agentsqripts/config/securityPatterns.js

Comprehensive static code analysis toolkit for identifying technical debt, security vulnerabilities, performance issues, and code quality problems

/**
 * @file Security vulnerability pattern definitions for automated threat detection
 * @description Single responsibility: Define security patterns with cross-language vulnerability detection
 * 
 * This configuration module defines comprehensive security vulnerability patterns used by
 * the security analyzer to identify potential attack vectors, injection vulnerabilities,
 * and unsafe coding practices. It organizes patterns by language and vulnerability type
 * to enable precise security scanning across diverse technology stacks.
 * 
 * Design rationale:
 * - Cross-language patterns enable comprehensive security coverage
 * - Regex-based detection balances accuracy with performance requirements
 * - Severity classification enables risk-based vulnerability prioritization
 * - Category organization helps identify systematic security weaknesses
 * - Language-specific patterns handle framework and syntax variations
 */

// Security Pattern Constants

/**
 * Common vulnerability patterns applicable across multiple programming languages
 * 
 * Pattern structure rationale:
 * - name: Human-readable vulnerability identifier for clear reporting
 * - pattern: Regex for efficient pattern matching in code analysis
 * - severity: Risk level (HIGH=immediate threat, MEDIUM=potential risk, LOW=best practice)
 * - category: Vulnerability classification for systematic security assessment
 * - description: Clear explanation for developers and security teams
 * 
 * Cross-language security focus:
 * - SQL injection patterns that work across database technologies
 * - XSS vulnerabilities common in web applications regardless of backend
 * - Code injection patterns that transcend specific programming languages
 * - Input validation failures that appear in multiple contexts
 */
const COMMON_PATTERNS = [
  {
    name: 'SQL Injection',
    pattern: /query[^=]*=[^S]*SELECT[^+]*\+/i,
    severity: 'HIGH',
    category: 'Injection',
    description: 'Potential SQL injection vulnerability detected'
  },
  {
    name: 'XSS Vulnerability',
    pattern: /innerHTML\s*=\s*[^;]+;/,
    severity: 'HIGH',
    category: 'XSS',
    description: 'Potential XSS vulnerability via innerHTML'
  }
];

const JAVASCRIPT_PATTERNS = [
  {
    name: 'eval() Usage',
    pattern: new RegExp('eval\\s*\\('),
    severity: 'HIGH',
    category: 'Code Injection',
    description: 'Use of eval() function is dangerous'
  }
];

const PYTHON_PATTERNS = [
  {
    name: 'exec() Usage',
    pattern: /exec\s*\(/,
    severity: 'HIGH',
    category: 'Code Injection',
    description: 'Use of exec() function is dangerous'
  }
];

module.exports = {
  COMMON_PATTERNS,
  JAVASCRIPT_PATTERNS,
  PYTHON_PATTERNS
};