/TLS versions within an application.","recommendation":"","rule_info":"DS440000.md","patterns":[{"pattern":"SecurityProtocolType|SecurityProtocolTypeExtensions|SslProtocols|SslProtocolsExtensions|DontEnableSchUseStrongCrypto|DisableUsingServicePointManagerSecurityProtocols|DontEnableSystemDefaultTlsVersions","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440060","name":"Node- Do not hardcode TLS protocol versions.","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hardcoded"],"applies_to":["javascript","typescript"],"severity":"critical","confidence":0,"description":"Node- Do not hardcode TLS protocol versions.","recommendation":"","rule_info":"DS440000.md","patterns":[],"conditions":[],"fix_its":[]},{"id":"DS440070","name":"Python- Do not hardcode TLS protocol versions.","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hardcoded"],"applies_to":["python"],"severity":"important","confidence":0,"description":"Python- Do not hardcode TLS protocol versions.","recommendation":"","rule_info":"DS440000.md","patterns":[{"pattern":"PROTOCOL_(SSL|TLS)v[123_]+(_CLIENT|SERVER)?","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bssl_version\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS440070","name":"Win32- Do not hardcode TLS protocol versions.","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hardcoded"],"applies_to":["c","cpp","csharp"],"severity":"important","confidence":0,"description":"Win32- Do not hardcode TLS protocol versions.","recommendation":"","rule_info":"DS440000.md","patterns":[{"pattern":"SP_PROT_[A-Z0-9_]+_(SERVER|CLIENT)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS188250","name":"Missing initialization vector","overrides":["DS175862"],"schema_version":0,"tags":["Cryptography.Symmetric.InitializationVector.Missing"],"applies_to":["php"],"severity":"important","confidence":0,"description":"The mcrypt_encrypt function was used without an initialization vector.","recommendation":"Add an initialization vector or consider a different cipher mode","rule_info":"DS188250.md","patterns":[{"pattern":"mcrypt_encrypt\\s*\\([^,]+,[^,]+,[^,]+,[^,]+\\);","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Add initialization vector","type":"regex-replace","pattern":{"pattern":"(mcrypt_encrypt\\s*\\([^,]+,[^,]+,[^,]+,[^,]+)(\\);)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$1, <$iv>$2"}]},{"id":"DS128921","name":"Hardcoded initialization vector size","overrides":["DS175862"],"schema_version":0,"tags":["Cryptography.Symmetric.InitializationVector.HardcodedSize"],"applies_to":["php"],"severity":"moderate","confidence":0,"description":"An initialization vector was created to a static size, rather than determining it based on the encryption algorithm used.","recommendation":"Use mcrypt_get_iv_size to get the correct IV size based on the cipher and mode.","rule_info":"DS128921.md","patterns":[{"pattern":"mcrypt_create_iv\\s*\\(\\s*\\d.*","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS114352","name":"Encryption Marked 'Optional'","overrides":null,"schema_version":0,"tags":["Cryptography.Optional"],"applies_to":null,"severity":"important","confidence":0,"description":"Optional encryption or integrity checking can be dangerous.","recommendation":"As a best practice, always enable strong encryption and integrity checking.","rule_info":"DS114352.md","patterns":[{"pattern":"Integrity.*optional","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"Encryption.*optional","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS181865","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["objective-c"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS181865.md","patterns":[{"pattern":"setValidatesSecureCertificate:\\s*NO","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"setAllowsAnyHTTPSCertificate:\\s*YES","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"allowsAnyHTTPSCertificate\\s*=\\s*YES","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"validatesSecureCertificate\\s*=\\s*NO","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bcontinueWithoutCredentialForAuthenticationChallenge\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"kCFStreamSSL(Level|AllowsExpiredCertificates|AllowsExpiredRoots|AllowsAnyRoot|ValidatesCertificateChain|PeerName)","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkCFStreamPropertySSLSettings\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS176603","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["ruby"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"\\bOpenSSL::SSL::VERIFY_NONE\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS130822","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["python"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS130822.md","patterns":[{"pattern":"\\.check_hostname\\s*=\\s*False","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"disable_ssl_certificate_validation\\s*=\\s*True","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS159369","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["cpp"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"\\bSECURITY_FLAG_IGNORE_CERT_CN_INVALID\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_IGNORE_CERT_DATE_INVALID\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_IGNORE_REVOCATION\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_IGNORE_UNKNOWN_CA\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_IGNORE_WRONG_USAGE\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_IGNORE_CERT_WRONG_USAGE\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS101940","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":[".config"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"certificateValidationMode\\s*=\\s*\"None\"","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"checkCertificateName\\s*=\\s*\"false\"","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"checkCertificateRevocationList\\s*=\\s*\"false\"","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"encryptionPolicy\\s*=\\s*\"(AllowNoEncryption|NoEncryption)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS125134","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["javascript"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"NODE_TLS_REJECT_UNAUTHORIZED|rejectUnauthorized","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS152094","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["java"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"(TrustManager|getInsecure|HostnameVerifier|AbstractVerifier|AllowAllHostnameVerifier|BrowserCompatHostnameVerifier|StrictHostnameVerifier|onReceivedSslError|insecuresocketfactory|customhostnameverifier)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS126185","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["powershell"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"::ServerCertificateValidationCallback\\s*=\\s*{\\s*\\$true\\s*}","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS126186","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["python"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"verify\\s*=\\s*False","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[{"pattern":{"pattern":"requests\\.","type":"regex","modifiers":null,"scopes":["code","code"]},"search_in":"finding-region(-3, 0)","negate_finding":false}],"fix_its":null},{"id":"DS126187","name":"Disabled certificate validation","overrides":null,"schema_version":0,"tags":["Cryptography.Certificate.Validation"],"applies_to":["csharp"],"severity":"critical","confidence":0,"description":"Extend default certificate validation, but do not disable or override default rules.","recommendation":"Always use a valid certificate, even during testing.","rule_info":"DS114352.md","patterns":[{"pattern":"\\.ServerCertificateValidationCallback\\s*=\\s*delegate\\s*{\\s*return true;\\s*};","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\.ServerCertificateValidationCallback\\s*=\\s*\\(?