diff --git a/.claude/skills/add-ave-record/SKILL.md b/.claude/skills/add-ave-record/SKILL.md index df71f4f..b6c64ab 100644 --- a/.claude/skills/add-ave-record/SKILL.md +++ b/.claude/skills/add-ave-record/SKILL.md @@ -26,16 +26,19 @@ Include the evidence fields: - evidence_basis_engines - derivable_into -### 4. Write the detection rule -One of: rules/pattern/, rules/yara/, rules/semgrep/. -Must reference the ave_id. - -### 5. Write fixtures (TDD — fixtures first) -tests/fixtures/AVE-YYYY-NNNNN_positive.md — MUST trigger -tests/fixtures/AVE-YYYY-NNNNN_negative.md — MUST NOT trigger +### 4. Write conformance fixtures (TDD — fixtures first) +tests/fixtures/AVE-YYYY-NNNNN_positive.md — a conforming implementation MUST flag this +tests/fixtures/AVE-YYYY-NNNNN_negative.md — a conforming implementation MUST NOT flag this The negative fixture is the false-positive guard. Make it realistic — a benign file that looks similar to the malicious one. +### 5. Open a coordinated detection-rule PR +Detection rule implementations (pattern, YARA, semgrep, or anything else) +are implementation artifacts, not standard artifacts — they live in +whichever tool implements against this standard, not in this repo. Open a +PR in that tool's own repo (e.g. bawbel/scanner) referencing the ave_id and +the fixtures above; see CONTRIBUTING.md Step 4. + ### 6. Validate ```bash python scripts/validate_records.py diff --git a/.claude/skills/handoff/SKILL.md b/.claude/skills/handoff/SKILL.md index b31e578..e899087 100644 --- a/.claude/skills/handoff/SKILL.md +++ b/.claude/skills/handoff/SKILL.md @@ -9,8 +9,8 @@ Start: read most recent, run python scripts/validate_records.py. ## Completed - records/AVE-2026-00049.json — header injection (BadHost) record added -- rules/semgrep/ave-2026-00049.yaml — detection rule - tests/fixtures/AVE-2026-00049_positive.md + _negative.md +- Coordinated detection-rule PR opened in bawbel/scanner, referencing AVE-2026-00049 ## Status python scripts/validate_records.py → all valid diff --git a/.github/workflows/notify-ave-site.yml b/.github/workflows/notify-ave-site.yml index f46edf4..5d5f7a0 100644 --- a/.github/workflows/notify-ave-site.yml +++ b/.github/workflows/notify-ave-site.yml @@ -1,16 +1,16 @@ name: Notify ave-site on records update -# This workflow lives in bawbel/ave. +# This workflow lives in aveproject/ave. # Place it at: .github/workflows/notify-ave-site.yml # -# When records, schema, or rules change on main, it fires a -# repository_dispatch to bawbel/ave-site so the site rebuilds automatically. +# When records or schema change on main, it fires a +# repository_dispatch to aveproject/ave-site so the site rebuilds automatically. # # Required secret: AVE_SITE_DEPLOY_TOKEN # Create a fine-grained PAT with: -# - Repository: bawbel/ave-site +# - Repository: aveproject/ave-site # - Permissions: Contents (read), Actions (write) -# Add it as a secret named AVE_SITE_DEPLOY_TOKEN in bawbel/ave settings. +# Add it as a secret named AVE_SITE_DEPLOY_TOKEN in aveproject/ave settings. on: push: @@ -18,7 +18,6 @@ on: paths: - "records/**" - "schema/**" - - "rules/**" jobs: notify: @@ -26,11 +25,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Dispatch to bawbel/ave-site + - name: Dispatch to aveproject/ave-site uses: peter-evans/repository-dispatch@v3 with: token: ${{ secrets.AVE_SITE_DEPLOY_TOKEN }} - repository: bawbel/ave-site + repository: aveproject/ave-site event-type: ave-records-updated client-payload: | { diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0a5e763..5c5ad93 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -27,11 +27,8 @@ jobs: - name: Validate all records against the schema run: python scripts/validate_records.py - - name: Check every rule has positive and negative fixtures + - name: Check every record has positive and negative conformance fixtures run: python scripts/check_fixtures.py - - name: Check every record has a detection rule - run: python scripts/check_rule_coverage.py - - - name: Run tests with coverage (rules/) - run: pytest tests/ -x -q --cov=rules --cov-report=term-missing --cov-fail-under=95 + - name: Run tests + run: pytest tests/ -x -q diff --git a/CLAUDE.md b/CLAUDE.md index 815caae..a6f57c2 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -83,9 +83,15 @@ Full reference: aveproject.org/schema.html Use the add-ave-record skill. Every record requires: 1. A JSON record in records/ validating against the schema -2. At least one detection rule (pattern, yara, or semgrep) -3. A positive fixture in tests/fixtures/ that must trigger -4. A negative fixture in tests/fixtures/ that must NOT trigger +2. A positive fixture in tests/fixtures/ that a conforming implementation + must flag +3. A negative fixture in tests/fixtures/ that a conforming implementation + must not flag + +Detection rule implementations (pattern, YARA, semgrep, or anything else) +are implementation artifacts, not standard artifacts. They live in whichever +tool implements against this standard — open a coordinated PR in that +tool's own repo (see CONTRIBUTING.md Step 4). Open an issue first to confirm the id. A new ave_id is only for a genuinely distinct behavioral class — variants go as sub-case notes @@ -127,10 +133,9 @@ npm run build:local # build records.js for ave-site # Python validation pip install -e ".[dev]" -pytest tests/ -x -q # validate all records + rules +pytest tests/ -x -q # validate records + fixtures python scripts/validate_records.py # schema-check every record -python scripts/check_rule_coverage.py # every record has >= 1 rule -python scripts/check_fixtures.py # every rule has +/- fixtures +python scripts/check_fixtures.py # every record has +/- fixtures ``` --- @@ -140,7 +145,8 @@ python scripts/check_fixtures.py # every rule has +/- fixtures 1. Every record validates against schema/ave-record-1.1.0.schema.json. 2. confidence NEVER appears in an AVE record — it is per-detection. 3. Behavioral fingerprints over signatures — describe what it DOES. -4. Every record has at least one rule and a positive + negative fixture. +4. Every record has a positive + negative conformance fixture. Detection + rule implementations live in the implementing tool's own repo, not here. 5. ave_id is immutable once published. Never renumber. Deprecate, never delete. 6. severity and aivss.aivss_score must agree (CRITICAL implies >= 9.0). 7. All names from LANGUAGE.md. diff --git a/LANGUAGE.md b/LANGUAGE.md index 08e0fca..6907c18 100644 --- a/LANGUAGE.md +++ b/LANGUAGE.md @@ -60,15 +60,16 @@ Optional. The kind of agent component this class primarily affects. ## Rules and fixtures -**Rule** — a detection implementation for an AVE class. One class may have -rules across multiple engines. Lives in rules/pattern/, rules/yara/, -rules/semgrep/. +**Rule** — a detection implementation for an AVE class. An implementation +artifact, not a standard artifact; lives in whichever tool implements +against this standard, not in this repo. -**PositiveFixture** — a test file that MUST trigger the rule. -Lives in tests/fixtures/. +**PositiveFixture** — a test file that a conforming implementation MUST +flag. Lives in tests/fixtures/. -**NegativeFixture** — a benign test file that MUST NOT trigger the rule. -The false-positive guard. A rule without a negative fixture is incomplete. +**NegativeFixture** — a benign test file that a conforming implementation +MUST NOT flag. The false-positive guard. A record without a negative +fixture is incomplete. --- diff --git a/pyproject.toml b/pyproject.toml index c459472..f56bcf1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -16,18 +16,12 @@ dev = [ ] # Not a Python library -- nothing here imports "bawbel_ave" as a package. -# scripts/ are run directly (python scripts/foo.py) and tests/ load rule -# files dynamically. This pyproject.toml exists for dependency and pytest -# config only, so tell setuptools there's no package to discover/build. +# scripts/ are run directly (python scripts/foo.py) and tests/ check +# records and fixtures directly. This pyproject.toml exists for dependency +# and pytest config only, so tell setuptools there's no package to +# discover/build. [tool.setuptools] packages = [] [tool.pytest.ini_options] -testpaths = ["tests"] - -[tool.coverage.run] -# Scoped to rules/ deliberately: that's the code pytest's fixture-driven tests -# actually exercise (CLAUDE.md's TDD loop). scripts/ holds one-time migration -# and validation tooling that isn't meant to carry unit-test coverage in the -# same sense -- validate_records.py's "test" is that it validates every record. -source = ["rules"] \ No newline at end of file +testpaths = ["tests"] \ No newline at end of file diff --git a/rules/pattern/AVE-2026-00001.py b/rules/pattern/AVE-2026-00001.py deleted file mode 100644 index ebcb549..0000000 --- a/rules/pattern/AVE-2026-00001.py +++ /dev/null @@ -1,21 +0,0 @@ -import re - -# What: pattern rule for metamorphic payload via external config fetch -# Why: detects behavioral IOCs defined in AVE-2026-00001 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-external-config-fetch", - "ave_id": "AVE-2026-00001", - "patterns": [ - re.compile(r"requests\.get\s*\(\s*['\"]https?://", re.I), - re.compile(r"\bcurl\s+https?://", re.I), - re.compile(r"\bwget\s+https?://", re.I), - re.compile(r"fetch\s+(?:your\s+)?