From 2a662d5bc191758d43719de5d7ee0ca84aed3870 Mon Sep 17 00:00:00 2001 From: Claudio Date: Fri, 13 Dec 2024 17:38:17 +0100 Subject: [PATCH] Update license links (#3534) * Remove hardcoded license in rules * Update README and LICENSE * Update references * references required only for security rules --- LICENSE | 12 +----------- README.md | 7 ++++--- dockerfile/best-practice/remove-package-cache.yaml | 1 - .../security/detected-artifactory-password.yaml | 1 - .../secrets/security/detected-aws-account-id.yaml | 1 - .../secrets/security/detected-google-api-key.yaml | 1 - .../security/detected-telegram-bot-api-key.yaml | 1 - .../detected-username-and-password-in-uri.yaml | 1 - .../handler-assignment-from-multiple-sources.yaml | 1 - go/lang/security/audit/sqli/pg-orm-sqli.yaml | 1 - .../audit/xss/no-direct-write-to-responsewriter.yaml | 1 - go/lang/security/injection/raw-html-format.yaml | 1 - go/lang/security/injection/tainted-url-host.yaml | 1 - .../best-practice/manifest-security-features.yaml | 2 -- .../best-practice/network-security-config.yml | 5 ----- .../audit/xss/no-direct-response-writer.yaml | 1 - .../security/injection/tainted-sql-string.yaml | 1 - .../security/open-redirect-from-function.yaml | 1 - javascript/browser/security/open-redirect.yaml | 1 - javascript/browser/security/raw-html-concat.yaml | 1 - .../security/audit/express-open-redirect.yaml | 1 - .../security/audit/xss/direct-response-write.yaml | 1 - .../security/injection/tainted-sql-string.yaml | 1 - .../audit/detect-non-literal-fs-filename.yaml | 1 - .../lang/security/audit/sqli/node-knex-sqli.yaml | 1 - .../lang/security/audit/sqli/node-mssql-sqli.yaml | 1 - .../lang/security/audit/sqli/node-mysql-sqli.yaml | 1 - javascript/lang/security/detect-child-process.yaml | 1 - .../security/audit/sequelize-injection-express.yaml | 1 - json/aws/security/public-s3-bucket.yaml | 1 - json/npm/security/package-dependencies-check.yml | 1 - .../security/defaulthttpclient-is-deprecated.yaml | 1 - kotlin/lang/security/ecb-cipher.yaml | 1 - kotlin/lang/security/gcm-detection.yaml | 1 - kotlin/lang/security/no-null-cipher.yaml | 1 - kotlin/lang/security/unencrypted-socket.yaml | 1 - kotlin/lang/security/use-of-md5.yaml | 1 - metadata-schema.yaml.schm | 2 +- .../audit/doctrine-dbal-dangerous-query.yaml | 1 - .../security/audit/doctrine-orm-dangerous-query.yaml | 1 - php/lang/security/injection/tainted-url-host.yaml | 1 - php/lang/security/php-ssrf.yaml | 1 - .../security/dangerous-asyncio-create-exec.yaml | 1 - .../aws-lambda/security/dangerous-asyncio-exec.yaml | 1 - .../aws-lambda/security/dangerous-asyncio-shell.yaml | 1 - .../aws-lambda/security/dangerous-spawn-process.yaml | 1 - .../security/dangerous-subprocess-use.yaml | 1 - python/aws-lambda/security/tainted-code-exec.yaml | 1 - python/cryptography/security/empty-aes-key.yaml | 1 - .../maintainability/duplicate-path-assignment.yaml | 10 ++++++---- .../django/security/injection/raw-html-format.yaml | 1 - .../django/security/injection/tainted-url-host.yaml | 1 - .../security/audit/host-header-injection-python.yaml | 1 - python/flask/security/injection/raw-html-concat.yaml | 1 - .../flask/security/injection/tainted-url-host.yaml | 1 - .../xss/audit/template-unquoted-attribute-var.yaml | 1 - .../lang/maintainability/useless-innerfunction.yaml | 1 - python/lang/security/audit/regex-dos.yaml | 1 - .../audit/xss/templates/unquoted-attribute.yaml | 1 - .../brakeman/check-render-local-file-include.yaml | 1 - .../rails/security/injection/tainted-sql-string.yaml | 1 - scala/lang/correctness/positive-number-index-of.yaml | 1 - scala/lang/security/audit/insecure-random.yaml | 1 - .../lang/security/audit/path-traversal-fromfile.yaml | 1 - scala/lang/security/audit/rsa-padding-set.yaml | 1 - scala/lang/security/audit/tainted-sql-string.yaml | 1 - .../aws-ecr-repository-wildcard-principal.yaml | 1 - .../eks-insufficient-control-plane-logging.yaml | 1 - .../lang/security/iam/no-iam-admin-privileges.yaml | 1 - .../lang/security/iam/no-iam-creds-exposure.yaml | 1 - .../lang/security/iam/no-iam-data-exfiltration.yaml | 1 - .../lang/security/iam/no-iam-priv-esc-funcs.yaml | 1 - .../security/iam/no-iam-priv-esc-other-users.yaml | 1 - .../lang/security/iam/no-iam-priv-esc-roles.yaml | 1 - .../lang/security/iam/no-iam-resource-exposure.yaml | 1 - terraform/lang/security/iam/no-iam-star-actions.yaml | 1 - .../angular/security/audit/angular-domsanitizer.yaml | 1 - .../react/best-practice/react-props-spreading.yaml | 1 - .../audit/react-dangerouslysetinnerhtml.yaml | 1 - typescript/react/security/audit/react-href-var.yaml | 1 - .../security/audit/react-unsanitized-method.yaml | 1 - .../security/audit/react-unsanitized-property.yaml | 1 - yaml/docker-compose/security/privileged-service.yaml | 1 - .../audit/unsafe-add-mask-workflow-command.yaml | 1 - yaml/kubernetes/security/secrets-in-config-file.yaml | 1 - yaml/semgrep/metadata-incorrect-option.test.yaml | 1 - 86 files changed, 12 insertions(+), 106 deletions(-) diff --git a/LICENSE b/LICENSE index 14dc405fed..9114b92052 100644 --- a/LICENSE +++ b/LICENSE @@ -1,11 +1 @@ -“Commons Clause” License Condition v1.0 - -The Software is provided to you by the Licensor under the License, as defined below, subject to the following condition. - -Without limiting other conditions in the License, the grant of rights under the License will not include, and the License does not grant to you, the right to Sell the Software. - -For purposes of the foregoing, “Sell” means practicing any or all of the rights granted to you under the License to provide to third parties, for a fee or other consideration (including without limitation fees for hosting or consulting/ support services related to the Software), a product or service whose value derives, entirely or substantially, from the functionality of the