microsoft
/
ApplicationInspector
зеркало из https://github.com/microsoft/ApplicationInspector.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add initial set of PQ and AI checks, auth'n/z updates (#573) 

* Add initial set of PQ and AI checks, auth'n/z updates

* Add Python semantic_kernel.

* Add AI tag group to html report

* Remove code scope definition from txt rules

---------

Co-authored-by: Gabe Stocco <98900+gfs@users.noreply.github.com>
This commit is contained in:
Michael Scovetta 2024-02-16 11:53:47 -05:00 коммит произвёл GitHub
Родитель 00ad48b230
Коммит 6d539ef691
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
12 изменённых файлов: 936 добавлений и 7 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

5
AppInspector.CLI/preferences/tagreportgroups.json
Просмотреть файл

@ -36,6 +36,11 @@
"searchPattern": "^OS.Process.DynamicExecution.*",
"displayName": "Dynamic command execution",
"detectedIcon": "fab fa-audible"
},
{
"searchPattern": "^AI\\..*$",
"displayName": "AI",
"detectedIcon": "fa-solid fa-robot"
}
]
},

43
AppInspector/rules/default/ai/deep_learning.json Normal file
Просмотреть файл

@ -0,0 +1,43 @@
[
{
"name": "Deep Learning AI Library (requirements.txt)",
"id": "AI070040",
"description": "Deep Learning AI Library (requirements.txt)",
"tags": [
"AI.Library.DeepLearning"
],
"severity": "unspecified",
"applies_to_file_regex": [
"requirements\\.txt"
],
"patterns": [
{
"confidence": "high",
"pattern": "caffe|chainer|cntk|deepy|keras|keras_cv|mxnet|tensorly|tensor2tensor|torch|torchaudio|torchtext|torchvision",
"type": "regexword"
}
]
},
{
"name": "Deep Learning AI Library (import)",
"id": "AI070041",
"description": "Deep Learning AI Library (import)",
"tags": [
"AI.Library.DeepLearning"
],
"severity": "unspecified",
"applies_to": [
"python"
],
"patterns": [
{
"confidence": "high",
"pattern": "(from|import)\\s+(caffe|chainer|cntk|deepy|keras|keras_cv|mxnet|tensorly|tensor2tensor|torch|torchaudio|torchtext|torchvision)[^\\s]",
"type": "regex",
"scopes": [
"code"
]
}
]
}
]

35
AppInspector/rules/default/ai/general.json Normal file
Просмотреть файл

@ -0,0 +1,35 @@
[
{
"name": "Generative AI - General Term",
"id": "AI070201",
"description": "Generative AI - General Term",
"tags": [
"AI.Library.GenerativeAI"
],
"severity": "unspecified",
"patterns": [
{
"confidence": "high",
"pattern": "GAN|Generative Adversarial Network|VAE|Variational Autoencoder|Seq2Seq|Sequence-to-Sequence|Transformer|GAN[0-9]+|Generational Adversarial Network[0-9]+|RNN|Recurrent Neural Network|LSTM|Long Short-Term Memory|GANs|Generational Adversarial Networks|VQ-VAQ|Vector Quantized Variational Autoencoder|DCGAN|Deep Convolutional Generative Adversarial Network",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
]
},
{
"confidence": "high",
"pattern": "gpt[-]?[234]",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
]
}
]
}
]

