public override UstNode Visit(PatternVarDef patternVarDef)
{
List <Expression> vars = patternVarDef.Values.Select(v => (Expression)Visit(v)).ToList();
vars.Sort();
return(new PatternVarDef(patternVarDef.Id, vars, patternVarDef.TextSpan));
}
public UstNode VisitLiteralOrPatternId(DslParser.LiteralOrPatternIdContext context)
{
Token result;
if (context.Id() != null)
{
result = ProcessId(context.Id());
}
else
{
if (context.patternId().Length == 1)
{
var firstPatternId = context.patternId().First();
result = (IdToken)VisitPatternId(firstPatternId);
}
else
{
Token[] values = context.patternId().Select(literal =>
{
return((IdToken)VisitPatternId(literal));
}).ToArray();
result = new PatternVarDef(GetNewVarDefName(), values, context.GetTextSpan());
}
}
return(result);
}
public UstNode VisitPatternOrExpression(DslParser.PatternOrExpressionContext context)
{
Expression[] values = context.expression().Select(expr =>
{
return((Expression)VisitExpression(expr));
}).ToArray();
var result = new PatternVarDef(GetNewVarDefName(), values, context.GetTextSpan());
return(result);
}
public void JsonSerialize_PatternWithVar_JsonEqualsToDsl()
{
var pwdVar = new PatternVarDef {
Id = "pwd", Values = new List <Expression>()
{
new PatternIdToken("password")
}
};
var patternNode = new PatternNode
{
Vars = new List <PatternVarDef>()
{
pwdVar
},
Node = new PatternStatements(
new ExpressionStatement
{
Expression = new AssignmentExpression
{
Left = new PatternVarRef(pwdVar),
Right = new PatternExpression()
}
},
new PatternMultipleStatements(),
new ExpressionStatement
{
Expression = new InvocationExpression
{
Target = new PatternExpression(),
Arguments = new PatternExpressions(
new PatternMultipleExpressions(),
new PatternVarRef(pwdVar),
new PatternMultipleExpressions())
}
}
)
};
var jsonSerializer = new JsonUstNodeSerializer(typeof(UstNode), typeof(PatternVarDef));
jsonSerializer.Indented = true;
jsonSerializer.IncludeTextSpans = false;
string json = jsonSerializer.Serialize(patternNode);
UstNode nodeFromJson = jsonSerializer.Deserialize(json, LanguageExt.AllPatternLanguages);
var dslSeializer = new DslProcessor()
{
PatternExpressionInsideStatement = false
};
var nodeFromDsl = dslSeializer.Deserialize("<[@pwd:password]> = #; ... #(#*, <[@pwd]>, #*);", LanguageExt.AllPatternLanguages);
Assert.IsTrue(nodeFromJson.Equals(patternNode));
Assert.IsTrue(nodeFromJson.Equals(nodeFromDsl));
}
public UstNode VisitMemberReferenceOrLiteralExpression(DslParser.MemberReferenceOrLiteralExpressionContext context)
{
var textSpan = context.GetTextSpan();
var values = new Expression[]
{
new MemberReferenceExpression((Expression)VisitExpression(context.expression()), (Expression)VisitLiteralOrPatternId(context.literalOrPatternId()), textSpan, null),
(Expression)VisitLiteralOrPatternId(context.literalOrPatternId())
};
var result = new PatternVarDef(GetNewVarDefName(), values, context.GetTextSpan());
return(result);
}
public UstNode VisitDslCode(DslParser.DslCodeContext context)
{
UstNode result;
if (context.statement().Length > 0)
{
Statement[] statements = context.statement().Select(statement =>
(Statement)VisitStatement(statement))
.Where(statement => statement.NodeType != NodeType.PatternMultipleStatements).ToArray();
var resultStatements = new List <Statement>();
foreach (var statement in statements)
{
resultStatements.Add(statement);
resultStatements.Add(new PatternMultipleStatements());
}
if (resultStatements.Count == 0)
{
resultStatements.Add(new PatternMultipleStatements());
}
else
{
resultStatements.RemoveAt(resultStatements.Count - 1);
}
result = new PatternStatements
{
Statements = resultStatements,
TextSpan = context.GetTextSpan()
};
}
else if (context.expression() != null)
{
result = VisitExpression(context.expression());
}
else
{
PatternComment[] patternComments = context.PatternString().Select(literal =>
new PatternComment(RemoveQuotes(literal.GetText()), literal.GetTextSpan())).ToArray();
if (patternComments.Length == 1)
{
result = patternComments[0];
}
else
{
result = new PatternVarDef(GetNewVarDefName(), patternComments, context.GetTextSpan());
}
}
return(result);
}
public void Sort_PatternVars()
{
var unsortedExpressions = new List <Expression>()
{
new IntLiteral {
Value = 100
},
new IntLiteral {
Value = 42
},
new IntLiteral {
Value = 0
},
new StringLiteral {
Text = "42"
},
new StringLiteral {
Text = "Hello World!"
