-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathcq.py
executable file
·754 lines (729 loc) · 62.9 KB
/
cq.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
#!/usr/bin/env python3
import signal
import sys
import fn
import regex
# Directories / files to skip (these are regexes)
SKIP_DIRS = [
regex.compile('/External/'),
regex.compile('/Samples/'),
regex.compile('/NuGet/'),
# regex.compile('/Setup/'),
regex.compile('/i18n/'),
regex.compile('/li8n/'),
regex.compile('/node_modules/'),
regex.compile('/packages/'),
regex.compile('(?i)/test/'),
regex.compile('/third_party/'),
regex.compile('/vendor/'),
regex.compile(r'/\.svn/'),
regex.compile(r'/\.git/'),
regex.compile('example'),
]
SKIP_EXTS = [
regex.compile(r'\.DS_Store$'),
regex.compile(r'\.css$'),
regex.compile(r'\.deps\.json$'),
regex.compile(r'\.dll$'),
regex.compile(r'\.eot$'),
regex.compile(r'\.exe$'),
regex.compile(r'\.gif$'),
regex.compile(r'\.ico$'),
regex.compile(r'\.jar$'),
regex.compile(r'\.jpg$'),
regex.compile(r'\.min\.js$'),
regex.compile(r'\.mov$'),
regex.compile(r'\.mp4$'),
regex.compile(r'\.png$'),
regex.compile(r'\.svg$'),
regex.compile(r'\.tif$'),
regex.compile(r'\.tiff$'),
regex.compile(r'\.ttf$'),
regex.compile(r'\.woff$'),
regex.compile(r'\.zip$'),
regex.compile(r'salt\.7$'),
]
# files by mime type:
# find . -type f -exec file --mime-type "{}" \; | awk '{ print $2 ":" $1}'
CFG_FILES = ['.cfg', '.conf', '.config', '.yaml', '.ini', '.xml', '.json', '.txt']
CS_FILES = ['.cs']
C_FILES = ['.c', '.h', '.cpp', '.cxx', '.cc', '.hpp']
DOTNET_FILES = ['.config', '.cs', '.vb', '.vbs', '.xml']
GO_FILES = ['.go']
HTM_FILES = ['.htm', '.html']
JAVA_FILES = ['.java', '.jsp']
JS_FILES = ['.js']
PHP_FILES = ['.php', '.php3', '.php4', '.php5', '.phtml', '.inc', '.phpt']
PL_FILES = ['.pl', '.pm']
PY_FILES = ['.py']
RUBY_FILES = ['.rb']
APPLE_FILES = C_FILES + ['.swift', '.m', '.plist']
EXTRA_CODE_FILES = ['.ps1', '.pubxml', 'dockerfile']
ALL_CODE_FILES = CFG_FILES + C_FILES + DOTNET_FILES + EXTRA_CODE_FILES + GO_FILES + JAVA_FILES + JS_FILES + PHP_FILES + PL_FILES + PY_FILES + RUBY_FILES
DF_FILES = [
'df_c',
'df_cs',
'df_java',
'df_php',
'df_py',
'df_ruby']
GLOBAL_CHECKS = [
('basic_begin_time', fn.basic_get_time, ''),
('basic_path', fn.basic_path, ''),
('tool_extensions', fn.global_run_tool, r"find ./ -type f | grep -E '.*\.[a-zA-Z0-9]*$' | sed -e 's/.*\(\.[a-zA-Z0-9]*\)$/\1/' | sort | uniq -c | sort -n >> '{out_fname}' 2>/dev/null & "),
('tool_cloc', fn.global_run_tool, r"cloc --progress-rate=0 . >> '{out_fname}' 2>/dev/null &"),
('tool_clamav', fn.global_run_tool, r"clamscan -r . >> '{out_fname}' 2>/dev/null ; find '{out_fname}' -size 0 -delete &"),
('tool_git_repos', fn.global_run_tool, r"find `pwd` -name .git >> '{out_fname}' 2>/dev/null ; find '{out_fname}' -size 0 -delete &"),
('tool_dot_files', fn.global_run_tool, r"find `pwd` -name '.*' >> '{out_fname}' 2>/dev/null ; find '{out_fname}' -size 0 -delete &"),
('tool_bandit', fn.global_run_tool, r"bandit --ignore-nosec -r . --format custom --msg-template '{{abspath}}:{{line}}: {{test_id}}[bandit]: {{severity}}: {{msg}}' >> '{out_fname}' 2>/dev/null ; find '{out_fname}' -size 0 -delete &"),
('tool_nsp', fn.global_run_tool, 'find . -name package.json | while read i; do dirname $i; done | while read j; do echo PROJECT: $j; nsp check $j --reporter summary; done >> "{out_fname}" 2>/dev/null ; find "{out_fname}" -size 0 -delete &'),
('tool_eslint', fn.global_run_tool, 'eslint . >> "{out_fname}" 2>/dev/null ; find "{out_fname}" -size 0 -delete &'),
('semgrep-apex', fn.global_run_tool, '(semgrep -c r/apex "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete)&'),
('semgrep-bash', fn.global_run_tool, '(semgrep -c r/bash "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete)&'),
('semgrep-c', fn.global_run_tool, '(semgrep -c r/c "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete)&'),
('semgrep-clojure', fn.global_run_tool, '(semgrep -c r/clojure "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete)&'),
('semgrep-cs', fn.global_run_tool, '(semgrep -c r/csharp "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-docker', fn.global_run_tool, '(semgrep -c r/dockerfile "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-elixir', fn.global_run_tool, '(semgrep -c r/elixir "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-fingerprints', fn.global_run_tool, '(semgrep -c r/fingerprints "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-generic', fn.global_run_tool, '(semgrep -c r/generic "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-go', fn.global_run_tool, '(semgrep -c r/go "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-html', fn.global_run_tool, '(semgrep -c r/html "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-java', fn.global_run_tool, '(semgrep -c r/java "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-js', fn.global_run_tool, '(semgrep -c r/javascript "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-json', fn.global_run_tool, '(semgrep -c r/json "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-kotlin', fn.global_run_tool, '(semgrep -c r/kotlin "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-libsonnet', fn.global_run_tool, '(semgrep -c r/libsonnet "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-ocaml', fn.global_run_tool, '(semgrep -c r/ocaml "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-php', fn.global_run_tool, '(semgrep -c r/php "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-probs', fn.global_run_tool, '(semgrep -c r/problem-based-packs "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-py', fn.global_run_tool, '(semgrep -c r/python "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-rb', fn.global_run_tool, '(semgrep -c r/ruby "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-rust', fn.global_run_tool, '(semgrep -c r/rust "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-scala', fn.global_run_tool, '(semgrep -c r/scala "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-scripts', fn.global_run_tool, '(semgrep -c r/scripts "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-solidity', fn.global_run_tool, '(semgrep -c r/solidity "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-stats', fn.global_run_tool, '(semgrep -c r/stats "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-swift', fn.global_run_tool, '(semgrep -c r/swift "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-terraform', fn.global_run_tool, '(semgrep -c r/terraform "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-trusted_python.txt', fn.global_run_tool, '(semgrep -c r/trusted_python "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-ts', fn.global_run_tool, '(semgrep -c r/typescript "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete ) &'),
('semgrep-yaml', fn.global_run_tool, '(semgrep -c r/yaml "`pwd`" --text-output="{out_fname}" >/dev/null 2>/dev/null ; find "{out_fname}" -size 0 -delete) &')
]
GLOBAL_POST_CHECKS = [
('sort_df_sources', fn.sort_df_sources_and_sinks, ''),
('gen_df_bugs', fn.gen_df_bugs, ''),
('basic_end_time', fn.basic_get_time, ''),
# add dataflow searches here
]
# search for regex, call fn passing fname, out_fname and arg
FILE_CHECKS = [
('exe_scan', regex.compile(r'''\.exe$'''), fn.file_scan_exe, None),
('minor_file_h5', regex.compile(r'''\.h5$'''), fn.file_exists, None),
('minor_file_hd5', regex.compile(r'''\.hd5$'''), fn.file_exists, None),
('minor_file_hdf5', regex.compile(r'''\.hdf5$'''), fn.file_exists, None),