[^\\)]+\\)\\s*=>\\s*{\\s*return true;\\s*};","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\.ServerCertificateValidationCallback\\s*=\\s*\\(+[^\\)]+\\)\\s*=>\\s*true","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"RemoteCertificateValidationCallback\\(delegate\\s*{\\s*return true;\\s*}\\);","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\.CertificatePolicy\\s*=\\s*delegate\\s*{\\s*return true;\\s*};","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bX509CertificateValidationMode\\.None\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS144436","name":"Do not use outdated SSL/TLS protocols","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS"],"applies_to":["csharp"],"severity":"important","confidence":0,"description":"It's usually better to rely on the operating system configuration, rather than hardcoding a specific SecurityProtocolType.","recommendation":"Either leave off or set to SecurityProtocolType.Tls12;","rule_info":"DS144436.md","patterns":[{"pattern":"\\bSecurityProtocolType\\.(Ssl3|Tls|Tls11)\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to SecurityProtocolType.Tls12","type":"regex-replace","pattern":{"pattern":"\\bSecurityProtocolType\\.(Ssl3|Tls|Tls11)\\b","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"SecurityProtocolType.Tls12"}]},{"id":"DS127101","name":"Hardcoding TLS protocol version","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS"],"applies_to":["cpp"],"severity":"moderate","confidence":0,"description":"It's usually better to rely on the operating system configuration, rather than hardcoding a specific list of protocols.","recommendation":"","rule_info":"DS127101.md","patterns":[{"pattern":"\\bSecPkgCred_SupportedProtocols\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS169125","name":"Do not use outdated SSL/TLS protocols","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS"],"applies_to":null,"severity":"important","confidence":0,"description":"An outdated SSL/TLS protocol version is specified.","recommendation":"Use TLS 1.2","rule_info":"DS169125.md","patterns":[{"pattern":"\\b(SSLv?2|SSLv?3|TLSv?1|TLSv?10)\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS169126","name":"An Outdated or Banned SSL/TLS Protocol is Used","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.Banned"],"applies_to":null,"severity":"important","confidence":0,"description":"An Outdated or Banned SSL/TLS Protocol is Used","recommendation":"Use TLS 1.2","rule_info":"DS169126.md","patterns":[{"pattern":"(SSL|TLS)v(2|23|3|1)_(client|server)","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSSLv2\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSSLv3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bTLSv1\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bTLSv10\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS169127","name":"An Outdated or Banned SSL/TLS Protocol is Used","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.Banned"],"applies_to":["cpp","objective-c"],"severity":"important","confidence":0,"description":"An Outdated or Banned SSL/TLS Protocol is Used","recommendation":"Use TLS 1.2","rule_info":"DS169126.md","patterns":[{"pattern":"\\bSECURITY_FLAG_40BIT\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_56BIT\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_NORMALBITNESS\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_PCT\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_PCT4\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_SSL\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_SSL3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_STRENGTH_MEDIUM\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_STRENGTH_WEAK\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_UNKNOWNBIT\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bWINHTTP_FLAG_SECURE_PROTOCOL_SSL2\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bWINHTTP_FLAG_SECURE_PROTOCOL_SSL3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bWINHTTP_FLAG_SECURE_PROTOCOL_TLS1\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bWINHTTP_FLAG_SECURE_PROTOCOL_ALL\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_STRENGTH_MEDIUM\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSECURITY_FLAG_STRENGTH_WEAK\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SP_PROT_(PCT1|SSL2|SSL3|TLS1|TLS1_0)_(CLIENT|SERVER)","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bNSStreamSocketSecurityLevelNone\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bNSStreamSocketSecurityLevelSSLv2\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bNSStreamSocketSecurityLevelSSLv3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bNSStreamSocketSecurityLevelTLSv1\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkCFStreamSocketSecurityLevelNone\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkCFStreamSocketSecurityLevelSSLv2\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkCFStreamSocketSecurityLevelSSLv3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkCFStreamSocketSecurityLevelTLSv1\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkSSLProtocolUnknown\\ \\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkSSLProtocol3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkTLSProtocol1\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkDTLSProtocol1\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkSSLProtocol2\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkSSLProtocol3Only\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkTLSProtocol1Only\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bkSSLProtocolAll\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS169128","name":"An Outdated or Banned SSL/TLS Protocol is Used","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.Banned"],"applies_to":["python"],"severity":"important","confidence":0,"description":"An Outdated or Banned SSL/TLS Protocol is Used","recommendation":"Use TLS 1.2","rule_info":"DS169126.md","patterns":[{"pattern":"\\bPROTOCOL_SSLv2\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bPROTOCOL_SSLv23\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bPROTOCOL_SSLv3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bPROTOCOL_TLSv1\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS176209","name":"Suspicious comment","overrides":null,"schema_version":0,"tags":["Hygiene.Comment.Suspicious"],"applies_to":null,"severity":"manual-review","confidence":0,"description":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality","recommendation":"","rule_info":"DS176209.md","patterns":[{"pattern":"\\b(TODO|FIXME|REMOVEME|HACK|BLACK MAGIC)\\b","type":"regex","modifiers":null,"scopes":["code","code","comment","comment"]}],"conditions":[],"fix_its":null},{"id":"DS162092","name":"Do not leave debug code in production","overrides":null,"schema_version":0,"tags":["Hygiene.Network.AccessingLocalhost"],"applies_to":null,"severity":"manual-review","confidence":0,"description":"Accessing localhost could indicate debug code, or could hinder scaling.","recommendation":"","rule_info":"DS162092.md","patterns":[{"pattern":"\\blocalhost\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b127\\.0\\.0\\.1\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS132779","name":"Do