New detectors (2026 leverage batch)

Vulkro shipped 45+ new rules in mid-2026 across security categories the incumbent SAST tools did not cover. This page is a flat index; each rule has a finding-level message + remediation that surfaces inline in scan output. Use vulkro explain <RULE-ID> for the detailed explainer.

RAG indexing safety (novel surface)

No incumbent SAST tool ships this surface. Covers Pinecone, Chroma, Weaviate, Qdrant, FAISS, LanceDB, Milvus, LangChain VectorStore family, LlamaIndex. Python / JS / TS.

ID	Severity	What
`RAG-001`	Critical	Secret-shaped value (`api_key`, `*_token`, `private_key`, ...) ingested into a vector store. Embedded secrets are searchable forever; rotation does not retroactively purge embeddings.
`RAG-002`	High	PII-shaped value (`ssn`, `dob`, `credit_card`, ...) ingested without a redactor (Presidio / scrubadub / scrub_pii / MaskedText) in scope. Embedding index is in scope for GDPR Article 17 erasure.
`RAG-003`	Medium	Untrusted-input value (`req.body`, `request.json`, `ctx.params`, ...) ingested without an allowlist / classifier. Index poisoning corrupts future retrievals.

SSRF

src/security/ssrf.rs. Python / JS / TS / Go / Java HTTP clients (requests, httpx, axios, fetch, http.Get, HttpClient, OkHttp, RestTemplate).

ID	Severity	What
`SSRF-001`	Critical	Tainted request value reaches HTTP client without URL allowlist or hostname validation.
`SSRF-002`	High	Hardcoded cloud-metadata endpoint literal (AWS IMDS v1/v2, GCP, Azure, Alibaba, Oracle, DigitalOcean).
`SSRF-003`	Medium	URL-shape local without scheme + host validator in scope.

CI/CD pipeline injection (novel surface)

src/security/cicd_injection.rs. Walks .github/workflows/*.yml, .gitlab-ci.yml, .circleci/config.yml only.

ID	Severity	What
`CICD-001`	Critical	GitHub Actions `${{ github.event.<attacker-controlled> }}` rendered into `run:` block. Covers pull_request.body / title / head.ref, issue.body / title, comment.body, review.body, commits.message and 12 other attacker-controlled fragments.
`CICD-002`	High	GitLab CI `$CI_COMMIT_MESSAGE` / `$CI_COMMIT_TITLE` / `$CI_MERGE_REQUEST_TITLE` unquoted in `script:` / `before_script:` / `after_script:`.
`CICD-003`	Medium	CircleCI `<< parameters.* >>` unquoted in `run:`.

Archive zip-slip

src/security/archive_slip.rs. Sister to the existing go_zip_slip Go detector.

ID	Severity	What
`ARCH-SLIP-PY-001`	High	Python `zipfile` / `tarfile` `.extractall` / `.extract` without `safe_extract` guard.
`ARCH-SLIP-JAVA-001`	High	Java `ZipEntry.getName()` into `File` / `FileOutputStream` / `Paths.get` without canonical-path check.
`ARCH-SLIP-RB-001`	High	Rubyzip manual `File.open(entry.name, 'wb')` loop.
`ARCH-SLIP-NET-001`	High	.NET `ZipFile.ExtractToDirectory` / `ExtractToFile` without `Path.GetFullPath` + `StartsWith` check.

CRLF / response-header injection

src/security/crlf_injection.rs. CWE-93. Three rules across the highest-volume framework families.

ID	Severity	What
`CRLF-001`	High	Python Flask / Django: `Response.headers[...] = req.X`, `set_cookie(value=req.X)`, `redirect(req.X)`.
`CRLF-002`	High	Node Express: `res.set / res.header / res.cookie / res.append / res.redirect` with request-shaped value.
`CRLF-003`	High	Go `net/http` `w.Header().Set/Add`, `http.Redirect`, `http.SetCookie` reading from `r.URL.Query()` / `r.PostFormValue` / `r.Header.Get`.

Log injection (CWE-117)

src/security/log_injection.rs. Five rules covering the most-deployed log frameworks per language.

ID	Severity	What
`LINJ-001`	Medium	Python `logging` / `logger.{debug,info,...}` / `print`.
`LINJ-002`	Medium	Node `winston` / `pino` / `bunyan` / `console.*`.
`LINJ-003`	Medium	Go `log.Printf` / `log.Println` / `slog.*`.
`LINJ-004`	Medium	JVM `logger` / `LOGGER` / SLF4J / log4j.
`LINJ-005`	Medium	Ruby `Rails.logger` / `Logger.logger` / bare `logger.*`.

SAML signature wrapping

src/security/saml_signature_wrapping.rs. Catches CVE-2024-45409, CVE-2022-39299, CVE-2017-11427 family.