},
new IdToken {
Id = "testId"
},
new IdToken {
Id = "42"
},
new PatternExpression(new StringLiteral {
Text = "42"
}, true),
};
var expectedSortedExpressions = new List <Expression>
{
new StringLiteral {
Text = "42"
},
new PatternExpression(new StringLiteral {
Text = "42"
}, true),
new StringLiteral {
Text = "Hello World!"
},
new IdToken {
Id = "42"
},
new IdToken {
Id = "testId"
},
new IntLiteral {
Value = 0
},
new IntLiteral {
Value = 42
},
new IntLiteral {
Value = 100
},
};
var patternVarDef = new PatternVarDef
{
Id = "testVarDef",
Values = unsortedExpressions
};
var patternVars = new PatternNode
{
Vars = new List <PatternVarDef>()
{
patternVarDef
},
Node = new PatternVarRef(patternVarDef)
};
var logger = new LoggerMessageCounter();
var processor = new DslProcessor();
UstPreprocessor preprocessor = new UstPreprocessor()
{
Logger = logger
};
Expression[] resultSortedExpressions = ((PatternNode)preprocessor.Preprocess(patternVars))
.Vars.First().Values.ToArray();
Assert.AreEqual(expectedSortedExpressions.Count, resultSortedExpressions.Length);
for (int i = 0; i < expectedSortedExpressions.Count; i++)
{
Assert.IsTrue(expectedSortedExpressions[i].Equals(resultSortedExpressions[i]),
$"Not equal at {i} index: expected {expectedSortedExpressions[i]} not equals to {resultSortedExpressions[i]}");
}
}
public IEnumerable <Pattern> CreatePlSqlPatterns()
{
var patterns = new List <Pattern>();
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Dangerous Function",
Languages = LanguageFlags.PlSql,
Data = new PatternNode
{
Node = new InvocationExpression()
{
Target = new MemberReferenceExpression
{
Target = new IdToken("DBMS_UTILITY"),
Name = new IdToken("EXEC_DDL_STATEMENT")
},
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Weak Cryptographic Hash (MD2, MD4, MD5, RIPEMD-160, and SHA-1)",
Languages = LanguageFlags.PlSql,
Data = new PatternNode
{
Node = new InvocationExpression()
{
Target = new MemberReferenceExpression
{
Target = new IdToken("DBMS_OBFUSCATION_TOOLKIT"),
Name = new PatternIdToken("^(md2|md4|md5)$")
},
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Weak Cryptographic Hash (MD2, MD4, MD5, RIPEMD-160, and SHA-1)",
Languages = LanguageFlags.PlSql,
Data = new PatternNode
{
Node = new MemberReferenceExpression
{
Target = new IdToken("dbms_crypto"),
Name = new IdToken("hash_sh1")
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Insecure Randomness",
Languages = LanguageFlags.PlSql,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Target = new IdToken("DBMS_RANDOM"),
Name = new PatternIdToken()
},
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
}
});
var cursorVar = new PatternVarDef
{
Id = "cursor",
Values = new List <Expression>()
{
new PatternIdToken()
}
};
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Unreleased Resource: Cursor Snarfing",
Languages = LanguageFlags.PlSql,
Data = new PatternNode
{
Vars = new List <PatternVarDef> {
cursorVar
},
Node = new PatternStatements
{
Statements = new List <Statement>()
{
new PatternExpressionInsideStatement
{
Statement = new ExpressionStatement(new AssignmentExpression
{
Left = new PatternVarRef(cursorVar),
Right = new MemberReferenceExpression
{
Target = new IdToken("DBMS_SQL"),
Name = new IdToken("OPEN_CURSOR")
}
})
},
new PatternMultipleStatements(),
new PatternExpressionInsideStatement
{
Statement = new ExpressionStatement(new InvocationExpression
{
Target = new MemberReferenceExpression
{
Target = new IdToken("DBMS_SQL"),
Name = new IdToken("CLOSE_CURSOR")
},
Arguments = new ArgsNode(new PatternVarRef(cursorVar))
}),
Not = true
}
}
}
}
});
var fileVar = new PatternVarDef
{
Id = "file",
Values = new List <Expression>()
{
new PatternIdToken()
}
};
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Unreleased Resource: File Snarfing",
Languages = LanguageFlags.PlSql,
Data = new PatternNode
{
Vars = new List <PatternVarDef> {
fileVar
},
Node = new PatternStatements
{
Statements = new List <Statement>()
{
new PatternExpressionInsideStatement
{
Statement = new ExpressionStatement(new AssignmentExpression
{
Left = new PatternVarRef(fileVar),
Right = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Target = new PatternIdToken("(?i)UTL_FILE"),
Name = new PatternIdToken("(?i)FOPEN")
},
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
})
},
new PatternMultipleStatements(),
new PatternExpressionInsideStatement
{
Statement = new ExpressionStatement(new InvocationExpression
{
Target = new MemberReferenceExpression
{
Target = new PatternIdToken("(?i)UTL_FILE"),
Name = new PatternIdToken("(?i)FCLOSE")
},