not enable external entity resolution.","overrides":null,"schema_version":0,"tags":["Implementation.iOS.XML.DTDEntityResolution"],"applies_to":["objective-c"],"severity":"moderate","confidence":0,"description":"Do not enable external entity resolution.","recommendation":"Set shouldResolveExternalEntities to NO.","rule_info":"DS132779.md","patterns":[{"pattern":"\\bshouldResolveExternalEntities\\s*=\\s*YES\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Disable external entity resolution","type":"regex-replace","pattern":{"pattern":"(shouldResolveExternalEntities\\s*=\\s*)(YES)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$1NO"}]},{"id":"DS132780","name":"Do not enable external entity resolution.","overrides":null,"schema_version":0,"tags":["Implementation.iOS.XML.DTDEntityResolution"],"applies_to":["swift"],"severity":"moderate","confidence":0,"description":"Do not enable external entity resolution.","recommendation":"x.setShouldResolveExternalEntities = FALSE;","rule_info":"DS132780.md","patterns":[{"pattern":"\\bshouldResolveExternalEntities\\s*=\\s*TRUE\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Disable external entity resolution","type":"regex-replace","pattern":{"pattern":"(shouldResolveExternalEntities\\s*=\\s*)(TRUE)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$1FALSE"}]},{"id":"DS132790","name":"Do not enable external entity resolution.","overrides":null,"schema_version":0,"tags":["Implementation.iOS.XML.DTDEntityResolution"],"applies_to":["objective-c"],"severity":"moderate","confidence":0,"description":"Do not enable external entity resolution.","recommendation":"[x setShouldResolveExternalEntities: NO];","rule_info":"DS132790.md","patterns":[{"pattern":"\\bsetShouldResolveExternalEntities:\\s*YES\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Disable external entity resolution","type":"regex-replace","pattern":{"pattern":"(setShouldResolveExternalEntities:\\s*)(YES)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$1NO"}]},{"id":"DS112266","name":"ProtectedData used without additional entropy","overrides":null,"schema_version":0,"tags":["Storage.Windows.DPAPI"],"applies_to":["csharp"],"severity":"moderate","confidence":0,"description":"The ProtectedData class should be used with additional entropy to reduce the risk of other application calling DPAPI to access the data.","recommendation":"Add additional entropy (per-application secret).","rule_info":"DS112266.md","patterns":[{"pattern":"ProtectedData\\.Protect.*,\\s*null.*","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Add entropy placeholder","type":"regex-replace","pattern":{"pattern":"(ProtectedData\\.Protect[^,]+,\\s*)null(.*)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$1$2"}]},{"id":"DS191340","name":"Do not store sensitive data in NSUserDefaults.","overrides":null,"schema_version":0,"tags":["Storage.Apple.iOS.UserDefaults.SensitiveData"],"applies_to":["objective-c"],"severity":"moderate","confidence":0,"description":"Do not store sensitive data in NSUserDefaults.","recommendation":"Consider another mechanism instead.","rule_info":"DS191340.md","patterns":[{"pattern":"NSUserDefaults \\*(.*) = \\[NSUserDefaults standardUserDefaults\\];(\\n.*){1,5}$1 .*setString:(password|key)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS112835","name":".NET - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["csharp","powershell","vb"],"severity":"manual-review","confidence":0,"description":".NET - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS112835.md","patterns":[{"pattern":"\\bSecurityProtocolType\\.Ssl3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SecurityProtocolType\\)48\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSecurityProtocolType\\.SystemDefault\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SecurityProtocolType\\)0\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SecurityProtocolType\\)192\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SecurityProtocolType\\)768\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SecurityProtocolType\\.Tls[123]?","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SecurityProtocolType\\)3072\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSecurityProtocolType\\.Tls13\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SecurityProtocolType\\)12288\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSecurityProtocolTypeExtensions\\.Tls11\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSecurityProtocolTypeExtensions\\.Tls12\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSecurityProtocolTypeExtensions\\.SystemDefault\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS112853","name":"Java - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["java"],"severity":"manual-review","confidence":0,"description":"Java - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"setSslSecurityProtocol|SSLSecurityProtocol|Alg\\.Alias\\.SSLContext\\.TLS|jdk\\.tls\\.client\\.protocols|https\\.protocols","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSLContext\\.getInstance\\(\\\"([^\\\"]+)\\\"","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\.ssl\\.context\\.protocol=\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS112854","name":"OkHttp - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["java"],"severity":"manual-review","confidence":0,"description":"OkHttp - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"TlsVersion\\.(SSL_3_0|TLS_1_[0123])","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440080","name":"MacOS - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"MacOS - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\bkSSLProtocol([\\d]+|MaxSupported)(Only)?","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSLSetProtocolVersion(Min|Max|Enabled)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS112844","name":"Node - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["javascript","typescript"],"severity":"manual-review","confidence":0,"description":"Node - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\bsecureProtocol\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"tls-min-v[\\d\\.]+","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440000","name":"Generic: Hard-coded SSL/TLS Protocol","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"Generic: Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\b(SSL|D?TLS) ?v?[0123][0123_\\.]+","type":"regex","modifiers":["i"],"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440010","name":"OpenSSL: Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"OpenSSL: Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"SSLv2?3_method|D?TLSv1_([123]_)?(client_|server_)?method","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"DTLSv1_listen|SSL_stateless","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_(CTX_)?set_(min|max)_proto_version","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_EXT_TLS_ONLY|SSL_EXT_DTLS_ONLY|SSL_EXT_TLS_IMPLEMENTATION_ONLY|SSL_EXT_SSL3_ALLOWED|SSL_EXT_TLS1_2_AND_BELOW_ONLY|SSL_EXT|TLS1_3_ONLY|SSL_EXT_TLS1_2_SERVER_HELLO|SSL_EXT_TLS1_3_SERVER_HELLO","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_OP_(NO_(SSLv2|SSLv3|TLSv1|TLSv1_1|TLSv1_2|TLSv1_3|DTLSv1|DTLSv1_2))","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"(TLS_)?(AES|DH|DHE|ADH|CAMELLIA|EDH|EXP|DES|IDEA|RC4|NULL|GOST|EXP|ECDH|ECDHE|AECDH|PSK)[A-Z0-9\\-_]+-?(SHA|MD|GOST)[A-Z0-9\\-]*","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440011","name":"BoringSSL: Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"BoringSSL: Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\b(SSL|D?TLS) ?v?