Skip to content

🎨部分工具规则和日志翻译为英文 #691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cyw3 merged 3 commits into from
Nov 10, 2022
Merged

🎨部分工具规则和日志翻译为英文 #691

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5ecc0a3
:art:部分规则翻译为英文
yql70 Nov 9, 2022
6a126fd
:art:部分工具日志翻译为英文
yql70 Nov 9, 2022
ff39846
Merge branch 'Tencent:main' into main
yql70 Nov 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions client/tool/regexscan.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ def scan_line(line, rules):
try:
message = msg_template % cap_text_list
except:
message = u"发现不规范代码: %s" % cap_text_list
message = u"Irregular codes found: %s" % cap_text_list
issue = {
'rule': name,
'msg': message,
Expand Down Expand Up @@ -156,7 +156,7 @@ def __format_rules(self, rule_list):
for rule in rule_list:
rule_name = rule['name']
if not rule.get('params'):
logger.error(f"{rule_name}规则参数为空,跳过该规则.")
logger.error(f"{rule_name} rule parameter is empty, check for existing rules.")
continue
if "[regexcheck]" in rule['params']:
rule_params = rule['params']
Expand All @@ -166,7 +166,7 @@ def __format_rules(self, rule_list):

reg_exp = rule_params_dict.get('regex', '')
if not reg_exp:
logger.error(f"{rule_name}规则参数有误,未填写正则表达式,跳过该规则.")
logger.error(f"{rule_name} rule parameter is wrong, not fill in the regular expression, skip this rule.")
continue
reg_pattern = re.compile(reg_exp)
exclude_paths = rule_params_dict.get('exclude', '')
Expand All @@ -175,7 +175,7 @@ def __format_rules(self, rule_list):
include_paths = [p.strip() for p in include_paths.split(';') if p.strip()] if include_paths else []
# 大小写不敏感,可以支持True|true|False|false等
ignore_comment = True if rule_params_dict.get('ignore_comment', 'False').lower() == 'true' else False
msg = rule_params_dict.get('msg', "发现不规范代码: %s")
msg = rule_params_dict.get('msg', "Irregular codes found: %s")
rules[rule_name] = {
'reg_pattern': reg_pattern,
'exclude': exclude_paths,
Expand All @@ -198,7 +198,6 @@ def analyze(self, params):
incr_scan = params['incr_scan']
rules = self.__format_rules(params['rule_list'])

logger.info('获取需要扫描的文件')
if incr_scan:
diffs = SCMMgr(params).get_scm_diff()
toscans = [os.path.join(source_dir, diff.path) for diff in diffs if
Expand Down
11 changes: 5 additions & 6 deletions client/tool/regexscanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ def __format_rules(self, work_dir, rule_list):
for rule in rule_list:
rule_name = rule['name']
if not rule.get('params'):
logger.error(f"{rule_name}规则参数为空, 检查已存在的规则.")
logger.error(f"{rule_name} rule parameter is empty, check for existing rules.")
no_params_rules.append(rule_name)
continue
if "[regexcheck]" in rule['params']:
Expand All @@ -85,7 +85,7 @@ def __format_rules(self, work_dir, rule_list):

reg_exp = rule_params_dict.get('regex', '')
if not reg_exp:
logger.error(f"{rule_name}规则参数有误,未填写正则表达式,跳过该规则.")
logger.error(f"{rule_name} rule parameter is wrong, not fill in the regular expression, skip this rule.")
continue

# 规则的过滤路径(正则表达式)
Expand All @@ -97,7 +97,7 @@ def __format_rules(self, work_dir, rule_list):
# 大小写不敏感,可以支持True|true|False|false等
ignore_comment = True if rule_params_dict.get('ignore_comment', 'False').lower() == 'true' else False
file_scan = True if rule_params_dict.get('file_scan', 'False').lower() == 'true' else False
msg = rule_params_dict.get('msg', "发现不规范代码: %s")
msg = rule_params_dict.get('msg', "Irregular codes found: %s")
rules["rules"].append({
"name": rule_name,
"regex": reg_exp,
Expand Down Expand Up @@ -129,7 +129,6 @@ def analyze(self, params):
files_path = os.path.join(work_dir, "regexscanner_paths.txt")
output_path = os.path.join(work_dir, "regexscanner_result.json")

logger.info('获取需要分析的文件')
toscans = []
if incr_scan:
diffs = SCMMgr(params).get_scm_diff()
Expand Down Expand Up @@ -168,8 +167,8 @@ def analyze(self, params):
subproc.wait()