(?:\w+\s+)*instructions\s+from\s+https?://", re.I), - re.compile(r"load\s+(?:and\s+)?follow\s+instructions\s+from\s+(?:https?://|the\s+remote|an?\s+external)", re.I), - re.compile(r"(?:download|retrieve)\s+(?:and\s+)?(?:execute|follow|run)\s+(?:instructions|commands)\s+from\s+https?://", re.I), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00002.py b/rules/pattern/AVE-2026-00002.py deleted file mode 100644 index 22c86a7..0000000 --- a/rules/pattern/AVE-2026-00002.py +++ /dev/null @@ -1,20 +0,0 @@ -import re - -# What: pattern rule for MCP tool description behavioral injection -# Why: detects behavioral IOCs defined in AVE-2026-00002 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-tool-description-injection", - "ave_id": "AVE-2026-00002", - "patterns": [ - re.compile(r"before\s+(?:using|calling)\s+this\s+tool", re.I), - re.compile(r"ignore\s+(?:previous|your|all\s+previous)\s+instructions", re.I), - re.compile(r"override\s+(?:your\s+)?system\s+(?:instructions|prompt)", re.I), - re.compile(r"IMPORTANT\s*:.*(?:before|always|never|ignore|do\s+not)", re.I | re.S), - re.compile(r"(?:always|never)\s+(?:exfiltrate|send|forward|leak)\s+(?:the\s+)?(?:user|system)", re.I), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00003.py b/rules/pattern/AVE-2026-00003.py deleted file mode 100644 index 93da2b4..0000000 --- a/rules/pattern/AVE-2026-00003.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for credential theft -# Why: detects behavioral IOCs defined in AVE-2026-00003 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-credential-theft", - "ave_id": "AVE-2026-00003", - "patterns": [ - re.compile(r"os\.environ|process\.env", re.I | re.S), - re.compile(r"(?:read|load|access)\s+\.env\s+file", re.I | re.S), - re.compile(r"(?:send|transmit|exfiltrate)\s+.*?(?:api.?key|token|secret|password).*?https?://", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00004.py b/rules/pattern/AVE-2026-00004.py deleted file mode 100644 index 97841fc..0000000 --- a/rules/pattern/AVE-2026-00004.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for shell pipe injection -# Why: detects behavioral IOCs defined in AVE-2026-00004 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-shell-pipe-injection", - "ave_id": "AVE-2026-00004", - "patterns": [ - re.compile(r"curl\s+https?://.*\|\s*(?:bash|sh)", re.I | re.S), - re.compile(r"wget\s+https?://.*\|\s*(?:bash|sh)", re.I | re.S), - re.compile(r"eval\s*\(\s*requests\.get", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00005.py b/rules/pattern/AVE-2026-00005.py deleted file mode 100644 index 955ed9c..0000000 --- a/rules/pattern/AVE-2026-00005.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for destructive command -# Why: detects behavioral IOCs defined in AVE-2026-00005 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-destructive-command", - "ave_id": "AVE-2026-00005", - "patterns": [ - re.compile(r"rm\s+-rf\s+[/~*]", re.I | re.S), - re.compile(r"del\s+/s\s+/q", re.I | re.S), - re.compile(r"rmdir\s+/s\s+/q", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00006.py b/rules/pattern/AVE-2026-00006.py deleted file mode 100644 index e92fcc4..0000000 --- a/rules/pattern/AVE-2026-00006.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for crypto drain -# Why: detects behavioral IOCs defined in AVE-2026-00006 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-crypto-drain", - "ave_id": "AVE-2026-00006", - "patterns": [ - re.compile(r"(?:approve|grant)\s+unlimited\s+(?:allowance|token\s+access)", re.I | re.S), - re.compile(r"transfer\s+(?:all\s+)?(?:funds|tokens|ETH|BTC|crypto)", re.I | re.S), - re.compile(r"0x[0-9a-fA-F]{40}", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00007.py b/rules/pattern/AVE-2026-00007.py deleted file mode 100644 index 03de074..0000000 --- a/rules/pattern/AVE-2026-00007.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for goal hijack -# Why: detects behavioral IOCs defined in AVE-2026-00007 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-goal-hijack", - "ave_id": "AVE-2026-00007", - "patterns": [ - re.compile(r"ignore\s+all\s+previous\s+instructions", re.I | re.S), - re.compile(r"your\s+(?:new|real)\s+(?:task|instructions?)\s+(?:is|are)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00008.py b/rules/pattern/AVE-2026-00008.py deleted file mode 100644 index 0f7a474..0000000 --- a/rules/pattern/AVE-2026-00008.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for self replication -# Why: detects behavioral IOCs defined in AVE-2026-00008 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-self-replication", - "ave_id": "AVE-2026-00008", - "patterns": [ - re.compile(r"(?:modify|edit|append\s+to)\s+\.