[0123_\\.]*_VERSION(_MAJOR)?","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440012","name":"GnuTLS: Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"GnuTLS: Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"GNUTLS_(SSL|D?TLS)[01239_\\.]+","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440013","name":"LibreSSL: Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"LibreSSL: Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"(SSL|D?TLS)[01239_\\.]+_VERSION(_MAJOR|_MINOR)?","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440014","name":"mbedTLS: Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"mbedTLS: Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"MBEDTLS_SSL_PROTO_(SSL|D?TLS)[123_]+","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"MBEDTLS_SSL_(MAJOR|MINOR)_VERSION_[0123]","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440015","name":"Generic: Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"Generic: Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\b--secure-protocol=\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"--(sslv2|sslv3|tlsv1|tlsv11|tlsv1\\.1|tlsv1\\.2)","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"CURL_SSLVERSION_(MAX_)?(SSL|TLS)v[0123_]+","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"ssl_protocols\\s+[^;]+;","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bssl_version\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"DISABLE_SSL_([^\\b]+)","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSLProtocol\\s.+","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"sslEnabledProtocols\\s*=","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440100","name":"Generic: Hard-coded Elliptic Curve","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Elliptic-Curve.Hard-Coded"],"applies_to":[],"severity":"manual-review","confidence":0,"description":"Generic: Hard-coded Elliptic Curve","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440100.md","patterns":[{"pattern":"arbitrary_explicit_char2_curves|arbitrary_explicit_prime_curves|brainpoolP160r1|brainpoolP160t1|brainpoolP192r1|brainpoolP192t1|brainpoolP224r1|brainpoolP224t1|brainpoolP256r1|brainpoolp256r1|brainpoolP256t1|brainpoolP320r1|brainpoolP320t1|brainpoolP384r1|brainpoolp384r1|brainpoolP384t1|brainpoolP512r1|brainpoolp512r1|brainpoolP512t1|curve25519|ec192wapi|nistP192|nistP224|nistP256|nistP384|nistP521|numsP256t1|numsP384t1|numsP512t1|secP160k1|secp160k1|secP160r1|secp160r1|secP160r2|secp160r2|secP192k1|secp192k1|secP192r1|secp192r1|secP224k1|secp224k1|secP224r1|secp224r1|secP256k1|secp256k1|secP256r1|secp256r1|secP384r1|secp384r1|secP521r1|secp521r1|sect163k1|sect163r1|sect163r2|sect193r1|sect193r2|sect233k1|sect233r1|sect239k1|sect283k1|sect283r1|sect409k1|sect409r1|sect571k1|sect571r1|wtls12|wtls7|wtls9|X25519|X448|x962P192v1|x962P192v2|x962P192v3|x962P239v1|x962P239v2|x962P239v3|x962P256v1","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS112836","name":".NET - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["csharp","powershell","vb"],"severity":"manual-review","confidence":0,"description":".NET - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\bSslProtocolsExtensions\\.Tls11\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocolsExtensions\\.Tls12\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.Default\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)240\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.None\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)0\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.Ssl2\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)12\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.Ssl3\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)48\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.Tls\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)192\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.Tls11\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)768\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.Tls12\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)3072\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslProtocols\\.Tls13\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b\\(SslProtocols\\)12288\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440070","name":"Rust - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["rust"],"severity":"manual-review","confidence":0,"description":"Rust - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"ProtocolVersion::(SSLv2|SSLv3|TLSv1_[0123])","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS440071","name":"Win32 - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["c","cpp","csharp"],"severity":"manual-review","confidence":0,"description":"Win32 - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"SP_PROT_[A-Z0-9_]+_(SERVER|CLIENT)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS440072","name":"Win32 - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["c","cpp"],"severity":"manual-review","confidence":0,"description":"Win32 - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"ssl::context context|ssl::context set_options|ssl::context set_options|ssl::context native_handle","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS440073","name":"Win32 - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["c","cpp"],"severity":"manual-review","confidence":0,"description":"Win32 - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"NULL-MD5|NULL-SHA|EXP-RC4-MD5|RC4-MD5|RC4-SHA|EXP-RC2-CBC-MD5|IDEA-CBC-SHA|EXP-DES-CBC-SHA|DES-CBC-SHA|DES-CBC3-SHA|DH-DSS-DES-CBC-SHA|DH-DSS-DES-CBC3-SHA|DH-RSA-DES-CBC-SHA|DH-RSA-DES-CBC3-SHA|EXP-EDH-DSS-DES-CBC-SHA|EDH-DSS-CBC-SHA|EDH-DSS-DES-CBC3-SHA|EXP-EDH-RSA-DES-CBC-SHA|EDH-RSA-DES-CBC-SHA|EDH-RSA-DES-CBC3-SHA|EXP-ADH-RC4-MD5|ADH-RC4-MD5|EXP-ADH-DES-CBC-SHA|ADH-DES-CBC-SHA|ADH-DES-CBC3-SHA","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"AES128-SHA|AES256-SHA|DH-DSS-AES128-SHA|DH-DSS-AES256-SHA|DH-RSA-AES128-SHA|DH-RSA-AES256-SHA|DHE-DSS-AES128-SHA|DHE-DSS-AES256-SHA|DHE-RSA-AES128-SHA|DHE-RSA-AES256-SHA|ADH-AES128-SHA|ADH-AES256-SHA","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"CAMELLIA128-SHA|CAMELLIA256-SHA|DH-DSS-CAMELLIA128-SHA|DH-DSS-CAMELLIA256-SHA|DH-RSA-CAMELLIA128-SHA|DH-RSA-CAMELLIA256-SHA|DHE-DSS-CAMELLIA128-SHA|DHE-DSS-CAMELLIA256-SHA|DHE-RSA-CAMELLIA128-SHA|DHE-RSA-CAMELLIA256-SHA|ADH-CAMELLIA128-SHA|ADH-CAMELLIA256-SHA","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"CAMELLIA128-SHA|CAMELLIA256-SHA|DH-DSS-CAMELLIA128-SHA|DH-DSS-CAMELLIA256-SHA|DH-RSA-CAMELLIA128-SHA|DH-RSA-CAMELLIA256-SHA|DHE-DSS-CAMELLIA128-SHA|DHE-DSS-CAMELLIA256-SHA|DHE-RSA-CAMELLIA128-SHA|DHE-RSA-CAMELLIA256-SHA|ADH-CAMELLIA128-SHA|ADH-CAMELLIA256-SHA","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SEED-SHA|DH-DSS-SEED-SHA|DH-RSA-SEED-SHA|DHE-DSS-SEED-SHA|DHE-RSA-SEED-SHA|ADH-SEED-SHA","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"GOST94-GOST89-GOST89|GOST2001-GOST89-GOST89|GOST94-NULL-GOST94|GOST2001-NULL-GOST94","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"EXP1024-DES-CBC-SHA|EXP1024-RC4-SHA|EXP1024-DHE-DSS-DES-CBC-SHA|EXP1024-DHE-DSS-RC4-SHA|DHE-DSS-RC4-SHA","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"EXP1024-DES-CBC-SHA|EXP1024-RC4-SHA|EXP1024-DHE-DSS-DES-CBC-SHA|EXP1024-DHE-DSS-RC4-SHA|DHE-DSS-RC4-SHA","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"NULL-SHA256NULL-SHA256|AES128-SHA256|AES256-SHA256|AES128-GCM-SHA256|AES256-GCM-SHA384|DH-RSA-AES128-SHA256|DH-RSA-AES256-SHA256|DH-RSA-AES128-GCM-SHA256|DH-RSA-AES256-GCM-SHA384|DH-DSS-AES128-SHA256|DH-DSS-AES256-SHA256|DH-DSS-AES128-GCM-SHA256|DH-DSS-AES256-GCM-SHA384|DHE-RSA-AES128-SHA256|DHE-RSA-AES256-SHA256|DHE-RSA-AES128-GCM-SHA256|DHE-RSA-AES256-GCM-SHA384|DHE-DSS-AES128-SHA256|DHE-DSS-AES256-SHA256|DHE-DSS-AES128-GCM-SHA256|DHE-DSS-AES256-GCM-SHA384|ECDH-RSA-AES128-SHA256|ECDH-RSA-AES256-SHA384|ECDH-RSA-AES128-GCM-SHA256|ECDH-RSA-AES256-GCM-SHA384|ECDH-ECDSA-AES128-SHA256|ECDH-ECDSA-AES256-SHA384|ECDH-ECDSA-AES128-GCM-SHA256|ECDH-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-SHA256|ECDHE-RSA-AES256-SHA384|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-AES256-GCM-SHA384|ECDHE-ECDSA-AES128-SHA256|ECDHE-ECDSA-AES256-SHA384|ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-AES256-GCM-SHA384|ADH-AES128-SHA256|ADH-AES256-SHA256|ADH-AES128-GCM-SHA256|ADH-AES256-GCM-SHA384","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS440074","name":"Win32 - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["c","cpp"],"severity":"manual-review","confidence":0,"description":"Win32 - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"CONF_modules_load_file|SSL_CTX_config|SSL_config|SSL_CONF_cmd|SSL_CONF_cmd_value_type","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_set_security_callback|SSL_set_security_level|SSL_CTX_set_security_level","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_(CTX_)?set_(min|max)_proto_version","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"DTLS_client_method|DTLS_server_method|TLS_client_method|TLS_server_method|TLS_method","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSLv3_method|SSLv3_server_method|SSLv3_client_method|SSLv23_method|SSLv23_server_method|SSLv23_client_method|TLSv1_method|TLSv1_server_method|TLSv1_client_method|TLSv1_1_method|TLSv1_1_server_method|TLSv1_1_client_method|TLSv1_2_method|TLSv1_2_server_method|TLSv1_2_client_method|DTLSv1_method|DTLSv1_server_method|DTLSv1_client_method|DTLSv1_2_method|DTLSv1_2_server_method|DTLSv1_2_client_method","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"SSL_set_ssl_method|SSL_CTX_set_ssl_version|SSL_CTX_new|SSL_CTX_add_client_custom_ext|SSL_CTX_add_server_custom_ext","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"DTLSv1_listen|SSL_stateless|SSL_CTX_add_custom_ext","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS112838","name":".NET - Hard-coded SSL/TLS Protocol","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[".config"],"severity":"manual-review","confidence":0,"description":".NET - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS112838.md","patterns":[{"pattern":"\\bSwitch\\.System\\.Net\\.DontEnableSchUseStrongCrypto\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSwitch\\.System\\.ServiceModel\\.DisableUsingServicePointManagerSecurityProtocol\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSwitch\\.System\\.Net\\.DontEnableSystemDefaultTlsVersions\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSwitch\\.System\\.ServiceModel\\.DontEnableSystemDefaultTlsVersions\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS112839","name":".NET - Hard-coded SSL/TLS Protocol","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["csharp","powershell","vb"],"severity":"manual-review","confidence":0,"description":".NET - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\bSslStream\\.AuthenticateAsClient\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslStream\\.AuthenticateAsClientAsync\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bBeginAuthenticateAsClient\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslStream\\.AuthenticateAsServer\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSslStream\\.AuthenticateAsServerAsync\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bBeginAuthenticateAsServer\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS112851","name":"COBOL - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":[".cbl",".cob",".cpy"],"severity":"manual-review","confidence":0,"description":"COBOL - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"GSK_PROTOCOL_(SSL|TLS)V[123_]+","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS112852","name":"Go - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["go"],"severity":"manual-review","confidence":0,"description":"Go - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"tls13|VersionSSL30|VersionTLS1[0123]","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"tls\\.Curve(P256|P384|P521)","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bX25519\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS440071","name":"Python - Hard-coded SSL/TLS Protocol","overrides":["DS440000"],"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["python"],"severity":"manual-review","confidence":0,"description":"Python - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"PROTOCOL_(SSL|TLS)v?[0123_\\.]*(_CLIENT|SERVER)?","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[]},{"id":"DS112837","name":".NET - Hard-coded SSL/TLS Protocol","overrides":null,"schema_version":0,"tags":["Cryptography.Protocol.TLS.Hard-Coded"],"applies_to":["csharp","powershell","vb"],"severity":"manual-review","confidence":0,"description":".NET - Hard-coded SSL/TLS Protocol","recommendation":"Review to ensure that a TLS protocol agility is maintained.","rule_info":"DS440000.md","patterns":[{"pattern":"\\bTestSwitch\\.LocalAppContext\\.DisableCaching\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSwitch\\.System\\.Net\\.DontEnableSchUseStrongCrypto\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS137038","name":"Notice: Outbound HTTP Connection","overrides":null,"schema_version":0,"tags":["ThreatModel.Integration.HTTP"],"applies_to":["ruby"],"severity":"manual-review","confidence":0,"description":"Inbound HTTP","recommendation":"","rule_info":"DS137038.md","patterns":[{"pattern":"\\bNet::HTTP\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS137138","name":"Insecure URL","overrides":null,"schema_version":0,"tags":["ThreatModel.Integration.HTTP"],"applies_to":null,"severity":"moderate","confidence":0,"description":"An HTTP-based URL without TLS was detected.","recommendation":"Update to an HTTPS-based URL if possible.","rule_info":"DS137138.md","patterns":[{"pattern":"http:/","type":"regex","modifiers":["i"],"scopes":["code","code"]}],"conditions":[{"pattern":{"pattern":"xmlns","type":"regex","modifiers":null,"scopes":["code","code"]},"search_in":null,"negate_finding":true}],"fix_its":[{"name":"Change to HTTPS ","type":"regex-replace","pattern":{"pattern":"http://","type":"regex","modifiers":["i"],"scopes":["code","code"]},"replacement":"https://"}]},{"id":"DS425000","name":"Do not deserialize untrusted data.","overrides":null,"schema_version":0,"tags":["Deserialization"],"applies_to":["python"],"severity":"manual-review","confidence":0,"description":"Deserializing attacker-supplied data using `pickle` or `cPickle` can result in code execution.","recommendation":"Either add integrity protection or use a data format like JSON.","rule_info":"DS425000.md","patterns":[{"pattern":"\\bpickle\\.load\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS425010","name":"Do not deserialize untrusted data.","overrides":null,"schema_version":0,"tags":["Deserialization"],"applies_to":["java"],"severity":"manual-review","confidence":0,"description":"Deserializing attacker-supplied data using `readObject` can result in code execution.","recommendation":"Either add integrity protection or use a data format like