140
AppInspector/rules/default/ai/generative_ai_libraries.json Normal file
Просмотреть файл

@ -0,0 +1,140 @@
[
{
"name": "Generative AI Library (requirements.txt)",
"id": "AI070001",
"description": "Generative AI Library (requirements.txt)",
"tags": [
"AI.Library.GenerativeAI"
],
"severity": "unspecified",
"applies_to_file_regex": [
"requirements\\.txt"
],
"patterns": [
{
"confidence": "high",
"pattern": "adapters|transformers|asteroid|bertopic|diffusers|doctr|espnet|gpt2|fastai|gpt_2_simple|huggingface_hub|openai|textgenrnn|langchain|langchain_community|semantic_kernel|t5|t5x|tensorflow",
"type": "regexword"
}
],
"must-match": [
"langchain",
"openai==1.6.0"
]
},
{
"name": "Generative AI Library (import)",
"id": "AI070002",
"description": "Generative AI Library (import)",
"tags": [
"AI.Library.GenerativeAI"
],
"severity": "unspecified",
"applies_to": [
"python"
],
"patterns": [
{
"confidence": "high",
"pattern": "(from|import)\\s+(adapters|transformers|asteroid|bertopic|diffusers|doctr|espnet|gpt2|fastai|gpt_2_simple|huggingface_hub|openai|textgenrnn|langchain|langchain_community|semantic_kernel|t5|t5x|tensorflow)\\s?",
"type": "regex",
"scopes": [
"code"
]
},
{
"confidence": "high",
"pattern": "tensorflow|keras|pytorch",
"type": "regexword",
"scopes": [
"code"
]
}
],
"must-match": [
"from tensorflow.keras.layers import Dense, Flatten, Reshape"
]
},
{
"name": "Generative AI Library (*.csproj)",
"id": "AI070003",
"description": "Generative AI Library (*.csproj)",
"tags": [
"AI.Library.GenerativeAI"
],
"applies_to": [
"VSProject"
],
"severity": "unspecified",
"patterns": [
{
"confidence": "high",
"pattern": "(Microsoft\\.SemanticKernel|OpenAI|OpenAI-DotNet|Azure\\.AI\\.OpenAI)",
"xpaths": [
"/Project/ItemGroup/PackageReference/@Include"
],
"type": "regex"
}
]
},
{
"name": "Generative AI Library (Semantic Kernel)",
"id": "AI070004",
"description": "Generative AI Library (Semantic Kernel)",
"tags": [
"AI.Library.GenerativeAI.SemanticKernel"
],
"applies_to": [
"csharp"
],
"severity": "unspecified",
"patterns": [
{
"confidence": "high",
"pattern": "using Microsoft\\.SemanticKernel.*;",
"type": "regex",
"scopes": [
"code"
]
}
],
"must-match": [
"using Microsoft.SemanticKernel.Connectors.OpenAI;"
]
},
{
"name": "Generative AI Library (Semantic Kernel)",
"id": "AI070005",
"description": "Generative AI Library (Semantic Kernel)",
"tags": [
"AI.Library.GenerativeAI.SemanticKernel"
],
"applies_to": [
"python"
],
"severity": "unspecified",
"patterns": [
{
"confidence": "high",
"pattern": "(from|import) semantic_kernel",
"type": "regex",
"scopes": [
"code"
]
},
{
"confidence": "high",
"pattern": "AzureChatCompletion|register_semantic_function|SemanticFunctionConfig|ChatPromptTemplate|PromptTemplateConfig",
"type": "regex",
"scopes": [
"code"
]
},
],
"must-match": [
"import semantic_kernel.connectors.ai.open_ai as sk_oai",
"pc = sk.PromptTemplateConfig.from_completion_parameters()"
]
}
]

43
AppInspector/rules/default/ai/machine_learning.json Normal file
Просмотреть файл

@ -0,0 +1,43 @@
[
{
"name": "Machine Learning AI Library (requirements.txt)",
"id": "AI070030",
"description": "Machine Learning AI Library (requirements.txt)",
"tags": [
"AI.Library.MachineLearning"
],
"severity": "unspecified",
"applies_to_file_regex": [
"requirements\\.txt"
],
"patterns": [
{
"confidence": "high",
"pattern": "sklearn|seaborn|gym|gymnasium|pycaret|xgboost|yellowbrick",
"type": "regexword"
}
]
},
{
"name": "Machine Learning AI Library (import)",
"id": "AI070031",
"description": "Machine Learning AI Library (import)",
"tags": [
"AI.Library.MachineLearning"
],
"severity": "unspecified",
"applies_to": [
"python"
],
"patterns": [
{
"confidence": "high",
"pattern": "(from|import)\\s+(sklearn|seaborn|gym|gymnasium|pycaret|xgboost|yellowbrick)[^\\s]",
"type": "regex",
"scopes": [
"code"
]
}
]
}
]