(?:bashrc|profile|zshrc)", re.I | re.S), - re.compile(r"(?:cron\s+job|crontab|systemd\s+service)", re.I | re.S), - re.compile(r"run\s+in\s+the\s+background|always\s+be\s+available", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00009.py b/rules/pattern/AVE-2026-00009.py deleted file mode 100644 index 39caa00..0000000 --- a/rules/pattern/AVE-2026-00009.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for jailbreak -# Why: detects behavioral IOCs defined in AVE-2026-00009 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-jailbreak", - "ave_id": "AVE-2026-00009", - "patterns": [ - re.compile(r"(?:pretend|act\s+as\s+if)\s+you\s+are\s+(?:a\s+)?(?:different|unrestricted|new)\s+AI", re.I | re.S), - re.compile(r"DAN\s+mode|developer\s+mode|jailbreak", re.I | re.S), - re.compile(r"forget\s+(?:that\s+)?you\s+are\s+an\s+AI", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00010.py b/rules/pattern/AVE-2026-00010.py deleted file mode 100644 index 8969006..0000000 --- a/rules/pattern/AVE-2026-00010.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for hidden instruction -# Why: detects behavioral IOCs defined in AVE-2026-00010 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-hidden-instruction", - "ave_id": "AVE-2026-00010", - "patterns": [ - re.compile(r"do\s+not\s+(?:tell|reveal|disclose)\s+(?:the\s+)?user", re.I | re.S), - re.compile(r"keep\s+this\s+(?:hidden|secret)", re.I | re.S), - re.compile(r"this\s+message\s+must\s+be\s+secret", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00011.py b/rules/pattern/AVE-2026-00011.py deleted file mode 100644 index 6c44628..0000000 --- a/rules/pattern/AVE-2026-00011.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for dynamic tool call -# Why: detects behavioral IOCs defined in AVE-2026-00011 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-dynamic-tool-call", - "ave_id": "AVE-2026-00011", - "patterns": [ - re.compile(r"call\s+(?:this|the)\s+tool\s+with\s+(?:the\s+)?following\s+parameters", re.I | re.S), - re.compile(r"invoke\s+(?:tool|function)\s+.*?\s+with\s+(?:parameters?|args?)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00012.py b/rules/pattern/AVE-2026-00012.py deleted file mode 100644 index e9d64b3..0000000 --- a/rules/pattern/AVE-2026-00012.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for permission grant -# Why: detects behavioral IOCs defined in AVE-2026-00012 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-permission-grant", - "ave_id": "AVE-2026-00012", - "patterns": [ - re.compile(r"you\s+(?:now\s+)?have\s+permission\s+to", re.I | re.S), - re.compile(r"you\s+are\s+now\s+allowed\s+to", re.I | re.S), - re.compile(r"(?:your\s+)?restrictions\s+have\s+been\s+(?:lifted|removed|disabled)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00013.py b/rules/pattern/AVE-2026-00013.py deleted file mode 100644 index 876e34c..0000000 --- a/rules/pattern/AVE-2026-00013.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for pii theft -# Why: detects behavioral IOCs defined in AVE-2026-00013 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-pii-theft", - "ave_id": "AVE-2026-00013", - "patterns": [ - re.compile(r"(?:collect|gather|extract)\s+(?:name|email|phone|address|SSN|credit\s+card)", re.I | re.S), - re.compile(r"(?:send|transmit|upload)\s+.*?(?:personal|PII|contact\s+data)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00014.py b/rules/pattern/AVE-2026-00014.py deleted file mode 100644 index d3cfeb2..0000000 --- a/rules/pattern/AVE-2026-00014.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for trust escalation -# Why: detects behavioral IOCs defined in AVE-2026-00014 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-trust-escalation", - "ave_id": "AVE-2026-00014", - "patterns": [ - re.compile(r"(?:I\s+am|This\s+is)\s+(?:Anthropic|OpenAI|Google|Microsoft|your\s+developer)", re.I | re.S), - re.compile(r"(?:developer|operator|creator)\s+override", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00015.py b/rules/pattern/AVE-2026-00015.py deleted file mode 100644 index ad97e8b..0000000 --- a/rules/pattern/AVE-2026-00015.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for system prompt leak -# Why: detects behavioral IOCs defined in AVE-2026-00015 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-system-prompt-leak", - "ave_id": "AVE-2026-00015", - "patterns": [ - re.compile(r"(?:reveal|show|print|output|repeat)\s+(?:your\s+)?system\s+prompt", re.I | re.S), - re.compile(r"what\s+are\s+your\s+(?:exact\s+)?