JSON.","rule_info":"DS425000.md","patterns":[{"pattern":"\\.readObject\\(","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS425020","name":"Do not deserialize untrusted data.","overrides":null,"schema_version":0,"tags":["Deserialization"],"applies_to":["php"],"severity":"manual-review","confidence":0,"description":"Deserializing attacker-supplied data using `unserialize` can result in code execution.","recommendation":"Either add integrity protection or use a data format like JSON.","rule_info":"DS425000.md","patterns":[{"pattern":"unserialize\\(","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS425030","name":"Do not deserialize untrusted data.","overrides":null,"schema_version":0,"tags":["Deserialization"],"applies_to":["ruby"],"severity":"manual-review","confidence":0,"description":"Deserializing attacker-supplied data using YAML, Syck, or Marshall can result in code execution.","recommendation":"Either add integrity protection or use a data format like JSON.","rule_info":"DS425000.md","patterns":[{"pattern":"(YAML|Syck|Marshal)\\.load","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"(YAML|Syck|Marshal)::load","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS425040","name":"Do not deserialize untrusted data.","overrides":null,"schema_version":0,"tags":["Deserialization"],"applies_to":["csharp"],"severity":"manual-review","confidence":0,"description":"Deserializing attacker-supplied data using Newtonsoft.JSON with TypeNameHandling can result in code execution.","recommendation":"Use TypeNameHandling.None","rule_info":"DS425000.md","patterns":[{"pattern":"TypeNameHandling\\.(Objects|Arrays|Auto|All)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to TypeNameHandling.None","type":"regex-replace","pattern":{"pattern":"TypeNameHandling\\.(Objects|Arrays|Auto|All)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"TypeNameHandling.None"}]},{"id":"DS224000","name":"Dangerous T-SQL Command","overrides":null,"schema_version":0,"tags":["API.T-SQL.Dangerous"],"applies_to":["sql"],"severity":"important","confidence":0,"description":"These stored procedures provide access to system resources and should only be used with trusted data.","recommendation":"Ideally, do not use these functions as they are quite unsafe. If necessary, audit to ensure no untrusted data can reach this stored procedure","rule_info":"DS224000.md","patterns":[{"pattern":"\\b(xp_cmdshell|xp_regread|xp_instance_regread|xp_regwrite|sp_makewebtask|xp_sendmail|sp_configure|sp_executesql|dbcc writepage)\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS179924","name":"Do not copy a FILE object (CERT FIO38-C)","overrides":null,"schema_version":0,"tags":["CERT.FIO38-C","C.DangerousFunctionCall"],"applies_to":["cpp","c"],"severity":"important","confidence":0,"description":"The CERT Secure Coding Standard recommends that FILE objects not be copied.","recommendation":"Copy a pointer to the FILE object instead.","rule_info":"DS179924.md","patterns":[{"pattern":"FILE [a-z0-9_][^=]*=\\s*\\*","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS181731","name":"Don't pass user input to this function","overrides":null,"schema_version":0,"tags":["PHP.Injection"],"applies_to":["php"],"severity":"critical","confidence":0,"description":"Don't pass user input to this function.","recommendation":"Validate this data before passing it to the function.","rule_info":"DS181731.md","patterns":[{"pattern":"(include|require|include_once|require_once|passthru)\\s*\\(.*\\$_(GET|POST|REQUEST|COOKIES|FILES)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS161085","name":"Problematic C function detected (malloc)","overrides":null,"schema_version":0,"tags":["API.DangerousAPI.ProblematicFunction"],"applies_to":["c","cpp","objective-c"],"severity":"best-practice","confidence":0,"description":"If the value provided to malloc is the result of unsafe integer math, it can result in an exploitable condition. ","recommendation":"calloc handles the most common integer math in memory allocation (# of elements * their size) with error handling to prevent overflows in most implementations, and zeros out memory","rule_info":"DS161085.md","patterns":[{"pattern":"\\bmalloc\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to calloc ","type":"regex-replace","pattern":{"pattern":"\\bmalloc\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"calloc(, )"}]},{"id":"DS121708","name":"Problematic C function detected (memcpy)","overrides":null,"schema_version":0,"tags":["API.DangerousAPI.ProblematicFunction"],"applies_to":["c","cpp","objective-c"],"severity":"best-practice","confidence":0,"description":"There are a number of conditions in which memcpy can introduce a vulnerability (mismatched buffer sizes, null pointers, etc.). More secure alternitives perform additional validation of the source and destination buffer","recommendation":"Use memcpy_s if possible.","rule_info":"DS121708.md","patterns":[{"pattern":"\\bmemcpy\\s*\\(([^,]+),([^,]+),([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to memcpy_s (Recommended for VC++)","type":"regex-replace","pattern":{"pattern":"\\bmemcpy\\s*\\(([^,]+),([^,]+),([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"memcpy_s($1, , $2, $3)"}]},{"id":"DS140021","name":"Problematic C function detected (strlen)","overrides":["DS154189"],"schema_version":0,"tags":["API.DangerousAPI.ProblematicFunction"],"applies_to":["c","cpp","objective-c"],"severity":"best-practice","confidence":0,"description":"If a string is missing a null terminator, strlen will read past the end of the buffer","recommendation":"In instances where you know the maximum size of a string's buffer, use strlen_s or strnlen to prevent over-reading","rule_info":"DS140021.md","patterns":[{"pattern":"\\bstrlen\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to strlen_s (Recommended for VC++)","type":"regex-replace","pattern":{"pattern":"\\bstrlen\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strlen_s($1, )"},{"name":"Change to strnlen","type":"regex-replace","pattern":{"pattern":"\\bstrlen\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strnlen($1, )"}]},{"id":"DS154189","name":"Banned C function detected","overrides":null,"schema_version":0,"tags":["API.DangerousAPI.BannedFunction"],"applies_to":["c","cpp","objective-c"],"severity":"moderate","confidence":0,"description":"These functions are historically error-prone and have been associated with a significant number of vulnerabilities. Most of these functions have safer alternatives, such as replacing 'strcpy' with 'strlcpy' or 'strcpy_s'.","recommendation":"","rule_info":"DS154189.md","patterns":[{"pattern":"\\b(sprintf|_getts|_getws|_snprintf|_sntprintf|_snwprintf|_stprintf|_tcsat|_tcscpy|_tcslen|_tcsncpy|_vsnprintf|_vsntprintf|_vsnwprintf|_vstprintf|alloca|asctime|atof|atoi|atoll|bsearch|ctime|fopen|fprintf|freopen|fscanf|fwprintf|fwscanf|getenv|getwd|gmtime|localtime|lstrcat|lstrcpy|mbsrtowcs|mbstowcs|memmove|mktemp|printf|qsort|rewind|scanf|setbuf|sscanf|strcatbuff|strerror|strtok|swprintf|swscanf|tmpnam|vfprintf|vfscanf|vfwscanf|vprintf|vscanf|vsnprintf|vsprintf|vsscanf|vswprintf|vswscanf|vwprintf|vwscanf|wcrtomb|wcrtombs|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcsrtombs|wcstok|wctomb|wmemcpy|wmemmove|wnsprintf|wprintf|wscanf|wsprintf|wvnsprintf|wvsprintf)\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS185832","name":"Banned C function detected (strcpy)","overrides":["DS154189"],"schema_version":0,"tags":["API.DangerousAPI.BannedFunction"],"applies_to":["c","cpp","objective-c"],"severity":"important","confidence":0,"description":"strcpy is frequently dangerous, as it will cause a buffer overflow if the source is larger than the destination.","recommendation":"Use strcpy_s or strlcpy if possible. If no safe function is viable, strcpy/strncpy should be proceeded by conditional checks to verify tha that the source string will fit in the destination with a null termnator.","rule_info":"DS185832.md","patterns":[{"pattern":"\\bstrcpy\\s*\\(([^,]+),([^,]+?)