Skip to content

Commit

Permalink
Upgrade to AppSec rules v1.12.0 (#7192)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ValentinZakharov
ValentinZakharov committed Jun 14, 2024
1 parent f5b82e6 commit 24d82a5
Showing 1 changed file with 208 additions and 3 deletions.
211 changes: 208 additions & 3 deletions dd-java-agent/appsec/src/main/resources/default_config.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": "2.2",
"metadata": {
"rules_version": "1.11.0"
"rules_version": "1.12.0"
},
"rules": [
{
Expand Down Expand Up @@ -1921,7 +1921,6 @@
"$ifs",
"$oldpwd",
"$ostype",
"$path",
"$pwd",
"dev/fd/",
"dev/null",
Expand Down Expand Up @@ -5849,7 +5848,8 @@
"/website.php",
"/stats.php",
"/assets/plugins/mp3_id/mp3_id.php",
"/siteminderagent/forms/smpwservices.fcc"
"/siteminderagent/forms/smpwservices.fcc",
"/eval-stdin.php"
]
}
}
Expand Down Expand Up @@ -6236,6 +6236,155 @@
],
"transformers": []
},
{
"id": "rasp-930-100",
"name": "Local file inclusion exploit",
"enabled": false,
"tags": {
"type": "lfi",
"category": "vulnerability_trigger",
"cwe": "22",
"capec": "1000/255/153/126",
"confidence": "0",
"module": "rasp"
},
"conditions": [
{
"parameters": {
"resource": [
{
"address": "server.io.fs.file"
}
],
"params": [
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
},
{
"address": "grpc.server.request.message"
},
{
"address": "graphql.server.all_resolvers"
},
{
"address": "graphql.server.resolver"
}
]
},
"operator": "lfi_detector"
}
],
"transformers": [],
"on_match": [
"stack_trace"
]
},
{
"id": "rasp-934-100",
"name": "Server-side request forgery exploit",
"enabled": false,
"tags": {
"type": "ssrf",
"category": "vulnerability_trigger",
"cwe": "918",
"capec": "1000/225/115/664",
"confidence": "0",
"module": "rasp"
},
"conditions": [
{
"parameters": {
"resource": [
{
"address": "server.io.net.url"
}
],
"params": [
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
},
{
"address": "grpc.server.request.message"
},
{
"address": "graphql.server.all_resolvers"
},
{
"address": "graphql.server.resolver"
}
]
},
"operator": "ssrf_detector"
}
],
"transformers": [],
"on_match": [
"stack_trace"
]
},
{
"id": "rasp-942-100",
"name": "SQL injection exploit",
"enabled": false,
"tags": {
"type": "sql_injection",
"category": "vulnerability_trigger",
"cwe": "89",
"capec": "1000/152/248/66",
"confidence": "0",
"module": "rasp"
},
"conditions": [
{
"parameters": {
"resource": [
{
"address": "server.db.statement"
}
],
"params": [
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
},
{
"address": "graphql.server.all_resolvers"
},
{
"address": "graphql.server.resolver"
}
],
"db_type": [
{
"address": "server.db.system"
}
]
},
"operator": "sqli_detector"
}
],
"transformers": [],
"on_match": [
"stack_trace"
]
},
{
"id": "sqr-000-001",
"name": "SSRF: Try to access the credential manager of the main cloud services",
Expand Down Expand Up @@ -8391,6 +8540,34 @@
}
],
"scanners": [
{
"id": "406f8606-52c4-4663-8db9-df70f9e8766c",
"name": "ZIP Code",
"key": {
"operator": "match_regex",
"parameters": {
"regex": "\\b(?:zip|postal)\\b",
"options": {
"case_sensitive": false,
"min_length": 3
}
}
},
"value": {
"operator": "match_regex",
"parameters": {
"regex": "^[0-9]{5}(?:-[0-9]{4})?$",
"options": {
"case_sensitive": true,
"min_length": 5
}
}
},
"tags": {
"type": "zipcode",
"category": "address"
}
},
{
"id": "JU1sRk3mSzqSUJn6GrVn7g",
"name": "American Express Card Scanner (4+4+4+3 digits)",
Expand Down Expand Up @@ -9157,6 +9334,34 @@
"category": "payment"
}
},
{
"id": "18b608bd7a764bff5b2344c0",
"name": "Phone number",
"key": {
"operator": "match_regex",
"parameters": {
"regex": "\\bphone|number|mobile\\b",
"options": {
"case_sensitive": false,
"min_length": 3
}
}
},
"value": {
"operator": "match_regex",
"parameters": {
"regex": "^(?:\\(\\+\\d{1,3}\\)|\\+\\d{1,3}|00\\d{1,3})?[-\\s\\.]?(?:\\(\\d{3}\\)[-\\s\\.]?)?(?:\\d[-\\s\\.]?){6,10}$",
"options": {
"case_sensitive": false,
"min_length": 6
}
}
},
"tags": {
"type": "phone",
"category": "pii"
}
},
{
"id": "de0899e0cbaaa812bb624cf04c912071012f616d-mod",
"name": "UK National Insurance Number Scanner",
Expand Down

0 comments on commit 24d82a5

Please sign in to comment.