(?:instructions|guidelines|rules)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00016.py b/rules/pattern/AVE-2026-00016.py deleted file mode 100644 index 7860fef..0000000 --- a/rules/pattern/AVE-2026-00016.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for rag retrieval injection -# Why: detects behavioral IOCs defined in AVE-2026-00016 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-rag-retrieval-injection", - "ave_id": "AVE-2026-00016", - "patterns": [ - re.compile(r"(?:when\s+retrieved|upon\s+retrieval|if\s+this\s+document\s+is\s+read)", re.I | re.S), - re.compile(r"(?:the\s+AI|the\s+LLM|the\s+assistant)\s*[:,]?\s*(?:please|must|should|do)\b", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00017.py b/rules/pattern/AVE-2026-00017.py deleted file mode 100644 index 2a9d4f9..0000000 --- a/rules/pattern/AVE-2026-00017.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for server impersonation -# Why: detects behavioral IOCs defined in AVE-2026-00017 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-server-impersonation", - "ave_id": "AVE-2026-00017", - "patterns": [ - re.compile(r"(?:official|verified|certified)\s+(?:Anthropic|OpenAI|MCP)\s+(?:server|tool)", re.I | re.S), - re.compile(r"(?:override|supersede)\s+(?:other|all)\s+MCP\s+servers?", re.I | re.S), - re.compile(r"(?:Anthropic|OpenAI)-(?:verified|approved|certified)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00018.py b/rules/pattern/AVE-2026-00018.py deleted file mode 100644 index f77e537..0000000 --- a/rules/pattern/AVE-2026-00018.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for result manipulation -# Why: detects behavioral IOCs defined in AVE-2026-00018 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-result-manipulation", - "ave_id": "AVE-2026-00018", - "patterns": [ - re.compile(r"(?:modify|alter|change|replace)\s+(?:the\s+)?tool\s+(?:results?|output)", re.I | re.S), - re.compile(r"(?:hide|suppress|omit)\s+(?:errors?|values?)\s+from\s+(?:results?|output)", re.I | re.S), - re.compile(r"(?:fabricate|invent)\s+(?:results?|data)\s+when", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00019.py b/rules/pattern/AVE-2026-00019.py deleted file mode 100644 index 5de3acc..0000000 --- a/rules/pattern/AVE-2026-00019.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for memory poisoning -# Why: detects behavioral IOCs defined in AVE-2026-00019 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-memory-poisoning", - "ave_id": "AVE-2026-00019", - "patterns": [ - re.compile(r"(?:write\s+to|store\s+in|save\s+to)\s+(?:memory|your\s+memory)", re.I | re.S), - re.compile(r"remember\s+permanently", re.I | re.S), - re.compile(r"(?:false\s+facts?|elevated\s+permissions?)\s+(?:to\s+be\s+)?stored\s+in\s+memory", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00020.py b/rules/pattern/AVE-2026-00020.py deleted file mode 100644 index fe8e6a8..0000000 --- a/rules/pattern/AVE-2026-00020.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for cross agent a2a injection -# Why: detects behavioral IOCs defined in AVE-2026-00020 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-cross-agent-a2a-injection", - "ave_id": "AVE-2026-00020", - "patterns": [ - re.compile(r"(?:sub-agent|worker\s+agent|downstream\s+agent|child\s+agent)\s*[:,]\s*(?:please|must|ignore|do\b)", re.I | re.S), - re.compile(r"override\s+orchestrator\s+directives", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00021.py b/rules/pattern/AVE-2026-00021.py deleted file mode 100644 index 715dbd3..0000000 --- a/rules/pattern/AVE-2026-00021.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for hitl bypass -# Why: detects behavioral IOCs defined in AVE-2026-00021 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-hitl-bypass", - "ave_id": "AVE-2026-00021", - "patterns": [ - re.compile(r"without\s+(?:asking|confirmation|approval)", re.I | re.S), - re.compile(r"(?:proceed\s+immediately|execute\s+without\s+pausing|skip\s+confirmation)", re.I | re.S), - re.compile(r"do\s+not\s+ask\s+(?:for\s+)?(?:permission|approval|confirmation)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00022.py b/rules/pattern/AVE-2026-00022.py deleted file mode 100644 index ac15217..0000000 --- a/rules/pattern/AVE-2026-00022.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for scope creep -# Why: detects behavioral IOCs defined in AVE-2026-00022 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-scope-creep", - "ave_id": "AVE-2026-00022", - "patterns": [ - re.compile(r"(?:access|read)\s+all\s+files\s+on\s+the\s+(?:filesystem|system)", re.I | re.S), - re.compile(r"while\s+you.?re\s+at\s+it,?