From 9eecfaa311ea83dae1537fbb0afbbf70cab0e603 Mon Sep 17 00:00:00 2001 From: Matt Schwager Date: Fri, 12 Jan 2024 14:07:47 -0700 Subject: [PATCH] Add references and technology metadata --- generic/container-privileged.yaml | 3 +++ generic/container-user-root.yaml | 3 +++ generic/curl-insecure.yaml | 3 +++ generic/curl-unencrypted-url.yaml | 3 +++ generic/gpg-insecure-flags.yaml | 3 +++ generic/installer-allow-untrusted.yaml | 3 +++ generic/openssl-insecure-flags.yaml | 3 +++ generic/ssh-disable-host-key-checking.yaml | 3 +++ generic/tar-insecure-flags.yaml | 3 +++ generic/wget-no-check-certificate.yaml | 3 +++ kotlin/gc-call.yaml | 1 + kotlin/mongo-hostname-verification-disabled.yaml | 1 + yaml/ansible/apt-key-unencrypted-url.yaml | 1 + yaml/ansible/apt-key-validate-certs-disabled.yaml | 1 + yaml/ansible/apt-unencrypted-url.yaml | 1 + yaml/ansible/dnf-unencrypted-url.yaml | 1 + yaml/ansible/dnf-validate-certs-disabled.yaml | 1 + yaml/ansible/get-url-unencrypted-url.yaml | 1 + yaml/ansible/get-url-validate-certs-disabled.yaml | 1 + yaml/ansible/rpm-key-unencrypted-url.yaml | 1 + yaml/ansible/rpm-key-validate-certs-disabled.yaml | 1 + yaml/ansible/unarchive-unencrypted-url.yaml | 1 + yaml/ansible/unarchive-validate-certs-disabled.yaml | 1 + yaml/ansible/wrm-cert-validation-ignore.yaml | 1 + yaml/ansible/yum-unencrypted-url.yaml | 1 + yaml/ansible/yum-validate-certs-disabled.yaml | 1 + yaml/ansible/zypper-repository-unencrypted-url.yaml | 1 + yaml/ansible/zypper-unencrypted-url.yaml | 1 + yaml/docker-compose/port-all-interfaces.yaml | 1 + 29 files changed, 49 insertions(+) diff --git a/generic/container-privileged.yaml b/generic/container-privileged.yaml index f0e519f..db5712b 100644 --- a/generic/container-privileged.yaml +++ b/generic/container-privileged.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-250: Execution with Unnecessary Privileges" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://docs.docker.com/engine/reference/commandline/run/ pattern-either: - pattern: docker ... --privileged - pattern: docker ... --cap-add=ALL diff --git a/generic/container-user-root.yaml b/generic/container-user-root.yaml index d54e2a1..f582513 100644 --- a/generic/container-user-root.yaml +++ b/generic/container-user-root.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-250: Execution with Unnecessary Privileges" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://docs.docker.com/engine/reference/commandline/run/ pattern-either: - pattern: docker ... -u root - pattern: docker ... --user root diff --git a/generic/curl-insecure.yaml b/generic/curl-insecure.yaml index 49d1dbe..8cbb875 100644 --- a/generic/curl-insecure.yaml +++ b/generic/curl-insecure.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-295: Improper Certificate Validation" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://curl.se/docs/manpage.html pattern-either: # A space character was left at the end of some patterns to help ensure # that the intended flag was used, and minimize the chance that another, diff --git a/generic/curl-unencrypted-url.yaml b/generic/curl-unencrypted-url.yaml index d198922..1019cc8 100644 --- a/generic/curl-unencrypted-url.yaml +++ b/generic/curl-unencrypted-url.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-319: Cleartext Transmission of Sensitive Information" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://curl.se/docs/manpage.html pattern-either: - pattern: curl ... http:// - pattern: curl ... ftp:// diff --git a/generic/gpg-insecure-flags.yaml b/generic/gpg-insecure-flags.yaml index bdfc78a..904b48e 100644 --- a/generic/gpg-insecure-flags.yaml +++ b/generic/gpg-insecure-flags.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-295: Improper Certificate Validation" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://www.gnupg.org/gph/de/manual/r1023.html pattern-either: - pattern: gpg ... --allow-non-selfsigned-uid - pattern: gpg ... --allow-freeform-uid diff --git a/generic/installer-allow-untrusted.yaml b/generic/installer-allow-untrusted.yaml index b79b6cd..e47f73a 100644 --- a/generic/installer-allow-untrusted.yaml +++ b/generic/installer-allow-untrusted.yaml @@ -6,8 +6,11 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-494: Download of Code Without Integrity Check" confidence: HIGH likelihood: HIGH impact: HIGH + references: + - https://ss64.com/mac/installer.html pattern: installer ... -allowUntrusted diff --git a/generic/openssl-insecure-flags.yaml b/generic/openssl-insecure-flags.yaml index c0f21d4..3b04e80 100644 --- a/generic/openssl-insecure-flags.yaml +++ b/generic/openssl-insecure-flags.