-
-
Notifications
You must be signed in to change notification settings - Fork 81
Expand file tree
/
Copy pathbad-words.yaml
More file actions
66 lines (66 loc) · 2.8 KB
/
bad-words.yaml
File metadata and controls
66 lines (66 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
rules:
- id: raptor-bad-words
metadata:
author: Marco Ivaldi <raptor@0xdeadbeef.info>
category: security
subcategory: audit
vulnerability_class: Mishandled Sensitive Information
likelihood: LOW
impact: LOW
confidence: LOW
technology:
- c
- cpp
cwe:
- "CWE-546: Suspicious Comment"
- "CWE-615: Inclusion of Sensitive Information in Source Code Comments"
references:
- https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
message: >-
The code contains comments that suggest the presence of bugs,
incomplete functionality, or weaknesses.
Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2,
TODO, in the code indicate missing security functionality and
checking. Others indicate code problems that programmers should fix,
such as hard-coded variables, error handling, not using stored
procedures, and performance issues.
severity: INFO
languages:
- generic
pattern-either:
# interesting comments
- pattern-regex: (TODO|XXX|FIXME|BUG|HACK|LATER|CVE-)
- pattern-regex: (?i)(unsafe|insecure|dangerous|warning|overflow)
# credentials
- pattern-regex: (?i)(password|private|token|secret)
# - pattern-regex: (?i)(key|JWT|JKS|JWK|JKU)
# other "bad words" examples
# privilege management
# - pattern-regex: (?i)(privilege|permission|capabilit|role|rbac|polic|authorization|claim)
# - pattern-regex: (?i)(validate|verify)
# memory management
# - pattern-regex: (?i)(alloc|free)
# lower level abstractions
# - pattern-regex: (?i)(raw)
# code injection
# - pattern-regex: (eval|run)
# command injection
# - pattern-regex: (process|system|popen|exec|spawn)
# reflection
# - pattern-regex: (?i)(reflect|klass|constantize|forname)
# serialization
# - pattern-regex: (?i)(pickle|yaml|serialize|marshal|objectinput)
# merge or clone
# - pattern-regex: (?i)(merge|clone)
# file access
# - pattern-regex: (?i)(parse|open|request)
# crypto
# - pattern-regex: (?i)(AES|RSA|DSA|DES|CBC|ECB|HMAC|GCM|MD5|SHA)
# xml
# - pattern-regex: (?i)(xml|xerces|sax|etree|xpath|documentbuilder)
# other words of power, words of destruction (Vulns1001)
# see also https://github.com/parsiya/semgrep-hotspots/blob/main/cpp/encode-decode-function-name.yaml
# and https://github.com/parsiya/semgrep-hotspots/blob/main/cpp/encrypt-decrypt-function-name.yaml
# - pattern-regex: (?i)(encode|decode|convert|interpret|compress|fragment|reassemble)
# other words of power, words of destruction (Vulns1002)
# - pattern-regex: (?i)(mutex|lock|toctou|parallelism|semaphore|retain|release|garbage|mutual)