Detectors
Code Security comes with an industry's leading detector coverage with over 500 different detectors built-in, including machine learning
The process of using mathematical models to predict outcomes versus relying on a set of instructions. This is made possible by identifying patterns within data, building an analytical model, and using it to make predictions and decisions. Machine learning bears similarity to how humans learn, in that increased experience can increase accuracy. based detectors. You can use Code Security's detector toolkit to build your own detectors for any purpose you find suitable.
Creating a Detector Rule
You can create your own detector rule.
For example, if you want to create a detector rule for merchant IDs; MKAT82jv72D2g92a, MKAT02maibnwMw37s, MKAT10dmwugmwpz9 and so on:
-
Run:
Copy$ $HOME/.spectral/spectral init multi hello-rules --pattern "MKAT[0-9a-zA-Z]+" -
Code Security creates a detector rule:
Copyrules:
- id: RUL001
name: Your sample rule
pattern_group:
patterns:
- pattern: "MKAT[0-9a-zA-Z]+"
pattern_type: multi -
Use the detector rule:
Copy$ $HOME/.spectral/spectral run --just-ids RUL001 --nosend
If there are new merchant IDs; KAT__310527195, KAT__310527110, KAT__310527100 and so on, you can update and use the existing detector rule as follows:
rules:
- id: RUL001
name: Your sample rule
pattern_group:
patterns:
- pattern: "MKAT[0-9a-zA-Z]+"
pattern_type: multi
pattern: "KAT__[0-9]+"
pattern_type: multiHierarchical Expressions
Code Security runs a hierarchical matching engine, which means, a pattern - pattern expression within a pattern - pattern expression and so on.
For example, to add a condition if a KAT expression found and the file in which the expression is found must contain the word production:
rules:
- id: RUL001
name: Your sample rule
applies_to: # filter for the correct file pattern
- ".*\\.py$"
pattern_group:
patterns:
- pattern: "MKAT[0-9a-zA-Z]+"
pattern_type: regex
- pattern: "KAT__[0-9]+"
pattern_type: regex
pattern_group: # the same pattern group construct repeats
patterns:
- pattern: ".*production.*"
pattern_type: regexTesters
Each pattern can have an assortment of testers that are sub detectors for different types of data.
For example, to ensure that the last part of MKAT validates as a machine generated secret:
rules:
- id: RUL001
name: Your sample rule
applies_to: # filter for the correct file pattern
- ".*\\.py$"
pattern_group:
patterns:
- pattern: "MKAT[0-9a-zA-Z]+"
pattern_type: regex
- pattern: "KAT__(.+)"
pattern_type: regex
test_token:
- on: 1
is: trueYou can add any character in KAT__(.+) and Code Security uses machine learning based tester to find the right match.
Concepts
The Code Security rule engine contains basic constructs that in turn, have powerful knobs and switches. In combination, it makes for a robust query engine and static analyzer looking for security patterns.
Pattern
Patterns are the basic building blocks in Code Security. It is an expression you are searching in a text. Each pattern can optionally contain a pattern group, used as a verification or additional conditions on the pattern.
Pattern Group
A pattern group aggregates a bunch of patterns by a logic that you specify.
For example, for rules A, B, and C, you can create expressions like:
-
A and B and C
-
A or (B and C)
-
not A or (B and C)
Filtering and Tagging
You can activate a rule only for certain file path patterns. In addition, you can add tag to rules so that you can filter the rules. For example:
rules:
- id: RUL001
name: Your sample rule
applies_to: # filter for the correct file pattern
- ".*\\.py$"
tags:
- pythonFor more information on how to select categories of rules, see Configuring Code Security.