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-295: Improper Certificate Validation" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://www.openssl.org/docs/manmaster/man1/ pattern-either: # A space character was left at the end of some patterns to help ensure # that the intended flag was used, and minimize the chance that another, diff --git a/generic/ssh-disable-host-key-checking.yaml b/generic/ssh-disable-host-key-checking.yaml index 3a38be5..2e8785b 100644 --- a/generic/ssh-disable-host-key-checking.yaml +++ b/generic/ssh-disable-host-key-checking.yaml @@ -6,8 +6,11 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-295: Improper Certificate Validation" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://man7.org/linux/man-pages/man1/ssh.1.html pattern: ssh ... StrictHostKeyChecking=no diff --git a/generic/tar-insecure-flags.yaml b/generic/tar-insecure-flags.yaml index 0c601a8..03618ce 100644 --- a/generic/tar-insecure-flags.yaml +++ b/generic/tar-insecure-flags.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-73: External Control of File Name or Path" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://man7.org/linux/man-pages/man1/tar.1.html pattern-either: # A space character was left at the end of some patterns to help ensure # that the intended flag was used, and minimize the chance that another, diff --git a/generic/wget-no-check-certificate.yaml b/generic/wget-no-check-certificate.yaml index 80eba09..bf11bc5 100644 --- a/generic/wget-no-check-certificate.yaml +++ b/generic/wget-no-check-certificate.yaml @@ -6,10 +6,13 @@ rules: metadata: category: security subcategory: [audit] + technology: [shell] cwe: "CWE-295: Improper Certificate Validation" confidence: MEDIUM likelihood: MEDIUM impact: HIGH + references: + - https://linux.die.net/man/1/wget pattern-either: - pattern: wget ... --no-check-certificate - pattern: wget ... --no-hsts diff --git a/kotlin/gc-call.yaml b/kotlin/gc-call.yaml index e8e4013..601f2d3 100644 --- a/kotlin/gc-call.yaml +++ b/kotlin/gc-call.yaml @@ -10,6 +10,7 @@ rules: metadata: category: best-practice subcategory: [audit] + technology: [java, kotlin] confidence: HIGH likelihood: HIGH impact: LOW diff --git a/kotlin/mongo-hostname-verification-disabled.yaml b/kotlin/mongo-hostname-verification-disabled.yaml index b7adbf3..962e82f 100644 --- a/kotlin/mongo-hostname-verification-disabled.yaml +++ b/kotlin/mongo-hostname-verification-disabled.yaml @@ -6,6 +6,7 @@ rules: metadata: category: security subcategory: [audit] + technology: [java, kotlin, mongodb] cwe: "CWE-295: Improper Certificate Validation" confidence: HIGH likelihood: HIGH diff --git a/yaml/ansible/apt-key-unencrypted-url.yaml b/yaml/ansible/apt-key-unencrypted-url.yaml index 2c76537..c23e66b 100644 --- a/yaml/ansible/apt-key-unencrypted-url.yaml +++ b/yaml/ansible/apt-key-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible, apt] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/apt-key-validate-certs-disabled.yaml b/yaml/ansible/apt-key-validate-certs-disabled.yaml index bcd9091..2777c06 100644 --- a/yaml/ansible/apt-key-validate-certs-disabled.yaml +++ b/yaml/ansible/apt-key-validate-certs-disabled.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-295: Improper Certificate Validation" subcategory: [audit] + technology: [ansible, apt] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/apt-unencrypted-url.yaml b/yaml/ansible/apt-unencrypted-url.yaml index f52c2b4..b5024bf 100644 --- a/yaml/ansible/apt-unencrypted-url.yaml +++ b/yaml/ansible/apt-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible, apt] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/dnf-unencrypted-url.yaml b/yaml/ansible/dnf-unencrypted-url.yaml index 4ed31d6..63a548f 100644 --- a/yaml/ansible/dnf-unencrypted-url.yaml +++ b/yaml/ansible/dnf-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible, dnf] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/dnf-validate-certs-disabled.yaml b/yaml/ansible/dnf-validate-certs-disabled.yaml index a452187..969ab03 100644 --- a/yaml/ansible/dnf-validate-certs-disabled.yaml +++ b/yaml/ansible/dnf-validate-certs-disabled.