ID	Severity	What
`SAML-001`	Critical	Python `python3-saml` / `pysaml2` content-read (`get_attributes`, `get_nameid`, ...) without `is_valid` / `validate_signature` / `verify` in scope.
`SAML-002`	Critical	Java OpenSAML / Spring Security SAML `getAssertions` / `getAttributes` / `getSubject` without `SignatureValidator` / `SAMLSignatureProfileValidator` / `TrustEngine` in scope.
`SAML-003`	Critical	Apex `SAMLP.getSamlBody` / `Auth.AuthToken.validateToken` without `Auth.SamlSsoConfig.validate` / `Crypto.verify` in scope.

.NET advanced deserialization

src/security/dotnet_deser_variants.rs. Extends the existing dotnet_binary_formatter detector with the remaining RCE-shaped .NET deserializers.

ID	Severity	What
`DOTNET-DESER-002`	Critical	Newtonsoft `JsonSerializerSettings.TypeNameHandling` set to `All` / `Auto` / `Objects` / `Arrays`.
`DOTNET-DESER-003`	Critical	`LosFormatter` + `Deserialize` in scope (legacy ASP.NET ViewState; ysoserial.net entry point).
`DOTNET-DESER-004`	Critical	`DataContractJsonSerializer` constructed with the two-arg `(typeof(T), knownTypes)` form.

GCP IaC

src/security/gcp_iac.rs. Walks *.tf, firestore.rules, *.sh / *.yml.

ID	Severity	What
`GCP-IAC-001`	Critical	Firestore rule `allow read/write/...: if true;`.
`GCP-IAC-002`	High	GCS bucket IAM `allUsers` / `allAuthenticatedUsers` OR `predefinedAcl: publicRead*`.
`GCP-IAC-003`	High	Cloud Run / Cloud Functions `allUsers` invoker, or `gcloud --allow-unauthenticated`.
`GCP-IAC-004`	Critical	Project / folder / organization IAM bound to `allUsers` / `allAuthenticatedUsers`.
`GCP-IAC-005`	High	BigQuery dataset / table ACL granting access to `allUsers`.

Azure IaC

src/security/azure_iac.rs. Walks *.tf, *.bicep, ARM JSON templates.

ID	Severity	What
`AZ-IAC-001`	High	Storage Account `allow_blob_public_access = true` OR `publicNetworkAccess: 'Enabled'`.
`AZ-IAC-002`	Critical	KeyVault secret with inline literal value in Terraform / Bicep / ARM.
`AZ-IAC-003`	High	NSG inbound rule with `source_address_prefix = "*"` or `"0.0.0.0/0"`.
`AZ-IAC-004`	High	Azure SQL Server / Managed Instance with `public_network_access_enabled = true`.
`AZ-IAC-005`	High	Cosmos DB account with `public_network_access_enabled = true`.

Rust `unsafe` + FFI patterns

src/security/rust_unsafe.rs. Walks .rs files directly (Rust is not in the language pipeline yet). Skips /target/ and /vendor/.

ID	Severity	What
`RUST-UNSAFE-001`	Medium	`unsafe { ... }` block without a `// SAFETY:` comment in the 3-line lookback.
`RUST-UNSAFE-002`	High	`transmute` without a `size_of` check in scope.
`RUST-UNSAFE-003`	Critical	Raw-pointer dereference without `is_null()` guard in the 4-line lookback.
`RUST-UNSAFE-004`	Medium	Struct in a file declaring `extern "C"` without `#[repr(C)]`.

Cross-method taint engine rules

Backends for the language-neutral taint engine (src/security/taint_core/). Each rule is engine-confirmed: SecurityFinding.trace carries the source-to-sink hop chain (rendered as SARIF codeFlows[]).

ID	Severity	What
`PY-TAINT-SQL-001`	High	Python Flask / Django / FastAPI handler whose request parameter reaches `cursor.execute` / `engine.execute` / `session.execute` without parameter binding or a sanitiser.
`JS-TAINT-SQL-001`	High	Express / Koa / Fastify handler whose request parameter reaches `knex.raw` / `sequelize.query` / `db.query` / `pool.query`.

Dependencies & CVEs - the SCA reachability gate
AI-code audit - per-tool fingerprinting + segregation report
vulkro scan-port - runtime listener inventory

RAG indexing safety (novel surface)​

SSRF​

CI/CD pipeline injection (novel surface)​

Archive zip-slip​

CRLF / response-header injection​

Log injection (CWE-117)​

SAML signature wrapping​

.NET advanced deserialization​

GCP IaC​

Azure IaC​

Rust unsafe + FFI patterns​

Cross-method taint engine rules​

Related​