Arguments = new ArgsNode(new PatternVarRef(fileVar))
}),
Not = true
}
}
}
}
});
return(patterns);
}
public UstNode VisitPatternLiterals([NotNull] DslParser.PatternLiteralsContext context)
{
Expression result;
PatternVarDef patternVarDef;
if (context.patternNotLiteral().Length == 1)
{
result = (Expression)VisitPatternNotLiteral(context.patternNotLiteral().First());
if (context.PatternVar() != null)
{
string id = context.PatternVar().GetText().Substring(1);
if (!patternVarDefs.TryGetValue(id, out patternVarDef))
{
patternVarDef = new PatternVarDef(id, new Expression[] { result }, context.GetTextSpan());
patternVarDefs[id] = patternVarDef;
}
else
{
if (context.patternNotLiteral().Length != 0)
{
var lcTextSpan = new LineColumnTextSpan(patternVarDef.TextSpan, Data);
throw new ConversionException(
$"DSL Error: PatternVar {id} with matching Id already defined earlier at {lcTextSpan}")
{
TextSpan = context.PatternVar().GetTextSpan()
};
}
}
result = new PatternVarRef(patternVarDef, context.GetTextSpan());
}
}
else
{
List <Expression> values = context.patternNotLiteral()
.Select(literal => (Expression)VisitPatternNotLiteral(literal)).ToList();
if (values.Count == 0)
{
values.Add(new PatternIdToken("", context.GetTextSpan()));
}
if (context.PatternVar() == null)
{
result = new PatternVarDef(GetNewVarDefName(), values, context.GetTextSpan());
}
else
{
string id = context.PatternVar().GetText().Substring(1);
if (!patternVarDefs.TryGetValue(id, out patternVarDef))
{
patternVarDef = new PatternVarDef(id, values, context.GetTextSpan());
patternVarDefs[id] = patternVarDef;
}
else
{
if (context.patternNotLiteral().Length != 0)
{
var lcTextSpan = new LineColumnTextSpan(patternVarDef.TextSpan, Data);
throw new ConversionException(
$"DSL Error: PatternVar {id} with matching Id already defined earlier at {lcTextSpan}")
{
TextSpan = context.PatternVar().GetTextSpan()
};
}
}
result = new PatternVarRef(patternVarDef, context.GetTextSpan());
}
}
return(result);
}
public IEnumerable <Pattern> CreateJavaPatterns()
{
var patterns = new List <Pattern>();
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "InadequateRsaPadding. Weak Encryption: Inadequate RSA Padding. ",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Name = new IdToken("getInstance"),
Target = new MemberReferenceExpression
{
Name = new IdToken("Cipher"),
Target = new MemberReferenceExpression
{
Name = new IdToken("crypto"),
Target = new IdToken("javax")
}
}
},
Arguments = new ArgsNode(new List <Expression>()
{
new PatternStringLiteral("^RSA/NONE/NoPadding$")
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "WeakCryptographicAlgorithm. Weak Encryption: Broken or Risky Cryptographic Algorithm" +
"https://cwe.mitre.org/data/definitions/327.html",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Name = new IdToken("getInstance"),
Target = new MemberReferenceExpression
{
Name = new IdToken("Cipher"),
Target = new MemberReferenceExpression
{
Name = new IdToken("crypto"),
Target = new IdToken("javax")
}
}
},
Arguments = new ArgsNode(new List <Expression>()
{
new PatternStringLiteral(@"DES")
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "OverlyBroadPath. Cookie Security: Overly Broad Path.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Name = new IdToken("setPath"),
Target = new PatternIdToken(@"[cC]ookie")
},
Arguments = new ArgsNode(new List <Expression>()
{
new PatternStringLiteral {
Text = "^/?$"
}
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "OverlyBroadDomain Cookie Security: Overly Broad Domain.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Name = new IdToken("setDomain"),
Target = new PatternIdToken {
Id = @"[cC]ookie"
}
},
Arguments = new ArgsNode(new List <Expression>()
{
new PatternStringLiteral(@"^.?[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-]+$")
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "PoorSeeding.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Name = new IdToken("setSeed"),
Target = new PatternExpression()
},
Arguments = new ArgsNode(new List <Expression>()
{
new PatternIntLiteral()
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "WeakCryptographicHash.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Name = new IdToken("getInstance"),
Target = new IdToken("MessageDigest")
},
Arguments = new ArgsNode(new List <Expression>()
{
new PatternStringLiteral("MD5|SHA-1")
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "AndroidPermissionCheck. Often Misused: Android Permission Check.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Name = new PatternIdToken("^(checkCallingOrSelfPermission|checkCallingOrSelfUriPermission)$"),
