Skip to content

Commit 4c58087

Browse files
manuel-alvarez-alvarezmanuel-alvarez-alvarez
authored
Update appsec rules file (#7424)
1 parent d81dc14 commit 4c58087

File tree

1 file changed

+220
-2
lines changed

1 file changed

+220
-2
lines changed

dd-java-agent/appsec/src/main/resources/default_config.json

Lines changed: 220 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"version": "2.2",
33
"metadata": {
4-
"rules_version": "1.12.0"
4+
"rules_version": "1.13.0"
55
},
66
"rules": [
77
{
@@ -6285,6 +6285,55 @@
62856285
"stack_trace"
62866286
]
62876287
},
6288+
{
6289+
"id": "rasp-932-100",
6290+
"name": "Shell injection exploit",
6291+
"enabled": false,
6292+
"tags": {
6293+
"type": "command_injection",
6294+
"category": "vulnerability_trigger",
6295+
"cwe": "77",
6296+
"capec": "1000/152/248/88",
6297+
"confidence": "0",
6298+
"module": "rasp"
6299+
},
6300+
"conditions": [
6301+
{
6302+
"parameters": {
6303+
"resource": [
6304+
{
6305+
"address": "server.sys.shell.cmd"
6306+
}
6307+
],
6308+
"params": [
6309+
{
6310+
"address": "server.request.query"
6311+
},
6312+
{
6313+
"address": "server.request.body"
6314+
},
6315+
{
6316+
"address": "server.request.path_params"
6317+
},
6318+
{
6319+
"address": "grpc.server.request.message"
6320+
},
6321+
{
6322+
"address": "graphql.server.all_resolvers"
6323+
},
6324+
{
6325+
"address": "graphql.server.resolver"
6326+
}
6327+
]
6328+
},
6329+
"operator": "shi_detector"
6330+
}
6331+
],
6332+
"transformers": [],
6333+
"on_match": [
6334+
"stack_trace"
6335+
]
6336+
},
62886337
{
62896338
"id": "rasp-934-100",
62906339
"name": "Server-side request forgery exploit",
@@ -8388,6 +8437,57 @@
83888437
}
83898438
],
83908439
"processors": [
8440+
{
8441+
"id": "http-endpoint-fingerprint",
8442+
"generator": "http_endpoint_fingerprint",
8443+
"conditions": [
8444+
{
8445+
"operator": "exists",
8446+
"parameters": {
8447+
"inputs": [
8448+
{
8449+
"address": "waf.context.event"
8450+
},
8451+
{
8452+
"address": "server.business_logic.users.login.failure"
8453+
},
8454+
{
8455+
"address": "server.business_logic.users.login.success"
8456+
}
8457+
]
8458+
}
8459+
}
8460+
],
8461+
"parameters": {
8462+
"mappings": [
8463+
{
8464+
"method": [
8465+
{
8466+
"address": "server.request.method"
8467+
}
8468+
],
8469+
"uri_raw": [
8470+
{
8471+
"address": "server.request.uri.raw"
8472+
}
8473+
],
8474+
"body": [
8475+
{
8476+
"address": "server.request.body"
8477+
}
8478+
],
8479+
"query": [
8480+
{
8481+
"address": "server.request.query"
8482+
}
8483+
],
8484+
"output": "_dd.appsec.fp.http.endpoint"
8485+
}
8486+
]
8487+
},
8488+
"evaluate": false,
8489+
"output": true
8490+
},
83918491
{
83928492
"id": "extract-content",
83938493
"generator": "extract_schema",
@@ -8537,6 +8637,124 @@
85378637
},
85388638
"evaluate": false,
85398639
"output": true
8640+
},
8641+
{
8642+
"id": "http-header-fingerprint",
8643+
"generator": "http_header_fingerprint",
8644+
"conditions": [
8645+
{
8646+
"operator": "exists",
8647+
"parameters": {
8648+
"inputs": [
8649+
{
8650+
"address": "waf.context.event"
8651+
},
8652+
{
8653+
"address": "server.business_logic.users.login.failure"
8654+
},
8655+
{
8656+
"address": "server.business_logic.users.login.success"
8657+
}
8658+
]
8659+
}
8660+
}
8661+
],
8662+
"parameters": {
8663+
"mappings": [
8664+
{
8665+
"headers": [
8666+
{
8667+
"address": "server.request.headers.no_cookies"
8668+
}
8669+
],
8670+
"output": "_dd.appsec.fp.http.header"
8671+
}
8672+
]
8673+
},
8674+
"evaluate": false,
8675+
"output": true
8676+
},
8677+
{
8678+
"id": "http-network-fingerprint",
8679+
"generator": "http_network_fingerprint",
8680+
"conditions": [
8681+
{
8682+
"operator": "exists",
8683+
"parameters": {
8684+
"inputs": [
8685+
{
8686+
"address": "waf.context.event"
8687+
},
8688+
{
8689+
"address": "server.business_logic.users.login.failure"
8690+
},
8691+
{
8692+
"address": "server.business_logic.users.login.success"
8693+
}
8694+
]
8695+
}
8696+
}
8697+
],
8698+
"parameters": {
8699+
"mappings": [
8700+
{
8701+
"headers": [
8702+
{
8703+
"address": "server.request.headers.no_cookies"
8704+
}
8705+
],
8706+
"output": "_dd.appsec.fp.http.network"
8707+
}
8708+
]
8709+
},
8710+
"evaluate": false,
8711+
"output": true
8712+
},
8713+
{
8714+
"id": "session-fingerprint",
8715+
"generator": "session_fingerprint",
8716+
"conditions": [
8717+
{
8718+
"operator": "exists",
8719+
"parameters": {
8720+
"inputs": [
8721+
{
8722+
"address": "waf.context.event"
8723+
},
8724+
{
8725+
"address": "server.business_logic.users.login.failure"
8726+
},
8727+
{
8728+
"address": "server.business_logic.users.login.success"
8729+
}
8730+
]
8731+
}
8732+
}
8733+
],
8734+
"parameters": {
8735+
"mappings": [
8736+
{
8737+
"cookies": [
8738+
{
8739+
"address": "server.request.cookies"
8740+
}
8741+
],
8742+
"session_id": [
8743+
{
8744+
"address": "usr.session_id"
8745+
}
8746+
],
8747+
"user_id": [
8748+
{
8749+
"address": "usr.id"
8750+
}
8751+
],
8752+
"output": "_dd.appsec.fp.session"
8753+
}
8754+
]
8755+
},
8756+
"evaluate": false,
8757+
"output": true
85408758
}
85418759
],
85428760
"scanners": [
@@ -9562,4 +9780,4 @@
95629780
}
95639781
}
95649782
]
9565-
}
9783+
}

0 commit comments

Comments
 (0)