Software. Any license notice or attribution required by the License must also include this Commons Clause License Condition notice. - -Software: semgrep-rules (https://github.com/semgrep/semgrep-rules) -License: LGPL 2.1 (GNU Lesser General Public License, Version 2.1) -Licensor: Semgrep, Inc. (https://semgrep.dev) +Semgrep Rules License v1.0. For more details, visit [semgrep.dev/rules-license](semgrep.dev/legal/rules-license) diff --git a/README.md b/README.md index 3500e141b8..d4e4b3f214 100644 --- a/README.md +++ b/README.md @@ -28,11 +28,12 @@ You can also learn how to write rules using the [interactive, example-based Semg ## Contributing -We welcome Semgrep rule contributions directly to this repository! When submitting your contribution to this repository, we’ll ask you to make Semgrep, Inc. a joint owner of your contributions. While you still own copyright rights to your rule, joint ownership allows Semgrep, Inc. to license these contributions to other [Semgrep Registry](https://semgrep.dev/r) users pursuant to the LGPL 2.1 under the [Commons Clause](https://commonsclause.com/). See full [license details](https://github.com/returntocorp/semgrep-rules/blob/develop/LICENSE). +We welcome Semgrep rule contributions directly to this repository! When submitting your contribution, you grant Semgrep, Inc. a license to use, modify, and distribute your contribution under the {Semgrep Rules License v. 1.0](semgrep.dev/legal/rules-license). This ensures your rule can be shared with other Semgrep Registry users. -Note: To contribute, review the **[Contributing to Semgrep rules](https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/)** documentation. +To contribute, please review our **[Contributing to Semgrep rules](https://semgrep.dev/docs/contributing/contributing-to-semgrep-rules-repository/)** guidelines. + +You can also reach out to us at support@semgrep.com, and we will help import your rules for others to use! -You can also contact us at support@semgrep.com to make Semgrep rule contributions. We will import your rules for everyone to use! ## Additional information diff --git a/dockerfile/best-practice/remove-package-cache.yaml b/dockerfile/best-practice/remove-package-cache.yaml index 8020204d8c..9cce973699 100644 --- a/dockerfile/best-practice/remove-package-cache.yaml +++ b/dockerfile/best-practice/remove-package-cache.yaml @@ -16,4 +16,3 @@ rules: category: best-practice technology: - dockerfile - license: Commons Clause License Condition v1.0[LGPL-2.1-only] diff --git a/generic/secrets/security/detected-artifactory-password.yaml b/generic/secrets/security/detected-artifactory-password.yaml index b89125ac49..25b4b63637 100644 --- a/generic/secrets/security/detected-artifactory-password.yaml +++ b/generic/secrets/security/detected-artifactory-password.yaml @@ -44,4 +44,3 @@ rules: - audit likelihood: LOW impact: HIGH - license: Commons Clause License Condition v1.0[LGPL-2.1-only] diff --git a/generic/secrets/security/detected-aws-account-id.yaml b/generic/secrets/security/detected-aws-account-id.yaml index 790446e0be..696bd5dd6d 100644 --- a/generic/secrets/security/detected-aws-account-id.yaml +++ b/generic/secrets/security/detected-aws-account-id.yaml @@ -55,4 +55,3 @@ rules: - audit likelihood: LOW impact: HIGH - license: Commons Clause License Condition v1.0[LGPL-2.1-only] diff --git a/generic/secrets/security/detected-google-api-key.yaml b/generic/secrets/security/detected-google-api-key.yaml index ae0b296272..9a146612bd 100644 --- a/generic/secrets/security/detected-google-api-key.yaml +++ b/generic/secrets/security/detected-google-api-key.yaml @@ -15,7 +15,6 @@ rules: technology: - secrets - google - license: Commons Clause License Condition v1.0[LGPL-2.1-only] confidence: LOW owasp: - A07:2021 - Identification and Authentication Failures diff --git a/generic/secrets/security/detected-telegram-bot-api-key.yaml b/generic/secrets/security/detected-telegram-bot-api-key.yaml index 3964dd21cd..1d4ffeb9b1 100644 --- a/generic/secrets/security/detected-telegram-bot-api-key.yaml +++ b/generic/secrets/security/detected-telegram-bot-api-key.yaml @@ -16,7 +16,6 @@ rules: technology: - secrets - telegram - license: Commons Clause License Condition v1.0[LGPL-2.1-only] confidence: LOW owasp: - A07:2021 - Identification and Authentication Failures diff --git a/generic/secrets/security/detected-username-and-password-in-uri.yaml b/generic/secrets/security/detected-username-and-password-in-uri.yaml index c742b1115e..88008b554e 100644 --- a/generic/secrets/security/detected-username-and-password-in-uri.yaml +++ b/generic/secrets/security/detected-username-and-password-in-uri.yaml @@ -26,7 +26,6 @@ rules: technology: - secrets confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/go/gorilla/security/audit/handler-assignment-from-multiple-sources.yaml b/go/gorilla/security/audit/handler-assignment-from-multiple-sources.yaml index 15c908f892..6661f46533 100644 --- a/go/gorilla/security/audit/handler-assignment-from-multiple-sources.yaml +++ b/go/gorilla/security/audit/handler-assignment-from-multiple-sources.yaml @@ -7,7 +7,6 @@ rules: technology: - gorilla confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://cwe.mitre.org/data/definitions/289.html subcategory: diff --git a/go/lang/security/audit/sqli/pg-orm-sqli.yaml b/go/lang/security/audit/sqli/pg-orm-sqli.yaml index 5b6cc9221f..04a4da6b51 100644 --- a/go/lang/security/audit/sqli/pg-orm-sqli.yaml +++ b/go/lang/security/audit/sqli/pg-orm-sqli.yaml @@ -84,5 +84,4 @@ rules: - vuln likelihood: LOW impact: HIGH - license: Commons Clause License Condition v1.0[LGPL-2.1-only] severity: ERROR diff --git a/go/lang/security/audit/xss/no-direct-write-to-responsewriter.yaml b/go/lang/security/audit/xss/no-direct-write-to-responsewriter.yaml index 0af9e45f91..5577c231cc 100644 --- a/go/lang/security/audit/xss/no-direct-write-to-responsewriter.yaml +++ b/go/lang/security/audit/xss/no-direct-write-to-responsewriter.yaml @@ -11,7 +11,6 @@ rules: category: security cwe: - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - license: Commons Clause License Condition v1.0[LGPL-2.1-only] owasp: - A07:2017 - Cross-Site Scripting (XSS) - A03:2021 - Injection diff --git a/go/lang/security/injection/raw-html-format.yaml b/go/lang/security/injection/raw-html-format.yaml index bd2e2c79f1..267b27892c 100644 --- a/go/lang/security/injection/raw-html-format.yaml +++ b/go/lang/security/injection/raw-html-format.yaml @@ -21,7 +21,6 @@ rules: - go references: - https://blogtitle.github.io/robn-go-security-pearls-cross-site-scripting-xss/ - license: Commons Clause License Condition v1.0[LGPL-2.1-only] confidence: MEDIUM cwe2022-top25: true cwe2021-top25: true diff --git a/go/lang/security/injection/tainted-url-host.yaml b/go/lang/security/injection/tainted-url-host.yaml index e7fa9a9102..999fcaeac6 100644 --- a/go/lang/security/injection/tainted-url-host.yaml +++ b/go/lang/security/injection/tainted-url-host.yaml @@ -21,7 +21,6 @@ rules: category: security technology: - go - license: Commons Clause License Condition v1.0[LGPL-2.1-only] confidence: HIGH cwe2022-top25: true cwe2021-top25: true diff --git a/java/android/best-practice/manifest-security-features.yaml b/java/android/best-practice/manifest-security-features.yaml index 40ac9dbe68..c7202b6f95 100644 --- a/java/android/best-practice/manifest-security-features.yaml +++ b/java/android/best-practice/manifest-security-features.yaml @@ -9,7 +9,6 @@ rules: Config is present. metadata: category: best-practice - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - android references: @@ -33,7 +32,6 @@ rules: if a Network Security Config is present. metadata: category: best-practice - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - android references: diff --git a/java/android/best-practice/network-security-config.yml b/java/android/best-practice/network-security-config.yml index 602168eb56..5c1020dd1f 100644 --- a/java/android/best-practice/network-security-config.yml +++ b/java/android/best-practice/network-security-config.yml @@ -10,7 +10,6 @@ rules: ``) metadata: category: best-practice - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - android references: @@ -40,7 +39,6 @@ rules: pin as a backup. metadata: category: best-practice - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - android references: @@ -78,7 +76,6 @@ rules: default to trusting system CAs and disregard the pin. metadata: category: best-practice - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - android references: @@ -108,7 +105,6 @@ rules: ``) metadata: category: best-practice - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - android references: @@ -141,7 +137,6 @@ rules: ``) metadata: category: best-practice - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - android references: diff --git a/java/lang/security/audit/xss/no-direct-response-writer.yaml b/java/lang/security/audit/xss/no-direct-response-writer.yaml index 0bccd5dad2..377fdec1ee 100644 --- a/java/lang/security/audit/xss/no-direct-response-writer.yaml +++ b/java/lang/security/audit/xss/no-direct-response-writer.yaml @@ -29,7 +29,6 @@ rules: - java - servlets interfile: true - license: proprietary license - copyright © Semgrep, Inc. languages: - java mode: taint diff --git a/java/spring/security/injection/tainted-sql-string.yaml b/java/spring/security/injection/tainted-sql-string.yaml index cfd0d5474b..593d8d7971 100644 --- a/java/spring/security/injection/tainted-sql-string.yaml +++ b/java/spring/security/injection/tainted-sql-string.yaml @@ -21,7 +21,6 @@ rules: category: security technology: - spring - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/javascript/browser/security/open-redirect-from-function.yaml b/javascript/browser/security/open-redirect-from-function.yaml index d455813890..4faaad1c5b 100644 --- a/javascript/browser/security/open-redirect-from-function.yaml +++ b/javascript/browser/security/open-redirect-from-function.yaml @@ -22,7 +22,6 @@ rules: - https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html technology: - browser - license: Commons Clause License Condition v1.0[LGPL-2.1-only] subcategory: - vuln likelihood: LOW diff --git a/javascript/browser/security/open-redirect.yaml b/javascript/browser/security/open-redirect.yaml index da86181ff2..dfa5639281 100644 --- a/javascript/browser/security/open-redirect.yaml +++ b/javascript/browser/security/open-redirect.yaml @@ -25,7 +25,6 @@ rules: - https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html technology: - browser - license: Commons Clause License Condition v1.0[LGPL-2.1-only] subcategory: - vuln likelihood: HIGH diff --git a/javascript/browser/security/raw-html-concat.yaml b/javascript/browser/security/raw-html-concat.yaml index ece2f2b2ca..bf7bdfff4e 100644 --- a/javascript/browser/security/raw-html-concat.yaml +++ b/javascript/browser/security/raw-html-concat.yaml @@ -12,7 +12,6 @@ rules: category: security technology: - browser - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/javascript/express/security/audit/express-open-redirect.yaml b/javascript/express/security/audit/express-open-redirect.yaml index d3749fac4f..5808a63036 100644 --- a/javascript/express/security/audit/express-open-redirect.yaml +++ b/javascript/express/security/audit/express-open-redirect.yaml @@ -20,7 +20,6 @@ rules: likelihood: HIGH impact: MEDIUM confidence: HIGH - license: Commons Clause License Condition v1.0[LGPL-2.1-only] languages: - javascript - typescript diff --git a/javascript/express/security/audit/xss/direct-response-write.yaml b/javascript/express/security/audit/xss/direct-response-write.yaml index 25959b5687..87dd91900e 