Add references and technology metadata

trailofbits · Jan 12, 2024 · 9eecfaa · 9eecfaa
1 parent 1cee223
commit 9eecfaa
Show file tree

Hide file tree

Showing 29 changed files with 49 additions and 0 deletions.
diff --git a/generic/container-privileged.yaml b/generic/container-privileged.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-250: Execution with Unnecessary Privileges"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://docs.docker.com/engine/reference/commandline/run/
     pattern-either:
       - pattern: docker ... --privileged
       - pattern: docker ... --cap-add=ALL

diff --git a/generic/container-user-root.yaml b/generic/container-user-root.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-250: Execution with Unnecessary Privileges"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://docs.docker.com/engine/reference/commandline/run/
     pattern-either:
       - pattern: docker ... -u root
       - pattern: docker ... --user root

diff --git a/generic/curl-insecure.yaml b/generic/curl-insecure.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-295: Improper Certificate Validation"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://curl.se/docs/manpage.html
     pattern-either:
       # A space character was left at the end of some patterns to help ensure
       # that the intended flag was used, and minimize the chance that another,

diff --git a/generic/curl-unencrypted-url.yaml b/generic/curl-unencrypted-url.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://curl.se/docs/manpage.html
     pattern-either:
       - pattern: curl ... http://
       - pattern: curl ... ftp://
diff --git a/generic/gpg-insecure-flags.yaml b/generic/gpg-insecure-flags.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-295: Improper Certificate Validation"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://www.gnupg.org/gph/de/manual/r1023.html
     pattern-either:
       - pattern: gpg ... --allow-non-selfsigned-uid
       - pattern: gpg ... --allow-freeform-uid

diff --git a/generic/installer-allow-untrusted.yaml b/generic/installer-allow-untrusted.yaml
@@ -6,8 +6,11 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-494: Download of Code Without Integrity Check"
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH
+      references:
+        - https://ss64.com/mac/installer.html
     pattern: installer ... -allowUntrusted
diff --git a/generic/openssl-insecure-flags.yaml b/generic/openssl-insecure-flags.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-295: Improper Certificate Validation"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://www.openssl.org/docs/manmaster/man1/
     pattern-either:
       # A space character was left at the end of some patterns to help ensure
       # that the intended flag was used, and minimize the chance that another,

diff --git a/generic/ssh-disable-host-key-checking.yaml b/generic/ssh-disable-host-key-checking.yaml
@@ -6,8 +6,11 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-295: Improper Certificate Validation"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://man7.org/linux/man-pages/man1/ssh.1.html
     pattern: ssh ... StrictHostKeyChecking=no
diff --git a/generic/tar-insecure-flags.yaml b/generic/tar-insecure-flags.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-73: External Control of File Name or Path"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://man7.org/linux/man-pages/man1/tar.1.html
     pattern-either:
       # A space character was left at the end of some patterns to help ensure
       # that the intended flag was used, and minimize the chance that another,

diff --git a/generic/wget-no-check-certificate.yaml b/generic/wget-no-check-certificate.yaml
@@ -6,10 +6,13 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [shell]
       cwe: "CWE-295: Improper Certificate Validation"
       confidence: MEDIUM
       likelihood: MEDIUM
       impact: HIGH
+      references:
+        - https://linux.die.net/man/1/wget
     pattern-either:
       - pattern: wget ... --no-check-certificate
       - pattern: wget ... --no-hsts
diff --git a/kotlin/gc-call.yaml b/kotlin/gc-call.yaml
@@ -10,6 +10,7 @@ rules:
     metadata:
       category: best-practice
       subcategory: [audit]
+      technology: [java, kotlin]
       confidence: HIGH
       likelihood: HIGH
       impact: LOW

diff --git a/kotlin/mongo-hostname-verification-disabled.yaml b/kotlin/mongo-hostname-verification-disabled.yaml
@@ -6,6 +6,7 @@ rules:
     metadata:
       category: security
       subcategory: [audit]
+      technology: [java, kotlin, mongodb]
       cwe: "CWE-295: Improper Certificate Validation"
       confidence: HIGH
       likelihood: HIGH

diff --git a/yaml/ansible/apt-key-unencrypted-url.yaml b/yaml/ansible/apt-key-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible, apt]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/apt-key-validate-certs-disabled.yaml b/yaml/ansible/apt-key-validate-certs-disabled.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-295: Improper Certificate Validation"
       subcategory: [audit]
+      technology: [ansible, apt]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/apt-unencrypted-url.yaml b/yaml/ansible/apt-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible, apt]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/dnf-unencrypted-url.yaml b/yaml/ansible/dnf-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible, dnf]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/dnf-validate-certs-disabled.yaml b/yaml/ansible/dnf-validate-certs-disabled.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-295: Improper Certificate Validation"
       subcategory: [audit]
+      technology: [ansible, dnf]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/get-url-unencrypted-url.yaml b/yaml/ansible/get-url-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/get-url-validate-certs-disabled.yaml b/yaml/ansible/get-url-validate-certs-disabled.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-295: Improper Certificate Validation"
       subcategory: [audit]
+      technology: [ansible]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/rpm-key-unencrypted-url.yaml b/yaml/ansible/rpm-key-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible, rpm]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/rpm-key-validate-certs-disabled.yaml b/yaml/ansible/rpm-key-validate-certs-disabled.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-295: Improper Certificate Validation"
       subcategory: [audit]
+      technology: [ansible, rpm]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/unarchive-unencrypted-url.yaml b/yaml/ansible/unarchive-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/unarchive-validate-certs-disabled.yaml b/yaml/ansible/unarchive-validate-certs-disabled.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-295: Improper Certificate Validation"
       subcategory: [audit]
+      technology: [ansible]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/wrm-cert-validation-ignore.yaml b/yaml/ansible/wrm-cert-validation-ignore.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-295: Improper Certificate Validation"
       subcategory: [audit]
+      technology: [ansible]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/yum-unencrypted-url.yaml b/yaml/ansible/yum-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible, yum]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/yum-validate-certs-disabled.yaml b/yaml/ansible/yum-validate-certs-disabled.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-295: Improper Certificate Validation"
       subcategory: [audit]
+      technology: [ansible, yum]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/zypper-repository-unencrypted-url.yaml b/yaml/ansible/zypper-repository-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible, zypper]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/ansible/zypper-unencrypted-url.yaml b/yaml/ansible/zypper-unencrypted-url.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
       subcategory: [audit]
+      technology: [ansible, zypper]
       confidence: HIGH
       likelihood: HIGH
       impact: HIGH

diff --git a/yaml/docker-compose/port-all-interfaces.yaml b/yaml/docker-compose/port-all-interfaces.yaml
@@ -7,6 +7,7 @@ rules:
       category: security
       cwe: "CWE-1327: Binding to an Unrestricted IP Address"
       subcategory: [audit]
+      technology: [docker, compose]
       confidence: LOW
       likelihood: LOW
       impact: LOW