Skip to content

Commit 3e58e1e

Browse files
script3rscript3r
committed
feat: Add comprehensive cryptographic library patterns
- Add 20+ new library patterns across 6 languages - Enhanced C/C++: MbedTLS, wolfSSL/wolfCrypt, Botan - Enhanced Java: JCA/JCE, Google Tink, Conscrypt - Enhanced Go: std crypto, Google Tink - Enhanced Rust: ring, openssl bindings - New Swift: CryptoKit, CommonCrypto, CryptoSwift, Swift-Sodium - New Kotlin: JCA/JCE, BouncyCastle, Korlibs Krypto - Enhanced PHP: Sodium, phpseclib, Halite Patterns focus on: - High precision (low false positives) - Specific import/include statements - Distinctive API function names - Industry-standard libraries - Modern cryptographic frameworks Total patterns: 30+ libraries across 10 languages
1 parent ca2ba79 commit 3e58e1e

File tree

1 file changed

+264
-0
lines changed

1 file changed

+264
-0
lines changed

patterns.toml

Lines changed: 264 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -411,3 +411,267 @@ apis = [
411411
"\\bopenssl_verify\\(",
412412
]
413413

414+
# =========================
415+
# Enhanced C/C++ Libraries
416+
# =========================
417+
418+
[[library]]
419+
name = "MbedTLS"
420+
languages = ["C", "C++"]
421+
[library.patterns]
422+
include = [
423+
"^\\s*#\\s*include\\s*<mbedtls/[A-Za-z0-9_./-]+>",
424+
]
425+
apis = [
426+
"\\bmbedtls_[A-Za-z0-9_]+\\s*\\(",
427+
]
428+
429+
[[library]]
430+
name = "wolfSSL/wolfCrypt"
431+
languages = ["C", "C++"]
432+
[library.patterns]
433+
include = [
434+
"^\\s*#\\s*include\\s*<wolfssl/[A-Za-z0-9_./-]+>",
435+
]
436+
apis = [
437+
"\\bwc_[A-Za-z0-9_]+\\s*\\(",
438+
]
439+
440+
[[library]]
441+
name = "Botan"
442+
languages = ["C++"]
443+
[library.patterns]
444+
include = [
445+
"^\\s*#\\s*include\\s*<botan/[A-Za-z0-9_./-]+>",
446+
]
447+
apis = [
448+
"\\bBotan::[A-Za-z0-9_:]+\\s*\\(",
449+
"\\bBotan::[A-Za-z0-9_:]+\\b",
450+
]
451+
452+
# =========================
453+
# Enhanced Java Libraries
454+
# =========================
455+
456+
[[library]]
457+
name = "Java JCA/JCE"
458+
languages = ["Java"]
459+
[library.patterns]
460+
include = [
461+
"^\\s*import\\s+javax\\.crypto\\.",
462+
"^\\s*import\\s+java\\.security\\.",
463+
]
464+
apis = [
465+
"\\b(?:Cipher|MessageDigest|Signature|KeyPairGenerator)\\.getInstance\\s*\\(",
466+
"\\bKeyFactory\\.getInstance\\s*\\(",
467+
"\\bKeyAgreement\\.getInstance\\s*\\(",
468+
]
469+
470+
[[library]]
471+
name = "Google Tink (Java)"
472+
languages = ["Java"]
473+
[library.patterns]
474+
include = [
475+
"^\\s*import\\s+com\\.google\\.crypto\\.tink\\.",
476+
]
477+
apis = [
478+
"\\bTinkConfig\\.register\\s*\\(",
479+
"\\b(?:Aead|Mac|HybridDecrypt|HybridEncrypt|PublicKeySign|PublicKeyVerify)\\b",
480+
]
481+
482+
[[library]]
483+
name = "Conscrypt"
484+
languages = ["Java"]
485+
[library.patterns]
486+
include = [
487+
"^\\s*import\\s+org\\.conscrypt\\.",
488+
]
489+
apis = [
490+
"\\bConscrypt\\.newProvider\\s*\\(",
491+
"\\bOpenSSLProvider\\b",
492+
]
493+
494+
# =========================
495+
# Enhanced Go Libraries
496+
# =========================
497+
498+
[[library]]
499+
name = "Go std crypto"
500+
languages = ["Go"]
501+
[library.patterns]
502+
include = [
503+
"^\\s*import\\s*(?:\\(.*\\)|)\\s*[\\s\\S]*?\"crypto/(?:aes|des|rc4|sha\\d*|md5|rsa|ecdsa|ed25519|x509|rand|tls)\"",
504+
]
505+
apis = [
506+
"\\bcrypto\\.[A-Z][A-Za-z0-9_]*\\b",
507+
]
508+
509+
[[library]]
510+
name = "Google Tink (Go)"
511+
languages = ["Go"]
512+
[library.patterns]
513+
include = [
514+
"^\\s*import\\s*(?:\\(.*\\)|)\\s*[\\s\\S]*?\"github\\.com/google/tink/go/",
515+
]
516+
apis = [
517+
"\\btink\\/[A-Za-z0-9_/]+\\b",
518+
]
519+
520+
# =========================
521+