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to strcpy_s (Recommended for VC++)","type":"regex-replace","pattern":{"pattern":"\\bstrcpy\\s*\\(([^,]+),([^,]+?)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strcpy_s($1, , $2)"},{"name":"Change to strlcpy","type":"regex-replace","pattern":{"pattern":"\\bstrcpy\\s*\\(([^,]+),([^,]+?)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strlcpy($1, $2, )"}]},{"id":"DS111237","name":"Banned C function detected (strncpy)","overrides":["DS154189"],"schema_version":0,"tags":["API.DangerousAPI.BannedFunction"],"applies_to":["c","cpp","objective-c"],"severity":"important","confidence":0,"description":"strncpy is dangerous, as if the source contains 'n' or more characters, it will not null terminate the destination.","recommendation":"Use strcpy_s or strlcpy if possible. If no safe function is viable, strcpy/strncpy should be proceeded by conditional checks to verify tha that the source string will fit in the destination with a null termnator.","rule_info":"DS111237.md","patterns":[{"pattern":"\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to strcpy_s (Recommended for VC++)","type":"regex-replace","pattern":{"pattern":"\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strcpy_s($1, $3, $2)"},{"name":"Change to strlcpy","type":"regex-replace","pattern":{"pattern":"\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strlcpy($1, $2, $3)"}]},{"id":"DS141863","name":"Banned C function detected (strcat)","overrides":["DS154189"],"schema_version":0,"tags":["API.DangerousAPI.BannedFunction"],"applies_to":["c","cpp","objective-c"],"severity":"important","confidence":0,"description":"If the combination of strings is larger than the destination buffer, strcat will cbuffer overflow the destination buffer","recommendation":"Use strcat_s or strlcat if possible. strncat's size parameter excludes the null terminator, which leads to frequent mistakes","rule_info":"DS141863.md","patterns":[{"pattern":"\\bstrcat\\s*\\(([^,]+),([^,]+?)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to strcat_s (Recommended for VC++)","type":"regex-replace","pattern":{"pattern":"\\bstrcat\\s*\\(([^,]+),([^,]+?)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strcat_s($1, , $2)"},{"name":"Change to strlcat","type":"regex-replace","pattern":{"pattern":"\\bstrcat\\s*\\(([^,]+),([^,]+?)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strlcat($1, $2, )"}]},{"id":"DS108330","name":"Banned C function detected (strncat)","overrides":["DS154189"],"schema_version":0,"tags":["API.DangerousAPI.BannedFunction"],"applies_to":["c","cpp","objective-c"],"severity":"important","confidence":0,"description":"strncat adds the null terminator at character 'n + 1', rather than at the nth character. this frequently leads to the null terminator being added in the memory adjacent to the destination buffer, rather than in the destination buffer.","recommendation":"Use strcat_s or strlcat if possible. ","rule_info":"DS108330.md","patterns":[{"pattern":"\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to strcat_s (Recommended for VC++)","type":"regex-replace","pattern":{"pattern":"\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strcat_s($1, $3, $2)"},{"name":"Change to strlcat","type":"regex-replace","pattern":{"pattern":"\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"strlcat($1, $2, $3)"}]},{"id":"DS181021","name":"Banned C function detected (gets)","overrides":["DS154189"],"schema_version":0,"tags":["API.DangerousAPI.BannedFunction"],"applies_to":["c","cpp","objective-c"],"severity":"important","confidence":0,"description":"gets will read in as many bytes as are provided, regardless of the size of buffer recieving the bytes. This allows for conditions that cause a buffer overlow in the destination buffer.","recommendation":"Use gets_s or fgets if possible. fgets has different behavior from gets (may include newline for example), so care should be taken if it is used.","rule_info":"DS181021.md","patterns":[{"pattern":"\\bgets\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to gets_s (Recommended for VC++)","type":"regex-replace","pattern":{"pattern":"\\bgets\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"gets_s($1, )"},{"name":"Change to fgets","type":"regex-replace","pattern":{"pattern":"\\bgets\\s*\\(([^,\\)]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"fgets($1, , stdin)"}]},{"id":"DS189424","name":"Review eval for untrusted data","overrides":null,"schema_version":0,"tags":["Python.DangerousFunctionCall","JavaScript.DangerousFunctionCall","TypeScript.DangerousFunctionCall","PHP.DangerousFunctionCall"],"applies_to":["python","javascript","typescript","php"],"severity":"manual-review","confidence":0,"description":"If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an eval statement it can allow enable an attacker to inject their own code.","recommendation":"Edit the eval so that no untrusted data is included. If untrusted data is absolutely necessary a great deal of care should be taken to ensure it is properly escaped so that it cannot be executed. This is not as simple as just escaping quotes.","rule_info":"DS189424.md","patterns":[{"pattern":"\\beval\\(([^,]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS172411","name":"Review setTimeout for untrusted data","overrides":null,"schema_version":0,"tags":["JavaScript.DangerousFunctionCall","TypeScript.DangerousFunctionCall"],"applies_to":["javascript","typescript"],"severity":"manual-review","confidence":0,"description":"If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow enable an attacker to inject their own code.","recommendation":"Edit the setTimeout so that no untrusted data is included. If untrusted data is absolutely necessary a great deal of care should be taken to ensure it is properly escaped so that it cannot be executed. This is not as simple as just escaping quotes.","rule_info":"DS172411.md","patterns":[{"pattern":"\\bsetTimeout\\(([^,]+)\\)","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS172412","name":"Review unsafe code","overrides":null,"schema_version":0,"tags":["Dotnet.Unsafecode"],"applies_to":["csharp","vb"],"severity":"manual-review","confidence":0,"description":"The unsafe keyword denotes an unsafe context, which is required for any operation involving pointers. Unsafe code in is not necessarily dangerous; it is just code whose safety cannot be verified by the CLR.","recommendation":"","rule_info":"DS172412.md","patterns":[{"pattern":"\\bunsafe\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS113854","name":"Do not extract untrusted zip archives","overrides":null,"schema_version":0,"tags":["CSharp.DangerousFunctionCall"],"applies_to":["csharp"],"severity":"manual-review","confidence":0,"description":"Zip archive can contain file names with directory stepping sequence","recommendation":"Make sure that ZipArchiveEntry.FullName doesn't directory stepping characters ..