('file_pkl', regex.compile(r'''\.pkl$'''), fn.file_exists, None),
('minor_file_pt', regex.compile(r'''\.pt$'''), fn.file_exists, None),
('file_secret', regex.compile(r'''secret'''), fn.file_exists, None),
('tool_shellcheck', regex.compile(r'''\.sh$'''), fn.file_scan_shell, None),
('minor_py_requirements', regex.compile(r'''requirements.txt'''), fn.file_run_tool, 'echo "{fname}" >> "{out_fname}"; safety check --full-report -r "{fname}" >> "{out_fname}"'),
]
HASH_EXCLUSIONS = [
regex.compile('0000000000000000'),
regex.compile('0123456789'),
regex.compile('EXAMPLE'),
regex.compile('data:image'),
regex.compile('deadbeef'),
regex.compile('integrity'),
regex.compile('md5sum'),
regex.compile('reference'),
regex.compile('shasum'),
regex.compile(r'''\?rev='''),
]
CS_EXCLUSIONS = [regex.compile(r'''^\s*//'''), ]
GO_EXCLUSIONS = [regex.compile(r'''^\s*//'''), ]
LINE_CUSTOM_CHECKS = [
]
LINE_REGEX_CHECKS = [
('apple_keychain_item', regex.compile(r'''KeychainItem.{0,200}$'''), APPLE_FILES),
('apple_ksecvaluedata', regex.compile(r'''kSecValueData.{0,200}$'''), APPLE_FILES),
('apple_secitemupdate', regex.compile(r'''SecItemUpdate.{0,200}$'''), APPLE_FILES),
('applescript_shell', regex.compile(r'''do\s+shell\s+script.{0,199}$''')),
('asan_reference', regex.compile(r'''\W(asan|address_sanitizer|no_sanitize_address)\W.{0,200}$''')),
('auth_basic', regex.compile(r'''Authorization.{0,20}Basic\s\w+.{0,200}$''')),
('boost_process', regex.compile(r'''boost::process::child.{0,200}$''')),
('c_arch_recv', regex.compile(r'''(recv|Recv|recvfrom|recvmsg|RecvFrom)\('''), C_FILES),
('c_cpy_sizeof_src1', regex.compile(r'''(strlcpy|strlcat|strncpy|strncat|strcpy_s|strcat_s)\s*\(\s*\s*[^,]+\s*,\s*([^,]+)\s*,\s*(strlen|sizeof)\s*\(\s*\2\s*\)'''), C_FILES),
('c_cpy_sizeof_src2', regex.compile(r'''(strlcpy|strlcat|strncpy|strncat|strcpy_s|strcat_s)\s*\(\s*\s*[^,]+\s*,\s*([^,]+)\s*,\s*(strlen|sizeof)\s*\2\W'''), C_FILES),
('c_cpy_sizeof_src3', regex.compile(r'''(strlcpy|strlcat|strncpy|strncat|strcpy_s|strcat_s)\s*\(\s*(\([^\)]*\))\s*[^,]+\s*,\s*([^,]+)\s*,\s*(strlen|sizeof)\s*(\()?\s*\3\s*(\))?'''), C_FILES),
('c_cpy_sizeof_src4', regex.compile(r'''\W(strlcpy|strlcat|strncpy|strncat|strcpy_s|strcat_s)\s*\([^,]+,\s*([^,]+)\s*,[^,;}]+\W\2\W'''), C_FILES),
('c_cpy_sizeof_src5', regex.compile(r'''\W(strlcpy|strlcat|strncpy|strncat|strcpy_s|strcat_s)\s*\([^,]+,\s*([^,]+)\s*,[^,;}]+\2'''), C_FILES),
('c_fmt_off_by_one', regex.compile(r'''sprintf.*\%\.\*s.{0,99}sizeof.{0,99}$'''), C_FILES),
('c_fscanf', regex.compile(r'''fscanf\s*\(.*\"[^\"]*%s.{0,99}$'''), C_FILES),
('c_gets', regex.compile(r'''\Wgets\s*\(.{0,99}$'''), C_FILES),
('c_insecure_loadlib', regex.compile(r'''\W(LoadLibrary|LoadLibraryA|LoadLibraryW|LoadLibraryEx|LoadLibraryExA|LoadLibraryExW)\([^/\n]{0,199}$'''), C_FILES),
('c_malloc_wraparound', regex.compile(r'''k?malloc\(.*([+*]|-[^>])'''), C_FILES),
('c_memcpy_wraparound', regex.compile(r'''memcpy\(.*([+*]|-[^>])'''), C_FILES),
('c_memset_insecure_zeroing', regex.compile(r'''memset\s*\([^,]*,\s*0\s*.{0,99}$'''), C_FILES),
('c_memset_zero_bytes', regex.compile(r'''memset\s*\([^,]*,[^,]*,\s*0\s*\).{0,99}$'''), C_FILES),
('c_non_const_fmt_p1', regex.compile(r'''\W(printf|vprintf)\s*\([^",]+,[^",]+,'''), C_FILES),
('c_non_const_fmt_p2', regex.compile(r'''\W(f|s|as|d|vf|vs|vas|vd)printf\s*\([^",]+,[^",]+,'''), C_FILES),
('c_non_const_fmt_p3', regex.compile(r'''\W(sn|vsn)printf\s*\([^",]+,[^",]+,[^",]+,'''), C_FILES),
('c_ntoh_length_wrap', regex.compile(r'''(length|size).*ntoh.*(-|\+|\*)'''), C_FILES),
('c_potential_fmt_off_by_one', regex.compile(r'''sprintf.*\%\.\*s.{0,200}$'''), C_FILES),
('c_scanf', regex.compile(r'''(f|s|vf|v|vs)\?scanf\s*\(.{0,99}$'''), C_FILES),
('c_scanf2', regex.compile(r'''scanf\s*\(.*\"[^\"]*%s.{0,99}$'''), C_FILES),
('c_scanf_s', regex.compile(r'''(f|s|vf|v|vs)\?scanf\s*\(.*\"[^\"]*%s.{0,99}$'''), C_FILES),
('c_snprintf_retval_use', regex.compile(r'''\+=\s*v?snprintf.{0,99}$'''), C_FILES),
('c_socket', regex.compile(r'''socket\('''), C_FILES),
('c_sprintf_ls', regex.compile(r'''sprintf\s*\(.*\"[^\"]*%ls.{0,99}$'''), C_FILES),
('c_sprintf_path', regex.compile(r'''s.?printf\(.{0,99}(/%s|%s/).{0,99}$'''), C_FILES),
('c_sprintf_s', regex.compile(r'''sprintf\s*\(.*\"[^\"]*%s.{0,99}$'''), C_FILES),
('c_sscanf_s', regex.compile(r'''sscanf\s*\(.*\"[^\"]*%s.{0,99}$'''), C_FILES),
('c_trusted_length_in_input', regex.compile(r'''len\s*=.*\*.{0,199}$'''), C_FILES),
('c_warning_supress', regex.compile(r'''#pragma\s+warning\s*\(\s*suppress'''), C_FILES),
('cfg_haproxy_plaintext_password', regex.compile(r'''insecure-password.{0,99}$'''), CFG_FILES),
('chpasswd', regex.compile(r'''chpasswd.{0,200}$''')),
('cmdi_Popen2', regex.compile(r'''\WPopen\([^)].{0,99}$''')),
('cmdi_c_process_exec', regex.compile(r'''exec[lv][epP]*\(.{0,99}$''')),
('cmdi_check_output', regex.compile(r'''\Wcheck_output\([^)].{0,99}$''')),
('cmdi_child_process', regex.compile(r'''child_process.{0,99}$''')),
('cmdi_command', regex.compile(r'''["\'](chmod|chown|cmd.exe|copy|cp|git|gzip|mkdir|mktemp|rm|ssh|tar|unzip|/bin/sh|gunzip|del|cat|sed)\s.{0,199}$''')),
('cmdi_createProcess', regex.compile(r'''\WCreateProcess\W.{0,99}$''')),
('cmdi_dotnet_process', regex.compile(r'''\.StartInfo.{0,99}$'''), CS_FILES, CS_EXCLUSIONS),
('cmdi_exe_exec', regex.compile(r'''\"\w+\.exe\".{0,99}$''')),
('cmdi_exec', regex.compile(r'''\W\.exec.{0,99}$''')),
('cmdi_exec2', regex.compile(r'''^.{0,99}\Wexec\(.{0,99}$''')),
('cmdi_lua_exec', regex.compile(r'''os\.execute.{0,99}$''')),
('cmdi_options', regex.compile(r'''^.{0,199}(("[^\n"$-]*\s--[^-])|("--\w)).{0,199}$''')),
('cmdi_perl_interp', regex.compile(r'''\Wsystem\("[^"]*\$.{0,99}$'''), PL_FILES),
('cmdi_perl_interp2', regex.compile(r'''\Wsystem\("[^"]*@.{0,99}$'''), PL_FILES),
('cmdi_popen', regex.compile(r'''popen\([^)].{0,99}$''')),
('cmdi_process_new', regex.compile(r'''new\sProcess\(.{0,99}$''')),
('cmdi_scala_cmd_bang', regex.compile(r'''\.![^!].{0,99}$''')),
('cmdi_scala_cmd_bangbang', regex.compile(r'''\.!!.{0,99}$''')),
('cmdi_scala_processbuilder', regex.compile(r'''ProcessBuilder\s*\(.{0,99}$''')),
('cmdi_shell_exec', regex.compile(r'''shell_exec.{0,99}$''')),
('cmdi_shellexec', regex.compile(r'''ShellExecute.{0,199}$''')),
('cmdi_spawn', regex.compile(r'''^.{0,99}\Wspawn\(.{0,99}$''')),
('cmdi_system_noempty', regex.compile(r'''\Wsystem\([^)].{0,99}$''')),
('cmdi_win_proc_start', regex.compile(r'''ProcessStartInfo.{0,99}$''')),
('code_inject', regex.compile(r'''new\s+Function\s*\(''')),
('comment_credit_card', regex.compile(r'''credit.card.{0,99}$''')),
('comment_cvv', regex.compile(r'''\Wcvv\W.{0,99}$''')),
('comment_inflate_version', regex.compile(r'''inflate.*[0123456789.]{3,}.*Copyright.*Mark.*Adler.{0,99}$''')),
('comment_luck', regex.compile(r'''\Wlucky*\W''')),
('comment_obscenities', regex.compile(r'''\W(asshole|bastard|brainfuck|cock|crap|crappy|cunt|dick|flippin|flipping|fuck|fucking|motherfucker|screwed|shit|pussy|tits)\W.{0,99}$''')),
('comment_rubocop_disable', regex.compile(r'''rubocop:disable.{0,99}$''')),
('comment_rubocop_disable_security', regex.compile(r'''rubocop:disable\s+Security.{0,99}$'''), RUBY_FILES),
('comment_security_concern', regex.compile(r'''security (concern|problem|vulnerability|issue).{0,199}$''')),
('comment_static_analysis_tool', regex.compile(r'''(?i)(NOLINT|\Wnosem\W|noinspection|safesql|coverity|fortify|veracode|Prefast|DevSkim|checkmarx|\Wnosec\W|\WNOSONAR\W|@SuppressWarnings|\Wnoqa\W).{0,99}$''')),
('comment_todos', regex.compile(r'''\W(TODO|HACK|FIXME|XXX|BROKEN)\W.{0,99}$''')),