if not os.path.exists(output_path):
logger.info("没有生成结果文件")
raise AnalyzeTaskError("工具执行错误")
logger.info("No results file generated.")
raise AnalyzeTaskError("Tool running error")

issues = []
with open(output_path, "r") as f:
Expand Down
30 changes: 15 additions & 15 deletions server/projects/main/apps/scan_conf/management/commands/open_source/regexscan.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -485,17 +485,17 @@
},
{
"real_name": "DirtyWord",
"display_name": "脏话",
"display_name": "DirtyWord",
"severity": "error",
"category": "convention",
"rule_title": "发现使用脏字",
"rule_params": "regex = (\\basshole\\b|\\bbitch\\b|\\bdamn\\s*you\\b|\\bfuck\\b|\\bgo\\s*to\\s*hell\\b|\\bshit\\b|\\bfatty\\b|\\bidiot\\b|爆菊|碧莲|婊子|草泥马|尼玛|丢你老母|法克鱿|狗屁|滚蛋|绿茶婊|去你大爷|去你妈的|我去你妹|死胖子|日你妈|弱智|他妈的|王八蛋|我靠|猪一样|菊花残|没屁眼|臭婊砸|贱逼|该死的|操你|去死吧|白痴|傻瓜|痴线|傻屌|傻逼|吃屎|捅你菊花|插你菊花|屁眼交易|卧槽|我操|丢雷老母|狗屎|混蛋|操蛋|妈蛋|老不死|你妈逼|干你妹的|操你妹的|表要脸|去他喵的|龟儿子|老王八|龟孙|我日|狗日的|猪脑|猪头|心机婊|我草|脑残)\nmsg = 发现使用脏字\"%s\"",
"rule_title": "Detecting the use of dirty words",
"rule_params": "regex = (\\basshole\\b|\\bbitch\\b|\\bdamn\\s*you\\b|\\bfuck\\b|\\bgo\\s*to\\s*hell\\b|\\bshit\\b|\\bfatty\\b|\\bidiot\\b|爆菊|碧莲|婊子|草泥马|尼玛|丢你老母|法克鱿|狗屁|滚蛋|绿茶婊|去你大爷|去你妈的|我去你妹|死胖子|日你妈|弱智|他妈的|王八蛋|我靠|猪一样|菊花残|没屁眼|臭婊砸|贱逼|该死的|操你|去死吧|白痴|傻瓜|痴线|傻屌|傻逼|吃屎|捅你菊花|插你菊花|屁眼交易|卧槽|我操|丢雷老母|狗屎|混蛋|操蛋|妈蛋|老不死|你妈逼|干你妹的|操你妹的|表要脸|去他喵的|龟儿子|老王八|龟孙|我日|狗日的|猪脑|猪头|心机婊|我草|脑残)\nmsg = Detecting the use of dirty word:\"%s\"",
"custom": true,
"languages": [],
"solution": "请使用文明用语",
"solution": "Please use civilized language",
"owner": null,
"labels": [],
"description": "发现使用脏字,请使用文明用语",
"description": "Found using dirty words, please use civilized language",
"disable": false
},
{
Expand Down Expand Up @@ -788,14 +788,14 @@
"display_name": " Http Hardcoded",
"severity": "error",
"category": "other",
"rule_title": "发现使用http硬编码",
"rule_title": "Found using http hardcoded",
"rule_params": "regex = ^(?!<!DOCTYPE\\s+plist\\s+PUBLIC\\s+\\\"-//Apple//DTD\\s*PLIST\\s*1\\.0//EN\\\"\\s+\\\").*(\\bhttp://).*$\r\ninclude = *.m;*.mm;*.h;*.cpp;*.lua;*.plist\r\nignore_comment = True",
"custom": true,
"languages": [],
"solution": null,
"owner": null,
"labels": [],
"description": "发现使用http硬编码。\r\n扫描不支持ATS的请求链接字符串,告警后进行修改。\r\n背景:\r\nWWDC 15 提出的 ATS (App Transport Security) 是 Apple 在推进网络通讯安全的一个重要方式。在 iOS 9 和 OS X 10.11 中,默认情况下非 HTTPS 的网络访问是被禁止的。作为过渡阶段,可以在 Info.plist 中添加 NSAppTransportSecurity 字典并且将 NSAllowsArbitraryLoads 设置为 YES 来禁用 ATS。WWDC 16 中,Apple 表示将继续在 iOS 10 和 macOS 10.12 里收紧对普通 HTTP 的访问限制。从 2017 年 1 月 1 日起,所有的新提交 app 默认是不允许使用 NSAllowsArbitraryLoads 来绕过 ATS 限制的,也就是说,我们最好保证 app 的所有网络请求都是 HTTPS 加密的,否则可能会在应用审核时遇到麻烦。\r\n参考:[Apple官方说明](https://developer.apple.com/library/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-SW1)",
