Description
The code pattern scanner currently supports JavaScript, TypeScript, Python, and SQL. Add regex matchers for Go and Java vulnerabilities.
Go patterns to add
- SQL injection:
fmt.Sprintf("SELECT...%s", userInput)
- Command injection:
exec.Command("sh", "-c", userInput)
- Path traversal:
filepath.Join(dir, userInput) without sanitization
- SSRF:
http.Get(userURL) without validation
Java patterns to add
- SQL injection:
statement.executeQuery("SELECT..." + input)
- Deserialization:
ObjectInputStream with untrusted data
- XXE:
DocumentBuilderFactory without disabling external entities
- Path traversal:
new File(basePath + userInput)
Files to edit
src/tools/knowledge/check_pattern.rs
Description
The code pattern scanner currently supports JavaScript, TypeScript, Python, and SQL. Add regex matchers for Go and Java vulnerabilities.
Go patterns to add
fmt.Sprintf("SELECT...%s", userInput)exec.Command("sh", "-c", userInput)filepath.Join(dir, userInput)without sanitizationhttp.Get(userURL)without validationJava patterns to add
statement.executeQuery("SELECT..." + input)ObjectInputStreamwith untrusted dataDocumentBuilderFactorywithout disabling external entitiesnew File(basePath + userInput)Files to edit
src/tools/knowledge/check_pattern.rs