('const_amazon_s3_url', regex.compile(r'''s3://[^\.].{3,199}$''')),
('const_amazon_s3_url2', regex.compile(r'''https://s3-.{3,299}$''')),
('const_amazon_secret_key', regex.compile(r'''["\'][A-Za-z0-9/+=]{40}["\'].{0,99}$'''), None, [regex.compile('reference')]),
('const_aws_hosts', regex.compile(r'''\S{10,199}\.amazonaws\.com.{0,199}$''')),
('cors_allow_all', regex.compile(r'''Access-Control-Allow-Origin.*"\*".{0,99}$''')),
('createEvent', regex.compile(r'''CreateEvent.{0,99}$''')),
('cred_CAPS_secret', regex.compile(r'''[A-Z0-9]{1..99}_SECRET[A-Z0-9_]*.{0,99}$''')),
('cred_access_token', regex.compile(r'''^.{0,299}x-access-token.{0,299}$''')),
('cred_access_token', regex.compile(r'''^\s*access_token:\s*[a-zA-Z0-9\.\-\_\!\?\#\&\*\:\;\@\(\)\<\>\%]{18,}\s*$''')),
('cred_api_key', regex.compile(r'''^[^=\n]{0,199}API_KEY[^\n]{7,199}$''')),
('cred_api_token', regex.compile(r'''api_token=[0-9a-f]{40}.{0,200}$''')),
('cred_auth', regex.compile(r'''"AUTH"[,\s]+"[^\n]{5,99}".{0,99}$''')),
('cred_auth_header', regex.compile(r'''Authorization:\s*\w+\s*[A-Za-z0-9.+=_@!^&*()-?]{8,200}\W''')),
('cred_aws_access_id2', regex.compile(r'''(^|[^A-Z0-9])(AKIA|ASIA)[A-Z0-9]{16}($|[^A-Z0-9]).{0,99}$''')),
('cred_aws_creds', regex.compile(r'''(AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AWS_DEFAULT_REGION).{20,199}$''')),
('cred_aws_secret_key', regex.compile(r'''(AWSSecretKey|AwsDevSecretKey|SecretKey|ClientSecret|BasicAWSCredentials|clientSecret|AWS_SECRET_KEY|AgentToken).{0,199}$''')),
('cred_azure_client_id', regex.compile(r'''client_id[^\n]+[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}.{0,199}$''')),
('cred_azure_client_secret', regex.compile(r'''client_secret[^\n]+\W[a-zA-Z0-9\+\-\_\/]{32}\W.{0,199}$''')),
('cred_azure_storage_key', regex.compile(r'''[Aa]zure[Ss]torage[Kk]ey.*[Aa]ccount[Kk]ey.{0,499}$''')),
('cred_azure_tenant_id', regex.compile(r'''tenant_id[^\n]+[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}.{0,199}$''')),
('cred_base64', regex.compile(r'''base64.{0,99}$''')),
('cred_bcrypt_hash', regex.compile(r'''<bcrypt-hash>.{0,199}$''')),
('cred_buildfile', regex.compile(r'''<Password>.{5,200}</Password>''')),
('cred_config_key', regex.compile(r'''add\s+key="\w*key\w*".{1,99}$'''), CFG_FILES),
('cred_config_password', regex.compile(r'''add\s+key="\w*password\w*".{1,99}$'''), CFG_FILES),
('cred_config_secret', regex.compile(r'''add\s+key="\w*secret\w*".{1,99}$'''), CFG_FILES),
('cred_connectionString', regex.compile(r'''ConnectionString\s*=.{0,99}$''')),
('cred_connectionstring2', regex.compile(r'''(DSN|DATASOURCE|UID|USER\sID|USER)=[^;].{1,99}(PASSWORD|PWD)=[^;].{1,99}$''')),
('cred_curl_auth', regex.compile(r'''^.{0,200}curl[^\n]{0,200}-u[^\n]{0,200}:[^\n]{0,200}$''')),
('cred_dot_secret_key', regex.compile(r'''\.SecretKey.{0,99}$''')),
('cred_dotnet_password', regex.compile(r'''^.{0,200}assword\s*=\s*"[^"]+".{0,200}$'''), CS_FILES),
('cred_env_password', regex.compile(r'''^.{0,200}ENV\s*\w*PASS\w*\s*"[^"]+".{0,200}$''')),
('cred_facebook', regex.compile(r'''(?i)facebook[^=]*=[^=]*[0-9a-f]{32}.{0,99}$''')),
('cred_github', regex.compile(r'''(?i)github[^=]*=[^=]*[0-9a-zA-Z]{35,40}.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_github_token', regex.compile(r'''GITHUB_TOKEN.{0,299}$''')),
('cred_google_clientid', regex.compile(r'''clientId.{30,80}googleusercontent.com.{0,299}$''')),
('cred_hash_1', regex.compile(r'''\$1\$\w{4,99}$\w{4,99}.{0,99}$''')),
('cred_hash_10', regex.compile(r'''\$krb5tgs\$23\$.{0,99}$''')),
('cred_hash_11', regex.compile(r'''\$md5\$.*\$.{0,99}$''')),
('cred_hash_12', regex.compile(r'''\$ml\$\d+\$.{0,99}$''')),
('cred_hash_13', regex.compile(r'''\$office\$\*2007\*.{0,99}$''')),
('cred_hash_14', regex.compile(r'''\$office\$\*2010\*.{0,99}$''')),
('cred_hash_15', regex.compile(r'''\$office\$\*2013\*.{0,99}$''')),
('cred_hash_16', regex.compile(r'''\$oldoffice\$1\*\d+.{0,99}$''')),
('cred_hash_17', regex.compile(r'''\$S\$.{0,99}$''')),
('cred_hash_19', regex.compile(r'''\W[a-f0-9]{128}:\w+\W.{0,99}$''')),
('cred_hash_2', regex.compile(r'''\$2a\$05\$.{0,99}$''')),
('cred_hash_21', regex.compile(r'''\W[a-f0-9]{32}:\w+\W.{0,99}$''')),
('cred_hash_23', regex.compile(r'''\W[a-f0-9]{40}:\w+\W.{0,99}$''')),
('cred_hash_25', regex.compile(r'''\W[a-f0-9]{64}:\w+\W.{0,99}$''')),
('cred_hash_26', regex.compile(r'''\W\w+\$[a-f0-9]{16}\W.{0,99}$''')),
('cred_hash_27', regex.compile(r'''\W\w+:\d+:[a-f0-9]{32}:[a-f0-9]{32}\W.{0,99}$''')),
('cred_hash_28', regex.compile(r'''u4-netntlm::.{0,99}$''')),
('cred_hash_29', regex.compile(r'''\{ssha1\}06\$.*\$.{0,99}$''')),
('cred_hash_2x', regex.compile(r'''\$2\w\$\d+\$[A-Za-z0-9./]{20,}.{0,99}$''')),
('cred_hash_3', regex.compile(r'''\$5\$\w{4,99}$\w{4,99}.{0,99}$''')),
('cred_hash_30', regex.compile(r'''\{ssha256\}06\$.{0,199}$''')),
('cred_hash_31', regex.compile(r'''\{SSHA512\}.{0,199}$''')),
('cred_hash_32', regex.compile(r'''\{ssha512\}06\$.{0,199}$''')),
('cred_hash_33', regex.compile(r'''\{x-issha,\s*1024\}.{0,199}$''')),
('cred_hash_4', regex.compile(r'''\$6\$\w{4,99}$\w{4,99}.{0,99}$''')),
('cred_hash_5', regex.compile(r'''\$8\$\w{4,99}$\w{4,99}.{0,99}$''')),
('cred_hash_6', regex.compile(r'''\$9\$\w{4,99}$\w{4,99}.{0,99}$''')),
('cred_hash_7', regex.compile(r'''\$apr1\$\w{4,99}$\w{4,99}.{0,99}$''')),
('cred_hash_8', regex.compile(r'''\$DCC2\$\d+#.*#.{0,99}$''')),
('cred_hash_9', regex.compile(r'''\$keepass\$\*\d+\*\d+\*\d+\*.{0,99}$''')),
('cred_hash_AIX', regex.compile(r'''\{ssha256\}[0-9a-zA-Z\$\+\/\.]{20,}\W.{0,99}$''')),
('cred_hash_AIX', regex.compile(r'''\{ssha512\}[0-9a-zA-Z\$\.\-\+\/]{20,}\W.{0,99}$''')),
('cred_hash_Android_FDE_SamsungDEK', regex.compile(r'''\W[0-9a-fA-F]{160}\W.{0,99}$''')),
('cred_hash_ArubaOS', regex.compile(r'''\W[0-9a-fA-F]{50}\W.{0,99}$''')),
('cred_hash_Atlassian', regex.compile(r'''\{PKCS5S2\}[0-9a-zA-Z]{64}\W.{0,99}$''')),
('cred_hash_Cisco_IOS_type_4', regex.compile(r'''\W[0-9a-zA-Z]{43}\W.{0,99}$''')),
('cred_hash_Cisco_PIX_MD5', regex.compile(r'''password\s+[0-9a-zA-Z\+\.\/]{16}\s+encrypted.{0,99}$''')),
('cred_hash_ColdFusion', regex.compile(r'''\W[0-9a-fA-F]{64}:[0-9a-fA-F]{64}\W.{0,99}$''')),
('cred_hash_DES_Oracle', regex.compile(r'''\W[0-9a-fA-F]{16}:[0-9a-fA-F]{10}\W.{0,99}$''')),
('cred_hash_DomainCachedCredentials', regex.compile(r'''\W[0-9a-fA-F]{32}:[0-9a-fA-F]{13}\W.{0,99}$''')),
('cred_hash_EPi', regex.compile(r'''0x[0-9a-zA-Z]{60}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_FileZillaServer_0.9.55', regex.compile(r'''\W[0-9a-fA-F]{128}:[0-9a-fA-F]{64}\W.{0,99}$''')),
('cred_hash_FortiGate', regex.compile(r'''\W[0-9a-zA-Z\+\.\/]{46}=\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_HMAC_SHA256', regex.compile(r'''\W[0-9a-fA-F]{64}:[0-9a-fA-F]{8}\W.{0,99}$''')),
('cred_hash_IPB2', regex.compile(r'''\W[0-9a-fA-F]{32}:[0-9a-fA-F]{2,20}\W.{0,99}$''')),
('cred_hash_IPMI2_RAKP_HMAC_SHA1', regex.compile(r'''\W[0-9a-fA-F]{130}:[0-9a-fA-F]{40}\W.{0,99}$''')),
('cred_hash_Joomla', regex.compile(r'''\W[0-9a-fA-F]{32}:[0-9a-fA-F]{32}\W.{0,99}$''')),
('cred_hash_MSSQL_2000', regex.compile(r'''0x01[0-9a-zA-Z]{90}\W.{0,99}$''')),
('cred_hash_MSSQL_2005', regex.compile(r'''0x01[0-9a-zA-Z]{50}\W.{0,99}$''')),
('cred_hash_MSSQL_2012_2014', regex.compile(r'''0x02[0-9a-zA-Z]{138}\W.{0,99}$''')),
('cred_hash_MySQL323', regex.compile(r'''\W[0-9a-fA-F]{16}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_NetNTLMv1', regex.compile(r'''\W[0-9a-zA-Z]{48}:[0-9a-zA-Z]{16}\W.{0,99}$''')),
('cred_hash_OSX', regex.compile(r'''\W[0-9a-fA-F]{48}\W.{0,99}$''')),
