Rule Registry

Comprehensive collection of security rules across multiple programming languages. Detect vulnerabilities, enforce best practices, and improve code quality.

190
Total Rules
3
Languages
13
Categories

Browse by Language

Docker

Security and best practices rules for Dockerfiles

37 rules
4 categories

Docker Compose

Security rules for Docker Compose configurations

10 rules
1 categories

Python

Security rules for Python applications

143 rules
8 categories

Popular Categories

Python

Flask Security

21 rules · SQL injection, XSS, SSRF, SSTI

Python

Django Security

24 rules · ORM injection, XSS, CSRF, command injection

Docker

Container Security

37 rules · Dockerfile best practices, secrets, misconfigs

Python

Cryptography

23 rules · weak ciphers, broken hashes, small key sizes

Browse All Rules

Explore 190 security rules across 13 categories

AuditDocker · 2 rules
Dockerfile Source Not PinnedPrivileged Port Exposed
View all Audit rules →
Best PracticeDocker · 28 rules
Base Image Uses :latest TagDeprecated MAINTAINER Instructionapt-get Without --no-install-recommendsAvoid apt-get upgradeAvoid dnf updateMissing pipefail in Shell CommandsPrefer COPY Over ADDMissing yum clean allMissing dnf clean allRemove apt Package ListsPrefer JSON Notation for CMD/ENTRYPOINTUse WORKDIR Instead of cdUse Absolute Path in WORKDIRAvoid zypper updateMissing zypper cleanMissing -y flag for apt-getMissing HEALTHCHECK InstructionPrefer apt-get over aptInstall Only One of wget or curlMissing -y flag for yumMissing -y flag for dnfAvoid --platform Flag with FROMAvoid apk upgradeAvoid yum updateNonsensical Commandapk add Without --no-cachepip install Without --no-cache-dirMissing Image Version
View all Best Practice rules →
CorrectnessDocker · 3 rules
Multiple ENTRYPOINT InstructionsMultiple CMD InstructionsInvalid Port Number
View all Correctness rules →
SecurityDocker · 4 rules
Sudo Usage in DockerfileContainer Running as Root - Missing USERSecret in Build ArgumentDocker Socket Mounted as Volume
View all Security rules →
SecurityDocker Compose · 10 rules
Container Filesystem is WritableUsing Host IPC ModeMissing no-new-privileges Security OptionSELinux Separation DisabledService Running in Privileged ModeDocker Socket Exposed to ContainerSeccomp Confinement DisabledUsing Host Network ModeDangerous Capability AddedUsing Host PID Mode
View all Security rules →
AWS LambdaPython · 14 rules
Lambda Command Injection via os.system()Lambda Command Injection via subprocessLambda Command Injection via os.spawn*()Lambda Command Injection via asyncio.create_subprocess_shell()Lambda Command Injection via asyncio.create_subprocess_exec()Lambda SQL Injection via psycopg2 cursor.execute()Lambda SQL Injection via pymssql cursor.execute()Lambda SQL Injection via PyMySQL cursor.execute()Lambda SQL Injection via SQLAlchemy execute()Lambda Tainted SQL String ConstructionLambda DynamoDB FilterExpression InjectionLambda XSS via Tainted HTML Response BodyLambda Code Injection via eval() or exec()Lambda Remote Code Execution via Pickle Deserialization
View all AWS Lambda rules →
CryptographyPython · 23 rules
RC4 (ARC4) Cipher Usage via cryptography LibraryRC4 (ARC4) Cipher Usage via PyCryptodomeBlowfish Cipher Usage via cryptography LibraryBlowfish Cipher Usage via PyCryptodomeIDEA Cipher Usage via cryptography LibraryRC2 (ARC2) Cipher Usage via PyCryptodomeDES Cipher Usage via PyCryptodomeTriple DES (3DES) Cipher Usage via PyCryptodomeXOR Cipher Usage via PyCryptodomeInsecure MD5 Hash (cryptography)Insecure SHA1 Hash (cryptography)Insecure MD5 Hash (PyCryptodome)Insecure MD4 Hash (PyCryptodome)Insecure MD2 Hash (PyCryptodome)Insecure SHA1 Hash (PyCryptodome)Insufficient RSA Key Size (cryptography lib)Insufficient DSA Key Size (cryptography lib)EC Key Generation Audit (cryptography lib)Insufficient RSA Key Size (PyCryptodome)Insufficient DSA Key Size (PyCryptodome)ECB Mode Usage (cryptography lib)Unauthenticated Cipher Mode Audit (cryptography lib)AES Cipher Mode Audit (PyCryptodome)
View all Cryptography rules →
DjangoPython · 23 rules
