Merge pull request #77 from EMSeek/master

Version bump

Author: wireghoul

Changelog

@@ -1,3 +1,14 @@
+3.8		2025 Apr 20
+		Updated default rules
+		Updated js rules
+		Updated ruby rules
+		Updated fruit rules
+		Updated exec rules
+		Updated dotnet rules
+		Updated xss rules
+		Updated php rules
+		Updated secret rules
+
 3.7		2024 Dec 20
 		Updated javascript rules
 		Updated typescript rules

graudit

@@ -5,7 +5,7 @@
 set -- $GRARGS $@
 set -e
 set -o pipefail
-VERSION='3.7'
+VERSION='3.8'
 basedir=$(dirname "$0")
 BINFILE=$(which grep)
 
@@ -44,7 +44,7 @@ banner() {
         \___  /|__|  (____  /____/\____ | |__||__|  
        /_____/            \/           \/           
               grep rough audit - static analysis tool
-                  v3.7 written by @Wireghoul
+                  v3.8 written by @Wireghoul
 =================================[justanotherhacker.com]==='
     fi
 }

signatures/default.db

@@ -19,6 +19,7 @@ eval[[:space:]]*\(.*\$.*\)
 (mysql.?_|pg_|sqlsrv_|::)query[[:space:]]*\(.*\$.*\)
 [Ww][Hh][Ee][Rr][Ee][[:space:]]+.*=.*\$[^; ]+
 ([Ww][Hh][Ee][Rr][Ee]|[Aa][Nn][Dd]|[Oo][Rr])[[:space:]]+.*[[:space:]]+[Ll][Ii][Kk][Ee][[:space:]]+.*\$
+VALUES[[:space:]]*\([^\)]*\$.*\)
 ^[[:space:]]*(include|include_once|require|require_once)[[:space:]]*\([^\;\}\{]*\$.*\)
 print.*param[[:space:]]*\(.*\);
 extract[[:space:]]*\(\$_(GET|POST|REQUEST|COOKIE|SERVER)

signatures/dotnet.db

@@ -31,6 +31,7 @@ new[[:space:]]+(System\.Diagnostic\.)?Process(StartInfo)?[[:space:]]*\(.*
 new[[:space:]]+Cli[[:space:]]*\(.*
 # via Microsoft.VisualBasic
 \.Shell[[:space:]]*\(.*
+\.Invoke[[:space:]]*\([^\)]+\)
 <%=[[:space:]]*[Rr]equest\.[Qq]uery[Ss]tring\[.*%>
 #[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+.*\{[0-9]+\}
 [Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+.*[\'\"][[:space:]]*\+[[:space:]]*[Rr]equest\..*

signatures/dotnet/exec.db

@@ -5,3 +5,4 @@ new[[:space:]]+(System\.Diagnostic\.)?Process(StartInfo)?[[:space:]]*\(.*
 new[[:space:]]+Cli[[:space:]]*\(.*
 # via Microsoft.VisualBasic
 \.Shell[[:space:]]*\(.*
+\.Invoke[[:space:]]*\([^\)]+\)

signatures/exec.db

@@ -5,6 +5,7 @@ new[[:space:]]+(System\.Diagnostic\.)?Process(StartInfo)?[[:space:]]*\(.*
 new[[:space:]]+Cli[[:space:]]*\(.*
 # via Microsoft.VisualBasic
 \.Shell[[:space:]]*\(.*
+\.Invoke[[:space:]]*\([^\)]+\)
 exec\.Command[[:space:]]*\(
 syscall\.Exec[[:space:]]*\(
 os\.StartProcess[[:space:]]*\(
@@ -31,11 +32,11 @@ system([[:space:]]*\(|[[:space:]]+[\"\']).*\)?
 \.instance_eval.*
 eval([[:space:]]*\(|[[:space:]]+[^\(])
 spawn([[:space:]]*\(|[[:space:]]+[^\(])
+system([[:space:]]*\(|[[:space:]]+").*\#\{[^\}]+\}
 system[[:space:]]*\(
 \.open[[:space:]]*\(
 \.(public_)?send[[:space:]]*\(
 `.*#\{[^`]+`
-File\.(read|new|open|delete)[[:space:]]*\(
 .*\=.*\!\!
 [a-z0-9A-Z]\.\!
 \.execSync[[:space:]]*\(

