├── README.md ├── demo └── gsast.png ├── gSAST.sh └── patterns ├── dotnet ├── 1-enum.rules ├── 10-upload.rules ├── 2-crypto.rules ├── 3-sqli.rules ├── 7-xss.rules └── 9-inserial.rules ├── java ├── 1-enum.rules ├── 2-crypto.rules ├── 3-sqli.rules ├── 4-rce.rules ├── 7-xss.rules ├── 8-xxe.rules └── 9-inserial.rules ├── javascript ├── 1-enum.rules ├── 3-sqli.rules ├── 4-rce.rules └── 6-ssti.rules ├── php ├── 1-enum.rules ├── 3-sqli.rules ├── 4-rce.rules ├── 5-tjuggling.rules ├── 6-ssti.rules ├── 7-xss.rules └── 8-xxe.rules └── python ├── 1-enum.rules ├── 3-sqli.rules ├── 4-rce.rules └── 6-ssti.rules /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/README.md -------------------------------------------------------------------------------- /demo/gsast.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/demo/gsast.png -------------------------------------------------------------------------------- /gSAST.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/gSAST.sh -------------------------------------------------------------------------------- /patterns/dotnet/1-enum.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/dotnet/1-enum.rules -------------------------------------------------------------------------------- /patterns/dotnet/10-upload.rules: -------------------------------------------------------------------------------- 1 | (MapPath\(|\.FileName|SaveAs\() -------------------------------------------------------------------------------- /patterns/dotnet/2-crypto.rules: -------------------------------------------------------------------------------- 1 | Random\((.*)\) -------------------------------------------------------------------------------- /patterns/dotnet/3-sqli.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/dotnet/3-sqli.rules -------------------------------------------------------------------------------- /patterns/dotnet/7-xss.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/dotnet/7-xss.rules -------------------------------------------------------------------------------- /patterns/dotnet/9-inserial.rules: -------------------------------------------------------------------------------- 1 | XmlSerializer 2 | TypeNameHandling -------------------------------------------------------------------------------- /patterns/java/1-enum.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/java/1-enum.rules -------------------------------------------------------------------------------- /patterns/java/2-crypto.rules: -------------------------------------------------------------------------------- 1 | Random\((.*)\) -------------------------------------------------------------------------------- /patterns/java/3-sqli.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/java/3-sqli.rules -------------------------------------------------------------------------------- /patterns/java/4-rce.rules: -------------------------------------------------------------------------------- 1 | (eval|exec)\( -------------------------------------------------------------------------------- /patterns/java/7-xss.rules: -------------------------------------------------------------------------------- 1 | <%=(.*)%> 2 | -------------------------------------------------------------------------------- /patterns/java/8-xxe.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/java/8-xxe.rules -------------------------------------------------------------------------------- /patterns/java/9-inserial.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/java/9-inserial.rules -------------------------------------------------------------------------------- /patterns/javascript/1-enum.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/javascript/1-enum.rules -------------------------------------------------------------------------------- /patterns/javascript/3-sqli.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/javascript/3-sqli.rules -------------------------------------------------------------------------------- /patterns/javascript/4-rce.rules: -------------------------------------------------------------------------------- 1 | eval\( -------------------------------------------------------------------------------- /patterns/javascript/6-ssti.rules: -------------------------------------------------------------------------------- 1 | render\( -------------------------------------------------------------------------------- /patterns/php/1-enum.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/php/1-enum.rules -------------------------------------------------------------------------------- /patterns/php/3-sqli.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/php/3-sqli.rules -------------------------------------------------------------------------------- /patterns/php/4-rce.rules: -------------------------------------------------------------------------------- 1 | eval\( -------------------------------------------------------------------------------- /patterns/php/5-tjuggling.rules: -------------------------------------------------------------------------------- 1 | md5\( 2 | sha\( -------------------------------------------------------------------------------- /patterns/php/6-ssti.rules: -------------------------------------------------------------------------------- 1 | render\( -------------------------------------------------------------------------------- /patterns/php/7-xss.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/php/7-xss.rules -------------------------------------------------------------------------------- /patterns/php/8-xxe.rules: -------------------------------------------------------------------------------- 1 | libxml_disable_entity_loader\( -------------------------------------------------------------------------------- /patterns/python/1-enum.rules: -------------------------------------------------------------------------------- 1 | @.*\.route.*\((.*)\) -------------------------------------------------------------------------------- /patterns/python/3-sqli.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0n1t0/gSAST/HEAD/patterns/python/3-sqli.rules -------------------------------------------------------------------------------- /patterns/python/4-rce.rules: -------------------------------------------------------------------------------- 1 | eval\( -------------------------------------------------------------------------------- /patterns/python/6-ssti.rules: -------------------------------------------------------------------------------- 1 | {{(.*)}} --------------------------------------------------------------------------------