{ "rules":[ { "name": "cmd-injection", "applicator": "Contrast::CoreExtensions::Protect::AppliesCommandInjectionRule", "applicator_method": "apply_rule", "required_properties": [], "optional_properties": [], "triggers": [ { "class_name":"IO", "method_name":"popen", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"pipeline", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"pipeline_r", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"pipeline_rw", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"pipeline_start", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"pipeline_w", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"popen2", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"popen2e", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Open3", "method_name":"popen3", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Kernel", "method_name":"`", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Kernel", "method_name":"`", "instance_method": true, "method_visibility": "private", "properties": {} }, { "class_name":"Kernel", "method_name":"system", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Kernel", "method_name":"system", "instance_method": true, "method_visibility": "private", "properties": {} }, { "class_name":"Kernel", "method_name":"exec", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Kernel", "method_name":"exec", "instance_method": true, "method_visibility": "private", "properties": {} }, { "class_name":"Kernel", "method_name":"spawn", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name":"Kernel", "method_name":"spawn", "instance_method": true, "method_visibility": "private", "properties": {} } ] }, { "name": "nosql-injection", "applicator": "Contrast::CoreExtensions::Protect::AppliesNoSqliRule", "applicator_method": "apply_rule", "required_properties": ["database"], "optional_properties": [], "triggers": [ { "class_name": "Mongo::Server::Connection", "method_name": "dispatch", "instance_method": true, "method_visibility": "public", "properties": { "database": "MongoDB" } },{ "class_name": "Moped::Node", "method_name": "read", "instance_method": true, "method_visibility": "private", "properties": { "database": "MongoDB" } },{ "class_name": "Moped::Node", "method_name": "write", "instance_method": true, "method_visibility": "private", "properties": { "database": "MongoDB" } },{ "class_name": "Moped::Node", "method_name": "process", "instance_method": true, "method_visibility": "private", "properties": { "database": "MongoDB" } } ] }, { "name":"path-traversal", "applicator": "Contrast::CoreExtensions::Protect::AppliesPathTraversalRule", "applicator_method": "apply_rule", "required_properties": ["action"], "optional_properties": [], "triggers":[ { "class_name":"File", "method_name":"initialize", "instance_method": true, "method_visibility": "private", "properties": { "action": "dynamic" } }, { "class_name":"IO", "method_name":"open", "instance_method": false, "method_visibility": "public", "properties": { "action": "dynamic" } }, { "class_name":"IO", "method_name":"initialize", "instance_method": true, "method_visibility": "private", "properties": { "action": "dynamic" } }, { "class_name":"IO", "method_name":"binread", "instance_method": false, "method_visibility": "public", "properties": { "action": "read" } }, { "class_name":"IO", "method_name":"binwrite", "instance_method": false, "method_visibility": "public", "properties": { "action": "write" } }, { "class_name":"IO", "method_name":"read", "instance_method": false, "method_visibility": "public", "properties": { "action": "read" } }, { "class_name":"IO", "method_name":"readlines", "instance_method": false, "method_visibility": "public", "properties": { "action": "read" } }, { "class_name":"IO", "method_name":"copy_stream", "instance_method": false, "method_visibility": "public", "properties": { "action": "copy" } }, { "class_name":"IO", "method_name":"foreach", "instance_method": false, "method_visibility": "public", "properties": { "action": "read" } }, { "class_name":"IO", "method_name":"sysopen", "instance_method": false, "method_visibility": "public", "properties": { "action": "dynamic" } }, { "class_name":"IO", "method_name":"write", "instance_method": false, "method_visibility": "public", "properties": { "action": "write" } } ] }, { "name": "sql-injection", "applicator": "Contrast::CoreExtensions::Protect::AppliesSqliRule", "applicator_method": "apply_rule", "required_properties": ["index", "database"], "optional_properties": [], "triggers": [ { "class_name": "Mysql2::Client", "method_name": "query", "instance_method": true, "method_visibility": "public", "properties": { "index": 0, "database": "MySQL" } },{ "class_name": "Mysql2::Statement", "method_name": "execute", "instance_method": true, "method_visibility": "public", "properties": { "index": 0, "database": "MySQL" } }, { "class_name": "PG::Connection", "method_name": "sync_exec", "instance_method": true, "method_visibility": "public", "properties": { "index": 0, "database": "PostgreSQL" } }, { "class_name": "PG::Connection", "method_name": "sync_exec_params", "instance_method": true, "method_visibility": "public", "properties": { "index": 0, "database": "PostgreSQL" } }, { "class_name": "PG::Connection", "method_name": "async_exec", "instance_method": true, "method_visibility": "public", "properties": { "index": 0, "database": "PostgreSQL" } }, { "class_name": "PG::Connection", "method_name": "async_exec_params", "instance_method": true, "method_visibility": "public", "properties": { "index": 0, "database": "PostgreSQL" } }, { "class_name": "SQLite3::Statement", "method_name": "initialize", "instance_method": true, "method_visibility": "private", "properties": { "index": 1, "database": "SQLite3" } }, { "class_name":"SQLite3::Database", "method_name":"execute", "instance_method":true, "method_visibility": "public", "properties": { "index": 0, "database": "SQLite3" } } ] }, { "name": "untrusted-deserialization", "applicator": "Contrast::CoreExtensions::Protect::AppliesDeserializationRule", "applicator_method": "apply_rule", "required_properties": [], "optional_properties": [], "triggers": [ { "class_name": "Marshal", "method_name": "load", "instance_method": false, "method_visibility": "public", "scope": "deserialization", "properties": {} }, { "class_name": "Psych", "method_name": "load", "instance_method": false, "method_visibility": "public", "scope": "deserialization", "properties": {} } ] }, { "name": "xxe", "applicator": "Contrast::CoreExtensions::Protect::AppliesXxeRule", "applicator_method": "apply_rule", "required_properties": [], "optional_properties": [], "triggers": [ { "class_name": "Nokogiri::XML::Document", "method_name": "read_memory", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name": "Nokogiri::XML::Document", "method_name": "read_io", "instance_method": false, "method_visibility": "public", "applicator_method": "apply_rule__io", "properties": {} },{ "class_name": "Nokogiri::XML::SAX::Parser", "method_name": "parse_memory", "instance_method": true, "method_visibility": "public", "properties": {} }, { "class_name": "Nokogiri::XML::SAX::Parser", "method_name": "parse_io", "instance_method": true, "method_visibility": "public", "applicator_method": "apply_rule__io", "properties": {} },{ "class_name": "Ox", "method_name": "parse", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name": "Ox", "method_name": "load", "instance_method": false, "method_visibility": "public", "properties": {} }, { "class_name": "Oga::XML::Lexer", "method_name": "read_data", "instance_method": true, "method_visibility": "public", "applicator_method": "apply_rule__lexer", "properties": {} } ] } ] }