Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema

Browse Source 
Ausfuehrbares Pruefpaket fuer Payment-Terminal-Systeme:

1. Semgrep-Regeln (25 Regeln in 5 Dateien):
   - Logging: Sensitive Daten, Tokens, Debug-Flags
   - Crypto: MD5/SHA1/DES/ECB, Hardcoded Secrets, Weak Random, TLS
   - API: Debug-Routes, Exception Leaks, IDOR, Input Validation
   - Config: Test-Endpoints, CORS, Cookies, Retry
   - Data: Telemetrie, Cache, Export, Queue, Testdaten

2. CodeQL Query-Specs (5 Briefings):
   - Sensitive Data → Logs
   - Sensitive Data → HTTP Response
   - Tenant Context Loss
   - Sensitive Data → Telemetry
   - Cache/Export Leak

3. State-Machine-Tests (10 Testfaelle):
   - 11 Zustaende, 15 Events, 8 Invarianten
   - Duplicate Response, Timeout+Late Success, Decline
   - Invalid Reversal, Cancel, Backend Timeout
   - Parallel Reversal, Unknown Response, Reconnect
   - Late Response after Cancel

4. Finding Schema (JSON Schema):
   - Einheitliches Format fuer alle Engines
   - control_id, engine, status, confidence, evidence, verdict_text

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-04-13 14:59:49 +02:00
parent 5c1a514b52
commit 8dfab4ba14
15 changed files with 567 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ai-compliance-sdk/payment-compliance-pack/codeql/cache-export-leak.md Normal file
View File

@@ -0,0 +1,20 @@
# CodeQL Query: Cache and Export Leak
## Ziel
Finde Leaks sensibler Daten in Caches, Files, Reports und Exportpfaden.
## Sources
- Sensitive payment attributes (pan, cvv, track2)
- Full transaction objects with sensitive fields
## Sinks
- Redis/Memcache writes
- Temp file writes
- CSV/PDF/Excel exports
- Report builders
## Mapped Controls
- `DATA-004`: Temporaere Speicher ohne sensitive Daten
- `DATA-005`: Sensitive Daten in Telemetrie nicht offengelegt
- `DATA-011`: Batch/Queue ohne unnoetige sensitive Felder
- `REPORT-005`: Berichte beruecksichtigen Zeitzonen konsistent

32
ai-compliance-sdk/payment-compliance-pack/codeql/sensitive-data-to-logs.md Normal file
View File

@@ -0,0 +1,32 @@
# CodeQL Query: Sensitive Data to Logs
## Ziel
Finde Fluesse von sensitiven Zahlungsdaten zu Loggern.
## Sources
Variablen, Felder, Parameter oder JSON-Felder mit Namen:
- `pan`, `cardNumber`, `card_number`
- `cvv`, `cvc`
- `track2`, `track_2`
- `pin`
- `expiry`, `ablauf`
## Sinks
- Logger-Aufrufe (`logging.*`, `logger.*`, `console.*`, `log.*`)
- Telemetrie-/Tracing-Emitter (`span.set_attribute`, `tracer.*)
- Audit-Logger (wenn nicht maskiert)
## Expected Result
| Field | Type |
|-------|------|
| file | string |
| line | int |
| source_name | string |
| sink_call | string |
| path | string[] |
## Mapped Controls
- `LOG-001`: Keine sensitiven Zahlungsdaten im Log
- `LOG-002`: PAN maskiert in Logs
- `DATA-013`: Sensitive Daten in Telemetrie nicht offengelegt
- `TELEMETRY-001`: Telemetriedaten ohne sensitive Zahlungsdaten

19
ai-compliance-sdk/payment-compliance-pack/codeql/sensitive-data-to-response.md Normal file
View File

@@ -0,0 +1,19 @@
# CodeQL Query: Sensitive Data to HTTP Response
## Ziel
Finde Fluesse sensibler Daten in HTTP-/API-Responses oder Exception-Bodies.
## Sources
- Sensible Payment-Felder: pan, cvv, track2, cardNumber, pin, expiry
- Interne Payment DTOs mit sensitiven Attributen
## Sinks
- JSON serializer / response builder
- Exception payload / error handler response
- Template rendering output
## Mapped Controls
- `API-009`: API-Antworten minimieren sensible Daten
- `API-015`: Interne Fehler ohne sensitive Daten an Client
- `ERROR-005`: Ausnahmebehandlung gibt keine sensitiven Rohdaten zurueck
- `REPORT-006`: Reports offenbaren nur rollenerforderliche Daten

19
ai-compliance-sdk/payment-compliance-pack/codeql/sensitive-data-to-telemetry.md Normal file
View File

@@ -0,0 +1,19 @@
# CodeQL Query: Sensitive Data to Telemetry
## Ziel
Finde Fluesse sensibler Daten in Metriken, Traces und Telemetrie-Events.
## Sources
- Payment DTO fields (pan, cvv, track2, cardNumber)
- Token/Session related fields
## Sinks
- Span attributes / trace tags
- Metric labels
- Telemetry events / exporters
## Mapped Controls
- `TELEMETRY-001`: Telemetriedaten ohne sensitive Zahlungsdaten
- `TELEMETRY-002`: Tracing maskiert identifizierende Felder
- `TELEMETRY-003`: Metriken ohne hochkartesische sensitive Labels
- `DATA-013`: Sensitive Daten in Telemetrie nicht offengelegt

21
ai-compliance-sdk/payment-compliance-pack/codeql/tenant-context-loss.md Normal file
View File

@@ -0,0 +1,21 @@
# CodeQL Query: Tenant Context Loss
## Ziel
Finde Datenbank-, Cache- oder Exportpfade ohne durchgehenden Tenant-Kontext.
## Sources
- Request tenant (header, token, session)
- Device tenant
- User tenant
## Danger Patterns
- DB Query ohne tenant filter / WHERE clause
- Cache key ohne tenant prefix
- Export job ohne tenant binding
- Report query ohne Mandanteneinschraenkung
## Mapped Controls
- `TENANT-001`: Mandantenkontext serverseitig validiert
- `TENANT-002`: Datenabfragen mandantenbeschraenkt
- `TENANT-006`: Caching beruecksichtigt Mandantenkontext
- `TENANT-008`: Datenexporte erzwingen Mandantenisolation