vulnerability.py

"""
Vulnerability class
"""

import re


class Vulnerability(object):
    """
    A class for representing the vulnerabilities
    """

    def __init__(self, name: str, regex: str) -> None:
        """
        Constructor for Vulnerability class

        :param name: The name of the vulnerability
        :param regex: The regular expression of the vulnerability
        """

        self.name = name
        self.regex = re.compile(regex, re.I | re.S)
        vulnerability_list.append(self)


vulnerability_list = []

# Broken Access Control
Vulnerability(
    'Broken Access Control',
    '(fix|prevent|protect|patch|found).* ((impro.* (auth|access.* control))|url.* access)|((impro.* (auth|access.* control))|url.* access).* (fix|prevent|protect|patch|found)|insec.* direct obj.* ref.*|direct ref.*|auth.* bypass.* control'
)

# Broken Authentication and Session Management
Vulnerability(
    'Broken Authentication and Session Management',
    'brute.*force|sess.*hijack|broken auth|auth.* brok|auth.* bypass|sess.* fixation|(cred|pass|session ?id|connect).*(plaintext|un(hash|salt|encrypt|safe))|(plaintext|un(hash|salt|encrypt|safe)).*(cred|pass|session ?id|connect)|(weak|bad|unsafe).* pass.* verif.*|fix.* (url rewriting|rewriting url)|timeout.*(session|auth.* token)'
)

# Buffer Overflow
Vulnerability('Buffer Overflow', 'buff.* overflow')

# Bug Tracker Issue
Vulnerability(
    'Bug Tracker Issue',
    r'fix.* https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,4}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)'
)

# Context Leaks
Vulnerability(
    'Context Leaks',
    '(fix|rem|patch|found|prevent).*context leak|context leak.*(fix|removed?|patch|found|prevent)'
)

# Cross-Site Request Forgery
Vulnerability(
    'Cross-Site Request Forgery',
    '(fix|prevent|protect|found|patch).*(cross([- ])?site.*(req|ref).*forgery|csrf|sea.*surf|xsrf)|(cross([- ])?site.*(req|ref).*forgery|csrf|sea.*surf|xsrf).*(fix|prevent|protect|found|patch)|(one.*click|autom).*attack|sess.*riding|conf.*deput'
)

# Cross-Site Scripting
Vulnerability(
    'Cross-Site Scripting',
    '(fix|prevent|protect|found|patch).* (xss|cross.*(site|zone) script|script.* attack)|(xss|cross.*(site|zone) script|script.* attack).* (fix|prevent|protect|found|patch)|crlf injec|http resp.* split|(reflect|stored|dom).*xss|xss.*(reflect|stored|dom)|xss (vuln|attack|issue)|(validate|sanitize).* (un(trusted|safe)|malicious)'
)

# Distributed Denial-of-Service / Denial-of-Service
Vulnerability(
    'Distributed Denial-of-Service / Denial-of-Service',
    '(dos|((distributed)? denial.*of.*service)|ddos|deadlocks?)'
)

# Encryption Issues
Vulnerability(
    'Encryption Issues',
    r'encrypt.*(bug|vulnerab|problem|defect|warning|issue|weak|attack|flaw|fault|error)|(en|de)crypt.*|cipher|\btls\b|\brsa\b|ssl'
)

# Hard Coded
Vulnerability('Hard Coded', 'hard[\s-]coded?')

# Injection
Vulnerability(
    'Injection',
    '(sql|http header|xxe|nosql|ldap|regex|xpath|xquery|code|queries|xml|html|(shell|os |oper.*sys.*|co?m?ma?n?d)|e-?mail).*injec.*|(patch|fix|prevent|found|protect).*(injec| sqli | osci )|(injec|sqli |osci ).*(patch|fix|prevent|found|protect)|(sanitiz).* headers?|headers? sanitized?.*|quer.* parameterized?|(parameterized?).* quer.*'
)

# Insufficient Attack Protection
Vulnerability(
    'Insufficient Attack Protection',
    '(detect|block|answer|respond|prevent).* (attack|expolit)|(attack|expolit).* (detect|block|answer|respond|prevent)'
)

# Memory Leaks
Vulnerability(
    'Memory Leaks',
    '(fix|rem|patch|found|prevent).* mem.* leak|mem.* leak (fix|removed?|patch|found|prevent)'
)

# Miscellaneous
Vulnerability(
    'Miscellaneous',
    '(fix|found|prevent|protect|patch).*sec.*(bug|vulnerab|problem|defect|warning|issue|weak|attack|flaw|fault|error)|sec.* (bug|vulnerab|problem|defect|warning|issue|weak|attack|flaw|fault|error).*(fix|found|prevent|protect|patch)|(sec|kern)?.*harden.*|vulnerab|attack|cve|nvd|cwe'
)

# Null Pointers
Vulnerability('Null Pointers', 'null[\s-]pointers?|nullpointerexception')

# Overflow
Vulnerability(
    'Overflow',
    '(fix|rem|patch|found|prevent).* overflow|overflow.* (fix|removed?|patch|found|prevent)'
)

# Resource Leaks
Vulnerability(
    'Resource Leaks',
    '(fix|rem|patch|found|prevent).* resource.* leaks|resource.* leaks (fix|removed?|patch|found|prevent)'
)

# Path / Directory Traversal
Vulnerability(
    'Path / Directory Traversal',
    '((path|dir.*) traver.*|(dot-dot-slash|directory traversal|directory climbing|backtracking).*(attack|vuln))'
)

# SHA-1 collision
Vulnerability(
    'SHA-1 Collision',
    'sha-?1 collision'
)

# Security Misconfiguration
Vulnerability(
    'Security Misconfiguration',
    '(rem|del).*(pass.*|cred.*|confid.*info)|(fix|update|patch|protect|prevent).*(misconfig.*|vuln.*config.*)|access.*((default|admin).*(account|cred).*|un(used.*(page|url)|patch.*(flaw|issue|vuln|problem|weak).*|protect.*(file|dir).*|log|backup))'
)

# Sensitive Data Exposure
Vulnerability(
    'Sensitive Data Exposure',
    r'(fix|prevent|found|protect|patch).* (man.*in.*midle|mitm|bucket.*brig)|(un|not).*encrypt.*data|(weak|bad|unsafe).*(pass.* hash|key (gener.*|manag.*))|(important|safe).* header(s)? miss|unsafe.* crypto|(fix|change|update|add).* (http(?!s?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,4}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*))|sec.*cookie.* flag)|rem.* http(?!s?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,4}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*))|(fix|rem).* (secret.*key|hash collision)|(patch|fix|prevent|upgrade|protect).* (sha([- ])?1|md5|md2|md4|(3)?des|collision)'
)

# Using Components with Known Vulnerabilities
Vulnerability(
    'Using Components with Known Vulnerabilities',
    '(vuln|(un|not )safe|malicious|danger).* (version|dependenc|component|librar).*'
)

# Underprotected APIs
Vulnerability(
    'Underprotected APIs',
    '(fix|protect).* api|(?<!.)api.* (fix|protect)|secure.* commun.*'
)