update chrome ext rule

rules/chromeext/CVI_4001.py

@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+
+"""
+    auto rule template
+    ~~~~
+    :author:    LoRexxar <LoRexxar@gmail.com>
+    :homepage:  https://github.com/LoRexxar/Kunlun-M
+    :license:   MIT, see LICENSE for more details.
+    :copyright: Copyright (c) 2017 LoRexxar. All rights reserved
+"""
+
+from utils.api import *
+
+
+class CVI_4001():
+    """
+    rule class
+    """
+
+    def __init__(self):
+
+        self.svid = 4001
+        self.language = "chromeext"
+        self.author = "LoRexxar"
+        self.vulnerability = "Manifest.json all_frames不正确的配置"
+        self.description = "Manifest.json all_frames为ture时允许攻击者从隐蔽的frame触发规则"
+
+        # status
+        self.status = True
+
+        # 部分配置
+        self.match_mode = "special-crx-keyword-match"
+        self.match = ['true']
+
+        # for solidity
+        self.match_name = None
+        self.black_list = None
+
+        # for chrome ext
+        self.keyword = r"content_scripts.*.all_frames"
+
+        # for regex
+        self.unmatch = []
+
+        self.vul_function = None
+
+    def main(self, regex_string):
+        """
+        regex string input
+        :regex_string: regex match string
+        :return:
+        """
+        pass

rules/chromeext/CVI_4002.py

@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+
+"""
+    auto rule template
+    ~~~~
+    :author:    LoRexxar <LoRexxar@gmail.com>
+    :homepage:  https://github.com/LoRexxar/Kunlun-M
+    :license:   MIT, see LICENSE for more details.
+    :copyright: Copyright (c) 2017 LoRexxar. All rights reserved
+"""
+
+from utils.api import *
+
+
+class CVI_4002():
+    """
+    rule class
+    """
+
+    def __init__(self):
+
+        self.svid = 4002
+        self.language = "chromeext"
+        self.author = "LoRexxar"
+        self.vulnerability = "Manifest.json CSP不安全的配置"
+        self.description = "Manifest.json CSP配置不当导致可以绕过"
+
+        # status
+        self.status = True
+
+        # 部分配置
+        self.match_mode = "special-crx-keyword-match"
+        self.match = ["'unsafe-inline'", "'unsafe-eval'", '*', None]
+
+        # for solidity
+        self.match_name = None
+        self.black_list = None
+
+        # for chrome ext
+        self.keyword = r"content-security-policy"
+
+        # for regex
+        self.unmatch = []
+
+        self.vul_function = None
+
+    def main(self, regex_string):
+        """
+        regex string input
+        :regex_string: regex match string
+        :return:
+        """
+        pass