signatures/fruit.db

@@ -50,8 +50,11 @@ eval[[:space:]]*\([^\)\;\"]*([Rr]eq(uest)?[\.\)]|\.[Gg]et[Pp]aram[[:space:]]*[\[
 (LIMIT|limit)[[:space:]]+([0-9,]+)?[;:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
 \.query\([^\);]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
 eval[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
+eval[[:space:]]*\(.*[Rr]eq(quest)?\.(query|body|param)?
 <%-[[:space:]]+.*%>
 \.(spawn|exec)(File)?(Sync)?\([^\);]*([\'\"] *\+|\$\{)
+set(Interval|Timeout)[[:space:]]*\([^,\}\)]*[Rr]eq(quest)?\.[A-Za-z0-9]+
+\.SafeString[[:space:]]*\([^\)]*[\"'][[:space:]]*\+
 asm[[:space:]]+[\'\"].*
 unsafeAddr
 execShellCmd[[:space:]]*\(
@@ -112,10 +115,18 @@ pg_query[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
 (LIKE|like)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
 (ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
 (LIMIT|limit)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
+VALUES[[:space:]]*\([^\)]*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
 \.execute[[:space:]]*\([\"\'].*%.*[\"\'][[:space:]]*%.*\)
 ^[[:space:]]*`[^`]*#\{[^\}]+\}.*`
 [=\(][[:space:]]*`[^`]*#\{[^\}]+.*\}
 render[[:space:]]+:?(text|plain):?.*#\{[Pp][Aa][Rr][Aa][Mm][^\}]*\}
+File\.(read|new|open|delete|write)[[:space:]]*\("[^"]*\#\{[^\}]+[^\)]*\)
+['"(: ][Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+.*#\{[^\}]+
+(WHERE|where)[[:space:]]+.*=[[:space:]]*['"]*#\{[^\}]+
+[\'\" ]+AND[[:space:]]+.*=.*\+[[:space:]]*#\{[^\}]+
+(LIKE|like)[[:space:]]+.*#\{[^\}]+
+(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*#\{[^\}]+
+['" ](LIMIT|limit)[[:space:]]+.*#\{[^\}]+
 Source\.fromFile[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
 sql\".*\#\$.*\"\.as\[.*
 SQL[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+

signatures/js.db

@@ -1,4 +1,7 @@
 (document|\$)\.cookie[[:space:]]*\(
+[Mm][Dd]5[[:space:]]*\(
+[Ss][Hh][Aa]1[[:space:]]*\(
+createHash[[:space:]]*\([[:space:]]*['"]([Ss][Hh][Aa][1]?|[Mm][Dd][5])['"]
 \.write[[:space:]]*\([^;]+\.location\.href
 nodeIntegration
 nodeIntegrationInWorker
@@ -16,8 +19,11 @@ openExternal[[:space:]]*\(
 ELECTRON_RUN_AS_NODE
 \.query\([^\);]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
 eval[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
+eval[[:space:]]*\(.*[Rr]eq(quest)?\.(query|body|param)?
 <%-[[:space:]]+.*%>
 \.(spawn|exec)(File)?(Sync)?\([^\);]*([\'\"] *\+|\$\{)
+set(Interval|Timeout)[[:space:]]*\([^,\}\)]*[Rr]eq(quest)?\.[A-Za-z0-9]+
+\.SafeString[[:space:]]*\([^\)]*[\"'][[:space:]]*\+
 eval[[:space:]]*\(
 dangerouslySetInnerHTML
 trustAsHtml

signatures/js/crypto.db

@@ -0,0 +1,3 @@
+[Mm][Dd]5[[:space:]]*\(
+[Ss][Hh][Aa]1[[:space:]]*\(
+createHash[[:space:]]*\([[:space:]]*['"]([Ss][Hh][Aa][1]?|[Mm][Dd][5])['"]

signatures/js/fruit.db

@@ -1,4 +1,7 @@
 \.query\([^\);]*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
 eval[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
+eval[[:space:]]*\(.*[Rr]eq(quest)?\.(query|body|param)?
 <%-[[:space:]]+.*%>
 \.(spawn|exec)(File)?(Sync)?\([^\);]*([\'\"] *\+|\$\{)
+set(Interval|Timeout)[[:space:]]*\([^,\}\)]*[Rr]eq(quest)?\.[A-Za-z0-9]+
+\.SafeString[[:space:]]*\([^\)]*[\"'][[:space:]]*\+