Cryptographic function classification rules for crypto extractor tools. Contains language-agnostic classifications and language-specific mappings.
crypto-classifier-rules/
├── classifications.json # Shared: lookup key -> standardized metadata (algorithm/findingType/operation)
├── go/mappings.json # Go: package.function -> lookup key (bridges Go APIs to shared metadata)
├── rust/mappings.json # Rust: module::function -> lookup key (bridges Rust APIs to shared metadata)
├── python/mappings.json # Python: module.function -> lookup key (bridges Python APIs to shared metadata)
└── javascript/mappings.json # JavaScript: module.function -> lookup key (bridges JS APIs to shared metadata)
- Language-Specific Mappings: Each language maps its crypto API calls to lookup keys (e.g.,
crypto/pbkdf2.Key→pbkdf2_key) - Shared Classifications: All languages use the same lookup keys mapped to classifications (e.g.,
pbkdf2_key→{"algorithm": "PBKDF2", "findingType": "kdf", "operation": "keyderive"})
This repository uses language-specific branches for clean submodule integration. The main branch contains all language mappings (source of truth), while language-specific branches (e.g., go-v1.0.0) contain only that language's files plus classifications.json.
Add as a submodule pointing to the language-specific branch:
git submodule add -b go-v1.0.0 <repo-url> classifier-rules
cd classifier-rules
git checkout go/v1.0.0 # Pin to specific tagUse the script: ./scripts/create-language-branch.sh <lang> <version> (e.g., ./scripts/create-language-branch.sh go v1.0.0)
- Update
mainbranch with new classifications or mappings - Create language branch:
./scripts/create-language-branch.sh <lang> <version> - Push branch and tag:
git push origin <lang>-v<version> && git push origin <lang>/v<version> - Language projects update their submodules to the new tag
- Classifications: Versioned in
classifications.json - Language Mappings: Versioned per language branch
- Tags: Format
<language>/v<version>(e.g.,go/v1.0.0)