microsoft
/
ApplicationInspector
зеркало из https://github.com/microsoft/ApplicationInspector.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Rust language added patterns (#252) 

* Rust language added patterns

* PR review updates

* Removed unnecessary case insensitivity

* A few more case changes.

* Restore rule 38600

* comma missing in json
This commit is contained in:
Guy Acosta 2020-07-28 09:16:34 -06:00 коммит произвёл GitHub
Родитель fc352ff81a
Коммит 4fbf6b1dda
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
14 изменённых файлов: 540 добавлений и 25 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

23
AppInspector/rules/default/components/load_dll.json
Просмотреть файл

@ -12,7 +12,6 @@
{
"pattern": "DllImport|Assembly\\.LoadFile|Assembly\\.LoadFrom",
"type": "regex",
"modifiers": [ "i" ],
"scopes": [
"code"
],
@ -33,7 +32,26 @@
{
"pattern": "LoadLibrary",
"type": "string",
"modifiers": [ "i" ],
"scopes": [
"code"
],
"confidence": "high"
}
]
},
{
"name": "Component: Windows DLL",
"id": "AI005510",
"description": "Component: Windows DLL",
"applies_to": [ "rust" ],
"tags": [
"Component.Executable.Microsoft.DLL"
],
"severity": "moderate",
"patterns": [
{
"pattern": "LoadLibrary|libloading|use std::unstable::dynamic_lib::DynamicLibrary",
"type": "regex",
"scopes": [
"code"
],
@ -54,7 +72,6 @@
{
"pattern": "System\\.Load|ctypes\\.WinDLL",
"type": "regex",
"modifiers": [ "i" ],
"scopes": [
"code"
],

38
AppInspector/rules/default/cryptography/ciphers.json
Просмотреть файл

@ -72,6 +72,44 @@
}
]
},
{
"name": "Cryptography: Encryption (Salsa20)",
"id": "AI007101",
"description": "Cryptography: Encryption (Salsa20)",
"tags": [
"Cryptography.Cipher.Salsa20"
],
"severity": "moderate",
"patterns": [
{
"pattern": "Salsa20",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high"
}
]
},
{
"name": "Cryptography: Encryption (ChaCha)",
"id": "AI007102",
"description": "Cryptography: Encryption (ChaCha)",
"tags": [
"Cryptography.Cipher.ChaCha"
],
"severity": "moderate",
"patterns": [
{
"pattern": "ChaCha",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high"
}
]
},
{
"name": "Encryption: Cipher Mode",
"id": "AI007200",

2
AppInspector/rules/default/cryptography/hash_algorithm.json
Просмотреть файл

@ -70,7 +70,7 @@
"severity": "moderate",
"patterns": [
{
"pattern": "RIPEMD|Blowfish|Twofish|Threefish|Serpent|HMAC|KeyedHashAlgorithm",
"pattern": "RIPEMD|Blowfish|Twofish|Threefish|Serpent|HMAC|KeyedHashAlgorithm|Blake2|Blake3",
"type": "regex",
"scopes": [
"code",

12
AppInspector/rules/default/cryptography/key_derivation.json
Просмотреть файл

@ -33,6 +33,13 @@
"scopes": [ "code" ],
"modifiers": [ "i" ],
"confidence": "high"
},
{
"pattern": "pbkdf",
"type": "regex-word",
"scopes": [ "code" ],
"modifiers": [ "i" ],
"confidence": "high"
}
]
},
@ -40,10 +47,7 @@
"name": "Cryptography: Key Derivation (PBKDF2)",
"id": "AI009500",
"description": "Cryptography: Key Derivation (PBKDF2)",
"tags": [
"Cryptography.KeyDerivation.PBKDF2",
"Cryptography.HashAlgorithm.PBKDF1"
],
"tags": [ "Cryptography.KeyDerivation.PBKDF2" ],
"severity": "moderate",
"patterns": [
{

30
AppInspector/rules/default/data_handling/deserialization.json
Просмотреть файл

@ -4,7 +4,8 @@
"id": "AI012100",
"description": "Data: Serialization",
"applies_to": [
"python"
"python",
"rust"
],
"tags": [
"Data.Serialization"
@ -12,11 +13,12 @@
"severity": "critical",
"patterns": [
{
"pattern": "(de)?serialize",
"pattern": "Serialize",
"type": "regex",
"scopes": [
"code"
],
"modifiers": [ "i" ],
"confidence": "medium"
}
]
@ -259,6 +261,30 @@
}
]
},
{
"name": "Data: Deserialization",
"id": "AI013010",
"description": "Data: Deserialization",
"applies_to": [
"python",
"rust"
],
"tags": [
"Data.Deserialization"
],
"severity": "critical",
"patterns": [
{
"pattern": "Deserialize",
"type": "regex",
"scopes": [
"code"
],
"modifiers": [ "i" ],
"confidence": "medium"
}
]
},
{
"name": "Data: Bluetooth Serialization",
"id": "AI013100",