"description": "Found using http hardcoded\r\nScan for request link strings that do not support ATS and modify them after alerting.\r\nBackground:\r\n ATS (App Transport Security), introduced at WWDC 15, is a key way Apple is advancing the security of network communications. In iOS 9 and OS X 10.11, non-HTTPS network access is disabled by default. As a transition, ATS can be disabled by adding the NSAppTransportSecurity dictionary to Info.plist and setting NSAllowsArbitraryLoads to YES. At WWDC 16, Apple said it will continue to tighten restrictions on general HTTP access in iOS 10 and macOS 10.12. As of January 1, 2017, all new app submissions will not be allowed to use NSAllowsArbitraryLoads to bypass the ATS restriction by default, which means we better make sure all network requests to the app are HTTPS encrypted, or we may run into trouble during app review.\r\nReference:[Apple official instruction](https://developer.apple.com/library/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-SW1)",
"disable": false
},
{
Expand Down Expand Up @@ -835,22 +835,22 @@
"display_name": "InnerMailLeak",
"severity": "warning",
"category": "security",
"rule_title": "扫描代码中包含的敏感信息-公司内部邮箱,以防泄漏,否则会为黑客提供明确的攻击目标和跳板",
"rule_params": "regex = @[a-zA-Z]*\\.com\r\nmsg = 可能包含公司内部邮箱“%s”,会导致内部邮箱泄漏,存在安全隐患,建议删除或者修改为无效邮箱。\r\nignore_comment = False",
"rule_title": "Scan for sensitive information contained in the code - inner company mail address to prevent leaks, otherwise this can provide a clear target and springboard for hackers",
"rule_params": "regex = @[a-zA-Z]*\\.com\r\nmsg = It may contain the company's inner mail address '%s', which will lead to inner mail leaks and security risks, it is suggested to delete or modify it as invalid mail address.\r\nignore_comment = False",
"custom": true,
"languages": [],
"solution": null,
"owner": null,
"labels": [],
"description": "#### 公司内部邮箱泄露\r\n黑客拿到内部邮箱信息后,在入侵前期可以定向发送钓鱼邮件攻击,在入侵时可以根据已知账户,爆破密码,存在一定的安全隐患"
"description": "#### Company inner mail address leaks\r\nAfter hackers get inner mail information, they can send targeted phishing mail attacks in the pre-invasion period, and can blast passwords according to known accounts during the invasion, which has certain security risks."
},
{
"real_name": "PassworkLeak",
"display_name": "PasswordLeak",
"severity": "warning",
"category": "security",
"rule_title": "扫描代码中包含的敏感信息-公司内部系统密码,以防泄漏,否则会大幅降低黑客入侵的难度",
"rule_params": "regex = (?!)(://[^:]+:([^@]+)@)|([\\'\"])([%s]+)(\\1)|(((pass(?!(ed)|(ing)))|password|passwd|pwd|secret|secrete|token)[^=,;\"']*('|\")?\\s*((={1,3})|:)\\s*((\"[^\"]+\")|('[^']+')))|(BEGIN RSA PRIVATE KEY)|(BEGIN DSA PRIVATE KEY)|(BEGIN EC PRIVATE KEY)|(BEGIN OPENSSH PRIVATE KEY)|(BEGIN PRIVATE KEY)|(PuTTY-User-Key-File-2)|(BEGIN SSH2 ENCRYPTED PRIVATE KEY)\r\nmsg = 可能包含公司系统密码“%s”,导致密码泄漏,建议删除或者替换为无关密码\r\nignore_comment = False",
"rule_title": "Scan for sensitive information contained in the code - passwords for inner company systems to prevent leaks, otherwise it will be easy to hack",
"rule_params": "regex = (?!)(://[^:]+:([^@]+)@)|([\\'\"])([%s]+)(\\1)|(((pass(?!(ed)|(ing)))|password|passwd|pwd|secret|secrete|token)[^=,;\"']*('|\")?\\s*((={1,3})|:)\\s*((\"[^\"]+\")|('[^']+')))|(BEGIN RSA PRIVATE KEY)|(BEGIN DSA PRIVATE KEY)|(BEGIN EC PRIVATE KEY)|(BEGIN OPENSSH PRIVATE KEY)|(BEGIN PRIVATE KEY)|(PuTTY-User-Key-File-2)|(BEGIN SSH2 ENCRYPTED PRIVATE KEY)\r\nmsg = It may contain the password '%s' of the company's system, which may lead to password leaks, so it is recommended to delete or replace it with an irrelevant password.\r\nignore_comment = False",
"custom": true,
"languages": [],
"solution": null,
Expand All @@ -863,14 +863,14 @@