100644 --- a/javascript/express/security/audit/xss/direct-response-write.yaml +++ b/javascript/express/security/audit/xss/direct-response-write.yaml @@ -26,7 +26,6 @@ rules: likelihood: MEDIUM impact: MEDIUM confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] vulnerability_class: - Cross-Site-Scripting (XSS) languages: diff --git a/javascript/express/security/injection/tainted-sql-string.yaml b/javascript/express/security/injection/tainted-sql-string.yaml index cc6536d2b4..550eb26c4a 100644 --- a/javascript/express/security/injection/tainted-sql-string.yaml +++ b/javascript/express/security/injection/tainted-sql-string.yaml @@ -19,7 +19,6 @@ rules: category: security technology: - express - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/javascript/lang/security/audit/detect-non-literal-fs-filename.yaml b/javascript/lang/security/audit/detect-non-literal-fs-filename.yaml index 4035861f3c..7f5c86f424 100644 --- a/javascript/lang/security/audit/detect-non-literal-fs-filename.yaml +++ b/javascript/lang/security/audit/detect-non-literal-fs-filename.yaml @@ -16,7 +16,6 @@ rules: category: security technology: - typescript - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/javascript/lang/security/audit/sqli/node-knex-sqli.yaml b/javascript/lang/security/audit/sqli/node-knex-sqli.yaml index 943715ce71..130a6adbee 100644 --- a/javascript/lang/security/audit/sqli/node-knex-sqli.yaml +++ b/javascript/lang/security/audit/sqli/node-knex-sqli.yaml @@ -23,7 +23,6 @@ rules: - express - nodejs - knex - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/javascript/lang/security/audit/sqli/node-mssql-sqli.yaml b/javascript/lang/security/audit/sqli/node-mssql-sqli.yaml index 3e0a30e823..61092aee58 100644 --- a/javascript/lang/security/audit/sqli/node-mssql-sqli.yaml +++ b/javascript/lang/security/audit/sqli/node-mssql-sqli.yaml @@ -17,7 +17,6 @@ rules: category: security technology: - mssql - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://www.npmjs.com/package/mssql cwe2022-top25: true diff --git a/javascript/lang/security/audit/sqli/node-mysql-sqli.yaml b/javascript/lang/security/audit/sqli/node-mysql-sqli.yaml index 0b5cff1507..876a6740c2 100644 --- a/javascript/lang/security/audit/sqli/node-mysql-sqli.yaml +++ b/javascript/lang/security/audit/sqli/node-mysql-sqli.yaml @@ -22,7 +22,6 @@ rules: - mysql2 - javascript - nodejs - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/javascript/lang/security/detect-child-process.yaml b/javascript/lang/security/detect-child-process.yaml index 52089b0931..4f9f6dccea 100644 --- a/javascript/lang/security/detect-child-process.yaml +++ b/javascript/lang/security/detect-child-process.yaml @@ -16,7 +16,6 @@ rules: category: security technology: - javascript - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/javascript/sequelize/security/audit/sequelize-injection-express.yaml b/javascript/sequelize/security/audit/sequelize-injection-express.yaml index 47aa8ded7f..cbfc06754e 100644 --- a/javascript/sequelize/security/audit/sequelize-injection-express.yaml +++ b/javascript/sequelize/security/audit/sequelize-injection-express.yaml @@ -27,7 +27,6 @@ rules: likelihood: HIGH impact: HIGH confidence: HIGH - license: Commons Clause License Condition v1.0[LGPL-2.1-only] languages: - javascript - typescript diff --git a/json/aws/security/public-s3-bucket.yaml b/json/aws/security/public-s3-bucket.yaml index b2c95a056e..c2093376ba 100644 --- a/json/aws/security/public-s3-bucket.yaml +++ b/json/aws/security/public-s3-bucket.yaml @@ -12,7 +12,6 @@ rules: category: security cwe: - 'CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] owasp: - A01:2021 - Broken Access Control references: diff --git a/json/npm/security/package-dependencies-check.yml b/json/npm/security/package-dependencies-check.yml index 727ea88664..4e9bac9044 100644 --- a/json/npm/security/package-dependencies-check.yml +++ b/json/npm/security/package-dependencies-check.yml @@ -45,7 +45,6 @@ rules: - https://cwe.mitre.org/data/definitions/427.html technology: - npm - license: Commons Clause License Condition v1.0[LGPL-2.1-only] subcategory: - audit likelihood: LOW diff --git a/kotlin/lang/security/defaulthttpclient-is-deprecated.yaml b/kotlin/lang/security/defaulthttpclient-is-deprecated.yaml index 2f86c63583..13d3ae5d88 100644 --- a/kotlin/lang/security/defaulthttpclient-is-deprecated.yaml +++ b/kotlin/lang/security/defaulthttpclient-is-deprecated.yaml @@ -15,7 +15,6 @@ rules: category: security technology: - kotlin - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures subcategory: diff --git a/kotlin/lang/security/ecb-cipher.yaml b/kotlin/lang/security/ecb-cipher.yaml index f56c2e7217..768852f84b 100644 --- a/kotlin/lang/security/ecb-cipher.yaml +++ b/kotlin/lang/security/ecb-cipher.yaml @@ -10,7 +10,6 @@ rules: category: security technology: - kotlin - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures subcategory: diff --git a/kotlin/lang/security/gcm-detection.yaml b/kotlin/lang/security/gcm-detection.yaml index 142b997ed4..947774777a 100644 --- a/kotlin/lang/security/gcm-detection.yaml +++ b/kotlin/lang/security/gcm-detection.yaml @@ -8,7 +8,6 @@ rules: - https://cwe.mitre.org/data/definitions/323.html technology: - kotlin - license: Commons Clause License Condition v1.0[LGPL-2.1-only] owasp: - A02:2021 - Cryptographic Failures subcategory: diff --git a/kotlin/lang/security/no-null-cipher.yaml b/kotlin/lang/security/no-null-cipher.yaml index 17ef15a757..b5fcc93378 100644 --- a/kotlin/lang/security/no-null-cipher.yaml +++ b/kotlin/lang/security/no-null-cipher.yaml @@ -16,7 +16,6 @@ rules: category: security technology: - kotlin - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures subcategory: diff --git a/kotlin/lang/security/unencrypted-socket.yaml b/kotlin/lang/security/unencrypted-socket.yaml