\\","rule_info":"DS113854.md","patterns":[{"pattern":"ExtractToFile","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[{"pattern":{"pattern":"ZipArchiveEntry","type":"regex","modifiers":null,"scopes":["code","code"]},"search_in":"finding-region(-15,0)","negate_finding":false}],"fix_its":null},{"id":"DS113286","name":"Do not include user-input directly in format strings","overrides":null,"schema_version":0,"tags":["ControlFlow.Injection.FormatString","cert:FIO30-C"],"applies_to":["objective-c"],"severity":"important","confidence":0,"description":"Do not create NSString objects using a user-provided format string, as this could lead to a security vulnerability. https://www.securecoding.cert.org/confluence/display/c/FIO30-C.+Exclude+user+input+from+format+strings","recommendation":"","rule_info":"DS113286.md","patterns":[{"pattern":"\\[NSString stringWithFormat:\\s*([^@\\\"\\]]+\\])","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Use a predefined format string","type":"regex-replace","pattern":{"pattern":"\\[NSString stringWithFormat:\\s*([^@\\\"\\]]+\\])","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"[NSString stringWithFormat:@\"%@\", $1"}]},{"id":"DS165746","name":"Do not execute user-provided JavaScript","overrides":null,"schema_version":0,"tags":["Design.Mobile.iOS.WebView.DynamicJavaScript"],"applies_to":["objective-c"],"severity":"important","confidence":0,"description":"This line of code shows the dynamic evaluation of JavaScript, sourced from a string. It's important that this string not contain unsanitized user-supplied data, as it could be a vector for a cross-site scripting (XSS) attack.","recommendation":"","rule_info":"DS165746.md","patterns":[{"pattern":"\\bstringByEvaluatingJavaScriptFromString\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS113853","name":"Do not set a custom execution policy.","overrides":null,"schema_version":0,"tags":["ControlFlow.Permission.Evalation"],"applies_to":["powershell"],"severity":"moderate","confidence":0,"description":"The Set-ExecutionPolicy cmdlet has been used to dynamically change the permissions available to PowerShell.","recommendation":"Avoid elevating privileges if possible.","rule_info":"DS113853.md","patterns":[{"pattern":"\\bSet-ExecutionPolicy\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS104456","name":"Use of restricted functions.","overrides":null,"schema_version":0,"tags":["Implementation.Scripting.PowerShell.DangeousFunction"],"applies_to":["powershell"],"severity":"important","confidence":0,"description":"Use of restricted functions.","recommendation":"","rule_info":"DS104456.md","patterns":[{"pattern":"\\bGetDelegateForFunctionPointer\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bSystem\\.Runtime\\.InteropServices\\.Marshal\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bWriteByte\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bMicrosoft\\.Win32\\.UnsafeNativeMethods\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bPtrToStructure\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bStructureToPtr\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b(NtCreateThreadEx|CreateRemoteThread)\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bInvoke-Command\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bInvoke-Expression\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\bVirtualProtect\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\biex\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b&\"\\b","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"\\b&\\ \\$\\b","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS450000","name":"Do not target .NET Framework versions less than 4.7.2.","overrides":null,"schema_version":0,"tags":["Framework.NET.Outdated"],"applies_to":[".csproj"],"severity":"manual-review","confidence":0,"description":"Do not target .NET Framework versions less than 4.7.2.","recommendation":"","rule_info":"DS450000.md","patterns":[{"pattern":".*\\b(net11|net20|net35|net40|net403|net45|net451|net452|net46|net461|net462|net47|net471)\\b.*","type":"regex","modifiers":["i"],"scopes":["code","code"]}],"conditions":[],"fix_its":null},{"id":"DS144886","name":"$_REQUEST should be avoided","overrides":null,"schema_version":0,"tags":["Implementation.PHP"],"applies_to":["php"],"severity":"moderate","confidence":0,"description":"$_REQUEST combines POST, GET, and cookie values in one array, making it easy for an attacker to modify a POST or cookie value by instead putting it in a GET and sending the URL to the victim","recommendation":"Use $_POST, $_GET, $_COOKIE to scope to the expected delivery method for a value ","rule_info":"DS144886.md","patterns":[{"pattern":"\\$_REQUEST","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to $_GET","type":"regex-replace","pattern":{"pattern":"\\$_REQUEST","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$_GET"},{"name":"Change to $_POST","type":"regex-replace","pattern":{"pattern":"\\$_REQUEST","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$_POST"},{"name":"Change to $_COOKIE","type":"regex-replace","pattern":{"pattern":"\\$_REQUEST","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$_COOKIE"}]},{"id":"DS163877","name":"XSS: Do not echo unencoded GET/POST/COOKIE values","overrides":null,"schema_version":0,"tags":["Implementation.PHP"],"applies_to":["php"],"severity":"moderate","confidence":0,"description":"When using $_GET/POST/COOKIE values via echo, failure to encode the values will lead to Cross Site Scription (XSS), where a malicious party can inject script into the webpage.","recommendation":"HTML Entity Encode (for content going into HTML) or URL Encode (for content going into JavaScript variables) the data","rule_info":"DS163877.md","patterns":[{"pattern":"\\becho.*(\\$_(POST|GET|REQUEST|COOKIE)\\[.*\\])","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[{"pattern":{"pattern":"\\b(htmlentities|htmlspecialchars|rawurlencode|urlencode)\\s*\\(.*(\\$_(POST|GET|REQUEST|COOKIE)\\[.*\\]).*\\)","type":"regex","modifiers":null,"scopes":["code","code"]},"search_in":"finding-only","negate_finding":true}],"fix_its":[{"name":"HTML Entity encode the data","type":"regex-replace","pattern":{"pattern":"(\\$_(POST|GET|REQUEST|COOKIE)\\[.*\\])","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"htmlentities($1)"},{"name":"URL encode the data","type":"regex-replace","pattern":{"pattern":"(\\$_(POST|GET|REQUEST|COOKIE)\\[.*\\])","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"rawurlencode($1)"}]},{"id":"DS184626","name":"All Controllers Should Derive From Controller.","overrides":null,"schema_version":0,"tags":["Implementation.Web.ASPNET.ControllerWithoutExtendingController"],"applies_to":["csharp"],"severity":"moderate","confidence":0,"description":"All Controllers Should Derive From Controller.","recommendation":"Ensure this class derives from Controller.","rule_info":"DS184626.md","patterns":[{"pattern":"class [^\\s]+Controller\\s*:\\s*(?!.*?(Controller)).*","type":"regex","modifiers":null,"scopes":["code","code"]},{"pattern":"class [^\\s]+Controller[\\s{]*$","type":"regex","modifiers":null,"scopes":["code","code"]}],"conditions":[],"fix_its":[{"name":"Change to inherit from Controller","type":"regex-replace","pattern":{"pattern":"(class [^\\s]+Controller)(([\\s{]*$)|(\\s*:\\s*(?!.*?(Controller)).*))","type":"regex","modifiers":null,"scopes":["code","code"]},"replacement":"$1 : Controller"}]},{"id":"DS300001","name":"Vulnerable NuGet Library","overrides":null,"schema_version":0,"tags":["Vulerable-Dependency.Library.NuGet"],"applies_to":["packages.config"],"severity":"moderate","confidence":0,"description":"Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege","recommendation":"Upgrade this package to a later, unaffected version.","rule_info":"4021279","patterns":[{"pattern":"