rules/chromeext/CVI_4003.py

@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+
+"""
+    auto rule template
+    ~~~~
+    :author:    LoRexxar <LoRexxar@gmail.com>
+    :homepage:  https://github.com/LoRexxar/Kunlun-M
+    :license:   MIT, see LICENSE for more details.
+    :copyright: Copyright (c) 2017 LoRexxar. All rights reserved
+"""
+
+from utils.api import *
+
+
+class CVI_4003():
+    """
+    rule class
+    """
+
+    def __init__(self):
+
+        self.svid = 4003
+        self.language = "chromeext"
+        self.author = "LoRexxar"
+        self.vulnerability = "Manifest.json CSP Bypass"
+        self.description = "Manifest.json CSP配置了不可信任的域导致可以被绕过"
+
+        # status
+        self.status = True
+
+        # 部分配置
+        self.match_mode = "special-crx-keyword-match"
+        self.match = ['ajax\\.googleapis\\.com', 'raw\\.githubusercontent\\.com', 'github\\.io', '\\*\\.s3\\.amazonaws\\.com', '\\*\\.cloudfront\\.com', '\\*\\.herokuapp\\.com', 'dl\\.dropboxusercontent\\.com', '\\*\\.appspot\\.com', '\\*\\.googleusercontent\\.com', 'cdn\\.jsdelivr\\.net', 'cdnjs\\.cloudflare\\.com', 'code\\.angularjs\\.org', 'd\\.yimg\\.com', 'www\\.linkedin\\.com', '\\*\\.wikipedia\\.org']
+
+        # for solidity
+        self.match_name = None
+        self.black_list = None
+
+        # for chrome ext
+        self.keyword = r"content-security-policy"
+
+        # for regex
+        self.unmatch = []
+
+        self.vul_function = None
+
+    def main(self, regex_string):
+        """
+        regex string input
+        :regex_string: regex match string
+        :return:
+        """
+        pass

rules/chromeext/CVI_4004.py

@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+
+"""
+    auto rule template
+    ~~~~
+    :author:    LoRexxar <LoRexxar@gmail.com>
+    :homepage:  https://github.com/LoRexxar/Kunlun-M
+    :license:   MIT, see LICENSE for more details.
+    :copyright: Copyright (c) 2017 LoRexxar. All rights reserved
+"""
+
+from utils.api import *
+
+
+class CVI_4004():
+    """
+    rule class
+    """
+
+    def __init__(self):
+
+        self.svid = 4004
+        self.language = "chromeext"
+        self.author = "LoRexxar"
+        self.vulnerability = "Manifest.json permissions 要求权限过大"
+        self.description = "Manifest.json permissions 要求权限过大"
+
+        # status
+        self.status = True
+
+        # 部分配置
+        self.match_mode = "special-crx-keyword-match"
+        self.match = ['bookmarks', 'history', 'topSites', 'tabs', 'webNavigation', 'contentSettings', 'debugger', 'pageCapture', 'proxy', 'devtools_page', 'http://\\*/\\*', 'https://\\*/\\*', '\\*://\\*/\\*', '<all_urls>', 'http://\\*/', 'https://\\*/', 'management', 'mdns', 'geolocation', 'clipboardRead', 'privacy', 'signedInDevices', 'ttsEngine']
+
+        # for solidity
+        self.match_name = None
+        self.black_list = None
+
+        # for chrome ext
+        self.keyword = r"permissions"
+
+        # for regex
+        self.unmatch = []
+
+        self.vul_function = None
+
+    def main(self, regex_string):
+        """
+        regex string input
+        :regex_string: regex match string
+        :return:
+        """
+        pass

rules/chromeext/CVI_4104.py

@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+
+"""
+    auto rule template
+    ~~~~
+    :author:    LoRexxar <LoRexxar@gmail.com>
+    :homepage:  https://github.com/LoRexxar/Kunlun-M
+    :license:   MIT, see LICENSE for more details.
+    :copyright: Copyright (c) 2017 LoRexxar. All rights reserved
+"""
+
+from utils.api import *
+
+
+class CVI_4104():
+    """
+    rule class
+    """
+
+    def __init__(self):
+
+        self.svid = 4104
+        self.language = "chromeext"
+        self.author = "LoRexxar"
+        self.vulnerability = "Manifest.json permissions 要求权限过大"
+        self.description = "Manifest.json permissions 要求权限过大"
+
+        # status
+        self.status = True
+
+        # 部分配置
+        self.match_mode = "special-crx-keyword-match"
+        self.match = ['bookmarks', 'history', 'topSites', 'tabs', 'pageCapture', 'webRequest', 'downloads', 'sessions']
+
+        # for solidity
+        self.match_name = None
+        self.black_list = None
+
+        # for chrome ext
+        self.keyword = r"permissions"
+
+        # for regex
+        self.unmatch = []
+
+        self.vul_function = None
+
+    def main(self, regex_string):
+        """
+        regex string input
+        :regex_string: regex match string
+        :return:
+        """
+        pass

rules/chromeext/__init__.py

@@ -0,0 +1,6 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# @Time    : 2019/6/14 18:16
+# @Author  : LoRexxar
+# @File    : __init__.py.py
+# @Contact : lorexxar@gmail.com