Merge pull request #79 from EMSeek/master

Next version

Author: wireghoul

Changelog

@@ -1,3 +1,23 @@
+3.9		2025 May 22
+		Added giterate misc script
+		Added snumerate misc script
+		Added svnlog misc script
+		Added svnscan misc script
+		Added jwt rules
+		Added some Docker rules
+		Updated supression rules
+		Updated dotnet rules
+		Updated golang rules
+		Updated java rules
+		Updated js rules
+		Updated php rules
+		Updated python rules
+		Updated ruby rules
+		Updated scala rules
+		Updated sql rules
+		Updated secrets rules
+		Added and updated unit tests
+
 3.8		2025 Apr 20
 		Updated default rules
 		Updated js rules

Makefile

@@ -6,7 +6,7 @@ prefix = /usr
 dataroot = $(prefix)/share
 datadir = $(dataroot)/graudit
 bindir = $(prefix)/bin
-SIGNATURES := signatures/actionscript.db signatures/android.db signatures/asp.db signatures/c.db signatures/cobol.db signatures/default.db signatures/dotnet.db signatures/exec.db signatures/fruit.db signatures/go.db signatures/ios.db signatures/java.db signatures/js.db signatures/kotlin.db signatures/nim.db signatures/perl.db signatures/php.db signatures/python.db signatures/ruby.db signatures/scala.db signatures/secrets.db signatures/spsqli.db signatures/sql.db signatures/strings.db signatures/typescript.db signatures/xss.db
+SIGNATURES := signatures/actionscript.db signatures/android.db signatures/asp.db signatures/c.db signatures/cobol.db signatures/default.db signatures/docker.db signatures/dotnet.db signatures/exec.db signatures/fruit.db signatures/go.db signatures/ios.db signatures/java.db signatures/js.db signatures/kotlin.db signatures/nim.db signatures/perl.db signatures/php.db signatures/python.db signatures/ruby.db signatures/scala.db signatures/secrets.db signatures/spsqli.db signatures/sql.db signatures/strings.db signatures/typescript.db signatures/xss.db signatures/jwt.db
 DISTFILES := Changelog  graudit  LICENSE  README.md
 MANFILES := graudit.1
 VERSION=`./graudit -v | cut -d' ' -f 3`
@@ -78,6 +78,7 @@ signatures:
 	cat signatures/*/fruit.db      > signatures/fruit.db
 	cat signatures/*/sql.db        > signatures/sql.db
 	cat signatures/*/xss.db        > signatures/xss.db
+	cat signatures/*/jwt.db        > signatures/jwt.db
 
 manpages:
 	nroff -Tascii -mandoc <graudit.in.1 >/dev/null

graudit

@@ -5,7 +5,7 @@
 set -- $GRARGS $@
 set -e
 set -o pipefail
-VERSION='3.8'
+VERSION='3.9'
 basedir=$(dirname "$0")
 BINFILE=$(which grep)
 
@@ -44,7 +44,7 @@ banner() {
         \___  /|__|  (____  /____/\____ | |__||__|  
        /_____/            \/           \/           
               grep rough audit - static analysis tool
-                  v3.8 written by @Wireghoul
+                  v3.9 written by @Wireghoul
 =================================[justanotherhacker.com]==='
     fi
 }

misc/giterate.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# iterate through every git commit and run graudit rules against the diff... do the same on a branch if specified
+
+# Display help string for -h/--help
+if [[ "$1" =~ ^-.+ ]]; then
+    echo "Usage: $0 <db> <branch>"
+    exit
+fi
+
+# Default to secrets db unless one is specified
+DB=${1:-secrets}
+
+# Default to current branch if none specified
+BRANCH=${2:-$(git rev-parse --abbrev-ref HEAD 2>&1)}
+if [[ "$BRANCH" =~ ^fatal: ]]; then
+    echo $BRANCH
+    exit 2
+fi
+
+# Check if db is valid
+if [[ ! -e $DB ]]; then
+    RESULT=$(graudit -B -d $DB /dev/null 2>&1)
+    if [[ "$RESULT" =~ database\ path\ not\ found ]]; then
+        echo "Invalid database specified"
+        exit 2
+    fi
+fi 
+
+echo "Running graudit with $DB on commits in branch: $BRANCH"
+
+# Get all commit hashes for the branch
+COMMITS=$(git log --pretty=format:"%H" $BRANCH)
+
+# Loop through each commit
+for COMMIT in $COMMITS; do
+    echo -n "Checking commit $COMMIT... "
+    
+    # Search for patterns in this commit
+    RESULT=$(git show $COMMIT | graudit -B -c 0 -d "$DB" /dev/stdin)
+    
+    if [ -n "$RESULT" ]; then
+        echo "FOUND MATCH!"
+        echo "$RESULT"
+    else
+        echo "No matches"
+    fi
+done
+
+
+
+