('cred_hash_OSXv10.7', regex.compile(r'''\W[0-9a-fA-F]{136}\W.{0,99}$''')),
('cred_hash_OpenCart', regex.compile(r'''\W[0-9a-fA-F]{40}:[0-9a-fA-F]{9}\W.{0,99}$''')),
('cred_hash_Oracle11', regex.compile(r'''\W[0-9a-fA-F]{40}:[0-9a-fA-F]{20}\W.{0,99}$''')),
('cred_hash_Oracle12', regex.compile(r'''\W[0-9a-fA-F]{160}\W.{0,99}$''')),
('cred_hash_PeopleSoft', regex.compile(r'''\W[0-9a-fA-F]{40}:[0-9a-fA-F]{126}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_PeopleSoft2', regex.compile(r'''\W[0-9a-zA-Z]{27}=.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_PostgreSQL', regex.compile(r'''\W[0-9a-zA-Z]{32}:[0-9a-zA-Z]{2,20}\W.{0,99}$''')),
('cred_hash_PunBB', regex.compile(r'''\W[0-9a-fA-F]{40}:[0-9a-fA-F]{12}\W.{0,99}$''')),
('cred_hash_Radmin2', regex.compile(r'''\W[0-9a-fA-F]{32}[^:0-9a-fA-F].{0,99}$''')),
('cred_hash_Redmine', regex.compile(r'''\W[0-9a-fA-F]{40}:[0-9a-fA-F]{32}\W.{0,99}$''')),
('cred_hash_SHA_224', regex.compile(r'''\W[0-9a-fA-F]{56}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_SHA_256', regex.compile(r'''\W[0-9a-fA-F]{64}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_SHA_384', regex.compile(r'''\W[0-9a-fA-F]{96}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_SHA_512', regex.compile(r'''\W[0-9a-fA-F]{128}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_SSHA_256', regex.compile(r'''\{SSHA256\}[0-9a-zA-Z\+\/]{47}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_SSHA_512', regex.compile(r'''\{SSHA512\}[0-9a-zA-Z\+]{95}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_SamsungAndroidPassword', regex.compile(r'''\W[0-9a-fA-F]{40}:[0-9a-fA-F]{16}\W.{0,99}$''')),
('cred_hash_SipHash', regex.compile(r'''\W[0-9a-fA-F]{16}:[0-9a-fA-F]{32}\W.{0,99}$''')),
('cred_hash_SybaseASE', regex.compile(r'''0x[0-9a-zA-Z]{84}\W.{0,99}$''')),
('cred_hash_WindowsPhone8', regex.compile(r'''\W[0-9a-fA-F]{64}:[0-9a-fA-F]{256}\W.{0,99}$''')),
('cred_hash_hMailServer', regex.compile(r'''\W[0-9a-fA-F]{70}\W.{0,99}$''')),
('cred_hash_md4_md5', regex.compile(r'''\W[0-9a-fA-F]{32}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_md5', regex.compile(r'''md5\$.{0,99}\$[a-zA-Z0-9].{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_salted_md5', regex.compile(r'''\W[0-9a-fA-F]{32}:[0-9a-fA-F]{2,20}\W.{0,99}$''')),
('cred_hash_salted_sha1', regex.compile(r'''\W[0-9a-fA-F]{40}:[0-9a-fA-F]{2,20}\W.{0,99}$''')),
('cred_hash_saltedsha512', regex.compile(r'''\W[0-9a-fA-F]{128}:[0-9a-fA-F]{10}\W.{0,99}$''')),
('cred_hash_sha1', regex.compile(r'''\W[0-9a-fA-F]{40}\W.{0,99}$'''), None, HASH_EXCLUSIONS),
('cred_hash_vBulletin', regex.compile(r'''\W[0-9a-fA-F]{32}:[0-9a-fA-F]{30}\W.{0,99}$''')),
('cred_hex_dblquotes', regex.compile(r'''^.{0,199}"[a-f0-9]{16,}".{0,199}$'''), None, HASH_EXCLUSIONS),
('cred_identified_by', regex.compile(r'''IDENTIFIED\s+BY\s+\'[^\n]{0,299}$''')),
('cred_in_url', regex.compile(r'''\w+://\w+:\w+@\w+.{0,99}$''')),
('cred_jdbc_dbl', regex.compile(r'''"jdbc:\w+://[^"]{0,99}".{0,99}$''')),
('cred_jdbc_sgl', regex.compile(r'''\'jdbc:\w+://[^\']{0,99}\'.{0,99}$''')),
('cred_key', regex.compile(r'''^\s*key:\s*[a-zA-Z0-9\.\-\_\!\?\#\&\*\:\;\@\(\)\<\>\%]{10,}\s*$''')),
('cred_key_equals', regex.compile(r'''^[^=\n]{0,199}KEY[^=\n]{0,30}=\s*[^\n\s]{7,199}\s*$''')),
('cred_keys', regex.compile(r'''\-----BEGIN[A-Z\s]*KEY[A-Z\s]*-----''')),
('cred_mysql_connect_call', regex.compile(r'''new mysqli\(.{0,99}$''')),
('cred_mysql_passwords', regex.compile(r'''\Wmysql\s.{0,99}[^-]-p[^\$\%].{0,99}$''')),
('cred_network_credential', regex.compile(r'''\WNetworkCredential\(.{0,399}$''')),
('cred_password', regex.compile(r'''^\s*password:\s*[a-zA-Z0-9\.\-\_\!\?\#\&\*\:\;\@\(\)\<\>\%]{10,}\s*$''')),
('cred_password01', regex.compile(r'''\s--password\s*=\s*[^\$\%].{0,99}$''')),
('cred_password02', regex.compile(r'''password=[^\s";.]*.{0,199}$''')),
('cred_password03', regex.compile(r'''password"[^"]*value="[^"]*.{0,199}$''')),
('cred_password04', regex.compile(r'''password"[^",\w]{0,50}"[^"]{0,50}".{0,199}$''')),
('cred_password05', regex.compile(r'''key=[^\s";.]*.{0,199}$''')),
('cred_password_config', regex.compile(r'''^\s*password\s\S{5,99}\s*$''')),
('cred_password_equals', regex.compile(r'''^[^=\n]{0,199}PASSWORD[^=\n]{0,30}=\s*[^\n\s]{7,199}\s*$''')),
('cred_password_equals', regex.compile(r'''password[^=\n]{0,30}=.{0,199}$''')),
('cred_password_equals2', regex.compile(r'''password\s*=\s*".{0,99}$''')),
('cred_postgres_pgpass_format', regex.compile(r'''^[.a-zA-Z0-9_-]+(:[.a-zA-Z0-9_-]+){4}$''')),
('cred_private_key', regex.compile(r'''privateKey.{0,99}$''')),
('cred_public_key', regex.compile(r'''publicKey.{0,99}$''')),
('cred_refreshToken', regex.compile(r'''refreshToken.{16,80}$''')),
('cred_secret', regex.compile(r'''^\s*secret:\s*[a-zA-Z0-9\.\-\_\!\?\#\&\*\:\;\@\(\)\<\>\%]{18,}\s*$''')),
('cred_secret_equals', regex.compile(r'''^[^=\n]{0,199}SECRET[^=\n]{0,30}=\s*[^\n\s]{7,199}\s*$''')),
('cred_secretname_equals', regex.compile(r'''(accesskey|secretkey|apisecret|apikey|GSUsername|GSPassword|SteamBuildMachineUsername|SteamBuildMachinePassword|S3BucketName).{0,99}[=:].{0,99}$''')),
('cred_signtool_password', regex.compile(r'''signtool.*/p.{0,99}$''')),
('cred_slack', regex.compile(r'''xox[baprs]-[^=]*=[^=]*.{0,99}$''')),
('cred_stripe_secret_token', regex.compile(r'''(?i)STRIPE[^\n]+(sk)_[0-9a-zA-Z_]{10,64}.{0,99}$''')),
('cred_stripe_token', regex.compile(r'''(?i)(sk|pk)_(test|live)_[0-9a-zA-Z]{10,32}.{0,99}$''')),
('cred_telegram', regex.compile(r'''(?i)telegram[^=]*=[^=]*[0-9]{1,12}+:[0-9a-zA-Z-]{32,44}.{0,99}$''')),
('cred_token_equals', regex.compile(r'''^[^=\n]{0,199}TOKEN[^=\n]{0,30}=\s*[^\n\s]{7,199}\s*$''')),
('cred_twitter', regex.compile(r'''(?i)twitter[^=]*=[^=]*[0-9a-zA-Z]{35,44}.{0,99}$''')),
('crypto_algorithm_name', regex.compile(r'''\W(AES|DES|SHA|SHA1|SHA2|SHA256|SHA512|blowfish|MD5|IDEA|RSA|DSA|MD4|SHA3|HMAC)\W.{0,99}$''')),
('crypto_api_call', regex.compile(r'''\W(CryptAcquireContext|CryptDeriveKey|CryptGenKey|CryptGenRandom)\W.{0,99}$''')),
('crypto_b64', regex.compile(r'''AES\.DecryptFromBase64.{0,99}$''')),
('crypto_b64_2', regex.compile(r'''AES\.DecryptFromBase64.{0,99}$''')),
('crypto_diffie_hellman', regex.compile(r'''[D|d]iffie.*[H|h]ellman.{0,99}$''')),
('cve_id', regex.compile(r'''\WCVE-\d\d\d\d-.{0,200}$''')),
('define_password', regex.compile(r'''^.{0,99}#define.{0,99}PASSWORD.{0,99}".{0,99}$'''), C_FILES, CS_EXCLUSIONS),
('df_c_sinks', regex.compile(r'''^.{0,99}\W(system|strcpy|strcat|memcpy|sprintf)\s*\(.{0,199}$'''), C_FILES),
('df_c_sources', regex.compile(r'''^.{0,99}\W(recv|argv|fread|fgets|scanf|fscanf).{0,199}$'''), C_FILES),
('df_dotnet_sinks', regex.compile(r'''^.{0,99}\W(GetAsync)\W.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('df_dotnet_sinks', regex.compile(r'''^.{0,99}\W(WriteFile|FileSystem|SimpleDB|ExecuteSqlCommand|SqlCommand|ProcessStartInfo|CreateProcess|WriteAllText|HttpClient)\W.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('df_dotnet_sinks', regex.compile(r'''^.{0,99}\WLIKE\s*'\%\{\w+}\%'.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('df_dotnet_sources', regex.compile(r'''^.{0,99}\W(QueryString|Request|HttpGet|HttpPost|HttpPut|FromBase64String|Parse|Load)\W.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('df_dotnet_sources', regex.compile(r'''^.{0,99}\W(string.Format)\W.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('df_java_sinks', regex.compile(r'''^.{0,99}\W"\s*\+\s*[^"]{1,199}".{0,199}$'''), JAVA_FILES),
