Misc reg imp (#283)

* Replaces older DevSkim regex engine with Microsoft.CST.OAT. 4 unit test marked as ignore until final count of expected tags is met. * Replaces older DevSkim regex engine with Microsoft.CST.OAT. 4 unit test marked as ignore until final count of expected tags is met. * Fix affecting 1 unit test * Completed RegexWithIndexOp for OAT operation to get index of matched pattern and cleanup. * Fixed 1. mistaken identification of inline comment in TextContainer 2. Regex compilation interference with IgnoreCase option (?but verified) and 3. missing boundary property set for sample text as part of match details. * Update RulesEngine/Ruleset.cs Co-authored-by: Gabe Stocco <98900+gfs@users.noreply.github.com> * Revised how to get the enumerated list of native rules. * extra semi-colon * null checks updated to ? and ?. and non-nullable arg checks removed as unnecessary now * Simplified enumerable native rules get * space nit * Label improvement for issue #255 and minor table alignment. * Work for Pedro FP in Liquid Co-authored-by: Gabe Stocco <98900+gfs@users.noreply.github.com>
2020-09-11 01:08:03 -06:00 · 2020-09-11 01:08:03 -06:00 · 5568fc9d2b
--- a/AppInspector/rules/default/components/active_content.json
+++ b/AppInspector/rules/default/components/active_content.json
@ -67,7 +67,7 @@
        "confidence": "high"
      },
      {
-        "pattern": "CreateObject",
+        "pattern": "Type\\.GetTypeFromProgID",
        "type": "regex",
        "scopes": [
          "code",
@ -87,6 +87,29 @@
      }
    ]
  },
+  {
+    "name": "Component: Active-X",
+    "id": "AI005001",
+    "description": "Component: Active-X",
+    "applies_to": [
+      "vb"
+    ],
+    "tags": [
+      "Component.Executable.Microsoft.ActiveX"
+    ],
+    "severity": "moderate",
+    "patterns": [
+      {
+        "pattern": "= CreateObject\\(",
+        "type": "regex",
+        "scopes": [
+          "code",
+          "comment"
+        ],
+        "confidence": "high"
+      }
+    ]
+  },
  {
    "name": "Component: Active-X",
    "id": "AI005010",
--- a/AppInspector/rules/default/cryptography/hash_algorithm.json
+++ b/AppInspector/rules/default/cryptography/hash_algorithm.json
@ -120,6 +120,22 @@
        "modifiers": [ "i" ],
        "confidence": "medium"
      }
+    ],
+    "conditions": [
+      {
+        "pattern": {
+          "pattern": "hashset",
+          "type": "regex-word",
+          "scopes": [
+            "code"
+          ],
+          "modifiers": [ "i" ],
+          "_comment": ""
+        },
+        "search_in": "finding-region(0,0)",
+        "negate_finding": false,
+        "_comment": ""
+      }
    ]
  }
 ]
--- a/AppInspector/rules/default/data_handling/xml_parsing.json
+++ b/AppInspector/rules/default/data_handling/xml_parsing.json
@ -155,6 +155,22 @@
          "code"
        ]
      }
+    ],
+    "conditions": [
+      {
+        "pattern": {
+          "pattern": "exclude",
+          "type": "regex",
+          "scopes": [
+            "code"
+          ],
+          "modifiers": [ "i" ],
+          "_comment": ""
+        },
+        "search_in": "finding-region(0,0)",
+        "negate_finding": true,
+        "_comment": ""
+      }
    ]
  },
  {
@ -175,6 +191,22 @@
          "code"
        ]
      }
+    ],
+    "conditions": [
+      {
+        "pattern": {
+          "pattern": "exclude",
+          "type": "regex-word",
+          "scopes": [
+            "code"
+          ],
+          "modifiers": [ "i" ],
+          "_comment": ""
+        },
+        "search_in": "finding-region(0,0)",
+        "negate_finding": true,
+        "_comment": ""
+      }
    ]
  }
 ]
--- a/AppInspector/rules/default/general/platforms.json
+++ b/AppInspector/rules/default/general/platforms.json
@ -65,7 +65,7 @@
        "_comment": ""
      },
      {
-        "pattern": "kitkat|jellybean|lollipop|marshmallow|nougat|oreo|pie",
+        "pattern": "kitkat|jellybean|lollipop|marshmallow|nougat|oreo",
        "type": "regex-word",
        "scopes": [ "code", "comment" ],
        "modifiers": [ "i" ],
@ -74,6 +74,41 @@
      }
    ]
  },
+  {
+    "name": "Platform: Google Android",
+    "id": "AI028801",
+    "description": "Platform: Google Android",
+    "tags": [
+      "Metadata.Platform.OS.Google.Android"
+    ],
+    "severity": "moderate",
+    "patterns": [
+      {
+        "pattern": "pie",
+        "type": "string",
+        "scopes": [ "code", "comment" ],
+        "modifiers": [ "i" ],
+        "confidence": "high",
+        "_comment": ""
+      }
+    ],
+    "conditions": [
+      {
+        "pattern": {
+          "pattern": "chart",
+          "type": "regex-word",
+          "scopes": [
+            "code"
+          ],
+          "modifiers": [ "i" ],
+          "_comment": ""
+        },
+        "search_in": "finding-region(-10,10)",
+        "negate_finding": true,
+        "_comment": ""
+      }
+    ]
+  },
  {
    "name": "Platform: Apple iOS",
    "id": "AI028900",
@ -84,7 +119,7 @@
    "severity": "moderate",
    "patterns": [
      {
-        "pattern": "UIKit|ios",
+        "pattern": "AppleWebKit|UIKit|ios",
        "type": "regex-word",
        "scopes": [ "code", "comment" ],
        "modifiers": [ "i" ],
@ -181,7 +216,7 @@
    "patterns": [
      {
        "pattern": "Windows universal platform|UWP",
-        "type": "regex",
+        "type": "regex-word",
        "scopes": [ "code" ],
        "modifiers": [ "i" ],
        "_comment": ""
@ -224,6 +259,22 @@
        "confidence": "high",
        "_comment": ""
      }
+    ],
+    "conditions": [
+      {
+        "pattern": {
+          "pattern": "areapath",
+          "type": "regex",
+          "scopes": [
+            "code"
+          ],
+          "modifiers": [ "i" ],
+          "_comment": ""
+        },
+        "search_in": "finding-region(-5,5)",
+        "negate_finding": true,
+        "_comment": ""
+      }
    ]
  },
  {