\s+(?:read|access|check)", re.I | re.S), - re.compile(r"(?:entire\s+filesystem|any\s+database)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00023.py b/rules/pattern/AVE-2026-00023.py deleted file mode 100644 index acdaf44..0000000 --- a/rules/pattern/AVE-2026-00023.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for context window flood -# Why: detects behavioral IOCs defined in AVE-2026-00023 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-context-window-flood", - "ave_id": "AVE-2026-00023", - "patterns": [ - re.compile(r"(?:repeat|pad|expand)\s+(?:output|response)\s+(?:extensively|until\s+context\s+is\s+full)", re.I | re.S), - re.compile(r"fill\s+(?:the\s+)?context\s+(?:window|with)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00024.py b/rules/pattern/AVE-2026-00024.py deleted file mode 100644 index 6e3a80e..0000000 --- a/rules/pattern/AVE-2026-00024.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for content type mismatch -# Why: detects behavioral IOCs defined in AVE-2026-00024 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-content-type-mismatch", - "ave_id": "AVE-2026-00024", - "patterns": [ - re.compile(r"(?:ELF|PE32|pickle|shell\s+script)\s+disguised\s+as\s+(?:skill|yaml|json|markdown|md)", re.I | re.S), - re.compile(r"(?:binary|executable)\s+(?:content|payload)\s+with\s+\.(?:md|yaml|json|txt)\s+extension", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00025.py b/rules/pattern/AVE-2026-00025.py deleted file mode 100644 index fb7665f..0000000 --- a/rules/pattern/AVE-2026-00025.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for conversation history injection -# Why: detects behavioral IOCs defined in AVE-2026-00025 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-conversation-history-injection", - "ave_id": "AVE-2026-00025", - "patterns": [ - re.compile(r"(?:as\s+we\s+discussed|as\s+you\s+previously\s+said|as\s+established\s+earlier)", re.I | re.S), - re.compile(r"(?:user\s+already\s+approved|user\s+previously\s+confirmed)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00026.py b/rules/pattern/AVE-2026-00026.py deleted file mode 100644 index 63b79af..0000000 --- a/rules/pattern/AVE-2026-00026.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for output encoding exfil -# Why: detects behavioral IOCs defined in AVE-2026-00026 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-output-encoding-exfil", - "ave_id": "AVE-2026-00026", - "patterns": [ - re.compile(r"(?:base64|hex|ROT13)\s+encode\s+(?:the\s+)?(?:credentials?|api.?key|token)", re.I | re.S), - re.compile(r"(?:smuggle|embed|hide)\s+(?:sensitive|secret)\s+data", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00027.py b/rules/pattern/AVE-2026-00027.py deleted file mode 100644 index 1653af8..0000000 --- a/rules/pattern/AVE-2026-00027.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for multi turn persistence -# Why: detects behavioral IOCs defined in AVE-2026-00027 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-multi-turn-persistence", - "ave_id": "AVE-2026-00027", - "patterns": [ - re.compile(r"remember\s+these\s+instructions?\s+for\s+all\s+future", re.I | re.S), - re.compile(r"retain\s+these\s+rules?\s+even\s+if\s+memory\s+is\s+reset", re.I | re.S), - re.compile(r"re-apply\s+these\s+settings?\s+in\s+every\s+new\s+session", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00028.py b/rules/pattern/AVE-2026-00028.py deleted file mode 100644 index 3d70483..0000000 --- a/rules/pattern/AVE-2026-00028.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for file content injection -# Why: detects behavioral IOCs defined in AVE-2026-00028 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-file-content-injection", - "ave_id": "AVE-2026-00028", - "patterns": [ - re.compile(r"(?:execute|follow|obey)\s+(?:any\s+)?instructions?\s+(?:found\s+in|embedded\s+in)\s+(?:the\s+)?(?:file|document|attachment)", re.I | re.S), - re.compile(r"treat\s+file\s+content\s+as\s+instructions?", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00029.py b/rules/pattern/AVE-2026-00029.py deleted file mode 100644 index e9c696d..0000000 --- a/rules/pattern/AVE-2026-00029.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for unicode homoglyph -# Why: detects behavioral IOCs defined in AVE-2026-00029 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-unicode-homoglyph", - "ave_id": "AVE-2026-00029", - "patterns": [ - re.compile(r"[\u200b\u200c\u200d\u2060\ufeff]", re.I | re.S), - re.compile(r"[\u202a-\u202e\u2066-\u2069]", re.I | re.S), - re.compile(r"(?:zero.width|U\+200[BCDF]|U\+2060|bidi.*override|bidirectional.