Django SQL Injection via cursor.execute()Django SQL Injection via QuerySet.raw()Django SQL Injection via QuerySet.extra()Django SQL Injection via RawSQL ExpressionRaw SQL Usage Audit via RawSQL ExpressionDjango Tainted SQL String ConstructionDjango Command Injection via os.system()Django Command Injection via subprocessDjango Code Injection via eval()Django Code Injection via exec()Django globals() Misuse for Arbitrary Code ExecutionDjango SSRF via requests LibraryDjango SSRF via urllibDjango Path Traversal via os.path.join()Django XSS via Direct HttpResponse with User InputDjango mark_safe() Usage AuditDjango SafeString Subclass AuditDjango XSS in HTML Email Body via EmailMessageDjango XSS in send_mail html_message ParameterDjango Insecure Cookie Settings via set_cookie()Django Insecure Deserialization of Request DataDjango Empty Password in set_password()Django Default Empty Password Value via flows()
View all Django rules →
FlaskPython · 21 rules
Flask Debug Mode EnabledFlask Bound to All InterfacesFlask CORS Wildcard OriginFlask url_for with _external=TrueFlask render_template_string UsageFlask Cookie Without Secure FlagsFlask Command Injection via subprocessFlask SQL Injection via Tainted StringFlask Code Injection via eval()Flask Code Injection via exec()Flask SSRF via requests LibraryFlask Path Traversal via open()Flask CSV InjectionFlask NaN Injection via float()Flask SSRF via Tainted URL HostFlask Open RedirectFlask Server-Side Template Injection (SSTI)Flask Insecure Static File ServeFlask Hashids with Secret Key as SaltFlask Direct Use of Jinja2Flask Explicit Unescape with Markup
View all Flask rules →
JWTPython · 5 rules
JWT Hardcoded SecretJWT None AlgorithmUnverified JWT DecodeJWT Exposed CredentialsJWT User Input in Payload
View all JWT rules →
Python CorePython · 54 rules
Dangerous eval() Usage DetectedDangerous exec() Usage DetectedDangerous code.InteractiveConsole UsageDangerous globals() Usage DetectedNon-literal Dynamic Import DetectedDangerous typing.get_type_hints() UsageDangerous os.system() or os.popen() CallDangerous os.exec*() CallDangerous os.spawn*() CallShell Command with Wildcard CharacterPython Reverse Shell Pattern DetectedDangerous subprocess Usagesubprocess Called with shell=TrueDangerous asyncio Shell ExecutionDangerous subinterpreters run_string() UsageInsecure MD5 Hash UsageInsecure SHA-1 Hash UsageInsecure Hash via hashlib.new()SHA-224 or SHA3-224 Weak Hash UsageMD5 Used for Password HashingPickle Deserialization of Untrusted DataPyYAML Unsafe Load Functionjsonpickle Deserialization Detectedruamel.yaml Unsafe Loader Configurationmarshal Deserialization Detectedshelve Module Usage Detecteddill Deserialization DetectedUnverified SSL Context CreatedWeak SSL/TLS Protocol VersionDeprecated ssl.wrap_socket() UsageCertificate Validation Disabled (verify=False)Insecure HTTP Connection via http.clientHTTP Request Without TLS (requests library)Insecure urllib.request.urlopen() UsageInsecure urllib Request Object UsageFTP Without TLS (ftplib.FTP)telnetlib Usage DetectedSocket Bound to All Interfaces (0.0.0.0)Paramiko Implicit Host Key Trust (AutoAddPolicy)Paramiko exec_command() Usagemultiprocessing Connection.recv() Usagepsycopg2 SQL Injection via String FormattingFormatted SQL Query Passed to cursor.execute()Insecure XML Parsing (XXE Vulnerability)Insecure xml.dom.minidom Usage (XXE)Insecure xmlrpc Usage (XXE Risk)Mako Template Usage Detectedcsv.writer Audit (Formula Injection Risk)UUID Version 1 Leaks MAC AddressInsecure File Permissions via os.chmodHardcoded Password in Default Function ArgumentRegex DoS Risklogging.config.listen() Eval RiskLogger Credential Leak Risk
View all Python Core rules →
PyramidPython · 2 rules
Pyramid CSRF Check Disabled GloballyPyramid Direct Response XSS
View all Pyramid rules →
DeserializationPython · 1 rules
Unsafe Pickle Deserialization
View all Deserialization rules →

Contribute to the Registry

Have a security rule to share? Contribute to our open-source registry and help the community build safer software.

Contribute on GitHub