File tree Expand file tree Collapse file tree 3 files changed +613
-0
lines changed Expand file tree Collapse file tree 3 files changed +613
-0
lines changed Original file line number Diff line number Diff line change 1+ id : libxml2-audit-parser-cpp
2+ language : Cpp
3+ severity : warning
4+ message : >-
5+ The libxml2 library is used to parse XML. When auditing such code, make
6+ sure that either the document being parsed is trusted or that the parsing
7+ options are safe to consume untrusted documents. In such case make sure
8+ DTD or XInclude documents cannot be loaded and there is no network access.
9+ note : >-
10+ [CWE-611] Improper Restriction of XML External Entity Reference.
11+ [REFERENCES]
12+ - https://owasp.org/Top10/A05_2021-Security_Misconfiguration
13+ ast-grep-essentials : true
14+ utils :
15+ Pattern_having_three_child :
16+ kind : call_expression
17+ all :
18+ - has :
19+ kind : identifier
20+ regex : ^(xmlReadFile)$
21+ - has :
22+ kind : argument_list
23+ all :
24+ - has :
25+ nthChild :
26+ position : 1
27+ ofRule :
28+ not :
29+ kind : comment
30+ - has :
31+ nthChild :
32+ position : 2
33+ ofRule :
34+ not :
35+ kind : comment
36+ - has :
37+ nthChild :
38+ position : 3
39+ ofRule :
40+ not :
41+ kind : comment
42+ - not :
43+ has :
44+ nthChild :
45+ position : 4
46+ ofRule :
47+ not :
48+ kind : comment
49+
50+ Pattern_having_five_child :
51+ kind : call_expression
52+ all :
53+ - has :
54+ kind : identifier
55+ regex : ^(xmlParseInNodeContext|xmlReadMemory|xmlCtxtReadDoc|xmlCtxtReadFd)$
56+ - has :
57+ kind : argument_list
58+ all :
59+ - has :
60+ nthChild :
61+ position : 1
62+ ofRule :
63+ not :
64+ kind : comment
65+ - has :
66+ nthChild :
67+ position : 2
68+ ofRule :
69+ not :
70+ kind : comment
71+ - has :
72+ nthChild :
73+ position : 3
74+ ofRule :
75+ not :
76+ kind : comment
77+ - has :
78+ nthChild :
79+ position : 4
80+ ofRule :
81+ not :
82+ kind : comment
83+ - has :
84+ nthChild :
85+ position : 5
86+ ofRule :
87+ not :
88+ kind : comment
89+ - not :
90+ has :
91+ nthChild :
92+ position : 6
93+ ofRule :
94+ not :
95+ kind : comment
96+
97+ Pattern_having_four_child :
98+ kind : call_expression
99+ all :
100+ - has :
101+ kind : identifier
102+ regex : ^(xmlReadDoc|xmlReadFd|xmlCtxtReadFile)$
103+ - has :
104+ kind : argument_list
105+ all :
106+ - has :
107+ nthChild :
108+ position : 1
109+ ofRule :
110+ not :
111+ kind : comment
112+ - has :
113+ nthChild :
114+ position : 2
115+ ofRule :
116+ not :
117+ kind : comment
118+ - has :
119+ nthChild :
120+ position : 3
121+ ofRule :
122+ not :
123+ kind : comment
124+ - has :
125+ nthChild :
126+ position : 4
127+ ofRule :
128+ not :
129+ kind : comment
130+ - not :
131+ has :
132+ nthChild :
133+ position : 5
134+ ofRule :
135+ not :
136+ kind : comment
137+
138+ Pattern_having_six_child :
139+ kind : call_expression
140+ all :
141+ - has :
142+ kind : identifier
143+ regex : ^(xmlReadIO|xmlCtxtReadMemory)$
144+ - has :
145+ kind : argument_list
146+ all :
147+ - has :
148+ nthChild :
149+ position : 1
150+ ofRule :
151+ not :
152+ kind : comment
153+ - has :
154+ nthChild :
155+ position : 2
156+ ofRule :
157+ not :
158+ kind : comment
159+ - has :
160+ nthChild :
161+ position : 3
162+ ofRule :
163+ not :
164+ kind : comment
165+ - has :
166+ nthChild :
167+ position : 4
168+ ofRule :
169+ not :
170+ kind : comment
171+ - has :
172+ nthChild :
173+ position : 5
174+ ofRule :
175+ not :
176+ kind : comment
177+ - has :
178+ nthChild :
179+ position : 6
180+ ofRule :
181+ not :
182+ kind : comment
183+ - not :
184+ has :
185+ nthChild :
186+ position : 7
187+ ofRule :
188+ not :
189+ kind : comment
190+
191+ Pattern_having_seven_child :
192+ kind : call_expression
193+ all :
194+ - has :
195+ kind : identifier
196+ regex : ^(xmlCtxtReadIO)$
197+ - has :
198+ kind : argument_list
199+ all :
200+ - has :
201+ nthChild :
202+ position : 1
203+ ofRule :
204+ not :
205+ kind : comment
206+ - has :
207+ nthChild :
208+ position : 2
209+ ofRule :
210+ not :
211+ kind : comment
212+ - has :
213+ nthChild :
214+ position : 3
215+ ofRule :
216+ not :
217+ kind : comment
218+ - has :
219+ nthChild :
220+ position : 4
221+ ofRule :
222+ not :
223+ kind : comment
224+ - has :
225+ nthChild :
226+ position : 5
227+ ofRule :
228+ not :
229+ kind : comment
230+ - has :
231+ nthChild :
232+ position : 6
233+ ofRule :
234+ not :
235+ kind : comment
236+ - has :
237+ nthChild :
238+ position : 7
239+ ofRule :
240+ not :
241+ kind : comment
242+ - not :
243+ has :
244+ nthChild :
245+ position : 8
246+ ofRule :
247+ not :
248+ kind : comment
249+
250+ rule :
251+ kind : call_expression
252+ any :
253+ - matches : Pattern_having_five_child
254+ - matches : Pattern_having_four_child
255+ - matches : Pattern_having_six_child
256+ - matches : Pattern_having_seven_child
257+ - matches : Pattern_having_three_child
258+ not :
259+ all :
260+ - has :
261+ stopBy : end
262+ kind : ERROR
263+ - inside :
264+ stopBy : end
265+ kind : ERROR
You can’t perform that action at this time.
0 commit comments