• Stars
    star
    174
  • Rank 219,104 (Top 5 %)
  • Language
    Java
  • License
    MIT License
  • Created over 2 years ago
  • Updated 28 days ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

elttam's semgrep-rules

powered by semgrep r2c community slack

Welcome to elttam's public semgrep rules repository.

semgrep rules

We regularly develop rules during our code-assisted security audits and software security research. We will be frequently adding new rules and improving what's here for the semgrep community. We hope product security engineers and code auditors who use semgrep find these useful!

If you find any bugs, please raise a GitHub issue.

Getting started

This guide assumes you are familiar with Semgrep and have it already installed.

This repo has split the rules into two broard categories:

  1. rules/ -- Rules useful for developers or AppSec teams, these are generally vulnerabilities.
  2. rules-audit/ -- Rules useful for source code auditing, identifying intersting behaviour, and enumerating entrypoints, to augment manual source code review.

Test out this repo with the following command:

git clone https://github.com/elttam/semgrep-rules.git

To test out the rules, run:

semgrep --config semgrep-rules/rules semgrep-rules/rules/

To test out the audit focused rules, run:

semgrep --config semgrep-rules/rules-audit semgrep-rules/rules-audit/

Rules

These rules are focused on identifying vulnerabiltiies or other weaknesses.

Rule Path Language Technology Description
generic/jsp-likely-xss Generic JSP Detect XSS with unsafe rendering in template
go/lang/security/audit/executable-symlink Go Potential symlink takeover with os.Executable
go/lang/security/audit/sprintf-plain-string Go Sprintf unescaped control characters
go/lang/security/audit/uintptr-nonatomic Go Non-atomic use of converted uintptr
java/lang/security/audit/crypto/gcm-static-iv Java Find GCM using same values for key and IV
java/lang/security/audit/crypto/randomstringutils Java Apache Commons Find RandomStringUtils using default java.util.Random, which is not suiatble for security
java/spring/security/audit/remoting/ Java Spring Find use of Spring Remoting
php/php-filter-chain-read-from-oracle PHP Detect possible PHP filter chain error based oracle
yaml/github-actions/security/save-state YAML Github-Actions Find use of unsafe and deprecated ::save-state
yaml/github-actions/security/set-output YAML Github-Actions Find use of unsafe and deprecated ::set-output
yaml/kubernetes/audit/network-policy-ingress-any YAML Kubernetes Find container specs with NetworkPolicy with Ingress Permit ANY
yaml/kubernetes/audit/privileged-container YAML Kubernetes Find container specs with security context privileged
yaml/kubernetes/security/allow-privileged-escalation YAML Kubernetes Find container specs, including init containers, allowing privilege escalation (allowPrivilegeEscalation)
yaml/kubernetes/security/no-security-context YAML Kubernetes Find containers specs, with no security context, considers pod or container security context.
yaml/kubernetes/security/run-as-non-root YAML Kubernetes Find container specs, allowing running as root (missing runAsNonRoot), considers pod and container security context PR
yaml/kubernetes/security/run-as-non-root-unsafe-value YAML Kubernetes Find container specs, explicitly allowing running as root (runAsNonRoot: false), considers pod and container secuirity context PR

Audit Focused Rules

These rules are useful for aiding manual source code review by identifying interesting behaviour or enumerating entrypoints.

Rule Path Language Technology Description
c/lang/security/audit/exec C Find execution of processes
csharp/dotnet/security/audit/entrypoints/apsnet-controller C# ASP.NET Find ASP.NET REST entrypoints
java/jackson/polymorphic-typing Java Jackson Find polymorphic typing to aid in finding vulnerable Jackson deserialisation issues.
java/jackson/type-resolver-override Java Jackson Find polymorphic typing using TypeResolveBuilder
java/jax-rs/security/audit/entrypoints/ Java JAX-RS Find JAX-RS REST entrypoints
java/lang/security/audit/processbuilder Java Find execution of processes with ProcessBuilder
java/spring/security/audit/entrypoints/ Java Spring Find Spring REST entrypoints
java/struts2/security/audit/devmode/ Java Struts2 Find the use of devMode
java/struts2/security/audit/dmi/ Java Struts2 Find the use of Dynamic Method Invocation
java/struts2/security/audit/entrypoints/ Java Struts2 Find Struts2 REST entrypoints
java/xstream/security/audit/fromxml Java XStream Find use of XStream.fromXML(...)
kotlin/spark/security/audit/entrypoints/ Kotlin Spark Find Spark REST entrypoints
python/flask/security/audit/entrypoints/ Python Flask Find Flask REST entrypoints