43
AppInspector/rules/default/ai/neural_networks.json Normal file
Просмотреть файл

@ -0,0 +1,43 @@
[
{
"name": "Neural Network AI Library (requirements.txt)",
"id": "AI070010",
"description": "Neural Network AI Library (requirements.txt)",
"tags": [
"AI.Library.NeuralNetwork"
],
"severity": "unspecified",
"applies_to_file_regex": [
"requirements\\.txt"
],
"patterns": [
{
"confidence": "high",
"pattern": "blocks|pylearn2|lasagne|onnx",
"type": "regexword"
}
]
},
{
"name": "Neural Network AI Library (import)",
"id": "AI070011",
"description": "Neural Network AI Library (import)",
"tags": [
"AI.Library.NeuralNetwork"
],
"severity": "unspecified",
"applies_to": [
"python"
],
"patterns": [
{
"confidence": "high",
"pattern": "(from|import)\\s+(blocks|pylearn2|lasagne|onnx)[^\\s]",
"type": "regex",
"scopes": [
"code"
]
}
]
}
]

43
AppInspector/rules/default/ai/nlp.json Normal file
Просмотреть файл

@ -0,0 +1,43 @@
[
{
"name": "NLP AI Library (requirements.txt)",
"id": "AI070020",
"description": "NLP AI Library (requirements.txt)",
"tags": [
"AI.Library.NLP"
],
"severity": "unspecified",
"applies_to_file_regex": [
"requirements\\.txt"
],
"patterns": [
{
"confidence": "high",
"pattern": "allennlp|cltk|corenlp|flair|gensim|keras_nlp|nlp_architect|nltk|polyglot|pynlpl|quepy|spacy|textblob",
"type": "regexword"
}
]
},
{
"name": "NLP AI Library (import)",
"id": "AI070021",
"description": "NLP AI Library (import)",
"tags": [
"AI.Library.NLP"
],
"severity": "unspecified",
"applies_to": [
"python"
],
"patterns": [
{
"confidence": "high",
"pattern": "(from|import)\\s+(allennlp|cltk|corenlp|flair|gensim|keras_nlp|nlp_architect|nltk|polyglot|pynlpl|quepy|spacy|textblob)[^\\s]",
"type": "regex",
"scopes": [
"code"
]
}
]
}
]

43
AppInspector/rules/default/ai/statistics.json Normal file
Просмотреть файл

@ -0,0 +1,43 @@
[
{
"name": "Statistics AI Library (requirements.txt)",
"id": "AI070050",
"description": "Statistics AI Library (requirements.txt)",
"tags": [
"AI.Library.Statistics"
],
"severity": "unspecified",
"applies_to_file_regex": [
"requirements\\.txt"
],
"patterns": [
{
"confidence": "high",
"pattern": "jax|numpy|statsmodels|theano|matplotlib|scipy",
"type": "regexword"
}
]
},
{
"name": "Statistics AI Library (import)",
"id": "AI070051",
"description": "Statistics AI Library (import)",
"tags": [
"AI.Library.Statistics"
],
"severity": "unspecified",
"applies_to": [
"python"
],
"patterns": [
{
"confidence": "high",
"pattern": "(from|import)\\s+(jax|numpy|statsmodels|theano|matplotlib|scipy)[^\\s]",
"type": "regex",
"scopes": [
"code"
]
}
]
}
]

23
AppInspector/rules/default/cryptography/hash_algorithm.json
Просмотреть файл

@ -133,5 +133,28 @@
"confidence": "low"
}
]
},
{
"name": "Cryptography: Hash Algorithm (SHAKE)",
"id": "AI009301",
"description": "Cryptography: Hash Algorithm (SHAKE)",
"tags": [
"Cryptography.HashAlgorithm.SHAKE"
],
"severity": "moderate",
"patterns": [
{
"pattern": "SHAKE(_?)(128|256)",
"type": "regexword",
"scopes": [
"code",
"comment"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
}
]