77
AppInspector/rules/default/frameworks/rust.json Normal file
Просмотреть файл

@ -0,0 +1,77 @@
[
{
"name": "Development Framework: Rocket",
"id": "AI025610",
"description": "Development Framework: Rocket",
"applies_to": [ "rust" ],
"tags": [ "Framework.Development.Rocket" ],
"severity": "moderate",
"patterns": [
{
"pattern": "extern crate rocket|use rocket",
"type": "regex",
"scopes": [ "code" ]
}
]
},
{
"name": "Development Framework: ActixWeb",
"id": "AI025620",
"description": "Development Framework: ActixWeb",
"applies_to": [ "rust" ],
"tags": [ "Framework.Development.ActixWeb" ],
"severity": "moderate",
"patterns": [
{
"pattern": "use actix_web",
"type": "regex",
"scopes": [ "code" ]
}
]
},
{
"name": "Development Framework: Nickel",
"id": "AI025630",
"description": "Development Framework: Nickel",
"applies_to": [ "rust" ],
"tags": [ "Framework.Development.Nickel" ],
"severity": "moderate",
"patterns": [
{
"pattern": "use Nickel",
"type": "regex",
"scopes": [ "code" ]
}
]
},
{
"name": "Development Framework: Yew",
"id": "AI025640",
"description": "Development Framework: Yew",
"applies_to": [ "rust" ],
"tags": [ "Framework.Development.Yew" ],
"severity": "moderate",
"patterns": [
{
"pattern": "use yew",
"type": "regex",
"scopes": [ "code" ]
}
]
},
{
"name": "Development Framework: Azul",
"id": "AI025650",
"description": "Development Framework: Azul",
"applies_to": [ "rust" ],
"tags": [ "Framework.Development.Azul" ],
"severity": "moderate",
"patterns": [
{
"pattern": "use azul",
"type": "regex",
"scopes": [ "code" ]
}
]
}
]

23
AppInspector/rules/default/general/code_metrics.json
Просмотреть файл

@ -7,14 +7,33 @@
"Metric.Code.Class.Defined"
],
"severity": "moderate",
"applies_to": [ "csharp", "cpp", "javascript", "python", "vb", "rust", "ruby", "groovy", "php" ],
"applies_to": [ "csharp", "cpp", "javascript", "python", "vb", "ruby", "groovy", "php" ],
"patterns": [
{
"pattern": "class",
"type": "regex-word",
"scopes": [ "code" ],
"confidence": "high",
"_comment": "langs defined to exclude css class reference vs class data structure which provides complexity/size insight"
"_comment": "data structure which provides complexity/size insight"
}
]
},
{
"name": "Metric: Struct Definition",
"id": "AI025710",
"description": "Metric: Struct Defined",
"tags": [
"Metric.Code.Class.Defined"
],
"severity": "moderate",
"applies_to": [ "c", "cpp", "csharp", "objective-c", "rust" ],
"patterns": [
{
"pattern": "struct",
"type": "regex-word",
"scopes": [ "code" ],
"confidence": "high",
"_comment": ""
}
]
},

2
AppInspector/rules/default/general/dependencies.json
Просмотреть файл

@ -133,7 +133,7 @@
"tags": [
"Dependency.SourceInclude"
],
"applies_to": [ "perl" ],
"applies_to": [ "perl", "rust"],
"severity": "moderate",
"_comment": "",
"patterns": [