index 312580d1ac..3b02a2605e 100644 --- a/kotlin/lang/security/unencrypted-socket.yaml +++ b/kotlin/lang/security/unencrypted-socket.yaml @@ -15,7 +15,6 @@ rules: category: security technology: - kotlin - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures subcategory: diff --git a/kotlin/lang/security/use-of-md5.yaml b/kotlin/lang/security/use-of-md5.yaml index 9f32ba366e..f302996e80 100644 --- a/kotlin/lang/security/use-of-md5.yaml +++ b/kotlin/lang/security/use-of-md5.yaml @@ -15,7 +15,6 @@ rules: category: security technology: - kotlin - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://owasp.org/Top10/A02_2021-Cryptographic_Failures subcategory: diff --git a/metadata-schema.yaml.schm b/metadata-schema.yaml.schm index 5b54082088..2a4bc091af 100644 --- a/metadata-schema.yaml.schm +++ b/metadata-schema.yaml.schm @@ -3,7 +3,6 @@ schema: allOf: - type: object required: - - references - category - technology properties: @@ -90,4 +89,5 @@ schema: - likelihood - impact - subcategory + - references diff --git a/php/doctrine/security/audit/doctrine-dbal-dangerous-query.yaml b/php/doctrine/security/audit/doctrine-dbal-dangerous-query.yaml index 0913b4ad1f..caebbcf098 100644 --- a/php/doctrine/security/audit/doctrine-dbal-dangerous-query.yaml +++ b/php/doctrine/security/audit/doctrine-dbal-dangerous-query.yaml @@ -9,7 +9,6 @@ rules: category: security cwe: - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - license: Commons Clause License Condition v1.0[LGPL-2.1-only] owasp: - A01:2017 - Injection - A03:2021 - Injection diff --git a/php/doctrine/security/audit/doctrine-orm-dangerous-query.yaml b/php/doctrine/security/audit/doctrine-orm-dangerous-query.yaml index ba41281637..2dc588a59e 100644 --- a/php/doctrine/security/audit/doctrine-orm-dangerous-query.yaml +++ b/php/doctrine/security/audit/doctrine-orm-dangerous-query.yaml @@ -11,7 +11,6 @@ rules: category: security cwe: - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - license: Commons Clause License Condition v1.0[LGPL-2.1-only] owasp: - A01:2017 - Injection - A03:2021 - Injection diff --git a/php/lang/security/injection/tainted-url-host.yaml b/php/lang/security/injection/tainted-url-host.yaml index 2ca6a7736c..84b84a9977 100644 --- a/php/lang/security/injection/tainted-url-host.yaml +++ b/php/lang/security/injection/tainted-url-host.yaml @@ -23,7 +23,6 @@ rules: category: security technology: - php - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/php/lang/security/php-ssrf.yaml b/php/lang/security/php-ssrf.yaml index 0b33f2b542..ff6401bc3f 100644 --- a/php/lang/security/php-ssrf.yaml +++ b/php/lang/security/php-ssrf.yaml @@ -31,7 +31,6 @@ rules: metadata: references: - https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe: - "CWE-918: Server-Side Request Forgery (SSRF)" category: security diff --git a/python/aws-lambda/security/dangerous-asyncio-create-exec.yaml b/python/aws-lambda/security/dangerous-asyncio-create-exec.yaml index 7fc2ed3251..0d8128212b 100644 --- a/python/aws-lambda/security/dangerous-asyncio-create-exec.yaml +++ b/python/aws-lambda/security/dangerous-asyncio-create-exec.yaml @@ -46,7 +46,6 @@ rules: category: security technology: - python - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/aws-lambda/security/dangerous-asyncio-exec.yaml b/python/aws-lambda/security/dangerous-asyncio-exec.yaml index 24fd0b0e9b..b7c0520b26 100644 --- a/python/aws-lambda/security/dangerous-asyncio-exec.yaml +++ b/python/aws-lambda/security/dangerous-asyncio-exec.yaml @@ -41,7 +41,6 @@ rules: technology: - python - aws-lambda - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/aws-lambda/security/dangerous-asyncio-shell.yaml b/python/aws-lambda/security/dangerous-asyncio-shell.yaml index 012d2d16c2..6aa9f1d89c 100644 --- a/python/aws-lambda/security/dangerous-asyncio-shell.yaml +++ b/python/aws-lambda/security/dangerous-asyncio-shell.yaml @@ -38,7 +38,6 @@ rules: technology: - python - aws-lambda - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/aws-lambda/security/dangerous-spawn-process.yaml b/python/aws-lambda/security/dangerous-spawn-process.yaml index c8b48a5bfb..a0ba55947b 100644 --- a/python/aws-lambda/security/dangerous-spawn-process.yaml +++ b/python/aws-lambda/security/dangerous-spawn-process.yaml @@ -21,7 +21,6 @@ rules: technology: - python - aws-lambda - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://owasp.org/Top10/A03_2021-Injection cwe2022-top25: true diff --git a/python/aws-lambda/security/dangerous-subprocess-use.yaml b/python/aws-lambda/security/dangerous-subprocess-use.yaml index b8e9c8145e..9889325883 100644 --- a/python/aws-lambda/security/dangerous-subprocess-use.yaml +++ b/python/aws-lambda/security/dangerous-subprocess-use.yaml @@ -26,7 +26,6 @@ rules: technology: - python - aws-lambda - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/aws-lambda/security/tainted-code-exec.yaml b/python/aws-lambda/security/tainted-code-exec.yaml index a7a3fbda25..028bd41a51 100644 --- a/python/aws-lambda/security/tainted-code-exec.yaml +++ b/python/aws-lambda/security/tainted-code-exec.yaml @@ -30,7 +30,6 @@ rules: category: security technology: - python - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://owasp.org/Top10/A03_2021-Injection subcategory: diff --git a/python/cryptography/security/empty-aes-key.yaml b/python/cryptography/security/empty-aes-key.yaml index b158751507..92b321dab8 100644 --- a/python/cryptography/security/empty-aes-key.yaml +++ b/python/cryptography/security/empty-aes-key.yaml @@ -22,7 +22,6 @@ rules: likelihood: MEDIUM impact: HIGH confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] owasp: A6:2017 misconfiguration functional-categories: - crypto::search::key-length::pycrypto diff --git a/python/django/maintainability/duplicate-path-assignment.yaml