*control)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00030.py b/rules/pattern/AVE-2026-00030.py deleted file mode 100644 index d297624..0000000 --- a/rules/pattern/AVE-2026-00030.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for false role claim -# Why: detects behavioral IOCs defined in AVE-2026-00030 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-false-role-claim", - "ave_id": "AVE-2026-00030", - "patterns": [ - re.compile(r"if\s+the\s+user\s+claims\s+to\s+be\s+(?:admin|root|operator)", re.I | re.S), - re.compile(r"(?:bypass\s+authentication|trust\s+user\s+role\s+claims?\s+without\s+verification)", re.I | re.S), - re.compile(r"grant\s+elevated\s+permissions?\s+to\s+anyone\s+who\s+requests?", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00031.py b/rules/pattern/AVE-2026-00031.py deleted file mode 100644 index b42016e..0000000 --- a/rules/pattern/AVE-2026-00031.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for feedback loop poisoning -# Why: detects behavioral IOCs defined in AVE-2026-00031 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-feedback-loop-poisoning", - "ave_id": "AVE-2026-00031", - "patterns": [ - re.compile(r"(?:poison|corrupt)\s+(?:the\s+)?(?:training\s+data|feedback\s+loop|reward\s+model)", re.I | re.S), - re.compile(r"(?:rate|mark)\s+(?:this|every)\s+response\s+as\s+(?:good|positive)\s+regardless", re.I | re.S), - re.compile(r"bias\s+the\s+reward\s+model", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00032.py b/rules/pattern/AVE-2026-00032.py deleted file mode 100644 index a61032f..0000000 --- a/rules/pattern/AVE-2026-00032.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for internal network scan -# Why: detects behavioral IOCs defined in AVE-2026-00032 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-internal-network-scan", - "ave_id": "AVE-2026-00032", - "patterns": [ - re.compile(r"\bnmap\b", re.I | re.S), - re.compile(r"(?:port\s+scan|network\s+scan|host\s+discovery)", re.I | re.S), - re.compile(r"(?:enumerate\s+services?\s+on|find\s+all\s+open\s+ports)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00033.py b/rules/pattern/AVE-2026-00033.py deleted file mode 100644 index a3b5dcd..0000000 --- a/rules/pattern/AVE-2026-00033.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for unsafe deserialization -# Why: detects behavioral IOCs defined in AVE-2026-00033 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-unsafe-deserialization", - "ave_id": "AVE-2026-00033", - "patterns": [ - re.compile(r"pickle\.loads?\s*\(", re.I | re.S), - re.compile(r"yaml\.load\s*\([^)]*Loader\s*=\s*None", re.I | re.S), - re.compile(r"eval\s*\(\s*user_input\s*\)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00034.py b/rules/pattern/AVE-2026-00034.py deleted file mode 100644 index a918544..0000000 --- a/rules/pattern/AVE-2026-00034.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for dynamic skill import -# Why: detects behavioral IOCs defined in AVE-2026-00034 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-dynamic-skill-import", - "ave_id": "AVE-2026-00034", - "patterns": [ - re.compile(r"(?:load\s+skill|import\s+plugin|install\s+skill)\s+from\s+https?://", re.I | re.S), - re.compile(r"dynamically\s+load\s+the\s+tool\s+from", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00035.py b/rules/pattern/AVE-2026-00035.py deleted file mode 100644 index 9e95cab..0000000 --- a/rules/pattern/AVE-2026-00035.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for sensor data poisoning -# Why: detects behavioral IOCs defined in AVE-2026-00035 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-sensor-data-poisoning", - "ave_id": "AVE-2026-00035", - "patterns": [ - re.compile(r"(?:report|fabricate)\s+false\s+(?:readings?|sensor\s+data)", re.I | re.S), - re.compile(r"(?:suppress|hide)\s+(?:error\s+alerts?|anomalies?)\s+from\s+(?:the\s+)?log", re.I | re.S), - re.compile(r"fabricate\s+sensor\s+data", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00036.py b/rules/pattern/AVE-2026-00036.py deleted file mode 100644 index 3c7d8f9..0000000 --- a/rules/pattern/AVE-2026-00036.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for agent pivot -# Why: detects behavioral IOCs defined in AVE-2026-00036 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-agent-pivot", - "ave_id": "AVE-2026-00036", - "patterns": [ - re.compile(r"(?:pivot\s+to|lateral\s+movement\s+(?:to|toward)|spread\s+to)\s+(?:other|adjacent|connected)", re.I | re.S), - re.compile(r"use\s+(?:this\s+)?