Target = new PatternExpression()
},
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "AndroidHostnameVerificationDisabled. Insecure SSL: Android Hostname Verification Disabled.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new PatternVarDef
{
Values = new List <Expression>()
{
new MemberReferenceExpression
{
Name = new IdToken("ALLOW_ALL_HOSTNAME_VERIFIER"),
Target = new IdToken("SSLSocketFactory")
},
new ObjectCreateExpression
{
Type = new TypeToken {
TypeText = "AllowAllHostnameVerifier"
},
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "SAXReaderExternalEntity",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression(new PatternStringLiteral(), true)
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken("read"),
Target = new ObjectCreateExpression
{
Type = new TypeToken {
TypeText = "SAXReader"
},
Arguments = new ArgsNode()
}
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "XmlExternalEntity",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression(new PatternStringLiteral(), true)
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken("parse"),
Target = new ObjectCreateExpression
{
Type = new TypeToken {
TypeText = "XMLUtil"
},
Arguments = new ArgsNode()
}
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "StickyBroadcast. Android Bad Practices: Sticky Broadcast.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression()
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken("sendStickyBroadcast"),
Target = new PatternExpression()
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "SendStickyBroadcastAsUser. Android Bad Practices: Sticky Broadcast.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression(), new PatternExpression()
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken("sendStickyBroadcastAsUser"),
Target = new PatternExpression()
}
}
}
});
// TODO: implement "createSocket"
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "InsecureSSL. Insecure SSL: Android Socket.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression(),
new PatternExpression()
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken {
Id = "getInsecure"
},
Target = new PatternExpression()
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "HardcodedSalt. Weak Cryptographic Hash: Hardcoded Salt.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression(),
new PatternStringLiteral()
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken {
Id = "hash"
},
Target = new PatternExpression()
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "MissingReceiverPermission. The program sends a broadcast without specifying the receiver permission. " +
"Broadcasts sent without the receiver permission are accessible to any receiver. If these broadcasts contain sensitive data or reach a malicious receiver, the application may be compromised.",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression()
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken {
Id = "sendBroadcast"
},
Target = new PatternExpression()
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "MissingBroadcasterPermission. The program registers a receiver without specifying the broadcaster permission. " +
"Receiver registered without the broadcaster permission will receive messages from any broadcaster. " +
"If these messages contain malicious data or come from a malicious broadcaster, the application may be compromised. " +
"Use this form: public abstract Intent registerReceiver (BroadcastReceiver receiver, IntentFilter filter, String broadcastPermission, Handler scheduler)",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Node = new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression(),
new PatternExpression()
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken {
Id = "registerReceiver"
},
Target = new PatternExpression()
}
}
}
});
var cookieVar = new PatternVarDef
{
Id = "cookie",
Values = new List <Expression>()
{
new PatternIdToken()
}
};
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "CookieNotSentOverSSL. Cookie Security: Cookie not Sent Over SSL. ",
Languages = LanguageFlags.Java,
Data = new PatternNode
{
Vars = new List <PatternVarDef> {
cookieVar
},
Node = new PatternStatements
{
Statements = new List <Statement>()
{
new ExpressionStatement(new VariableDeclarationExpression
{
Type = new TypeToken()
{
TypeText = "Cookie"
},
Variables = new List <AssignmentExpression>
{
new AssignmentExpression
{
Left = new PatternVarRef(cookieVar),
Right = new ObjectCreateExpression
{
Type = new TypeToken {
TypeText = "Cookie"
},