('df_java_sinks', regex.compile(r'''^.{0,99}\W(HttpHeaders|URI|setHeader|uploadFile|File|createFile|save)\W.{0,199}$'''), JAVA_FILES),
('df_java_sinks', regex.compile(r'''^.{0,99}\W(execute|HttpClient|PostMethod|exec|Runtime|executeMethod|SqlQuery|executeQuery|QueryBuilder)\W.{0,199}$'''), JAVA_FILES),
('df_java_sources', regex.compile(r'''^.{0,99}\W(FromBase64String|Parse|Load|JSONObject|InputStreamReader|BufferedReader|readLine|params|Param|RequestMapping)\W.{0,199}$'''), JAVA_FILES),
('df_java_sources', regex.compile(r'''^.{0,99}\W(PathVariable|RequestBody|requestBody|RequestHeader|queryString|RequestParam|getParameter|GetMapping)\W.{0,199}$'''), JAVA_FILES),
('df_java_sources', regex.compile(r'''^.{0,99}\W(PutMapping|PostMapping)\W.{0,199}$'''), JAVA_FILES),
('df_php_sinks', regex.compile(r'''^.{0,99}\W(assert|copy|eval|exec|file|fopen|include|mssql_query|mysqli_query|pcntl_exec|pg_query|popen|require|require_once|shell_exec|system)\s*\(.{0,199}$'''), PHP_FILES),
('df_php_sources', regex.compile(r'''^.{0,99}\W(\$_POST|\$_GET|\$_REQUEST|\$_COOKIE|readline|fscanf|fgets|file_get_contents).{0,199}$'''), PHP_FILES),
('df_py_sinks', regex.compile(r'''^.{0,99}\W(rename|makedirs|open|write|HTTPAdapter|Request|urlopen|make_response|dumps|redirect|jsonify|chdir|remove)\s*\(.{0,199}$'''), PY_FILES),
('df_py_sinks_crit', regex.compile(r'''^.{0,99}\W(system|check_output|execute|subprocess.call|Popen|popen)\s*\(.{0,199}$'''), PY_FILES),
('df_py_sources', regex.compile(r'''^.{0,99}\W(loads|load|open|route|request.args|get_json|get|read)\s*\(.{0,199}$'''), PY_FILES),
('df_py_sources', regex.compile(r'''^.{0,99}\W(request.form|session|args|environ|\+\W*\w+\W*\+).{0,199}$'''), PY_FILES),
('df_ruby_sinks', regex.compile(r'''^.{0,99}\W(IO.binread|IO.binwrite|IO.foreach|JSON.load|JSON.parse|popen|read|write|eval|exec|spawn|syscall|system|eval|constantize|render).{0,199}$'''), RUBY_FILES),
('df_ruby_sources', regex.compile(r'''^.{0,99}\W(params|query_parameters|path_parameters|get|post|query_string)\W.{0,199}$'''), RUBY_FILES),
('dllimport', regex.compile(r'''dllimport.{0,99}$''')),
('dotnet_Rfc2898DeriveBytes', regex.compile(r'''\WRfc2898DeriveBytes.{0,200}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_allow_all', regex.compile(r'''allow.{0,10}users.{0,10}\*.{0,100}$'''), DOTNET_FILES),
('dotnet_allow_users', regex.compile(r'''allow.{0,10}users.{0,10}=.{0,100}$''')),
('dotnet_allowanonymous', regex.compile(r'''\[AllowAnonymous\].{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_app_paths', regex.compile(r'''location.{0,10}path.{0,10}=.{0,100}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_appendformat', regex.compile(r'''\.AppendFormat.{1,80}\{\d+\}.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_binaryformatter_deserial_CA2300', regex.compile(r'''\WBinaryFormatter.{0,200}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_binarywrite', regex.compile(r'''\WBinaryWrite\W.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_certvalidation_none', regex.compile(r'''X509CertificateValidationMode\.None.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_cookie', regex.compile(r'''HttpCookie.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_crypto', regex.compile(r'''\WSystem\.Security\.Cryptography\W.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_cryptoserviceprovider', regex.compile(r'''CryptoServiceProvider.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_dirBrowse', regex.compile(r'''directoryBrowse.{1,20}enable.{1,20}true.{0,99}$'''), DOTNET_FILES),
('dotnet_disablesecurity', regex.compile(r'''DisableSecurity.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_dotnet_interpolation', regex.compile(r'''string\.Format\(.*{.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_dotnet_net', regex.compile(r'''System\.Net.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_dotnet_pipes', regex.compile(r'''System\.IO\.Pipes.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_dotnet_saveas', regex.compile(r'''\.SaveAs\(.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_dotnet_string_format', regex.compile(r'''string\.Format.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_forms_authentication', regex.compile(r'''FormsAuthentication.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_insecure_rsa_padding', regex.compile(r'''\.Encrypt\(.{1,99}false.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_method', regex.compile(r'''\[Http(Post|Get|Patch|Put|Delete).{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_pageload', regex.compile(r'''Page_Load.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_replaceQuote', regex.compile(r'''(Replace\("\""|Replace\("\'").{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_request_object', regex.compile(r'''\WRequest\..{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_response_object', regex.compile(r'''\WResponse\..{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_route', regex.compile(r'''\.MapRoute\(.{0,299}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_skip_auth', regex.compile(r'''SkipAuthorization.{0,100}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_skip_ssl_validation', regex.compile(r'''ServerCertificateCustomValidationCallback.{0,299}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqlClient', regex.compile(r'''\W(SqlClient|SqlCommand).{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqlCmd', regex.compile(r'''\W(ExecuteSqlCommand|ExecuteSqlCommandAsync|SqlQuery).{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqlConnection', regex.compile(r'''\WSqlConnection.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqlclient', regex.compile(r'''\W(SqlClient|SqlCommand).{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqlcommand', regex.compile(r'''\W(ExecuteSqlCommand|ExecuteSqlCommandAsync|SqlQuery).{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqli_and', regex.compile(r'''".{0,99}\Wand\W.{0,99}".{0,99}\+.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqli_doubleupquote', regex.compile(r'''Replace.{0,99}\'.{0,99}\'\'.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqli_interpolation', regex.compile(r'''=\s*{.{0,200}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqli_select_brace', regex.compile(r'''"select.{0,199}\{.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_sqli_simpleDB', regex.compile(r'''\sSimpleDB\..{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_tripledes', regex.compile(r'''TripleDESCryptoServiceProvider.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_unsafe', regex.compile(r'''\sunsafe\s.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_validateinput_false', regex.compile(r'''\[ValidateInput.{1,20}false.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_weak_ecb_mode', regex.compile(r'''CipherMode\.ECB.{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_web_dotnet_weak_hash', regex.compile(r'''(RIPEMD160|SHA1|MD5|MD2|MD4).{0,99}(.{0,99}){0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_webmethod', regex.compile(r'''\[(WebMethod|WebService|ScriptMethod|ScriptService).{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('dotnet_writefile', regex.compile(r'''\WWriteFile\W.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('endpoints', regex.compile(r'''/endpoints/.{0,99}$''')),
('export_creds', regex.compile(r'''^(.{0,10})export .{0,99}(LOGIN|USER|KEY|SECRET|BUCKET|TOKEN|CREDS|CREDENTIAL|PASS|AUTH).{0,99}=[^$]{6,199}$''')),
('fileSystem_call', regex.compile(r'''FileSystem\W.{0,99}$''')),
('file_Stream', regex.compile(r'''FileStream.{0,99}$''')),