# Enhanced Rust Libraries
522+
# =========================
523+
524+
[[library]]
525+
name = "ring"
526+
languages = ["Rust"]
527+
[library.patterns]
528+
include = [
529+
"\\bextern\\s+crate\\s+ring\\b",
530+
"\\buse\\s+ring::",
531+
"\\bring::[A-Za-z0-9_]+::",
532+
]
533+
apis = [
534+
"\\bring::[A-Za-z0-9_:]+\\b",
535+
]
536+
537+
[[library]]
538+
name = "openssl (Rust)"
539+
languages = ["Rust"]
540+
[library.patterns]
541+
include = [
542+
"\\bextern\\s+crate\\s+openssl\\b",
543+
"\\buse\\s+openssl::",
544+
"\\bopenssl::[A-Za-z0-9_]+::",
545+
]
546+
apis = [
547+
"\\bopenssl::[A-Za-z0-9_:]+\\b",
548+
]
549+
550+
# =========================
551+
# Swift Libraries
552+
# =========================
553+
554+
[[library]]
555+
name = "CryptoKit"
556+
languages = ["Swift"]
557+
[library.patterns]
558+
include = [
559+
"^\\s*import\\s+CryptoKit\\b",
560+
]
561+
apis = [
562+
"\\b(SHA(?:256|384|512)|HMAC|ChaChaPoly|AES\\.GCM|Curve25519)\\b",
563+
]
564+
565+
[[library]]
566+
name = "CommonCrypto (Swift)"
567+
languages = ["Swift"]
568+
[library.patterns]
569+
include = [
570+
"^\\s*import\\s+CommonCrypto\\b",
571+
]
572+
apis = [
573+
"\\bCC_(?:Crypt|SHA(?:1|224|256|384|512)|MD5|KeyDerivation|Random)[A-Za-z0-9_]*\\s*\\(",
574+
]
575+
576+
[[library]]
577+
name = "CryptoSwift"
578+
languages = ["Swift"]
579+
[library.patterns]
580+
include = [
581+
"^\\s*import\\s+CryptoSwift\\b",
582+
]
583+
apis = [
584+
"\\bAES\\s*\\(",
585+
"\\bChaCha20\\s*\\(",
586+
"\\bPoly1305\\b",
587+
"\\bHMAC\\b",
588+
"\\bSHA(?:1|224|256|384|512)\\b",
589+
]
590+
591+
[[library]]
592+
name = "Swift-Sodium"
593+
languages = ["Swift"]
594+
[library.patterns]
595+
include = [
596+
"^\\s*import\\s+Sodium\\b",
597+
]
598+
apis = [
599+
"\\bSodium\\s*\\(",
600+
"\\bsodium\\.[A-Za-z0-9_]+\\b",
601+
]
602+
603+
# =========================
604+
# Kotlin Libraries
605+
# =========================
606+
607+
[[library]]
608+
name = "JCA/JCE (Kotlin)"
609+
languages = ["Kotlin"]
610+
[library.patterns]
611+
include = [
612+
"^\\s*import\\s+(?:javax\\.crypto\\.|java\\.security\\.)",
613+
]
614+
apis = [
615+
"\\b(?:Cipher|MessageDigest|Signature|KeyPairGenerator)\\.getInstance\\s*\\(",
616+
"\\bKeyFactory\\.getInstance\\s*\\(",
617+
"\\bKeyAgreement\\.getInstance\\s*\\(",
618+
]
619+
620+
[[library]]
621+
name = "BouncyCastle (Kotlin)"
622+
languages = ["Kotlin"]
623+
[library.patterns]
624+
include = [
625+
"^\\s*import\\s+org\\.bouncycastle\\.",
626+
]
627+
apis = [
628+
"\\borg\\.bouncycastle\\.[A-Za-z0-9_.]+\\b",
629+
]
630+
631+
[[library]]
632+
name = "Korlibs Krypto (Kotlin MPP)"
633+
languages = ["Kotlin"]
634+
[library.patterns]
635+
include = [
636+
"^\\s*import\\s+com\\.soywiz\\.krypto\\.",
637+
]
638+
apis = [
639+
"\\bcom\\.soywiz\\.krypto\\.[A-Za-z0-9_.]+\\b",
640+
]
641+
642+
# =========================
643+
# Enhanced PHP Libraries
644+
# =========================
645+
646+
[[library]]
647+
name = "Sodium (PHP)"
648+
languages = ["PHP"]
649+
[library.patterns]
650+
include = []
651+
apis = [
652+
"\\bsodium_[a-z0-9_]+\\s*\\(",
653+
]
654+
655+
[[library]]
656+
name = "phpseclib"
657+
languages = ["PHP"]
658+
[library.patterns]
659+
include = [
660+
"^\\s*use\\s+phpseclib\\d*\\\\Crypt\\\\",
661+
]
662+
apis = [
663+
"\\bnew\\s+\\\\?phpseclib\\d*\\\\Crypt\\\\[A-Za-z0-9_]+\\s*\\(",
664+
"\\bnew\\s+Crypt_[A-Z][A-Za-z0-9_]*\\s*\\(",
665+
]
666+
667+
[[library]]
668+
name = "Halite (ParagonIE)"
669+
languages = ["PHP"]
670+
[library.patterns]
671+
include = [
672+
"^\\s*use\\s+ParagonIE\\\\Halite\\\\",
673+
]
674+
apis = [
675+
"\\bParagonIE\\\\Halite\\\\[A-Za-z0-9_\\\\]+::[A-Za-z0-9_]+\\s*\\(",
676+
]
677+

0 commit comments

Comments
 (0)