Arguments = new PatternExpressions(new PatternMultipleExpressions())
},
}
}
}),
new PatternMultipleStatements(),
new PatternStatement(new ExpressionStatement(new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new BooleanLiteral {
Value = true
}
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken {
Id = "setSecure"
},
Target = new PatternVarRef(cookieVar)
}
}), true),
new PatternMultipleStatements(),
new ExpressionStatement(new InvocationExpression
{
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternVarRef(cookieVar)
}
},
Target = new MemberReferenceExpression
{
Name = new IdToken {
Id = "addCookie"
},
Target = new PatternExpression()
}
})
}
}
}
});
return(patterns);
}
public virtual UstNode Visit(PatternVarDef patternVarDef)
{
return(VisitChildren(patternVarDef));
}
public IEnumerable <Pattern> CreateTSqlPatterns()
{
var patterns = new List <Pattern>();
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Dangerous Function",
Languages = LanguageFlags.TSql,
Data = new PatternNode
{
Node = new InvocationExpression()
{
Target = new PatternIdToken("xp_cmdshell"),
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Insecure Randomness",
Languages = LanguageFlags.TSql,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)^rand$"),
Arguments = new PatternExpressions()
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Weak Cryptographic Hash (MD2, MD4, MD5, RIPEMD-160, and SHA-1)",
Languages = LanguageFlags.TSql,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)^HashBytes$"),
Arguments = new PatternExpressions(
new PatternStringLiteral("(?i)^(md2|md4|md5)$"),
new PatternMultipleExpressions()
)
}
}
});
var cursorVar = new PatternVarDef
{
Id = "cursor",
Values = new List <Expression>()
{
new PatternIdToken()
}
};
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "Unreleased Resource: Cursor Snarfing",
Languages = LanguageFlags.TSql,
Data = new PatternNode
{
Vars = new List <PatternVarDef> {
cursorVar
},
Node = new PatternStatements
{
Statements = new List <Statement>()
{
new PatternExpressionInsideStatement
{
Statement = new ExpressionStatement(new InvocationExpression
{
Target = new PatternIdToken("(?i)^declare_cursor$"),
Arguments = new ArgsNode(new PatternVarRef(cursorVar), new PatternMultipleExpressions())
})
},
new PatternExpressionInsideStatement
{
Statement = new ExpressionStatement(new InvocationExpression
{
Target = new PatternIdToken("(?i)^deallocate$"),
Arguments = new ArgsNode(new PatternVarRef(cursorVar))
}),
Not = true
}
}
}
}
});
return(patterns);
}
public virtual void Exit(PatternVarDef patternVarDef)
{
}
public virtual void Enter(PatternVarDef patternVarDef)
{
}
public IEnumerable <Pattern> CreatePhpPatterns()
{
var patterns = new List <Pattern>();
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "HardcodedPasswordIn_mysql_connect. Hardcoded passwords could compromise system security in a way that cannot be easily remedied.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)^mysql_connect$"),
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternExpression(),
new PatternExpression(),
new PatternStringLiteral()
}
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "InsecureRandomness. Standard pseudorandom number generators cannot withstand cryptographic attacks.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)^(mt_rand|rand|uniqid|shuffle|lcg_value)$"),
Arguments = new PatternExpressions()
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "OverlyPermissiveCORSPolicyg. The program defines an overly permissive Cross-Origin Resource Sharing (CORS) policy.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)^header$"),
Arguments = new ArgsNode(new[] { new PatternStringLiteral(@"Access-Control-Allow-Origin:\s*\*") })
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "InadequateRSAPadding. Public key RSA encryption is performed without using OAEP padding, thereby making the encryption weak.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new IdToken("OPENSSL_NO_PADDING")
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "BrokenRiskyCryptographicAlgorithm. Weak Encryption: Broken or Risky Cryptographic Algorithm.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new IdToken("MCRYPT_DES")
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "WeakCryptographicHash. Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical contexts.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)^(md5|sha1)$"),
Arguments = new PatternExpressions(new PatternMultipleExpressions())
