[
{
"id": "hardcoded-api-key",
"description": "Hardcoded API key or secret token detected",
"pattern": "(?i)(api[_-]?key|secret[_-]?key|access[_-]?token)\\s*[=:]\\s*[\"'][a-zA-Z0-9_-]{20,}[\"']",
"severity": "critical",
"confidence": "high",
"cwe": "CWE-798",
"file_extensions": []
},
{
"id": "hardcoded-password",
"description": "Hardcoded password detected",
"pattern": "(?i)(password|passwd|pwd)\\s*[=:]\\s*[\"'][^\"']{8,}[\"']",
"severity": "critical",
"confidence": "medium",
"cwe": "CWE-798",
"file_extensions": []
},
{
"id": "sql-injection-concat",
"description": "Potential SQL injection via string concatenation",
"pattern": "(?i)(execute|query|exec)\\s*\\([^)]*(SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)[^)]*\\+[^)]*\\)",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-89",
"file_extensions": [
".rs",
".py",
".js",
".ts",
".java",
".php"
]
},
{
"id": "sql-injection-format",
"description": "Potential SQL injection via string formatting",
"pattern": "(?i)(execute|query|exec)\\s*\\([^)]*format[^)]*\\)",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-89",
"file_extensions": [
".rs",
".py",
".js",
".ts",
".java",
".php"
]
},
{
"id": "path-traversal",
"description": "Potential path traversal vulnerability",
"pattern": "(?i)(open|read|write|include|require)\\s*\\([^)]*\\.\\.[/\\\\]",
"severity": "high",
"confidence": "high",
"cwe": "CWE-22",
"file_extensions": []
},
{
"id": "command-injection",
"description": "Potential command injection via shell execution",
"pattern": "(?i)(exec|system|shell|popen|spawn)\\s*\\([^)]*\\+[^)]*\\)",
"severity": "critical",
"confidence": "medium",
"cwe": "CWE-78",
"file_extensions": []
},
{
"id": "xss-innerhtml",
"description": "Potential XSS via innerHTML assignment",
"pattern": "(?i)innerHTML\\s*[=]\\s*[^;]*\\+",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-79",
"file_extensions": [
".js",
".ts",
".jsx",
".tsx"
]
},
{
"id": "insecure-random",
"description": "Use of insecure random number generator",
"pattern": "(?i)(Math\\.random|rand\\(\\)|random\\.randint)",
"severity": "medium",
"confidence": "low",
"cwe": "CWE-338",
"file_extensions": [
".js",
".ts",
".py",
".java"
]
},
{
"id": "weak-crypto-md5",
"description": "Use of weak cryptographic hash MD5",
"pattern": "(?i)(md5|MD5)\\s*\\(",
"severity": "medium",
"confidence": "high",
"cwe": "CWE-327",
"file_extensions": []
},
{
"id": "weak-crypto-sha1",
"description": "Use of weak cryptographic hash SHA1",
"pattern": "(?i)(sha1|SHA1)\\s*\\(",
"severity": "medium",
"confidence": "high",
"cwe": "CWE-327",
"file_extensions": []
},
{
"id": "unsafe-deserialization",
"description": "Unsafe deserialization of untrusted data",
"pattern": "(?i)(pickle\\.loads|yaml\\.load|unserialize)\\s*\\(",
"severity": "critical",
"confidence": "high",
"cwe": "CWE-502",
"file_extensions": [
".py",
".php",
".java"
]
},
{
"id": "xxe-vulnerability",
"description": "Potential XML External Entity (XXE) vulnerability",
"pattern": "(?i)(XMLReader|DocumentBuilder|SAXParser).*setFeature.*false",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-611",
"file_extensions": [
".java",
".xml"
]
},
{
"id": "insecure-tls",
"description": "Insecure TLS/SSL configuration",
"pattern": "(?i)(SSLv2|SSLv3|TLSv1\\.0|verify[_-]?mode.*NONE)",
"severity": "high",
"confidence": "high",
"cwe": "CWE-327",
"file_extensions": []
},
{
"id": "debug-enabled",
"description": "Debug mode enabled in production code",
"pattern": "(?i)(debug\\s*[=:]\\s*true|DEBUG\\s*[=:]\\s*True)",
"severity": "low",
"confidence": "low",
"cwe": "CWE-489",
"file_extensions": []
},
{
"id": "prompt-injection-ignore-instructions",
"description": "Detects attempts to override AI instructions via ignore directives",
"pattern": "(?i)ignore (all |previous |above )*(instructions|rules|guidelines)",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-77",
"file_extensions": []
},
{
"id": "prompt-injection-system-marker",
"description": "Detects SYSTEM: role marker injection attempts",
"pattern": "(?i)\\bSYSTEM\\b\\s*:",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-77",
"file_extensions": []
},
{
"id": "prompt-injection-newline-system",
"description": "Detects `system:` at the start of a line in a diff, a common prompt injection vector.",
"pattern": "(?m)^\\s*(?i)system\\s*:",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-77",
"file_extensions": []
},
{
"id": "prompt-injection-closing-tag",
"description": "Detects XML closing tag injection to escape pull_request context",
"pattern": "(?i)</pull_request>",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-77",
"file_extensions": []
},
{
"id": "prompt-injection-jailbreak-preamble",
"description": "Detects jailbreak preamble patterns that attempt to redefine AI persona",
"pattern": "(?i)you are now (a |an )?(malicious|evil|unrestricted|unfiltered|jailbroken|hacker|attacker)",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-77",
"file_extensions": []
},
{
"id": "prompt-injection-closing-tag-issue",
"description": "Attempt to escape issue_content XML delimiter boundary",
"pattern": "(?i)</issue_content>",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-77",
"file_extensions": []
},
{
"id": "ssrf-http-request",
"description": "Potential SSRF: HTTP client called with variable URL. Verify the URL is validated against an allowlist before use.",
"pattern": "(?i)(reqwest::get|reqwest::Client|fetch|urllib\\.request\\.urlopen|axios\\.(get|post|put|delete)|http\\.get|http\\.post|curl_exec|wget)\\s*[\\(\\[](?:[^\\\"'\\)]*[a-z_][a-z0-9_]*(?:\\.[a-z_][a-z0-9_]*)*)",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-918",
"file_extensions": []
},
{
"id": "open-redirect",
"description": "Potential open redirect: redirect target may be controlled by user input. Validate and restrict redirect URLs.",
"pattern": "(?i)(location\\.href|location\\.replace|location\\.assign|response\\.redirect|res\\.redirect|header\\s*\\(\\s*['\"]Location)\\s*[=:(]\\s*[^;]*?(req\\.|request\\.|params\\.|query\\.|args\\.)",
"severity": "high",
"confidence": "medium",
"cwe": "CWE-601",
"file_extensions": []
}
]