47
AppInspector/rules/default/networkcomms/outbound_network.json
Просмотреть файл

@ -40,7 +40,6 @@
"scopes": [
"code"
],
"modifiers": [ "i" ],
"confidence": "high",
"_comment": ""
},
@ -50,7 +49,6 @@
"scopes": [
"code"
],
"modifiers": [ "i" ],
"confidence": "high",
"_comment": ""
},
@ -136,6 +134,29 @@
}
]
},
{
"name": "Network Connection: TCP",
"description": "Network Connection",
"id": "AI031910",
"applies_to": [
"rust"
],
"tags": [
"OS.Network.Connection.Http"
],
"severity": "moderate",
"patterns": [
{
"pattern": "TcpStream::connect|HttpConnection",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high"
}
]
},
{
"name": "Network Connection: Socket",
"description": "Network Connection Socket",
@ -181,6 +202,27 @@
}
]
},
{
"name": "Network Connection: Socket",
"description": "Network Socket",
"id": "AI032110",
"tags": [
"OS.Network.Connection.Socket"
],
"severity": "moderate",
"patterns": [
{
"pattern": "connect|port",
"type": "string",
"scopes": [
"code"
],
"modifiers": [ "i" ],
"confidence": "medium",
"_comment": "general"
}
]
},
{
"name": "Network Connection: HTTP",
"description": "Network Connection",
@ -199,7 +241,6 @@
"scopes": [
"code"
],
"modifiers": [ "i" ],
"confidence": "high"
}
]

28
AppInspector/rules/default/os/dynamic_execution.json
Просмотреть файл

@ -40,7 +40,8 @@
"applies_to": [
"javascript",
"ruby",
"javascriptreact"
"javascriptreact",
"rust"
],
"tags": [
"OS.Process.DynamicExecution"
@ -103,6 +104,29 @@
}
]
},
{
"name": "OS: Dynamic Execution",
"id": "AI035010",
"description": "OS: Dynamic Execution",
"recommendation": "",
"applies_to": [
"rust"
],
"tags": [
"OS.Process.DynamicExecution"
],
"severity": "moderate",
"patterns": [
{
"pattern": "use std::process::Command;|Command::new",
"type": "regex",
"scopes": [ "code" ],
"modifiers": [ "i" ],
"confidence": "high",
"_comment": ""
}
]
},
{
"name": "OS: Dynamic Execution",
"id": "AI035100",
@ -161,7 +185,7 @@
"confidence": "high"
},
{
"pattern": "shellexecute|createprocess|execl|execlp|execlp|execv|execve|execvp|execvpe|execle|fork",
"pattern": "shellexecute|createprocess|execl|execlp|execlp|execv|execve|execvp|execvpe|execle|fork|QProcess",
"type": "regex-word",
"scopes": [
"code"

126
AppInspector/rules/default/os/file_io.json
Просмотреть файл

@ -175,6 +175,38 @@
}
]
},
{
"name": "File Operation (Read)",
"id": "AI035911",
"description": "File Operation",
"applies_to": [
"rust"
],
"tags": [
"OS.FileOperation.Read"
],
"severity": "moderate",
"patterns": [
{
"pattern": "BufRead|File::open|read_to_string|read_to_end|\\.read\\(&",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
},
{
"pattern": "FileReader|new Scanner\\(Files\\.readAllLines|Files\\.readAllBytes|FileInputStream",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
}
]
},
{
"name": "File Operation (Delete)",
"id": "AI036000",
@ -221,6 +253,29 @@
}
]
},
{
"name": "File Operation (Delete)",
"id": "AI036010",
"description": "File Operation (Delete)",
"applies_to": [
"rust"
],
"tags": [
"OS.FileOperation.Delete"
],
"severity": "moderate",
"patterns": [
{
"pattern": "remove_file",
"type": "string",
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
}
]
},
{
"name": "File Operation (Delete)",
"id": "AI036100",
@ -487,5 +542,76 @@
"_comment": ""
}
]
},
{
"name": "File Operation (Write)",
"id": "AI036621",
"description": "File Operation (Write)",
"applies_to": [
"rust"
],
"tags": [
"OS.FileOperation.Write"
],
"severity": "moderate",
"patterns": [
{
"pattern": "File::create|use std::io::Write|BufWriter::new",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
}
]
},
{
"name": "File Operation (Write)",
"id": "AI036622",
"description": "File Operation (Write)",
"applies_to": [
"rust"
],
"tags": [
"OS.FileOperation.Write"
],
"severity": "moderate",
"patterns": [
{
"pattern": "\\.write_all|\\.write_fmt",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
},
{
"pattern": ".write",
"type": "regex",
"scopes": [
"code"
],
"confidence": "medium",
"_comment": ""
}
],
"conditions": [
{
"pattern": {
"pattern": "use std::io::Write|use std::io::File|use std:fs:File",
"type": "regex-word",
"scopes": [
"code"
],
"modifiers": [ "i" ],
"_comment": ""
},
"search_in": "finding-region(-240,240)",
"negate_finding": false,
"_comment": ""
}
]
}
]

