2.2 KiB
2.2 KiB
Vulnerability Code Patterns
Grep patterns for detecting common vulnerability patterns. Use with Grep tool.
SQL Injection
String concatenation in queries
(?i)(query|sql|execute)\s*\(.*\+.*\)
(?i)(SELECT|INSERT|UPDATE|DELETE|DROP).*['"].*\+
Template literals in queries (JS/TS)
(?i)(query|sql|execute)\s*\(`.*\$\{
XSS (Cross-Site Scripting)
Dangerous DOM manipulation
\.innerHTML\s*=
dangerouslySetInnerHTML
document\.write\(
Unescaped output (template engines)
\{\{\{ # Handlebars unescaped (triple braces)
<%-\s* # EJS unescaped (vs <%= escaped)
\|safe\b # Jinja2/Django unescaped
v-html= # Vue unescaped
Command Injection
Unsanitized exec/spawn
(?i)(exec|execSync|spawn|spawnSync)\s*\(.*\+
(?i)(exec|execSync|spawn|spawnSync)\s*\(`.*\$\{
(?i)child_process.*\(.*\$\{
os\.system\(.*\+
subprocess\.(call|run|Popen)\(.*\+
Path Traversal
User input in file paths
(?i)(readFile|writeFile|createReadStream|open)\s*\(.*req\.(params|query|body)
(?i)(readFile|writeFile)\s*\(.*\+.*\)
Insecure Randomness
Math.random for security
Math\.random\(\).*(?i)(token|key|secret|password|session|nonce|salt)
Dangerous Functions
eval and equivalents
\beval\s*\(
new\s+Function\s*\(
setTimeout\s*\(\s*['"]
setInterval\s*\(\s*['"]
Deserialization
(?i)(pickle\.loads|yaml\.load\(|unserialize\()
JSON\.parse\(.*req\.(params|query|body)
Authentication / Authorization
Hardcoded credentials
(?i)(admin|root|password)\s*[:=]\s*['"][^'"]{4,}['"]
Disabled security
(?i)(verify|ssl|tls|certificate)\s*[:=]\s*(false|False|0)
(?i)rejectUnauthorized\s*:\s*false
NODE_TLS_REJECT_UNAUTHORIZED.*0
Information Disclosure
Debug/verbose in production
(?i)console\.(log|debug|trace)\s*\(.*(?:password|secret|token|key|credential)
(?i)(DEBUG|VERBOSE)\s*[:=]\s*(true|True|1)
False Positive Indicators
Skip matches containing:
test,spec,mock,fixture,example,sample,demoTODO,FIXME,HACK- Variable declarations reading from env:
process.env.,os.getenv( - Comments (lines starting with
//,#,/*)