John Saigle
John Saigle
à la this file in SecLists: https://github.com/danielmiessler/SecLists/blob/master/Pattern-Matching/errors.txt Most of this repo is intended to be used in white-box source code analysis but a list of error messages like this would...
https://snyk.io/blog/top-5-c-security-risks/ https://snyk.io/blog/unintimidating-intro-to-c-cpp-vulnerabilities/ https://snyk.io/blog/exploring-3-types-of-directory-traversal-vulnerabilities-in-c-c/ e.g. printf gets ... and more classics It might be good to structure this to be non-overlapping with the C wordlist. It would be possible to audit...
Here's an example of some stuff: https://github.com/tomnomnom/gf/blob/master/examples/sec.json asymmetric key pairs would be a good example, e.g. RSA PRIVATE and equivalents for other algorithms If there are common patterns for API...
Extract SQL function calls from popular Go libraries, like https://github.com/stripe-archive/safesql#how-does-it-work but without the SAST component Packages listed in the above link: https://pkg.go.dev/database/sql#DB https://github.com/jinzhu/gorm https://github.com/jmoiron/sqlx Any others? That repo has not...
- [x] PHP - [x] Python - [ ] JS - [ ] Go - [ ] Rust - [ ] Perl - [ ] C - [ ] Java
e.g. `strcopy` `gets` See also the Secure Development Lifecycle banned functions: https://www.forward.com.au/pfod/ArduinoProgramming/ArduinoStrings/Security%20Development%20Lifecycle%20(SDL)%20Banned%20Function%20Calls%20_%20Microsoft%20Docs.pdf
aka steal this list: https://github.com/Puliczek/awesome-list-of-secrets-in-environment-variables/
- [ ] Solium/Ethlint https://github.com/duaraghav8/Ethlint
Add examples for taking the list and using them in a clever way with grep or rg. Linking to the [gf repo](https://github.com/tomnomnom/gf/blob/master/examples/sec.json) would be a good idea too because it...