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-295: Improper Certificate Validation" subcategory: [audit] + technology: [ansible, dnf] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/get-url-unencrypted-url.yaml b/yaml/ansible/get-url-unencrypted-url.yaml index f4a77bc..d7542f1 100644 --- a/yaml/ansible/get-url-unencrypted-url.yaml +++ b/yaml/ansible/get-url-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/get-url-validate-certs-disabled.yaml b/yaml/ansible/get-url-validate-certs-disabled.yaml index 609aee5..822381f 100644 --- a/yaml/ansible/get-url-validate-certs-disabled.yaml +++ b/yaml/ansible/get-url-validate-certs-disabled.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-295: Improper Certificate Validation" subcategory: [audit] + technology: [ansible] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/rpm-key-unencrypted-url.yaml b/yaml/ansible/rpm-key-unencrypted-url.yaml index 2771105..7465ae0 100644 --- a/yaml/ansible/rpm-key-unencrypted-url.yaml +++ b/yaml/ansible/rpm-key-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible, rpm] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/rpm-key-validate-certs-disabled.yaml b/yaml/ansible/rpm-key-validate-certs-disabled.yaml index de6a7e6..a105ae2 100644 --- a/yaml/ansible/rpm-key-validate-certs-disabled.yaml +++ b/yaml/ansible/rpm-key-validate-certs-disabled.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-295: Improper Certificate Validation" subcategory: [audit] + technology: [ansible, rpm] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/unarchive-unencrypted-url.yaml b/yaml/ansible/unarchive-unencrypted-url.yaml index 721c167..64e683d 100644 --- a/yaml/ansible/unarchive-unencrypted-url.yaml +++ b/yaml/ansible/unarchive-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/unarchive-validate-certs-disabled.yaml b/yaml/ansible/unarchive-validate-certs-disabled.yaml index 46e5b47..6071d6c 100644 --- a/yaml/ansible/unarchive-validate-certs-disabled.yaml +++ b/yaml/ansible/unarchive-validate-certs-disabled.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-295: Improper Certificate Validation" subcategory: [audit] + technology: [ansible] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/wrm-cert-validation-ignore.yaml b/yaml/ansible/wrm-cert-validation-ignore.yaml index bb834f1..ddca5c7 100644 --- a/yaml/ansible/wrm-cert-validation-ignore.yaml +++ b/yaml/ansible/wrm-cert-validation-ignore.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-295: Improper Certificate Validation" subcategory: [audit] + technology: [ansible] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/yum-unencrypted-url.yaml b/yaml/ansible/yum-unencrypted-url.yaml index c6b0c00..8eded10 100644 --- a/yaml/ansible/yum-unencrypted-url.yaml +++ b/yaml/ansible/yum-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible, yum] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/yum-validate-certs-disabled.yaml b/yaml/ansible/yum-validate-certs-disabled.yaml index 5bc2d9a..bde0c18 100644 --- a/yaml/ansible/yum-validate-certs-disabled.yaml +++ b/yaml/ansible/yum-validate-certs-disabled.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-295: Improper Certificate Validation" subcategory: [audit] + technology: [ansible, yum] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/zypper-repository-unencrypted-url.yaml b/yaml/ansible/zypper-repository-unencrypted-url.yaml index b6029c9..8c69100 100644 --- a/yaml/ansible/zypper-repository-unencrypted-url.yaml +++ b/yaml/ansible/zypper-repository-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible, zypper] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/ansible/zypper-unencrypted-url.yaml b/yaml/ansible/zypper-unencrypted-url.yaml index 298629f..e99dcf3 100644 --- a/yaml/ansible/zypper-unencrypted-url.yaml +++ b/yaml/ansible/zypper-unencrypted-url.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-319: Cleartext Transmission of Sensitive Information" subcategory: [audit] + technology: [ansible, zypper] confidence: HIGH likelihood: HIGH impact: HIGH diff --git a/yaml/docker-compose/port-all-interfaces.yaml b/yaml/docker-compose/port-all-interfaces.yaml index 005acc6..d9840c2 100644 --- a/yaml/docker-compose/port-all-interfaces.yaml +++ b/yaml/docker-compose/port-all-interfaces.yaml @@ -7,6 +7,7 @@ rules: category: security cwe: "CWE-1327: Binding to an Unrestricted IP Address" subcategory: [audit] + technology: [docker, compose] confidence: LOW likelihood: LOW impact: LOW