404
AppInspector/rules/default/cryptography/post_quantum.json Normal file
Просмотреть файл

@ -0,0 +1,404 @@
[
{
"name": "Cryptography: Quantum-Resistant: General Terms",
"id": "AI009501",
"description": "Cryptography: Quantum-Resistant: General Terms",
"tags": [
"Cryptography.HashAlgorithm.QuantumResistant.General"
],
"severity": "moderate",
"patterns": [
{
"pattern": "openquantumsafe\\.org|open-quantum-safe|quantum safe|quantum[ -](safe|resistant|resistence|safety|proof|secure)|post[ -]quantum",
"type": "regexword",
"scopes": [
"code",
"comment"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"This class implements a post-quantum secure key exchange algorithm based on the NTRUEncrypt cryptosystem."
]
},
{
"name": "Cryptography: Quantum-Resistant: Module-Lattice KEM (Kyber)",
"id": "AI009505",
"description": "Cryptography: Quantum-Resistant: Kyber/ML-KEM",
"tags": [
"Cryptography.HashAlgorithm.QuantumResistant",
"Cryptography.HashAlgorithm.MLKEM"
],
"severity": "moderate",
"patterns": [
{
"pattern": "ml[_-]?kem|PQCgenKAT_kem|pqc_kyber|ccakem|generate_kyber_keys|fips203",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
},
{
"pattern": "\\bkyber[a-z0-9_-]+",
"type": "regex",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
},
{
"pattern": "kyber[_]?(encrypt|decrypt|sign)",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
},
{
"pattern": "516,\\s*3321,\\s*3009",
"_comment": "Kyber parameters",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"encrypted_message = pqc.kyber_encrypt(public_key, message)",
"KYBER_INDCPA_PUBLICKEYBYTES",
"1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830,"
],
},
{
"name": "Cryptography: Quantum-Resistant: Module-Lattice DSA",
"id": "AI009506",
"description": "Cryptography: Quantum-Resistant: Dilithium/ML-DSA",
"tags": [
"Cryptography.HashAlgorithm.QuantumResistant",
"Cryptography.HashAlgorithm.MLDSA"
],
"severity": "moderate",
"patterns": [
{
"pattern": "(ml[_-]?dsa|fips[_]?204|crystals-kyber)",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
},
{
"pattern": "516,\\s*3321,\\s*3009",
"_comment": "Kyber parameters",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Cryptography: Quantum-Resistant: FrodoKEM",
"id": "AI009507",
"description": "Cryptography: Quantum-Resistant: FrodoKEM",
"tags": [
"Cryptography.HashAlgorithm.QuantumResistant",
"Cryptography.KeyEncapsulation.FrodoKEM"
],
"severity": "moderate",
"patterns": [
{
"pattern": "frodo-\\d+-(shake|aes)-sha\\d+",
"_comment": "FrodoKEM algorithms",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Cryptography: Quantum-Resistant: Hybrid Key Exchange Algorithms",
"id": "AI009508",
"description": "Cryptography: Quantum-Resistant: Hybrid Key Exchange Algorithms",
"tags": [
"Cryptography.KeyExchange.QuantumResistant.HybridKeyExchange"
],
"severity": "moderate",
"patterns": [
{
"pattern": "ecdh-nistp384-(.{12,35})@openquantumsafe.org",
"_comment": "https://github.com/microsoft/Quantum-Safe-OpenSSH/blob/07d1592ac37f4b45ab7b577c7fbcc00f0003a493/docs/Algorithms.md?plain=1#L80",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"ecdh-nistp384-classic-mceliece-6960119f-sha384@openquantumsafe.org"
]
},
{
"name": "Cryptography: Quantum-Resistant: Signature Algorithms",
"id": "AI009509",
"description": "Cryptography: Quantum-Resistant: Signature Algorithms",
"tags": [
"Cryptography.DigitalSignature.QuantumResistant"
],
"severity": "moderate",
"patterns": [
{
"pattern": "ssh-(dilithium2|falcoln512|mqdss3148|picnicl1fs|picnic3l1|qteslapi|rainbowiaclassic|rainbowiiicclassic|rainbowvcclassic|spincsharka128frobust|sphincssha256128frobust|sphincsshake256128frobust)",
"_comment": "https://github.com/microsoft/Quantum-Safe-OpenSSH/blob/07d1592ac37f4b45ab7b577c7fbcc00f0003a493/docs/Algorithms.md?plain=1#L149",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"ssh-rainbowiiicclassic"
