diff --git a/DevSkim-DotNet/Microsoft.DevSkim.Tests/rules/valid/devskim-rules.json b/DevSkim-DotNet/Microsoft.DevSkim.Tests/rules/valid/devskim-rules.json index c7fa4937..42f8e6b2 100644 --- a/DevSkim-DotNet/Microsoft.DevSkim.Tests/rules/valid/devskim-rules.json +++ b/DevSkim-DotNet/Microsoft.DevSkim.Tests/rules/valid/devskim-rules.json @@ -18,7 +18,7 @@ "rule_info": "DS154189.md", "patterns": [ { - "pattern": "\\b(sprintf|_getts|_getws|_snprintf|_sntprintf|_snwprintf|_stprintf|_tcsat|_tcscpy|_tcslen|_tcsncpy|_vsnprintf|_vsntprintf|_vsnwprintf|_vstprintf|alloca|asctime|atof|atoi|atoll|bsearch|ctime|fopen|fprintf|freopen|fscanf|fwprintf|fwscanf|getenv|getwd|gmtime|localtime|lstrcat|lstrcpy|mbsrtowcs|mbstowcs|memmove|mktemp|printf|qsort|rewind|scanf|setbuf|sscanf|strcatbuff|strerror|strtok|swprintf|swscanf|tmpnam|vfprintf|vfscanf|vfwscanf|vprintf|vscanf|vsnprintf|vsprintf|vsscanf|vswprintf|vswscanf|vwprintf|vwscanf|wcrtomb|wcrtombs|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcsrtombs|wcstok|wctomb|wmemcpy|wmemmove|wnsprintf|wprintf|wscanf|wsprintf|wvnsprintf|wvsprintf)\\b", + "pattern": " (sprintf|_getts|_getws|_snprintf|_sntprintf|_snwprintf|_stprintf|_tcsat|_tcscpy|_tcslen|_tcsncpy|_vsnprintf|_vsntprintf|_vsnwprintf|_vstprintf|alloca|asctime|atof|atoi|atoll|bsearch|ctime|fopen|fprintf|freopen|fscanf|fwprintf|fwscanf|getenv|getwd|gmtime|localtime|lstrcat|lstrcpy|mbsrtowcs|mbstowcs|memmove|mktemp|printf|qsort|rewind|scanf|setbuf|sscanf|strcatbuff|strerror|strtok|swprintf|swscanf|tmpnam|vfprintf|vfscanf|vfwscanf|vprintf|vscanf|vsnprintf|vsprintf|vsscanf|vswprintf|vswscanf|vwprintf|vwscanf|wcrtomb|wcrtombs|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcsrtombs|wcstok|wctomb|wmemcpy|wmemmove|wnsprintf|wprintf|wscanf|wsprintf|wvnsprintf|wvsprintf) *\\(", "type": "regex", "modifiers": null, "scopes": [ diff --git a/rules/default/security/TLS/tls_generic.json b/rules/default/security/TLS/tls_generic.json index f21763ab..8508af73 100644 --- a/rules/default/security/TLS/tls_generic.json +++ b/rules/default/security/TLS/tls_generic.json @@ -82,7 +82,7 @@ "_comment": "OpenSSL extension / options" }, { - "pattern": "(TLS_)?(AES|DH|DHE|ADH|CAMELLIA|EDH|EXP|DES|IDEA|RC4|NULL|GOST|EXP|ECDH|ECDHE|AECDH|PSK)[A-Z0-9\\-_]+-?(SHA|MD|GOST)[A-Z0-9\\-]*", + "pattern": "((ADH-)?(AES[0-9]*|DES|RC4|SEED)-(CBC3|GCM|SHA[0-9]*|MD5))(-SHA[0-9]*)?|(AECDH-(AES[0-9]*|DES|NULL|RC4)-(SHA|CBC3))(-SHA)?|((ECDHE-(ECDSA|RSA)-)|(DHE?-(DSS|RSA)-))?(NULL|RC4|CAMELLIA[0-9]*|DES|SEED|AES[0-9]*)-(CBC3|CCM8?|GCM|SHA[0-9]*)(-SHA[0-9]*)?|DES-CBC3-SHA|(GOST(2001|94)-(GOST89|NULL))-GOST(89|94)|IDEA-CBC-SHA|NULL-(MD5|SHA(0-9)*)|TLS_(AES|CHACHA20)_([0-9]*|POLY1305)(_(CCM(_8)?|GCM))?_SHA[0-9]*", "type": "regex", "scopes": [ "code" diff --git a/rules/default/security/api/dangerous_api.json b/rules/default/security/api/dangerous_api.json index 4fba1443..2235aece 100644 --- a/rules/default/security/api/dangerous_api.json +++ b/rules/default/security/api/dangerous_api.json @@ -17,7 +17,7 @@ "rule_info": "DS154189.md", "patterns": [ { - "pattern": "(sprintf|_getts|_getws|_snprintf|_sntprintf|_snwprintf|_stprintf|_tcsat|_tcscpy|_tcslen|_tcsncpy|_vsnprintf|_vsntprintf|_vsnwprintf|_vstprintf|alloca|asctime|atof|atoi|atoll|bsearch|ctime|fopen|fprintf|freopen|fscanf|fwprintf|fwscanf|getenv|getwd|gmtime|localtime|lstrcat|lstrcpy|mbsrtowcs|mbstowcs|memmove|mktemp|printf|qsort|rewind|scanf|setbuf|sscanf|strcatbuff|strerror|strtok|swprintf|swscanf|tmpnam|vfprintf|vfscanf|vfwscanf|vprintf|vscanf|vsnprintf|vsprintf|vsscanf|vswprintf|vswscanf|vwprintf|vwscanf|wcrtomb|wcrtombs|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcsrtombs|wcstok|wctomb|wmemcpy|wmemmove|wnsprintf|wprintf|wscanf|wsprintf|wvnsprintf|wvsprintf)", + "pattern": " (sprintf|_getts|_getws|_snprintf|_sntprintf|_snwprintf|_stprintf|_tcsat|_tcscpy|_tcslen|_tcsncpy|_vsnprintf|_vsntprintf|_vsnwprintf|_vstprintf|alloca|asctime|atof|atoi|atoll|bsearch|ctime|fopen|fprintf|freopen|fscanf|fwprintf|fwscanf|getenv|getwd|gmtime|localtime|lstrcat|lstrcpy|mbsrtowcs|mbstowcs|memmove|mktemp|printf|qsort|rewind|scanf|setbuf|sscanf|strcatbuff|strerror|strtok|swprintf|swscanf|tmpnam|vfprintf|vfscanf|vfwscanf|vprintf|vscanf|vsnprintf|vsprintf|vsscanf|vswprintf|vswscanf|vwprintf|vwscanf|wcrtomb|wcrtombs|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcsrtombs|wcstok|wctomb|wmemcpy|wmemmove|wnsprintf|wprintf|wscanf|wsprintf|wvnsprintf|wvsprintf) *\\(", "type": "regex-word", "scopes": [ "code"