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "ExcessiveSessionTimeout. An overly long session timeout gives attackers more time to potentially compromise user accounts.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Target = new IdToken("Configure"),
Name = new PatternIdToken("(?i)write")
},
Arguments = new ArgsNode(new[]
{
new StringLiteral("Security.level"),
new StringLiteral("low")
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "DebugInformation. A CakePHP debug level of 1 or greater can cause sensitive data to be logged.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new MemberReferenceExpression
{
Target = new PatternIdToken("(?i)^Configure$"),
Name = new PatternIdToken("(?i)^write$")
},
Arguments = new ArgsNode(new List <Expression>()
{
new StringLiteral("debug"),
new PatternIntLiteral(1, 9)
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "SystemInformationLeak. Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)^(debug_print_backtrace|var_dump|debug_zval_dump|print_r|var_export|phpinfo|mysql_error)$"),
Arguments = new PatternExpressions()
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "WeakCryptographicHashHardcodedSalt. A hardcoded salt may compromise system security in a way that cannot be easily remedied.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)crypt"),
Arguments = new ArgsNode(new List <Expression>()
{
new PatternExpression(),
new PatternStringLiteral()
})
}
}
});
var encryptKeyVarName = new PatternVarDef
{
Id = "encryption_key",
Values = new List <Expression>()
{
new PatternIdToken()
}
};
var encryptKeyVarValue = new PatternVarDef
{
Id = "encryption_key_value",
Values = new List <Expression>
{
new NullLiteral(),
new PatternStringLiteral()
}
};
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "KeyManagementNullEncryptionKey. Null encryption keys may compromise system security in a way that cannot be easily remedied.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Vars = new List <PatternVarDef> {
encryptKeyVarName, encryptKeyVarValue
},
Node = new PatternStatements
{
Statements = new List <Statement>()
{
new ExpressionStatement
{
Expression = new AssignmentExpression
{
Left = new PatternVarRef(encryptKeyVarName),
Right = new PatternVarRef(encryptKeyVarValue)
}
},
new PatternMultipleStatements(),
new ExpressionStatement
{
Expression = new AssignmentExpression
{
Left = new PatternExpression(),
Right = new ObjectCreateExpression
{
Type = new TypeToken("Zend_Filter_Encrypt"),
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternVarRef(encryptKeyVarName)
}
}
}
}
}
}
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "KeyManagementNullEncryptionKey",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Vars = new List <PatternVarDef> {
encryptKeyVarValue
},
Node = new ObjectCreateExpression
{
Type = new TypeToken("Zend_Filter_Encrypt"),
Arguments = new ArgsNode
{
Collection = new List <Expression>()
{
new PatternVarRef(encryptKeyVarValue)
}
}
}
}
});
// TODO: Union this next pattern.
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "CookieSecurityOverlyBroadPath. A cookie with an overly broad path can be accessed through other applications on the same domain.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)setcookie"),
Arguments = new ArgsNode(new List <Expression>()
{
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new StringLiteral("/"),
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "CookieSecurityOverlyBroadDomain. A cookie with an overly broad domain opens an application to attacks through other applications.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)setcookie"),
Arguments = new ArgsNode(new List <Expression>()
{
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new PatternStringLiteral(@"^\..*"),
new PatternExpression(),
new PatternExpression(),
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "CookieSecurityHTTPOnlyNotSet. The program creates a cookie, but fails to set the HttpOnly flag to true.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)setcookie"),
Arguments = new ArgsNode(new List <Expression>()
{
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
})
}
}
});
patterns.Add(new Pattern
{
Key = patternIdGenerator.NextId(),
DebugInfo = "CookieSecurityCookieNotSentOverSSL. The program creates a cookie without setting the secure flag to true.",
Languages = LanguageFlags.Php,
Data = new PatternNode
{
Node = new InvocationExpression
{
Target = new PatternIdToken("(?i)setcookie"),
Arguments = new ArgsNode(new List <Expression>()
{
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new PatternExpression(),
new PatternExpression()
})
}
}
});
return(patterns);
}