]
},
{
"name": "Cryptography: Quantum-Resistant: Hybrid Signatures",
"id": "AI009510",
"description": "Cryptography: Quantum-Resistant: Hybrid Signatures",
"tags": [
"Cryptography.DigitalSignature.QuantumResistant.HybridSignatures"
],
"severity": "moderate",
"patterns": [
{
"pattern": "ssh-(rsa3072|p256|p384|p521)-(dilithium2|falcon512|mqdss3148|picnicl1fs|picnic3l1|qteslapi|rainbowiaclassic|rainbowiiicclassic|rainbowvcclassic|sphincsharaka128frobust|sphincssha256128frobust|sphincsshake256128frobust)",
"_comment": "https://github.com/microsoft/Quantum-Safe-OpenSSH/blob/07d1592ac37f4b45ab7b577c7fbcc00f0003a493/docs/Algorithms.md?plain=1#L164",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"ssh-rsa3072-sphincsharaka128frobust"
]
},
{
"name": "Cryptography: Quantum-Resistant: Stateless Hash-Based DSS",
"id": "AI009511",
"description": "Cryptography: Quantum-Resistant: Stateless Hash-Based DSS",
"tags": [
"Cryptography.DigitalSignature.QuantumResistant.StatelessHashBasedDSS"
],
"severity": "moderate",
"patterns": [
{
"pattern": "slh-dsa|fips[ -]205|hdd|xmss",
"_comment": "",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Cryptography: Quantum-Resistant: SPHINCS+",
"id": "AI009512",
"description": "Cryptography: Quantum-Resistant: SPHINCS+",
"tags": [
"Cryptography.DigitalSignature.QuantumResistant.SPHINCSplus"
],
"severity": "moderate",
"patterns": [
{
"pattern": "sphincx|haraka",
"_comment": "",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Cryptography: Quantum-Resistant: Falcon",
"id": "AI009513",
"description": "Cryptography: Quantum-Resistant: Falcon",
"tags": [
"Cryptography.DigitalSignature.QuantumResistant.Falcon"
],
"severity": "moderate",
"patterns": [
{
"pattern": "falcon[-]?(512|1024)",
"_comment": "",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Cryptography: Quantum-Resistant: mbedTLS",
"id": "AI009514",
"description": "Cryptography: Quantum-Resistant: mbedTLS",
"tags": [
"Cryptography.Implementation.QuantumResistant.mbedTLS"
],
"severity": "moderate",
"patterns": [
{
"pattern": "mbedtls_(lmots|lms)_[a-z0-9]+",
"_comment": "",
"type": "regex",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Cryptography: Quantum-Resistant: NTRU",
"id": "AI009515",
"description": "Cryptography: Quantum-Resistant: NTRU",
"tags": [
"Cryptography.Implementation.QuantumResistant.NTRU"
],
"severity": "moderate",
"patterns": [
{
"pattern": "ntru[_]?(encrypt|decrypt|sign)",
"_comment": "",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"decrypted_message = pyqrypt.ntru_decrypt(private_key, encrypted_message)"
]
},
{
"name": "Cryptography: Quantum-Resistant: BouncyCastle (Java)",
"id": "AI009516",
"description": "Cryptography: Quantum-Resistant: BouncyCastle (Java)",
"tags": [
"Cryptography.Implementation.QuantumResistant.BouncyCastle"
],
"severity": "moderate",
"applies_to": [
"java"
],
"patterns": [
{
"pattern": "^import org\\.bouncycastle\\.pqc\\.(crypto|jcajce)\\..*;",
"_comment": "",
"type": "regex",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"import org.bouncycastle.pqc.crypto.falcon.Falcon512KeyPairGenerator;",
"import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;"
]
},
{
"name": "Cryptography: Quantum-Resistant: BouncyCastle (C#)",
"id": "AI009517",
"description": "Cryptography: Quantum-Resistant: BouncyCastle *C#",
"tags": [
"Cryptography.Implementation.QuantumResistant.BouncyCastle"
],
"severity": "moderate",
"applies_to": [
"csharp"
],
"patterns": [
{
"pattern": "^using Org\\.BouncyCastle\\.Pqc\\.Crypto",
"_comment": "",
"type": "regex",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
],
"must-match": [
"using Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber;"
]
}
]