b/python/django/maintainability/duplicate-path-assignment.yaml index f07597d50d..b826b93b09 100644 --- a/python/django/maintainability/duplicate-path-assignment.yaml +++ b/python/django/maintainability/duplicate-path-assignment.yaml @@ -5,9 +5,10 @@ rules: message: path for `$URL` is uselessly assigned twice metadata: category: maintainability - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - django + references: + - https://docs.djangoproject.com/en/3.2/topics/http/urls/#naming-url-patterns patterns: - pattern: | [..., django.urls.path('$URL', $VIEW, ...), ..., django.urls.path('$URL', $VIEW, ...), ...] @@ -20,9 +21,10 @@ rules: Verify what the intended target view is and delete the other route. metadata: category: maintainability - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - django + references: + - https://docs.djangoproject.com/en/3.2/topics/http/urls/#naming-url-patterns patterns: - pattern: | [..., django.urls.path('$URL', $VIEW, ...), ..., django.urls.path('$URL', $DIFFERENT_VIEW, ...), ...] @@ -35,9 +37,10 @@ rules: message: path for `$URL` is assigned twice with different names metadata: category: maintainability - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - django + references: + - https://docs.djangoproject.com/en/3.2/topics/http/urls/#naming-url-patterns patterns: - pattern: | [..., django.urls.path('$URL', $VIEW, name='$NAME', ...), ..., django.urls.path('$URL', $VIEW, name='$OTHER_NAME', ...), ...] @@ -52,7 +55,6 @@ rules: Pick a unique name for each path. metadata: category: maintainability - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - django references: diff --git a/python/django/security/injection/raw-html-format.yaml b/python/django/security/injection/raw-html-format.yaml index 729c39db12..a7bd6daf8a 100644 --- a/python/django/security/injection/raw-html-format.yaml +++ b/python/django/security/injection/raw-html-format.yaml @@ -20,7 +20,6 @@ rules: references: - https://docs.djangoproject.com/en/3.2/topics/http/shortcuts/#render - https://docs.djangoproject.com/en/3.2/topics/security/#cross-site-scripting-xss-protection - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/django/security/injection/tainted-url-host.yaml b/python/django/security/injection/tainted-url-host.yaml index 462b55947c..3b32b25499 100644 --- a/python/django/security/injection/tainted-url-host.yaml +++ b/python/django/security/injection/tainted-url-host.yaml @@ -18,7 +18,6 @@ rules: category: security technology: - flask - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/flask/security/audit/host-header-injection-python.yaml b/python/flask/security/audit/host-header-injection-python.yaml index b7621e8ad2..6ba33e680d 100644 --- a/python/flask/security/audit/host-header-injection-python.yaml +++ b/python/flask/security/audit/host-header-injection-python.yaml @@ -43,4 +43,3 @@ rules: likelihood: LOW impact: MEDIUM confidence: LOW - license: Commons Clause License Condition v1.0[LGPL-2.1-only] diff --git a/python/flask/security/injection/raw-html-concat.yaml b/python/flask/security/injection/raw-html-concat.yaml index 6019edc89f..dfff4caa37 100644 --- a/python/flask/security/injection/raw-html-concat.yaml +++ b/python/flask/security/injection/raw-html-concat.yaml @@ -22,7 +22,6 @@ rules: - flask references: - https://flask.palletsprojects.com/en/2.0.x/security/#cross-site-scripting-xss - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/flask/security/injection/tainted-url-host.yaml b/python/flask/security/injection/tainted-url-host.yaml index 15d9e0b91e..46e3f565b2 100644 --- a/python/flask/security/injection/tainted-url-host.yaml +++ b/python/flask/security/injection/tainted-url-host.yaml @@ -20,7 +20,6 @@ rules: category: security technology: - flask - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/flask/security/xss/audit/template-unquoted-attribute-var.yaml b/python/flask/security/xss/audit/template-unquoted-attribute-var.yaml index 7053072d02..4c05178bd6 100644 --- a/python/flask/security/xss/audit/template-unquoted-attribute-var.yaml +++ b/python/flask/security/xss/audit/template-unquoted-attribute-var.yaml @@ -15,7 +15,6 @@ rules: category: security technology: - flask - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/python/lang/maintainability/useless-innerfunction.yaml b/python/lang/maintainability/useless-innerfunction.yaml index bbb9c524f9..1dee74d64b 100644 --- a/python/lang/maintainability/useless-innerfunction.yaml +++ b/python/lang/maintainability/useless-innerfunction.yaml @@ -34,4 +34,3 @@ rules: category: maintainability technology: - python - license: Commons Clause License Condition v1.0[LGPL-2.1-only] diff --git a/python/lang/security/audit/regex-dos.yaml b/python/lang/security/audit/regex-dos.yaml index 6ee3a26e45..34767364fa 100644 --- a/python/lang/security/audit/regex-dos.yaml +++ b/python/lang/security/audit/regex-dos.yaml @@ -28,7 +28,6 @@ rules: owasp: 'A06:2017 - Security Misconfiguration' cwe: 'CWE-1333: Inefficient Regular Expression Complexity' category: security - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - python references: diff --git a/ruby/rails/security/audit/xss/templates/unquoted-attribute.yaml b/ruby/rails/security/audit/xss/templates/unquoted-attribute.yaml index 5099ca53fa..ebe3c7e8c4 100644 --- a/ruby/rails/security/audit/xss/templates/unquoted-attribute.yaml +++ b/ruby/rails/security/audit/xss/templates/unquoted-attribute.yaml @@ -15,7 +15,6 @@ rules: category: security technology: - rails - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/ruby/rails/security/brakeman/check-render-local-file-include.yaml b/ruby/rails/security/brakeman/check-render-local-file-include.yaml index f817ca87e4..a0ee415c2c 100644 --- a/ruby/rails/security/brakeman/check-render-local-file-include.yaml +++ b/ruby/rails/security/brakeman/check-render-local-file-include.yaml @@ -57,7 +57,6 @@ rules: likelihood: MEDIUM impact: HIGH confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] vulnerability_class: - Path Traversal diff --git a/ruby/rails/security/injection/tainted-sql-string.yaml b/ruby/rails/security/injection/tainted-sql-string.yaml index e3091dcded..14f9c3753c 100644 --- a/ruby/rails/security/injection/tainted-sql-string.yaml +++ b/ruby/rails/security/injection/tainted-sql-string.yaml @@ -19,7 +19,6 @@ rules: - rails references: - https://rorsecurity.info/portfolio/ruby-on-rails-sql-injection-cheat-sheet - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/scala/lang/correctness/positive-number-index-of.yaml b/scala/lang/correctness/positive-number-index-of.yaml index 9a4181740d..3141e51e10 100644 --- a/scala/lang/correctness/positive-number-index-of.yaml +++ b/scala/lang/correctness/positive-number-index-of.yaml @@ -4,7 +4,6 @@ rules: category: correctness technology: - scala - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://blog.codacy.com/9-scala-security-issues/ confidence: MEDIUM diff --git a/scala/lang/security/audit/insecure-random.yaml b/scala/lang/security/audit/insecure-random.yaml index 18a6dc3ed8..ccd39f6e4c 100644 --- a/scala/lang/security/audit/insecure-random.yaml +++ b/scala/lang/security/audit/insecure-random.yaml @@ -9,7 +9,6 @@ rules: technology: - scala - cryptography - license: Commons Clause License Condition v1.0[LGPL-2.1-only] resources: - https://find-sec-bugs.github.io/bugs.htm confidence: LOW diff --git a/scala/lang/security/audit/path-traversal-fromfile.yaml b/scala/lang/security/audit/path-traversal-fromfile.yaml index 8109fde101..20f5fef5f7 100644 --- a/scala/lang/security/audit/path-traversal-fromfile.yaml +++ b/scala/lang/security/audit/path-traversal-fromfile.yaml @@ -9,7 +9,6 @@ rules: category: security technology: - scala - license: Commons Clause License Condition v1.0[LGPL-2.1-only] resources: - https://find-sec-bugs.github.io/bugs.htm confidence: LOW diff --git a/scala/lang/security/audit/rsa-padding-set.yaml b/scala/lang/security/audit/rsa-padding-set.yaml index cfdbef70a8..a32c94bc8b 100644 --- a/scala/lang/security/audit/rsa-padding-set.yaml +++ b/scala/lang/security/audit/rsa-padding-set.yaml @@ -9,7 +9,6 @@ rules: technology: - scala - cryptography - license: Commons Clause License Condition v1.0[LGPL-2.1-only] resources: - https://blog.codacy.com/9-scala-security-issues/ confidence: HIGH diff --git a/scala/lang/security/audit/tainted-sql-string.yaml b/scala/lang/security/audit/tainted-sql-string.yaml index 24805b5acd..dd64028a40 100644 --- a/scala/lang/security/audit/tainted-sql-string.yaml +++ b/scala/lang/security/audit/tainted-sql-string.yaml @@ -21,7 +21,6 @@ rules: technology: - scala confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/terraform/aws/security/aws-ecr-repository-wildcard-principal.yaml b/terraform/aws/security/aws-ecr-repository-wildcard-principal.yaml index a6fa4d6b3f..dedca5a5c0 100644 --- a/terraform/aws/security/aws-ecr-repository-wildcard-principal.yaml +++ b/terraform/aws/security/aws-ecr-repository-wildcard-principal.yaml @@ -60,7 +60,6 @@ rules: likelihood: MEDIUM impact: MEDIUM confidence: MEDIUM - license: Commons Clause License Condition v1.0[LGPL-2.1-only] languages: - hcl severity: WARNING diff --git a/terraform/lang/security/eks-insufficient-control-plane-logging.yaml b/terraform/lang/security/eks-insufficient-control-plane-logging.yaml index b39669bb2b..a0cde72c61 100644 --- a/terraform/lang/security/eks-insufficient-control-plane-logging.yaml +++ b/terraform/lang/security/eks-insufficient-control-plane-logging.yaml @@ -43,4 +43,3 @@ rules: likelihood: LOW impact: LOW confidence: LOW - license: Commons Clause License Condition v1.0[LGPL-2.1-only] diff --git a/terraform/lang/security/iam/no-iam-admin-privileges.yaml b/terraform/lang/security/iam/no-iam-admin-privileges.yaml index 9a4c859e8d..db11f11053 100644 --- a/terraform/lang/security/iam/no-iam-admin-privileges.yaml +++ b/terraform/lang/security/iam/no-iam-admin-privileges.yaml @@ -78,7 +78,6 @@ rules: category: security cwe: - 'CWE-269: Improper Privilege Management' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/terraform/lang/security/iam/no-iam-creds-exposure.yaml b/terraform/lang/security/iam/no-iam-creds-exposure.yaml index e6f611d58e..49eeaa1f39 100644 --- a/terraform/lang/security/iam/no-iam-creds-exposure.yaml +++ b/terraform/lang/security/iam/no-iam-creds-exposure.yaml @@ -159,7 +159,6 @@ rules: category: security cwe: - 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/terraform/lang/security/iam/no-iam-data-exfiltration.yaml b/terraform/lang/security/iam/no-iam-data-exfiltration.yaml index 075f7f5964..096ad0c2cd 100644 --- a/terraform/lang/security/iam/no-iam-data-exfiltration.yaml +++ b/terraform/lang/security/iam/no-iam-data-exfiltration.yaml @@ -100,7 +100,6 @@ rules: category: security cwe: - 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/terraform/lang/security/iam/no-iam-priv-esc-funcs.yaml b/terraform/lang/security/iam/no-iam-priv-esc-funcs.yaml index 5cc69ffc3e..6939f36d92 100644 --- a/terraform/lang/security/iam/no-iam-priv-esc-funcs.yaml +++ b/terraform/lang/security/iam/no-iam-priv-esc-funcs.yaml @@ -101,7 +101,6 @@ rules: category: security cwe: - 'CWE-250: Execution with Unnecessary Privileges' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/terraform/lang/security/iam/no-iam-priv-esc-other-users.yaml b/terraform/lang/security/iam/no-iam-priv-esc-other-users.yaml index f9250dbf9d..45b1b93dfc 100644 --- a/terraform/lang/security/iam/no-iam-priv-esc-other-users.yaml +++ b/terraform/lang/security/iam/no-iam-priv-esc-other-users.yaml @@ -93,7 +93,6 @@ rules: category: security cwe: - 'CWE-269: Improper Privilege Management' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/terraform/lang/security/iam/no-iam-priv-esc-roles.yaml