('file_copy', regex.compile(r'''\WFile\.Copy\(.{0,99}$''')),
('file_copyFile', regex.compile(r'''copyFile\(.{0,99}$''')),
('file_dot', regex.compile(r'''File\..{0,99}$''')),
('file_get_contents', regex.compile(r'''file_get_contents.{0,99}$''')),
('go_exec', regex.compile(r'''\Wexec\..{0,99}$'''), GO_FILES, GO_EXCLUSIONS),
('go_exec_cmdi', regex.compile(r'''\Wexec\..{0,99}(/c|-c).{0,99}$'''), GO_FILES, GO_EXCLUSIONS),
('go_http_client', regex.compile(r'''\Whttp\.(Client|Get|Post|PostForm|NewRequest)\W.{0,99}$'''), GO_FILES),
('go_http_cookie', regex.compile(r'''\Whttp\.(Cookie|SetCookie)\W.{0,99}$'''), GO_FILES),
('go_http_header', regex.compile(r'''\Whttp\.Header\W.{0,99}$'''), GO_FILES),
('go_http_server', regex.compile(r'''\Whttp\.(ListenAndServe|Handle|HandleFunc|Server)\W.{0,99}$'''), GO_FILES),
('go_http_server_plaintext_only', regex.compile(r'''\Whttp\.ListenAndServe\(\W.{0,99}$'''), GO_FILES),
('go_os', regex.compile(r'''\Wos\..{0,99}$'''), GO_FILES, GO_EXCLUSIONS),
('go_reflect', regex.compile(r'''\Wreflect\..{0,99}$'''), GO_FILES, [regex.compile(r'''(DeepEqual|ValueOf)'''), ]),
('go_sprintf_s', regex.compile(r'''Sprintf\s*\(.*\"[^\"]*%s.{0,99}$'''), GO_FILES),
('go_sqli_select', regex.compile(r'''\.Select\(.{0,99}$'''), GO_FILES),
('go_sqli_sqlmodule', regex.compile(r'''"database/sql"'''), GO_FILES),
('go_ssh_ignore_host_key', regex.compile(r'''\WInsecureIgnoreHostKey.{0,99}$'''), GO_FILES, GO_EXCLUSIONS),
('go_unsafe', regex.compile(r'''\Wunsafe\W.{0,99}$'''), GO_FILES),
('go_world_fileperms', regex.compile(r'''(Mkdir|WriteFile|Chmod|OpenFile|FileMode|\Wos\.)\W0[0-7][0-7][1-7]\W.{0,99}$'''), GO_FILES),
('go_world_write', regex.compile(r'''(Mkdir|WriteFile|Chmod|OpenFile|FileMode|\Wos\.)\W0[0-7][0-7](1|2|3|5|6|7)\W.{0,99}$'''), GO_FILES),
('go_xss_writestring', regex.compile(r'''io\.WriteString\W.{0,99}$'''), GO_FILES),
('http_user_agent', regex.compile(r'''HTTP_USER_AGENT.{0,99}$''')),
('http_x_forwarded_for', regex.compile(r'''HTTP_X_FORWARDED_FOR.{0,99}$''')),
('insecure_url', regex.compile(r'''http://([a-zA-Z0-9]+\.)+[a-zA-Z0-9]+.{0,200}$'''), None, [regex.compile(r'''^\s*(\*+|//|/*|#|;)\s+'''), regex.compile(r'''(readme|\.md|xlmns|doctype)''')]), # noqa
('insecure_url2', regex.compile(r'''^.{0,200}http://.{0,200}$'''), None, [regex.compile(r'''^\s*(\*+|//|/*|#|;)\s+'''), regex.compile(r'''(readme|\.md|\|xlmns|doctype)''')]), # noqa
('intercept_url', regex.compile(r'''intercept-url{0,200}$''')),
('java_deserialisation', regex.compile(r'''\.readObject\(.{0,99}$'''), JAVA_FILES),
('java_spring_expression_lang_injection', regex.compile(r'''(<spring:message|<spring:eval).{0,99}\$\{.{0,99}$'''), JAVA_FILES),
('java_sqli', regex.compile(r'''\.(executeQuery|executequery|executeUpdate).{0,99}$'''), JAVA_FILES),
('js_var_include', regex.compile(r'''^\s*require\([^'"\n]{0,99}$'''), JS_FILES),
('memoryMappedFile', regex.compile(r'''MemoryMappedFile.{0,99}$''')),
('ml_fasttext_py', regex.compile(r'''import\s+fasttext.{0,99}$''')),
('ml_load_model', regex.compile(r'''\.load_model\(.{0,99}$''')),
('ml_numpy', regex.compile(r'''import\s+numpy.{0,99}$''')),
('ml_pytorch', regex.compile(r'''import\s+torch.{0,99}$''')),
('ml_tensorflow_model_server', regex.compile(r'''tensorflow_model_server.{0,99}$''')),
('ml_torch_load', regex.compile(r'''torch\.load.{0,99}$''')),
('ml_torchvision', regex.compile(r'''import\s+torchvision.{0,99}$''')),
('mongodb_url', regex.compile(r'''mongodb://.{0,200}$''')),
('netsh', regex.compile(r'''^.{0,200}\bnetsh\b.{0,200}$''')),
('new_file', regex.compile(r'''new\sFile\(.{0,99}$''')),
('nkt_hook_lib', regex.compile(r'''(NktHookLib|NKTHOOKLIB).{0,199}$'''), C_FILES),
('obfuscation', regex.compile(r'''obfusc.{0,200}$''')),
('paths', regex.compile(r'''^[^$"\n]*"[^$"\n]*/[^$"\n]*".{0,99}$''')),
('php_bad_rand', regex.compile(r'''\W(mt_rand|mt_srand|lcg_value|rand|uniqid|microtime|shuffle)\W.{0,99}$'''), PHP_FILES),
('php_cmdi_popen_var', regex.compile(r'''\Wpopen.*\(.*\$.*\).{0,99}$'''), PHP_FILES),
('php_cookie', regex.compile(r'''\$_COOKIE.{0,99}$'''), PHP_FILES),
('php_cookie_param_in_string', regex.compile(r'''\.\s+\$_COOKIE.{0,99}$'''), PHP_FILES),
('php_create_function', regex.compile(r'''create_function.{0,99}$'''), PHP_FILES),
('php_escapeshellarg', regex.compile(r'''escapeshellarg\s*\(.{0,200}$'''), PHP_FILES),
('php_exec', regex.compile(r'''\Wexec\s*\(.{0,200}$'''), PHP_FILES),
('php_filegetcontents', regex.compile(r'''file_get_contents\s*\(.{0,200}$'''), PHP_FILES),
('php_filter_input', regex.compile(r'''filter_input.{0,99}$'''), PHP_FILES),
('php_get', regex.compile(r'''\$_GET.{0,99}$'''), PHP_FILES),
('php_get_param_in_string', regex.compile(r'''\.\s+\$_GET.{0,99}$'''), PHP_FILES),
('php_good_rand', regex.compile(r'''\W(openssl_random_pseudo_bytes|random_int|random_bytes)\W.{0,99}$'''), PHP_FILES),
('php_order_by', regex.compile(r'''order\s+by.{0,200}\'.{0,200}\$.{0,200}$'''), PHP_FILES),
('php_parse_str_no_param', regex.compile(r'''parse_str\s*\([^\n,]{0,200}$'''), PHP_FILES),
('php_popen', regex.compile(r'''\Wpopen\s*\(.{0,200}$'''), PHP_FILES),
('php_post', regex.compile(r'''\$_POST.{0,99}$'''), PHP_FILES),
('php_post_param_in_string', regex.compile(r'''\.\s+\$_POST.{0,99}$'''), PHP_FILES),
('php_proc_open', regex.compile(r'''proc_open\s*\(.{0,200}$'''), PHP_FILES),
('php_rce_assert', regex.compile(r'''assert\(\s*"?\$\w*"?\s*\).{0,99}$'''), PHP_FILES),
('php_rce_eval', regex.compile(r'''\Weval\(\s*"?\$\w*"?\s*\).{0,99}$'''), PHP_FILES),
('php_request', regex.compile(r'''\$_REQUEST.{0,99}$'''), PHP_FILES),
('php_request_param_in_string', regex.compile(r'''\.\s+\$_REQUEST.{0,99}$'''), PHP_FILES),
('php_shell_exec', regex.compile(r'''shell_exec\s*\(.{0,200}$'''), PHP_FILES),
('php_sqli_codeigniter_disable_escape', regex.compile(r'''_protect_identifiers.*FALSE.{0,99}$'''), PHP_FILES),
('php_sqli_codeigniter_select_disable_escape', regex.compile(r'''select\(.*FALSE.{0,99}$'''), PHP_FILES),
('php_sqli_in', regex.compile(r'''^[^\n]{0,99}\$\w+[^\n]{0,99}\s+(AND|OR)\s+[^\n]{0,99}\sIN\s*\([^\n]{0,99}\.[^\n]{0,99}\$\w+[^\n]{0,99}\)[^\n]{0,99}$''')),
('php_ssl_disable_curl', regex.compile(r'''CURLOPT_SSL_VERIFYHOST\s*[=>,]*\s+(false|0).{0,99}$'''), PHP_FILES),
('php_strcmp_array_bypass', regex.compile(r'''strcmp.*==.{0,200}$'''), PHP_FILES),
('php_var_func', regex.compile(r'''\$\w+\(.{0,99}$'''), PHP_FILES),
('php_var_include', regex.compile(r'''(include|require).{0,99}\$.{0,99}$'''), PHP_FILES),
('php_xss_tag', regex.compile(r'''<\w+>.*\$\w+.{0,200}$'''), PHP_FILES),
('plaintext_port', regex.compile(r'''\.createInsecure\(.{0,99}$''')),
('priv_chmod', regex.compile(r'''chmod\(.{0,199}$''')),
('priv_chown', regex.compile(r'''chown\(.{0,199}$''')),
('py_check_output', regex.compile(r'''check_output\(.{0,99}$'''), PY_FILES),
('py_deserialisation', regex.compile(r'''pickle\.loads\(.{0,99}$'''), PY_FILES),
('py_deserialisation2', regex.compile(r'''pickle\.load\(.{0,99}$'''), PY_FILES),
('py_filesystem', regex.compile(r'''require\(\'fs\'\).{0,99}$'''), PY_FILES),
('py_flask_debug_mode', regex.compile(r'''^.{0,200}app\.run.{0,100}debug\s*=\s*True.{0,200}$'''), PY_FILES),
('py_flask_autoescape', regex.compile(r'''^.{0,200}autoescape\s+false.{0,200}$'''), PY_FILES + HTM_FILES),
('py_flask_pipe_safe', regex.compile(r'''^.{0,200}\|\s*safe.{0,200}$'''), PY_FILES + HTM_FILES),
('py_flask_markup', regex.compile(r'''^.{0,200}\WMarkup\(.{0,200}$'''), PY_FILES),
('py_mktemp_banned', regex.compile(r'''^.{0,200}\Wmktemp\s*\(.{0,200}$'''), PY_FILES),
