Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8dfab4ba14f1dd02ccb7d7e17a90a7a669c98957
breakpilot-compliance/ai-compliance-sdk/payment-compliance-pack
History
Benjamin Admin 8dfab4ba14 feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema 
Ausfuehrbares Pruefpaket fuer Payment-Terminal-Systeme:

1. Semgrep-Regeln (25 Regeln in 5 Dateien):
   - Logging: Sensitive Daten, Tokens, Debug-Flags
   - Crypto: MD5/SHA1/DES/ECB, Hardcoded Secrets, Weak Random, TLS
   - API: Debug-Routes, Exception Leaks, IDOR, Input Validation
   - Config: Test-Endpoints, CORS, Cookies, Retry
   - Data: Telemetrie, Cache, Export, Queue, Testdaten

2. CodeQL Query-Specs (5 Briefings):
   - Sensitive Data → Logs
   - Sensitive Data → HTTP Response
   - Tenant Context Loss
   - Sensitive Data → Telemetry
   - Cache/Export Leak

3. State-Machine-Tests (10 Testfaelle):
   - 11 Zustaende, 15 Events, 8 Invarianten
   - Duplicate Response, Timeout+Late Success, Decline
   - Invalid Reversal, Cancel, Backend Timeout
   - Parallel Reversal, Unknown Response, Reconnect
   - Late Response after Cancel

4. Finding Schema (JSON Schema):
   - Einheitliches Format fuer alle Engines
   - control_id, engine, status, confidence, evidence, verdict_text

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 14:59:49 +02:00
..
codeql
feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema
2026-04-13 14:59:49 +02:00
schema
feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema
2026-04-13 14:59:49 +02:00
semgrep
feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema
2026-04-13 14:59:49 +02:00
statemachine
feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema
2026-04-13 14:59:49 +02:00
README.md
feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema
2026-04-13 14:59:49 +02:00

README.md

Payment Compliance Pack

Ausfuehrbares Pruefpaket fuer Payment-Terminal-Systeme.

Inhalt

Semgrep-Regeln (25 Regeln)

Datei Regeln Controls
payment_logging.yml 5 LOG-001, LOG-002, LOG-014
payment_crypto.yml 6 CRYPTO-001, CRYPTO-008, CRYPTO-009, KEYMGMT-001
payment_api.yml 5 API-004, API-005, API-014, API-017
payment_config.yml 5 CONFIG-001 bis CONFIG-004
payment_data.yml 5 DATA-004, DATA-005, DATA-013, TELEMETRY-001

CodeQL-Specs (5 Queries)

Datei Ziel Controls
sensitive-data-to-logs.md Datenfluss zu Loggern LOG-001, LOG-002, DATA-013
sensitive-data-to-response.md Datenfluss in HTTP-Responses API-009, ERROR-005
tenant-context-loss.md Mandantenkontext-Verlust TENANT-001, TENANT-002
sensitive-data-to-telemetry.md Datenfluss in Telemetrie TELEMETRY-001, TELEMETRY-002
cache-export-leak.md Leaks in Cache/Export DATA-004, DATA-011

State-Machine-Tests (10 Testfaelle)

Datei Inhalt
terminal_states.md 11 Zustaende, 15 Events, Transitions
terminal_invariants.md 8 Invarianten
terminal_testcases.json 10 ausfuehrbare Testfaelle

Finding-Schema

Datei Beschreibung
finding.schema.json JSON Schema fuer Pruefergebnisse

Ausfuehrung

Semgrep

semgrep --config payment-compliance-pack/semgrep/ /path/to/source

State-Machine-Tests

Die Testfaelle in terminal_testcases.json definieren:

  • Ausgangszustand
  • Event-Sequenz
  • Erwarteten Endzustand
  • Zu pruefende Invarianten
  • Gemappte Controls

Diese koennen gegen einen Terminal-Adapter oder Simulator ausgefuehrt werden.

Priorisierte Umsetzung

  1. Welle 1: 25 Semgrep-Regeln sofort produktiv
  2. Welle 2: 5 CodeQL-Queries fuer Datenfluesse
  3. Welle 3: 10 State-Machine-Tests gegen Terminal-Simulator
  4. Welle 4: Tender-Mapping (Requirement → Control → Finding → Verdict)
Reference in New Issue View Git Blame Copy Permalink