Updated dotnet rules

integraloddity · Sep 21, 2021 · 99fa5de · 99fa5de
1 parent f125d88
commit 99fa5de
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 2 deletions.
diff --git a/signatures/dotnet.db b/signatures/dotnet.db
@@ -39,6 +39,9 @@ new[[:space:]]+Cli[[:space:]]*\(.*
 (ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*[Rr]equest
 (LIMIT|limit)[[:space:]]+.*\+[[:space:]]*[Rr]equest\..*
 Process.Start[[:space:]]*\(.*\+
+\.Arguments[[:space:]]*=(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|.*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
+\.SelectNodes[[:space:]]*\(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
+ReadAllBytes[[:space:]]*\(.*[Rr]equest
 # DotNet input controls
 system.web.ui.htmlcontrols.htmlinputhidden
 system.web.ui.webcontrols.hiddenfield
@@ -169,7 +172,7 @@ StoredProcedure[[:space:]]*\(
 (LIKE|like)[[:space:]]+[^\(\)\;]+(\{[0-9]+\}|[\'\"][[:space:]]+\+)
 (ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*(\{[0-9]+\}|[\'\"][[:space:]]+\+)
 (LIMIT|limit)[[:space:]]+.*(\{[0-9]+\}|[\'\"][[:space:]]+\+)
-ServerCertificateValidationCallback
+ServerCertificateValidationCallback.*[Tt][Rr][Uu][Ee]
 checkCertificateName
 checkCertificateRevocationList
 # Dotnet XSS

diff --git a/signatures/dotnet/fruit.db b/signatures/dotnet/fruit.db
@@ -7,3 +7,6 @@
 (ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*[Rr]equest
 (LIMIT|limit)[[:space:]]+.*\+[[:space:]]*[Rr]equest\..*
 Process.Start[[:space:]]*\(.*\+
+\.Arguments[[:space:]]*=(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|.*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
+\.SelectNodes[[:space:]]*\(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
+ReadAllBytes[[:space:]]*\(.*[Rr]equest
diff --git a/signatures/dotnet/ssl.db b/signatures/dotnet/ssl.db
@@ -1,3 +1,3 @@
-ServerCertificateValidationCallback
+ServerCertificateValidationCallback.*[Tt][Rr][Uu][Ee]
 checkCertificateName
 checkCertificateRevocationList
diff --git a/signatures/fruit.db b/signatures/fruit.db
@@ -19,6 +19,9 @@ strnc(at|py)[[:space:]]*\([^,]+,[^,]+,[[:space:]]*strlen[[:space:]]*\([^\)]+\)[[
 (ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*[Rr]equest
 (LIMIT|limit)[[:space:]]+.*\+[[:space:]]*[Rr]equest\..*
 Process.Start[[:space:]]*\(.*\+
+\.Arguments[[:space:]]*=(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|.*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
+\.SelectNodes[[:space:]]*\(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
+ReadAllBytes[[:space:]]*\(.*[Rr]equest
 \.WriteString\(.*URL\.Query\(\).*\)
 \.Write\(.*URL.Query\(\).*\)
 \.Println\(.*URL.Query\(\).*\)