('py_shell_is_true', regex.compile(r'''shell\s*=\s*True.{0,99}$'''), PY_FILES),
('py_subprocess_call', regex.compile(r'''subprocess.call\(.{0,99}$'''), PY_FILES),
('py_subprocess_run', regex.compile(r'''subprocess.run\(.{0,99}$'''), PY_FILES),
('python_deserial', regex.compile(r'''\.loads\(.{0,99}$'''), PY_FILES),
('python_format_cmdi', regex.compile(r'''"[^"]*-[^"]\{[^"]*"\.format.{0,99}$'''), PY_FILES),
('rand_math_random', regex.compile(r'''\WMath\.random\(\W.{0,99}$''')),
('rand_net_random', regex.compile(r'''\W(System\.Random).{0,99}$''')),
('rand_new_random', regex.compile(r'''\Wnew\sRandom\(\W.{0,99}$''')),
('rand_rand', regex.compile(r'''\Wrand\s*\(\W.{0,99}$''')),
('rand_random', regex.compile(r'''\Wrandom\s*\(\W.{0,99}$''')),
('rand_time', regex.compile(r'''\W(ftime|gettimeofday|GetTickCount|GetTickCount64|QueryPerformanceCounter|GetSystemTime|GetLocalTime|GetSystemTimeAsFileTime|NtQuerySystemTime|time|uniqid|microtime)\(.{0,99}$''')),
('rand_util_random', regex.compile(r'''\Wutil\.Random\W.{0,99}$'''), JAVA_FILES),
('rand_windows_good', regex.compile(r'''\W(CryptGenRandom)\W.{0,99}$''')),
('rds_hosts', regex.compile(r'''\S{10,199}\.rds\.amazonaws\.com''')),
('rootpwd', regex.compile(r'''[\s"\'^\(\{\[]root/[a-zA-Z0-9\.\-\_\!\?\#\&\*\:\;\@\(\)\<\>\%]{12,}''')),
('routing_controller', regex.compile(r'''@Controller.{0,200}$''')),
('routing_decorator', regex.compile(r'''\[Route\(.{0,99}$''')),
('routing_decorator2', regex.compile(r'''\[RoutePrefix\(.{0,99}$''')),
('routing_flask', regex.compile(r'''\badd_resource\b'''), PY_FILES),
('routing_get', regex.compile(r'''Get\[.{0,99}$''')),
('routing_java_get', regex.compile(r'''@GET.{0,99}$'''), JAVA_FILES),
('routing_java_getmapping', regex.compile(r'''@GetMapping.{0,99}$'''), JAVA_FILES),
('routing_java_path', regex.compile(r'''@Path\(.{0,99}$'''), JAVA_FILES),
('routing_java_post', regex.compile(r'''@POST.{0,99}$'''), JAVA_FILES),
('routing_java_requestmapping', regex.compile(r'''@RequestMapping.{0,99}$'''), JAVA_FILES),
('routing_java_requestmethod', regex.compile(r'''RequestMethod\.[A-Z]+.{0,99}$'''), JAVA_FILES),
('routing_node_get', regex.compile(r'''^.{0,99}\.get\(.{0,99}$'''), JS_FILES),
('routing_node_post', regex.compile(r'''^.{0,99}\.post\(.{0,99}$'''), JS_FILES),
('routing_node_put', regex.compile(r'''^.{0,99}\.put\(.{0,99}$'''), JS_FILES),
('routing_python', regex.compile(r'''\.add_resource\W.{0,200}$'''), PY_FILES),
('routing_web', regex.compile(r'''\.route\(.{0,199}$''')),
('rpc_reg', regex.compile(r'''RpcServerRegisterIf.{0,199}$'''), C_FILES),
('ruby_bad_hash', regex.compile(r'''(Digest::MD5|Digest::SHA1)'''), RUBY_FILES),
('ruby_cmdi_backtick', regex.compile(r'''^[^"\n]*`[^`\n]*#\{[^`\n]+`'''), RUBY_FILES),
('ruby_cmdi_backtick', regex.compile(r'''^[^"\n]*`[^`\n]+`'''), RUBY_FILES),
('ruby_cmdi_backtick2', regex.compile(r'''`#\{'''), RUBY_FILES),
('ruby_cmdi_exec', regex.compile(r'''\Wexec\W'''), RUBY_FILES),
('ruby_cmdi_percent_x', regex.compile(r'''%x[\(\{]'''), RUBY_FILES),
('ruby_cmdi_percent_x', regex.compile(r'''%x[\(\{].*#\{'''), RUBY_FILES),
('ruby_cmdi_popen', regex.compile(r'''IO\.popen'''), RUBY_FILES),
('ruby_cmdi_popen', regex.compile(r'''IO\.popen.*#\{'''), RUBY_FILES),
('ruby_cmdi_popen2', regex.compile(r'''\Wpopen.{0,200}'''), RUBY_FILES),
('ruby_cmdi_spawn', regex.compile(r'''Process\.spawn'''), RUBY_FILES),
('ruby_cmdi_spawn', regex.compile(r'''Process\.spawn.*#\{'''), RUBY_FILES),
('ruby_cmdi_system', regex.compile(r'''\Wsystem\W.*#\{'''), RUBY_FILES),
('ruby_custom_header', regex.compile(r'''request\.headers\['''), RUBY_FILES),
('ruby_env', regex.compile(r'''\WENV\[".*"\]'''), RUBY_FILES),
('ruby_eval', regex.compile(r'''\Weval\('''), RUBY_FILES),
('ruby_json_load_RCE', regex.compile(r'''JSON\.load'''), RUBY_FILES),
('ruby_rails_version', regex.compile(r'''^\s*rails\s*\([0-9\.]+\)'''), 'Gemfile.lock'),
('ruby_req_header', regex.compile(r'''\.headers\["[a-zA-Z0-9-]"\]'''), RUBY_FILES),
('ruby_route_delete', regex.compile(r'''\Wdelete\s'''), RUBY_FILES),
('ruby_route_get', regex.compile(r'''\Wget\s'''), RUBY_FILES),
('ruby_route_match', regex.compile(r'''\Wmatch\s'''), RUBY_FILES),
('ruby_route_post', regex.compile(r'''\Wpost\s'''), RUBY_FILES),
('ruby_route_put', regex.compile(r'''\Wput\s'''), RUBY_FILES),
('ruby_send_file', regex.compile(r'''\Wsend_file\W'''), RUBY_FILES),
('ruby_sqli_from', regex.compile(r'''\Wfrom\(.*#'''), RUBY_FILES),
('ruby_sqli_order', regex.compile(r'''\Worder\(.*#'''), RUBY_FILES),
('ruby_sqli_where', regex.compile(r'''\Wwhere\(.*#'''), RUBY_FILES),
('ruby_sqli_where_interp', regex.compile(r'''\.where.*#{'''), RUBY_FILES),
('ruby_string_interpolation', regex.compile(r'''"[^"#]*#\{'''), RUBY_FILES),
('ruby_url_string_interpolation', regex.compile(r'''https?://.*#\{.{0,99}$'''), RUBY_FILES),
('ruby_yaml_load_file', regex.compile(r'''\.load_file\W.{0,99}$'''), RUBY_FILES),
('secure_url', regex.compile(r'''https://([a-zA-Z0-9]+\.)+[a-zA-Z0-9]+.{0,200}$''')),
('segv_reference', regex.compile(r'''\W(segvs|segv|sigsegv)\W.{0,200}$''')),
('simpleDB', regex.compile(r'''SimpleDB.{0,99}$''')),
('sqli_brace_interpolation', regex.compile(r'''("|\')\s*(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|TRUNCATE|USE)\s.*\{\d+\}.*("|\').{0,99}$''')),
('sqli_c', regex.compile(r'''"select\s.{1,200}%s.{0,99}$'''), C_FILES),
('sqli_compileSelectWhere', regex.compile(r'''CompileSelectWhere.{0,99}$''')),
('sqli_createSQLQuery', regex.compile(r'''createSQLQuery.{0,99}$''')),
('sqli_dblink', regex.compile(r'''dblink.{0,99}$''')),
('sqli_dbms_sql_exec', regex.compile(r'''dbms_sql.execute.{0,99}$''')),
('sqli_deprecated_escape', regex.compile(r'''PQescapeString\(.{0,99}$''')),
('sqli_deprecated_escape2', regex.compile(r'''mysql_escape_string\(.{0,99}$''')),
('sqli_dollar_interpolation', regex.compile(r'''("|\')\s*(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|TRUNCATE|USE)\s.*\$.*("|\').{0,99}$''')),
('sqli_dotnet_interpolation2', regex.compile(r'''\Wselect\s+[a-zA-z0-9\.,\*]+\s+from.{1,80}{\d+}.{0,99}$'''), DOTNET_FILES),
('sqli_exec_sp', regex.compile(r'''ExecuteStoredProcedure\(.{0,99}$''')),
('sqli_import_java_sql', regex.compile(r'''import\s+java.sql.{0,99}$''')),
('sqli_in_joined_strings', regex.compile(r'''\<in\>.{0,199}strings\.Join\(.{0,199}''')),
('sqli_insert', regex.compile(r'''\Winsert\s+into\s+[a-zA-z0-9\.,\*].{0,99}$''')),
('sqli_interpolate_brace', regex.compile(r'''^.{0,199}\'\{\s*\d+\s*\}\'.{0,199}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('sqli_java_concat', regex.compile(r'''"[\s\(]*\b(select|insert|update|delete)\b.{0,199}"\s*\+\s*\w+.{0,99}$'''), JAVA_FILES),
('sqli_java_sqli_append', regex.compile(r'''sql\.append\(.{0,99}$''')),
('sqli_joined_strings_sgl', regex.compile(r'''strings\.Join\(.{0,199}\'.{0,199}$''')),
('sqli_like', regex.compile(r'''LIKE.*(%'|'%).{0,99}$''')),
('sqli_oracle_execute_immediate', regex.compile(r'''\Wexecute\s+immediate\W.{0,99}$''')),
('sqli_orcl_dbms_sql_parse', regex.compile(r'''dbms_sql.parse.{0,99}$''')),
('sqli_orcl_exec_immediate', regex.compile(r'''EXECUTE\s+IMMEDIATE.{0,99}$''')),
('sqli_order_by', regex.compile(r'''order\sby.{0,99}$''')),
('sqli_partial_view', regex.compile(r'''\WPartialView\(.{0,99}$''')),
('sqli_percent_interpolation', regex.compile(r'''("|\')\s*(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|TRUNCATE|USE)\s.*\%.*("|\').{0,99}$''')),
('sqli_py_interp', regex.compile(r'''\.execute\(\s*".{0,99}\%s.{0,99}$'''), PY_FILES),
('sqli_queryBuilder', regex.compile(r'''queryBuilder.{0,99}$''')),