33
AppInspector/rules/default/os/process.json
Просмотреть файл

@ -18,7 +18,7 @@
"_comment": ""
},
{
"pattern": "async",
"pattern": "async|await",
"type": "regex-word",
"scopes": [
"code"
@ -84,6 +84,37 @@
}
]
},
{
"name": "OS: Multiprocessing / Multithreading",
"id": "AI036910",
"description": "OS: Multiprocessing / Multithreading",
"applies_to": [
"rust"
],
"tags": [
"OS.Process.Multiprocessing"
],
"severity": "moderate",
"patterns": [
{
"pattern": "thread::spawn",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
},
{
"pattern": "(new System\\.Diagnostics.Process\\(\\)| new Process\\(\\))",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high"
}
]
},
{
"name": "OS: Multiprocessing / Multithreading",
"id": "AI037000",

32
AppInspector/rules/default/os/setenv.json
Просмотреть файл

@ -17,14 +17,15 @@
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
}
]
},
{
"name": "OS: Environment Variable",
"name": "OS: Environment Variable (Write)",
"id": "AI037600",
"description": "OS: Environment Variable",
"description": "OS: Environment Variable (Write)",
"applies_to": [
],
"tags": [
@ -39,6 +40,7 @@
"scopes": [
"code"
],
"confidence": "medium",
"_comment": ""
}
]
@ -61,6 +63,30 @@
"scopes": [
"code"
],
"confidence": "medium",
"_comment": ""
}
]
},
{
"name": "OS: Environment Variable (Write)",
"id": "AI037710",
"description": "OS: Environment Variable (Write)",
"applies_to": [
"rust"
],
"tags": [
"OS.Environment.Write"
],
"severity": "moderate",
"patterns": [
{
"pattern": "env::set_var",
"type": "regex",
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
}
]
@ -84,6 +110,7 @@
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
}
]
@ -107,6 +134,7 @@
"scopes": [
"code"
],
"confidence": "high",
"_comment": ""
}
]

92
AppInspector/rules/default/os/system_registry.json
Просмотреть файл

@ -42,6 +42,42 @@
}
]
},
{
"name": "OS Operation: Windows Registry (Write)",
"id": "AI038110",
"description": "OS Operation: Windows Registry (Write)",
"tags": [
"OS.SystemRegistry.Write"
],
"applies_to": [
"csharp"
],
"severity": "moderate",
"patterns": [
{
"pattern": "CreateSubKey|SetValue",
"type": "regex-word",
"scopes": [ "code" ],
"confidence": "high",
"_comment": ""
}
],
"conditions": [
{
"pattern": {
"pattern": "HKEY_|Registry",
"type": "regex-word",
"scopes": [
"code"
],
"_comment": ""
},
"search_in": "finding-region(-40,40)",
"negate_finding": false,
"_comment": ""
}
]
},
{
"name": "OS Operation: Windows Registry (Write)",
"id": "AI038200",
@ -97,7 +133,6 @@
"scopes": [
"code"
],
"modifiers": [ "i" ],
"_comment": ""
},
"search_in": "finding-region(-5,5)",
@ -161,7 +196,6 @@
"pattern": "Registry",
"type": "regex",
"scopes": [ "code" ],
"modifiers": [ "i" ],
"confidence": "high"
},
{
@ -179,7 +213,6 @@
"scopes": [
"code"
],
"modifiers": [ "i" ],
"_comment": ""
},
"search_in": "finding-region(-5,5)",
@ -202,11 +235,62 @@
"patterns": [
{
"pattern": "Registry(Key)?(.*)?.GetValue",
"type": "regex",
"type": "string",
"scopes": [ "code" ],
"confidence": "high",
"_comment": ""
}
],
"conditions": [
{
"pattern": {
"pattern": "HKEY_",
"type": "regex-word",
"scopes": [
"code"
],
"_comment": ""
},
"search_in": "finding-region(-40,40)",
"negate_finding": false,
"_comment": ""
}
]
},
{
"name": "OS Operation: Windows Registry (Read)",
"id": "AI038601",
"description": "OS Operation: Windows Registry (Read)",
"tags": [
"OS.SystemRegistry.Read"
],
"applies_to": [
"rust"
],
"severity": "moderate",
"patterns": [
{
"pattern": ".open_subkey(",
"type": "string",
"scopes": [ "code" ],
"confidence": "high",
"_comment": ""
}
],
"conditions": [
{
"pattern": {
"pattern": "HKEY_",
"type": "regex-word",
"scopes": [
"code"
],
"_comment": ""
},
"search_in": "finding-region(-40,40)",
"negate_finding": false,
"_comment": ""
}
]
}
]