b/terraform/lang/security/iam/no-iam-priv-esc-roles.yaml index be8d3128b7..68872fc664 100644 --- a/terraform/lang/security/iam/no-iam-priv-esc-roles.yaml +++ b/terraform/lang/security/iam/no-iam-priv-esc-roles.yaml @@ -117,7 +117,6 @@ rules: category: security cwe: - 'CWE-269: Improper Privilege Management' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/terraform/lang/security/iam/no-iam-resource-exposure.yaml b/terraform/lang/security/iam/no-iam-resource-exposure.yaml index 97f76d8e42..9125090870 100644 --- a/terraform/lang/security/iam/no-iam-resource-exposure.yaml +++ b/terraform/lang/security/iam/no-iam-resource-exposure.yaml @@ -777,7 +777,6 @@ rules: category: security cwe: - 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/terraform/lang/security/iam/no-iam-star-actions.yaml b/terraform/lang/security/iam/no-iam-star-actions.yaml index 1d0a5a1000..01bd7135ae 100644 --- a/terraform/lang/security/iam/no-iam-star-actions.yaml +++ b/terraform/lang/security/iam/no-iam-star-actions.yaml @@ -75,7 +75,6 @@ rules: category: security cwe: - 'CWE-269: Improper Privilege Management' - license: Commons Clause License Condition v1.0[LGPL-2.1-only] technology: - terraform - aws diff --git a/typescript/angular/security/audit/angular-domsanitizer.yaml b/typescript/angular/security/audit/angular-domsanitizer.yaml index 974b226e81..a62133be6f 100644 --- a/typescript/angular/security/audit/angular-domsanitizer.yaml +++ b/typescript/angular/security/audit/angular-domsanitizer.yaml @@ -20,7 +20,6 @@ rules: technology: - angular - browser - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/typescript/react/best-practice/react-props-spreading.yaml b/typescript/react/best-practice/react-props-spreading.yaml index ab170c17ac..fb98f33b7e 100644 --- a/typescript/react/best-practice/react-props-spreading.yaml +++ b/typescript/react/best-practice/react-props-spreading.yaml @@ -20,4 +20,3 @@ rules: category: best-practice technology: - react - license: Commons Clause License Condition v1.0[LGPL-2.1-only] diff --git a/typescript/react/security/audit/react-dangerouslysetinnerhtml.yaml b/typescript/react/security/audit/react-dangerouslysetinnerhtml.yaml index 689bab887a..a66a5b21de 100644 --- a/typescript/react/security/audit/react-dangerouslysetinnerhtml.yaml +++ b/typescript/react/security/audit/react-dangerouslysetinnerhtml.yaml @@ -18,7 +18,6 @@ rules: confidence: MEDIUM technology: - react - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/typescript/react/security/audit/react-href-var.yaml b/typescript/react/security/audit/react-href-var.yaml index f6dd7f4406..e4bdb68ba0 100644 --- a/typescript/react/security/audit/react-href-var.yaml +++ b/typescript/react/security/audit/react-href-var.yaml @@ -19,7 +19,6 @@ rules: confidence: LOW technology: - react - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/typescript/react/security/audit/react-unsanitized-method.yaml b/typescript/react/security/audit/react-unsanitized-method.yaml index a39a179380..6a1f8d6fd5 100644 --- a/typescript/react/security/audit/react-unsanitized-method.yaml +++ b/typescript/react/security/audit/react-unsanitized-method.yaml @@ -19,7 +19,6 @@ rules: confidence: MEDIUM technology: - react - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/typescript/react/security/audit/react-unsanitized-property.yaml b/typescript/react/security/audit/react-unsanitized-property.yaml index 451f7b8a3c..6dc36f86b3 100644 --- a/typescript/react/security/audit/react-unsanitized-property.yaml +++ b/typescript/react/security/audit/react-unsanitized-property.yaml @@ -17,7 +17,6 @@ rules: confidence: MEDIUM technology: - react - license: Commons Clause License Condition v1.0[LGPL-2.1-only] cwe2022-top25: true cwe2021-top25: true subcategory: diff --git a/yaml/docker-compose/security/privileged-service.yaml b/yaml/docker-compose/security/privileged-service.yaml index 92952ddebe..a541005ef9 100644 --- a/yaml/docker-compose/security/privileged-service.yaml +++ b/yaml/docker-compose/security/privileged-service.yaml @@ -32,7 +32,6 @@ rules: category: security technology: - docker-compose - license: Commons Clause License Condition v1.0[LGPL-2.1-only] subcategory: - vuln likelihood: HIGH diff --git a/yaml/github-actions/security/audit/unsafe-add-mask-workflow-command.yaml b/yaml/github-actions/security/audit/unsafe-add-mask-workflow-command.yaml index b7dd89fc07..4a8a208d28 100644 --- a/yaml/github-actions/security/audit/unsafe-add-mask-workflow-command.yaml +++ b/yaml/github-actions/security/audit/unsafe-add-mask-workflow-command.yaml @@ -25,7 +25,6 @@ rules: likelihood: LOW impact: MEDIUM confidence: LOW - license: Commons Clause License Condition v1.0[LGPL-2.1-only] vulnerability_class: - Dangerous Method or Function references: diff --git a/yaml/kubernetes/security/secrets-in-config-file.yaml b/yaml/kubernetes/security/secrets-in-config-file.yaml index 7dd5c320db..a92af232d7 100644 --- a/yaml/kubernetes/security/secrets-in-config-file.yaml +++ b/yaml/kubernetes/security/secrets-in-config-file.yaml @@ -23,7 +23,6 @@ rules: category: security technology: - kubernetes - license: Commons Clause License Condition v1.0[LGPL-2.1-only] references: - https://kubernetes.io/docs/concepts/configuration/secret/ - https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/0/CTR_Kubernetes_Hardening_Guidance_1.1_20220315.PDF diff --git a/yaml/semgrep/metadata-incorrect-option.test.yaml b/yaml/semgrep/metadata-incorrect-option.test.yaml index 1870c8fcc6..8e4d89d69d 100644 --- a/yaml/semgrep/metadata-incorrect-option.test.yaml +++ b/yaml/semgrep/metadata-incorrect-option.test.yaml @@ -24,7 +24,6 @@ rules: technology: - ios - macos - license: Commons Clause License Condition v1.0[LGPL-2.1-only] vulnerability_class: - Cryptographic Issues languages: