ivangrynenko · kurtfoster · Mar 2, 2025 · Mar 2, 2025 · Mar 2, 2025 · Mar 2, 2025
diff --git a/.cursor/rules/cursor-rules.mdc b/.cursor/rules/cursor-rules.mdc
@@ -1,10 +1,5 @@
 ---
 description: Describes how and where to create Cursor Rules
-globs: 
-alwaysApply: false
----
----
-description: Cursor Rules Location
 globs: *.mdc
 ---
 # Cursor Rules Location
@@ -145,4 +140,4 @@ examples:
 metadata:
   priority: high
   version: 1.2
-</rule>
+</rule>
diff --git a/.cursor/rules/drupal-authentication-failures.mdc b/.cursor/rules/drupal-authentication-failures.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent identification and authentication failures in Drupal as defined in OWASP Top 10:2021-A07
+globs: *.php, *.install, *.module, *.inc, *.theme, *.yml
 alwaysApply: false
 ---
 # Drupal Identification and Authentication Failures Standards (OWASP A07:2021)

diff --git a/.cursor/rules/drupal-broken-access-control.mdc b/.cursor/rules/drupal-broken-access-control.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent broken access control vulnerabilities in Drupal as defined in OWASP Top 10:2021-A01
+globs: *.php, *.install, *.module, *.inc, *.theme
 alwaysApply: false
 ---
 # Drupal Broken Access Control Security Standards (OWASP A01:2021)

diff --git a/.cursor/rules/drupal-cryptographic-failures.mdc b/.cursor/rules/drupal-cryptographic-failures.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent cryptographic failures in Drupal as defined in OWASP Top 10:2021-A02
+globs: *.php, *.install, *.module, *.inc, *.theme
 alwaysApply: false
 ---
 # Drupal Cryptographic Failures Security Standards (OWASP A02:2021)

diff --git a/.cursor/rules/drupal-injection.mdc b/.cursor/rules/drupal-injection.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent injection vulnerabilities in Drupal as defined in OWASP Top 10:2021-A03
+globs: *.php, *.install, *.module, *.inc, *.theme
 alwaysApply: false
 ---
 # Drupal Injection Security Standards (OWASP A03:2021)

diff --git a/.cursor/rules/drupal-insecure-design.mdc b/.cursor/rules/drupal-insecure-design.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent insecure design patterns in Drupal as defined in OWASP Top 10:2021-A04
+globs: *.php, *.install, *.module, *.inc, *.theme, *.yml, *.info
 alwaysApply: false
 ---
 # Drupal Insecure Design Security Standards (OWASP A04:2021)

diff --git a/.cursor/rules/drupal-integrity-failures.mdc b/.cursor/rules/drupal-integrity-failures.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent software and data integrity failures in Drupal as defined in OWASP Top 10:2021-A08
+globs: *.php, *.install, *.module, *.inc, *.theme, *.yml, *.json
 alwaysApply: false
 ---
 # Drupal Software and Data Integrity Failures Standards (OWASP A08:2021)

diff --git a/.cursor/rules/drupal-logging-failures.mdc b/.cursor/rules/drupal-logging-failures.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent security logging and monitoring failures in Drupal as defined in OWASP Top 10:2021-A09
+globs: *.php, *.install, *.module, *.inc, *.theme, *.yml
 alwaysApply: false
 ---
 # Drupal Security Logging and Monitoring Failures Standards (OWASP A09:2021)

diff --git a/.cursor/rules/drupal-security-misconfiguration.mdc b/.cursor/rules/drupal-security-misconfiguration.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent security misconfigurations in Drupal as defined in OWASP Top 10:2021-A05
+globs: *.php, *.install, *.module, *.inc, *.theme, *.yml, *.info
 alwaysApply: false
 ---
 # Drupal Security Misconfiguration Standards (OWASP A05:2021)

diff --git a/.cursor/rules/drupal-ssrf.mdc b/.cursor/rules/drupal-ssrf.mdc
@@ -1,3 +1,8 @@
+---
+description: Detect and prevent Server-Side Request Forgery (SSRF) vulnerabilities in Drupal applications as defined in OWASP Top 10:2021-A10
+globs: *.php, *.inc, *.module, *.install, *.theme
+alwaysApply: false
+---
 # Drupal Server-Side Request Forgery Standards (OWASP A10:2021)
 
 This rule enforces security best practices to prevent Server-Side Request Forgery (SSRF) vulnerabilities in Drupal applications, as defined in OWASP Top 10:2021-A10.
@@ -31,7 +36,7 @@ actions:
         message: "Potential SSRF vulnerability: URL being constructed with variable concatenation. Use URL validation and allowlisting."
 
       # Pattern 5: Using file system wrappers which can lead to SSRF
-      - pattern: "file_get_contents\\([\"'](?:http|https|ftp|php|data|expect|zip|phar)://"
+      - pattern: "file_get_contents\\([\"'](mdc:?:http|https|ftp|php|data|expect|zip|phar)://"
         message: "Avoid using PHP wrappers with file operations that could lead to SSRF vulnerabilities."
 
       # Pattern 6: Bypassing local proxy settings
@@ -128,4 +133,4 @@ metadata:
     - "https://www.drupal.org/docs/develop/security-in-drupal/writing-secure-code-for-drupal"
     - "https://portswigger.net/web-security/ssrf"
     - "https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html"
-</rule> 
+</rule> 
diff --git a/.cursor/rules/drupal-vulnerable-components.mdc b/.cursor/rules/drupal-vulnerable-components.mdc
@@ -1,6 +1,6 @@
 ---
-description: 
-globs: 
+description: Detect and prevent vulnerabilities related to outdated or vulnerable components in Drupal as defined in OWASP Top 10:2021-A06
+globs: *.php, *.install, *.module, *.inc, *.theme, *.yml, *.info
 alwaysApply: false
 ---
 # Drupal Vulnerable and Outdated Components Standards (OWASP A06:2021)

diff --git a/.cursor/rules/git-commit-standards.mdc b/.cursor/rules/git-commit-standards.mdc
@@ -1,9 +1,5 @@
 ---
 description: Enforce structured Git commit messages.
-globs: 
----
----
-description: Git Commit Standards
 globs: .git/*
 ---
 # Git Commit Standards
@@ -51,4 +47,4 @@ actions:
 metadata:
   priority: high
   version: 1.1
-</rule>
+</rule>
diff --git a/.cursor/rules/govcms-saas.mdc b/.cursor/rules/govcms-saas.mdc
@@ -2,7 +2,6 @@
 description: This rule defines the constraints and best practices for working with GovCMS Distribution projects. The primary focus is theme-level development only, as the distribution's infrastructure and core functionality should remain unchanged.
 globs: 
 ---
----
 name: govcms-distribution-development-standards
 id: govcms_distribution
 
@@ -105,4 +104,4 @@ file_patterns:
     - "themes/*/fonts/**/*"
     - "themes/*/*.libraries.yml"
     - "themes/*/*.info.yml"
---- 
+--- 
diff --git a/.cursor/rules/improve-cursorrules-efficiency.mdc b/.cursor/rules/improve-cursorrules-efficiency.mdc
@@ -1,10 +1,5 @@
 ---
 description: AI Query Efficiency & Auto-Optimization
-globs: 
-alwaysApply: false
----
----
-description: AI Query Efficiency & Auto-Optimization
 globs: *.mdc
 ---
 # AI Query Efficiency & Auto-Optimization
@@ -116,4 +111,4 @@ examples:
 metadata:
   priority: critical
   version: 1.2
-</rule>
+</rule>