35
AppInspector/rules/default/security_feature/authentication.json
Просмотреть файл

@ -204,16 +204,17 @@
]
},
{
"name": "Authentication: Microsoft (Active Directory)",
"name": "Authentication: Microsoft (Entra)",
"id": "AI039300",
"description": "Authentication: Microsoft (Active Directory)",
"description": "Authentication: Microsoft (Entra)",
"tags": [
"Authentication.Microsoft.Windows.ActiveDirectory"
"Authentication.Microsoft.Windows.ActiveDirectory",
"Authentication.Microsoft.Windows.Entra"
],
"severity": "critical",
"patterns": [
{
"pattern": "active.?directory|ADFS",
"pattern": "active.?directory|ADFS|entra",
"type": "regexword",
"scopes": [
"code",
@ -241,6 +242,14 @@
],
"confidence": "high"
},
{
"pattern": "ManagedIdentityClient|UsernamePasswordCredentialOptions|SharedTokenCacheCredential|EnvironmentalCredential|DeviceCodeCredential|InteractiveBrowserCredential|ClientSecretCredential|ClientCertificateCredential|AuthorizationCodeCredential|DefaultAzureCredential|AzureCliCredential",
"type": "string",
"scopes": [
"code"
],
"confidence": "high"
},
{
"pattern": "System\\.DirectoryServices|IDirectoryObject|IDirectorySearch",
"type": "regexword",
@ -249,7 +258,19 @@
"comment"
],
"confidence": "medium"
},
{
"pattern": "AddMicrosoftIdentityUI",
"type": "regexword",
"scopes": [
"code",
"comment"
],
"confidence": "medium"
}
],
"must-match": [
"options.AddMicrosoftIdentityUI();"
]
},
{
@ -276,9 +297,9 @@
]
},
{
"name": "Authentication: Microsoft Windows (NTML)",
"name": "Authentication: Microsoft Windows (NTLM)",
"id": "AI039500",
"description": "AAuthentication: Microsoft Windows (NTML)",
"description": "AAuthentication: Microsoft Windows (NTLM)",
"tags": [
"Authentication.Microsoft.Windows.NTLM"
],
@ -478,7 +499,7 @@
"severity": "critical",
"patterns": [
{
"pattern": "principal|identity|auth|authenticated|authentication|signin|sign-?in|signout|sign-?out|networkcredential",
"pattern": "principal|identity|auth|authenticated|authentication|signin|sign-?in|signout|sign-?out|networkcredential|isauthenticated|isloggedin",
"type": "regexword",
"scopes": [
"code"

86
AppInspector/rules/default/security_feature/authorization.json
Просмотреть файл

@ -192,5 +192,91 @@
"negate_finding": true
}
]
},
{
"name": "Authorization: MSAL (ASP.NET)",
"id": "AI040601",
"description": "Authorization: MSAL (ASP.NET)",
"applies_to": [
"csharp"
],
"tags": [
"Authorization.Microsoft.MSAL"
],
"severity": "unspecified",
"patterns": [
{
"pattern": "AuthorizationPolicyBuilder|RequireAuthenticatedUser|AuthorizeFilter|TokenValidationParameters",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
},
{
"pattern": "Azure.Identity",
"type": "string",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Authorization: MSAL (JavaScript)",
"id": "AI040602",
"description": "Authorization: MSAL (JavaScript)",
"applies_to": [
"javascript"
],
"tags": [
"Authorization.Microsoft.MSAL"
],
"severity": "unspecified",
"patterns": [
{
"pattern": "ConfidentialClientApplication|acquireTokenByClientCredential",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
},
{
"name": "Authorization: Entra (Custom Claims)",
"id": "AI040603",
"description": "Authorization: Entra (Custom Claims)",
"applies_to": [
"javascript"
],
"tags": [
"Authorization.Microsoft.MSAL.CustomClaims"
],
"severity": "unspecified",
"patterns": [
{
"pattern": "onTokenIssuanceStartResponseData|tokenIssuanceStart\\.provideClaimsForToken",
"type": "regexword",
"scopes": [
"code"
],
"modifiers": [
"i"
],
"confidence": "high"
}
]
}
]