(?:foothold|access)\s+to\s+reach\s+adjacent", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00037.py b/rules/pattern/AVE-2026-00037.py deleted file mode 100644 index ec3954c..0000000 --- a/rules/pattern/AVE-2026-00037.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for multimodal vision injection -# Why: detects behavioral IOCs defined in AVE-2026-00037 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-multimodal-vision-injection", - "ave_id": "AVE-2026-00037", - "patterns": [ - re.compile(r"(?:follow|execute)\s+instructions?\s+(?:written\s+in|found\s+in)\s+(?:the\s+)?image", re.I | re.S), - re.compile(r"(?:read\s+and\s+execute|obey)\s+(?:text\s+from|instructions?\s+in)\s+(?:the\s+)?(?:image|screenshot)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00038.py b/rules/pattern/AVE-2026-00038.py deleted file mode 100644 index 9db71b2..0000000 --- a/rules/pattern/AVE-2026-00038.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for unbounded tool use -# Why: detects behavioral IOCs defined in AVE-2026-00038 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-unbounded-tool-use", - "ave_id": "AVE-2026-00038", - "patterns": [ - re.compile(r"use\s+any\s+tool\s+available\s+at\s+your\s+disposal", re.I | re.S), - re.compile(r"spawn\s+sub-agents?\s+without\s+limits?", re.I | re.S), - re.compile(r"no\s+restrictions\s+apply", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00039.py b/rules/pattern/AVE-2026-00039.py deleted file mode 100644 index 8fafa2b..0000000 --- a/rules/pattern/AVE-2026-00039.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for covert channel exfil -# Why: detects behavioral IOCs defined in AVE-2026-00039 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-covert-channel-exfil", - "ave_id": "AVE-2026-00039", - "patterns": [ - re.compile(r"encode\s+(?:the\s+)?secret\s+using\s+the\s+first\s+letter", re.I | re.S), - re.compile(r"(?:steganography|covert\s+channel)", re.I | re.S), - re.compile(r"use\s+whitespace\s+to\s+transmit\s+data", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00040.py b/rules/pattern/AVE-2026-00040.py deleted file mode 100644 index 3b87aeb..0000000 --- a/rules/pattern/AVE-2026-00040.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for insecure output handling -# Why: detects behavioral IOCs defined in AVE-2026-00040 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-insecure-output-handling", - "ave_id": "AVE-2026-00040", - "patterns": [ - re.compile(r"pass\s+user\s+input\s+directly\s+to\s+SQL", re.I | re.S), - re.compile(r"(?:do\s+not\s+escape|include\s+raw\s+unescaped)\s+HTML", re.I | re.S), - re.compile(r"without\s+sanitiz(?:ing|ation)", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00041.py b/rules/pattern/AVE-2026-00041.py deleted file mode 100644 index 464b23e..0000000 --- a/rules/pattern/AVE-2026-00041.py +++ /dev/null @@ -1,17 +0,0 @@ -import re - -# What: pattern rule for mcp server card injection -# Why: detects behavioral IOCs defined in AVE-2026-00041 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-mcp-server-card-injection", - "ave_id": "AVE-2026-00041", - "patterns": [ - re.compile(r"IMPORTANT\s*:.*?(?:before|after)\s+(?:connecting|using\s+this\s+server|initializing)", re.I | re.S), - re.compile(r"(?:log|report|send\s+data)\s+to\s+https?://", re.I | re.S), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00042.py b/rules/pattern/AVE-2026-00042.py deleted file mode 100644 index 431212a..0000000 --- a/rules/pattern/AVE-2026-00042.py +++ /dev/null @@ -1,20 +0,0 @@ -import re - -# What: pattern rule for REPL code mode payload injection via poisoned tool results -# Why: detects behavioral IOCs defined in AVE-2026-00042 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-repl-code-mode-injection", - "ave_id": "AVE-2026-00042", - "patterns": [ - re.compile(r"eval\s*\(\s*tool_result", re.I), - re.compile(r"exec\s*\(\s*f[\"']", re.I), - re.compile(r"eval\s*\(\s*(?:result|output|response)\[", re.I), - re.compile(r"exec\s*\(\s*(?:result|output|response)\[", re.I), - re.compile(r"__import__\s*\(['\"]os['\"]\)\s*\.\s*system\s*\(", re.I), - ], -} - -def matches(content: str) -> list[str]: - return [p.pattern for p in RULE["patterns"] if p.search(content)] diff --git a/rules/pattern/AVE-2026-00043.py b/rules/pattern/AVE-2026-00043.py deleted file mode 100644 index 645a886..0000000 --- a/rules/pattern/AVE-2026-00043.py +++ /dev/null @@ -1,18 +0,0 @@ -import re - -# What: pattern rule for mcp app ui injection -# Why: detects behavioral IOCs defined in AVE-2026-00043 -# How: regex patterns matched against skill file text content - -RULE = { - "rule_id": "bawbel-mcp-app-ui-injection", - "ave_id": "AVE-2026-00043", - "patterns": [ - re.compile(r" - - - -