misc/supression.db

@@ -14,3 +14,4 @@ ApexXSSFromEscapeFalse
 ApexXSSFromURLParam
 (#|//)[[:space:]]+nosemgrep
 #[[:space:]]*rubocop:disable.*
+#pragma warning disable EF1000

misc/svnlog.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Get the SVN URL for the specific path
+echo "Getting revision history for this path..."
+
+# Get all revisions for this specific path
+REVISIONS=$(svn log -q | grep -E '^r[0-9]+' | awk '{print $1}' | sed 's/r//')
+
+# Count total revisions to scan
+TOTAL_REVS=$(echo "$REVISIONS" | wc -l)
+echo "Found $TOTAL_REVS revisions to scan"
+
+# Loop through each revision
+for REV in $REVISIONS; do
+    ((CURRENT++))
+    echo -n "Checking revision $REV ($CURRENT/$TOTAL_REVS)... "
+    
+    # Get the previous revision
+#    PREV_REV=$((REV-1))
+    
+    # Search for password patterns in this revision
+    RESULT=$(svn log -c $REV 2>/dev/null | grep -Ei '(security|sqli|sql inj|xss| rce |command injection|vulnerability|cmdi| lfi |traversal)')
+    
+    if [ -n "$RESULT" ]; then
+        echo "$RVE matches"
+        echo $RESULT
+	echo "show $diff ?"
+  	read -n1 -s -p $'Press enter to continue...any other key to skip...\n' key
+  	if [ "$key" = '' ]; then
+      	    svn diff -c $REV
+  	fi
+    else
+        echo "No matches"
+    fi
+done
+

misc/svnscan

@@ -0,0 +1,12 @@
+#!/bin/sh
+# download and scan a single github repo, output to stdout
+if [ -z $1 ]; then
+    echo "$0 <https://svn/repo/url>"
+    exit 2
+fi
+url=$1
+echo "Scanning $url!"
+mkdir -p churn
+cd churn
+svn co $url
+graudit -x *.js,*.json,*.map,*.sql -d flatline .

misc/svnumerate.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# iterate through every svn commit and run graudit rules against the diff... do the same on a branch if specified
+
+# Display help string for -h/--help
+if [[ "$1" =~ ^-.+ ]]; then
+    echo "Usage: $0 <db> <branch>"
+    exit
+fi
+
+DB=${1:-secrets}
+
+SVN_PATH=${2:-.}
+
+# Get the SVN URL for the specific path
+# SVN_URL=$(svn info --show-item url "$SVN_PATH")
+# It's never used again.....
+
+# Check if db is valid
+if [[ ! -e $DB ]]; then
+    RESULT=$(graudit -B -d $DB /dev/null 2>&1)
+    if [[ "$RESULT" =~ database\ path\ not\ found ]]; then
+        echo "Invalid database specified"
+        exit 2
+    fi
+fi
+
+echo "Running graudit with $DB on commits in branch: $BRANCH"
+
+# Get all revisions for this specific path
+REVISIONS=$(svn log -q "$SVN_PATH" | grep -E '^r[0-9]+' | awk '{print $1}' | sed 's/r//')
+
+# Count total revisions to scan
+#TOTAL_REVS=$(echo "$REVISIONS" | wc -l)
+#echo "Found $TOTAL_REVS revisions to scan"
+
+# Counter for tracking matches
+#MATCHES=0
+#CURRENT=0
+
+# Loop through each revision
+for REV in $REVISIONS; do
+    #((CURRENT++))
+    echo -n "Checking revision $REV... " # ($CURRENT/$TOTAL_REVS)... "
+    
+    # Get the previous revision
+    PREV_REV=$((REV-1))
+    
+    # Search for patterns in this revision
+    RESULT=$(svn diff -r $PREV_REV:$REV "$SVN_PATH" 2>/dev/null | graudit -B -c 0 -d "$DB" /dev/stdin)
+    
+    if [ -n "$RESULT" ]; then
+        echo "FOUND MATCH!"
+        echo "$RESULT"
+#        ((MATCHES++))
+    else
+        echo "No matches"
+    fi
+done
+

signatures/docker.db

@@ -0,0 +1,3 @@
+^[[:space:]]*RUN[[:space:]]+sudo[[:space:]]+
+^[[:space:]]*USER[[:space:]]+root$
+^[[:space:]]*VOLUME[[:space:]]+/var/run/docker\.sock:

signatures/dotnet.db

@@ -53,7 +53,8 @@ system.web.ui.webcontrols.label
 system.web.ui.webcontrols.linkbutton
 system.web.ui.webcontrols.listbox
 system.web.ui.webcontrols.checkboxlist
-system.web.ui.webcontrols.dropdownlist# Dotnet legacy
+system.web.ui.webcontrols.dropdownlistValidateLifetime[[:space:]]*=[[:space:]]*false
+# Dotnet legacy
 printf
 strcpy
 # Dotnet Logging