"display_name": "InnerIPLeak",
"severity": "warning",
"category": "security",
"rule_title": "扫描代码中包含的敏感信息-公司内部IP,以防泄漏,否则会为黑客提供明确的攻击目标和跳板",
"rule_params": "regex = (?!127\\.0\\.0\\.1)(((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4})\r\nmsg = 可能包含公司内部IP信息“%s”,导致内部IP泄漏,建议删除IP或者修改为无关IP\r\nignore_comment = False",
"rule_title": "Scan for sensitive information contained in the code - inner company IP address to prevent leaks, otherwise this can provide a clear target and springboard for hackers",
"rule_params": "regex = (?!127\\.0\\.0\\.1)(((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4})\r\nmsg = It may contain the company's inner IP information '%s', resulting in inner IP leaks, it is recommended to delete the IP or modify it to irrelevant IP.\r\nignore_comment = False",
"custom": true,
"languages": [],
"solution": null,
"owner": null,
"labels": [],
"description": "#### 内部IP泄漏\r\n当黑客入侵到内部后,他不知道我们内部的各个系统的域名和IP地址是什么,如果轻易发起内网扫描反而会触发安全告警。此时通过泄露的内部域名、IP等信息,就为黑客提供了明确的攻击目标与跳板。\r\n#### 规则功能\r\n该规则支持检测项目代码中ipv4和ipv6地址\r\n\r\n规则会存在一定误报,建议开发介入进行review。",
"description": "#### Inner IP leaks\r\nWhen a hacker penetrates internally, he does not know what the domain names and IP addresses of our various inner systems are. If he initiates an intranet scan, he will trigger a security alarm. At this point through the leaked inner domain names, IP addresses and other information, it provides a clear target and springboard for hackers to attack.\r\n#### Rule feature\r\nThis rule supports detection of ipv4 and ipv6 addresses in the project code.\r\n\r\nThe rule will have certain false positives, it is recommended that the development intervene to review.",
"disable": false
},
{
Expand Down
12 changes: 6 additions & 6 deletions server/projects/main/apps/scan_conf/management/commands/open_source/regexscanner.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,33 +179,33 @@
"display_name": "DetectCssExpressionMethod",
"severity": "info",
"category": "security",
"rule_title": "检测css文件中的高危函数expression",
"rule_params": "regex=\\b(expression)\\s*\\(\nmsg=发现高危函数expression.\nignore_comment=True\ninclude=*.css",
"rule_title": "Detected high-risk method:expression() in css files",
"rule_params": "regex=\\b(expression)\\s*\\(\nmsg=Detected high-risk method:expression().\nignore_comment=True\ninclude=*.css",
"custom": false,
"languages": [
"css"
],
"solution": "",
"owner": null,
"labels": [],
"description": "检测css文件中的高危函数expression",
"description": "Detected high-risk method:expression() in css files",
"disable": false
},
{
"real_name": "detect-css-url-method",
"display_name": "DetectCssUrlMethod",
"severity": "info",
"category": "security",
"rule_title": "检测css文件中的高危函数url",
"rule_params": "regex=\\b(url)\\s*\\(\nmsg=发现高危函数url.\nignore_comment=True\ninclude=*.css",
"rule_title": "Detected high-risk method:url() in css files",
"rule_params": "regex=\\b(url)\\s*\\(\nmsg=Detected high-risk method:url().\nignore_comment=True\ninclude=*.css",
"custom": false,
"languages": [
"css"
],
"solution": "",
"owner": null,
"labels": [],
"description": "检测css文件中的高危函数url",
"description": "Detected high-risk method:url() in css files",
"disable": false
},
{
Expand Down