('sqli_queryRaw', regex.compile(r'''queryRaw\(.{0,99}$''')),
('sqli_select_from', regex.compile(r'''\Wselect\W.{0,99}\Wfrom\W.{0,99}$''')),
('sqli_simpleDBSelect', regex.compile(r'''\.SelectRequest.{0,99}$''')),
('sqli_sp_executesql', regex.compile(r'''\Wsp_executesql\W.{0,99}$''')),
('sqli_sp_xp', regex.compile(r'''\W(exec\ssp_|exec\sxp_).{0,99}$''')),
('sqli_sqlHelper', regex.compile(r'''sqlHelper.runQuery.{0,99}$''')),
('sqli_sql_apis', regex.compile(r'''\W(OleDbConnection|ADODB\.|System\.Data\.Sql|\.ResultSet).{0,99}$'''), DOTNET_FILES, CS_EXCLUSIONS),
('sqli_sql_execute', regex.compile(r'''\WEXECUTE\W.{0,99}$''')),
('sqli_where', regex.compile(r'''\s+WHERE\s+[^\n]*\$\w+.{0,99}$''')),
('ssh_disable_hostkey_check', regex.compile(r'''StrictHostKeyChecking=no.{0,99}$''')),
('ssl_disable_curl', regex.compile(r'''curl.{0,99}\s-k\W.{0,99}$''')),
('ssl_disable_java', regex.compile(r'''InsecureRequestWarning.{0,99}$''')),
('ssl_disable_mysql', regex.compile(r'''--skip-ssl.{0,99}$''')),
('ssl_disable_python', regex.compile(r'''checkServerTrusted.{0,99}$''')),
('ssl_disable_python2', regex.compile(r'''no-check-cert.{0,99}$''')),
('ssl_disable_python3', regex.compile(r'''verify\s*=\s*False.{0,99}$''')),
('ssl_disable_python4', regex.compile(r'''rejectUnauthorized.{99}[Ff]alse.{0,99}$''')),
('ssl_disable_wget', regex.compile(r'''wget.{0,200}--no-check-certificate.{0,200}$''')),
('str_dot_net', regex.compile(r'''\.Format.{1,80}\s-.{1,80}{\d+}.{0,99}$''')),
('str_dot_net2', regex.compile(r'''\.Format.{1,80}\{\d+\}.{1,80}\s-.{1,80}.{0,99}$''')),
('str_interp_brace', regex.compile(r'''\$\".{0,99}{.{0,99}\".{0,99}$''')),
('str_interp_dollar', regex.compile(r'''\".{0,99}\$.{0,99}\".{0,99}$''')),
('str_join', regex.compile(r'''string\.Join\(.{0,199}$''')),
('str_mixed_quote_dbl_sgl', regex.compile(r'''^.{0,99}\"\'.{0,99}$''')),
('str_mixed_quote_sgl_dbl', regex.compile(r'''^.{0,99}\'\".{0,99}$''')),
('str_plus', regex.compile(r'''\'\s*\+.{0,99}\+\s*\'.{0,99}$''')),
('str_scala_mkString', regex.compile(r'''\.mkString\(.{0,99}$''')),
('todo_authenticate', regex.compile(r'''TODO.*authenticate.{0,200}$''')),
('todo_encrypt', regex.compile(r'''TODO.*encrypt.{0,200}$''')),
('todo_login', regex.compile(r'''TODO.*login.{0,200}$''')),
('todo_password', regex.compile(r'''TODO.*password.{0,200}$''')),
('todo_password2', regex.compile(r'''password.*TODO.{0,200}$''')),
('trusted_plaintext_docker_repo', regex.compile(r'''trusted\s*=\s*yes.*http://.{0,99}$''')), # noqa
('ts-ignore', regex.compile(r'''@ts-ignore''')),
('uniq_ip_addresses', regex.compile(r'''[\'"]([1-2]?[0-9]?[0-9]\.){3}([1-2]?[0-9]?[0-9])[\'"]''')),
('unreal_fs', regex.compile(r'''FFileHelper::''')),
('unreal_mem', regex.compile(r'''FMemory::''')),
('unreal_module', regex.compile(r'''FModuleManager::''')),
('unreal_paths', regex.compile(r'''FPaths::''')),
('url_numeric', regex.compile(r'''^[^#]*http(s)?://\d+\.\d+\.\d+\.\d+.{0,200}$'''), None, [regex.compile('127.0.0.1')]),
('url_pattern', regex.compile(r'''url-pattern{0,200}$''')),
('useradd', regex.compile(r'''useradd.{0,200}$''')),
('username_email', regex.compile(r'''[^/]userName:\s*[\.a-zA-Z0-9\_\-]+@[\.a-zA-Z0-9\_\-]+(\.[\.a-zA-Z0-9\_\-]+)+[^\n]{0,200}$''')),
('ver_aws_sdk', regex.compile(r'''AWS_SDK_VERSION_STRING.{0,99}$''')),
('ver_bzip', regex.compile(r'''BZ_VERSION.{0,99}$''')),
('ver_jansson', regex.compile(r'''JANSSON_VERSION.{0,99}$''')),
('ver_jsoncpp', regex.compile(r'''AWS_JSONCPP_VERSION_STRING.{0,99}$''')),
('ver_libcurl', regex.compile(r'''LIBCURL_VERSION.{0,99}$''')),
('ver_libcurl_str', regex.compile(r'''#define LIBCURL_VERSION "[^"]+"''')),
('ver_libpng', regex.compile(r'''PNG_LIBPNG_VER_STRING.{0,99}$''')),
('ver_mariadb', regex.compile(r'''MARIADB_PACKAGE_VERSION.{0,99}$''')),
('ver_mdb', regex.compile(r'''(MDB_VERSION_MAJOR|MDB_VERSION_MINOR|MDB_VERSION_PATCH).{0,99}$''')),
('ver_mongoose', regex.compile(r'''MONGOOSE_VERSION.{0,99}$''')),
('ver_openssl', regex.compile(r'''OPENSSL_VERSION_TEXT.{0,99}$''')),
('ver_postgres', regex.compile(r'''(PG_MAJORVERSION|PG_VERSION|PG_VERSION_STR).{0,99}$''')),
('ver_sqlite', regex.compile(r'''SQLITE_VERSION.{0,99}$''')),
('ver_u_icu', regex.compile(r'''U_ICU_VERSION.{0,99}$''')),
('ver_zlib', regex.compile(r'''ZLIB_VERSION.{0,99}$''')),
('web_HttpServletRequest', regex.compile(r'''HttpServletRequest.{0,99}$''')),
('web_dotnet', regex.compile(r'''HttpResponseMessage.{0,99}$''')),
('web_input', regex.compile(r'''\W(FileInputStream|FilterInputStream|SequenceInputStream|StringBufferInputStream|ByteArrayInputStream|FileOutputStream).{0,99}$''')),
('web_java_custom_header', regex.compile(r'''\.getHeader\(.{0,99}$''')),
('web_net_events', regex.compile(r'''\W(Application_OnAuthenticateRequest|Application_OnAuthorizeRequest|Session_OnStart).{0,99}$''')),
('web_path', regex.compile(r'''\W(getRealPath).{0,99}$''')),
('web_remote_name', regex.compile(r'''\W(getRemoteAddr|getRemoteHost).{0,99}$''')),
('web_request_dot', regex.compile(r'''\WRequest\..{0,99}$''')),
('web_sec_override', regex.compile(r'''\W(RequestMinimum|RequestOptional|SkipVerification|UnmanagedCode).{0,99}$''')),
('win_filter_drv_reg', regex.compile(r'''FltCreateCommunicationPort.{0,199}$''')),
('win_reg_api', regex.compile(r'''(OpenSubKey|RegOpenKey|RegQueryInfoKey|RegQueryValue|RegSetValue).{0,99}$''')),
('win_reg_key', regex.compile(r'''(HKEY_LOCAL_MACHINE|HKEY_CURRENT_USER|HKEY_CLASSES_ROOT|HKEY_USERS|HKEY_CURRENT_CONFIG).{0,99}$''')),
('workzeug_debugger_active', regex.compile(r'''WERKZEUG_DEBUG_PIN.{0,200}$''')),
]
BannedFunctions = ['_alloca', '_ftcscat', '_ftcscpy', '_getts', '_gettws', '_i64toa', '_i64tow', '_itoa', '_itow', '_makepath', '_mbccat',
'_mbccpy', '_mbscat', '_mbscpy', '_mbslen', '_mbsnbcat', '_mbsnbcpy', '_mbsncat', '_mbsncpy', '_mbstok', '_mbstrlen',
'_sntscanf', '_splitpath', '_stprintf', '_stscanf', '_tccat', '_tccpy', '_tcscat', '_tcscpy', '_tcsncat', '_tcsncpy',
'_tcstok', '_tmakepath', '_tscanf', '_tsplitpath', '_ui64toa', '_ui64tot', '_ui64tow', '_ultoa', '_ultot', '_ultow',
'_vstprintf', '_wmakepath', '_wsplitpath', 'alloca', 'ChangeWindowMessageFilter', 'CharToOem', 'CharToOemA',
'CharToOemBuffA', 'CharToOemBuffW', 'CharToOemW', 'CopyMemory', 'gets', 'IsBadCodePtr', 'IsBadHugeReadPtr',
'IsBadHugeWritePtr', 'IsBadReadPtr', 'IsBadStringPtr', 'IsBadWritePtr', 'lstrcat', 'lstrcatA', 'lstrcatn', 'lstrcatnA',
'lstrcatnW', 'lstrcatW', 'lstrcpy', 'lstrcpyA', 'lstrcpyn', 'lstrcpynA', 'lstrcpynW', 'lstrcpyW', 'lstrlen', 'lstrncat',
'makepath', 'memcpy', 'memcpy', 'OemToChar', 'OemToCharA', 'OemToCharW', 'RtlCopyMemory', 'scanf', 'snscanf', 'snwscanf',
'sprintf', 'sprintfA', 'sscanf', 'strcat', 'strcat', 'StrCat', 'strcatA', 'StrCatA', 'StrCatBuff', 'StrCatBuffA',
'StrCatBuffW', 'StrCatChainW', 'StrCatN', 'StrCatNA', 'StrCatNW', 'strcatW', 'StrCatW', 'strcpy', 'StrCpy', 'strcpyA',
'StrCpyA', 'StrCpyN', 'StrCpyNA', 'strcpynA', 'StrCpyNW', 'strcpyW', 'StrCpyW', 'strlen', 'StrLen', 'strncat', 'StrNCat',
'StrNCatA', 'StrNCatW', 'strncpy', 'StrNCpy', 'StrNCpyA', 'StrNCpyW', 'strtok', 'swprintf', 'swscanf', 'vsnprintf',
'vsprintf', 'vswprintf', 'wcscat', 'wcscpy', 'wcslen', 'wcsncat', 'wcsncpy', 'wcstok', 'wmemcpy', 'wnsprintf',
'wnsprintfA', 'wnsprintfW', 'wscanf', 'wsprintf', 'wsprintf', 'wsprintfA', 'wvnsprintf', 'wvnsprintfA', 'wvnsprintfW',
'wvsprintf', 'wvsprintfA', 'wvsprintfW']
def signal_handler(sig, frame): # noqa
print('Exiting (CTRL-C)')
sys.exit(0)
def main():
signal.signal(signal.SIGINT, signal_handler)
fn.do_main()
if __name__ == "__main__":
main()