renolation/english
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
english/.opencode/skills/security-scan/references/vulnerability-patterns.md
renolation 10d660cbcb init
2026-04-12 01:06:31 +07:00

106 lines
2.2 KiB
Markdown
Raw Permalink Blame History

# Vulnerability Code Patterns
Grep patterns for detecting common vulnerability patterns. Use with Grep tool.
## SQL Injection
### String concatenation in queries
```
(?i)(query|sql|execute)\s*\(.*\+.*\)
(?i)(SELECT|INSERT|UPDATE|DELETE|DROP).*['"].*\+
```
### Template literals in queries (JS/TS)
```
(?i)(query|sql|execute)\s*\(`.*\$\{
```
## XSS (Cross-Site Scripting)
### Dangerous DOM manipulation
```
\.innerHTML\s*=
dangerouslySetInnerHTML
document\.write\(
```
### Unescaped output (template engines)
```
\{\{\{ # Handlebars unescaped (triple braces)
<%-\s* # EJS unescaped (vs <%= escaped)
\|safe\b # Jinja2/Django unescaped
v-html= # Vue unescaped
```
## Command Injection
### Unsanitized exec/spawn
```
(?i)(exec|execSync|spawn|spawnSync)\s*\(.*\+
(?i)(exec|execSync|spawn|spawnSync)\s*\(`.*\$\{
(?i)child_process.*\(.*\$\{
os\.system\(.*\+
subprocess\.(call|run|Popen)\(.*\+
```
## Path Traversal
### User input in file paths
```
(?i)(readFile|writeFile|createReadStream|open)\s*\(.*req\.(params|query|body)
(?i)(readFile|writeFile)\s*\(.*\+.*\)
```
## Insecure Randomness
### Math.random for security
```
Math\.random\(\).*(?i)(token|key|secret|password|session|nonce|salt)
```
## Dangerous Functions
### eval and equivalents
```
\beval\s*\(
new\s+Function\s*\(
setTimeout\s*\(\s*['"]
setInterval\s*\(\s*['"]
```
### Deserialization
```
(?i)(pickle\.loads|yaml\.load\(|unserialize\()
JSON\.parse\(.*req\.(params|query|body)
```
## Authentication / Authorization
### Hardcoded credentials
```
(?i)(admin|root|password)\s*[:=]\s*['"][^'"]{4,}['"]
```
### Disabled security
```
(?i)(verify|ssl|tls|certificate)\s*[:=]\s*(false|False|0)
(?i)rejectUnauthorized\s*:\s*false
NODE_TLS_REJECT_UNAUTHORIZED.*0
```
## Information Disclosure
### Debug/verbose in production
```
(?i)console\.(log|debug|trace)\s*\(.*(?:password|secret|token|key|credential)
(?i)(DEBUG|VERBOSE)\s*[:=]\s*(true|True|1)
```
## False Positive Indicators
Skip matches containing:
- `test`, `spec`, `mock`, `fixture`, `example`, `sample`, `demo`
- `TODO`, `FIXME`, `HACK`
- Variable declarations reading from env: `process.env.`, `os.getenv(`
- Comments (lines starting with `//`, `#`, `/*`)
Reference in New Issue View Git Blame Copy Permalink