Skip to content

Commit

Permalink
Merge pull request #101 from Privado-Inc/dev
Browse files Browse the repository at this point in the history 
Dev
  • Loading branch information
@hiteshbedre
hiteshbedre authored Nov 26, 2022
2 parents 99087aa + 29e3922 commit 78257e2
Show file tree
Hide file tree
Showing 954 changed files with 12,876 additions and 9 deletions.
2 changes: 1 addition & 1 deletion config/exclusions/java.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ exclusions:
- id: Exclusions.Test
name: Exclude test source code
patterns:
- ".*/src/test/.*"
- "(.*/src/test/.*)|/Test[A-Z]|Test[.]"

- id: Exclusions.Empty
name: Exclude file which cannot be read
Expand Down
10 changes: 10 additions & 0 deletions config/sinkSkipList/java.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
sinkSkipList:
- id: SinkSkipList.ThirdParties
name: Skip Third Party Sinks
patterns:
- "(?i)(android\\.|javax\\.|androidx\\.|com.sun.jna|com.sun.tools|sun.management|org.apache.kafka|okhttp3\\.|io.grpc\\.|io.netty\\.|org.apache.http\\.|org.json|org.junit\\.|org.apache.commons\\.|org.apache.tomcat|org.springframework\\.|tools.fastlane\\.|com.fasterxml.jackson\\.|com.alibaba.fastjson\\.|org.apache.hadoop\\.|org.apache.giraph\\.|org.javatuples\\.|org.antlr\\.|junit.framework\\.|io.reactivex\\.|com.bumptech.glide|com.google.protobuf|com.google.testing|com.google.common.*|com.google.android\\.|com.google.protobuf\\.|reactor.core\\.|io.grpc\\.).*"

- id: SinkSkipList.BuiltInLib
name: Skip built in language libraries
patterns:
- "(?i)(<empty>|iterator|assert|void\\.|int|byte|java\\.|ANY\\.|<operator>\\.|<operators>\\.|<unresolvedNamespace.*>.).*"
3 changes: 2 additions & 1 deletion docs/getting-started-with-privado/command-reference.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ Use `privado --help` for a list of available commands

| Command | Description | Usage | Supported flags |
| --------- | ---------------------------------------------------------------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `scan` | Scan a codebase or repository to identify privacy issues and generate compliance reports | `privado scan <repository> [flags]` | <p><code>-c</code>, <code>--config</code> string: Specifies the config (with rules) directory to be passed to privado-core for scanning. These external rules and configurations are merged with the default set that Privado defines<br><br><code>--debug</code>: Enables privado-core image output in debug mode<br><br><code>--disable-deduplication</code> When specified, the engine does not remove duplicate and subset dataflows. This option is useful if you wish to review all flows (including duplicates) manually<br><br><code>-h</code>, <code>--help</code>: help for scan<br><br><code>-i</code>, <code>--ignore-default-rules</code>: If specified, the default rules are ignored and only the specified rules (-r) are considered<br><br><code>--overwrite</code>: If specified, the warning prompt for existing scan results is disabled and any existing results are overwritten<br><br><code>--skip-dependency-download</code>: When specified, the engine skips downloading all locally unavailable dependencies. Skipping dependency download can yield incomplete results</p> |
| `scan` | Scan a codebase or repository to identify privacy issues and generate compliance reports | `privado scan <repository> [flags]` | <p><code>-c</code>, <code>--config</code> string: Specifies the config (with rules) directory to be passed to privado-core for scanning. These external rules and configurations are merged with the default set that Privado defines<br><br><code>--disable-deduplication</code> When specified, the engine does not remove duplicate and subset dataflows. This option is useful if you wish to review all flows (including duplicates) manually<br><br><code>-h</code>, <code>--help</code>: help for scan<br><br><code>-i</code>, <code>--ignore-default-rules</code>: If specified, the default rules are ignored and only the specified rules (-r) are considered<br><br><code>--overwrite</code>: If specified, the warning prompt for existing scan results is disabled and any existing results are overwritten<br><br><code>--skip-dependency-download</code>: When specified, the engine skips downloading all locally unavailable dependencies. Skipping dependency download can yield incomplete results<br><br> `--upload `: <br>If specified, will automatically attempt to upload the scan result to Privado Dashboard <br><br> `--skip-upload `: <br>If specified, the result artifacts will not be uploaded to Privado Dashboard <br><br> `--debug`: <br>To enable process debug output for debugging purposes |</p> |
| `config` | List, enable, or disable telemetry for Privado CLI | `privado config <List/enable/disable>` | `-h`, `--help`: Help for config |
| `help` | Help provides help for any command in the application. | `privado help [command]` | `-h`, `--help`: Help for help |
| `update` | Check for latest release and update to the latest version Privado CLI | `privado update [flags]` | `-h`, `--help`: Help for update |
| `version` | Print the current version of Privado CLI | `privado version [flags]` | `-h, --help`: Help for version |
| `upload` | Sync the results of scan with Privado Dashboard | `privado upload <repository> [flags]` | `-h, --help`: Help for version |
2 changes: 2 additions & 0 deletions docs/getting-started-with-privado/running-a-scan.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ You can view all advanced options using `privado scan --help` and can be run usi
| `--config` | Specifies the config (with rules) directory to be passed to privado-core for scanning. These external rules and configurations are merged with the default set that Privado defines | To know more about what Privado Rules are, click here. |
| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ |
| `--debug` | Shows debug information while running | |
| `--upload` | If specified, will automatically attempt to upload the scan result to Privado Dashboard | |
| `--skip-upload` | If specified, the result artifacts will not be uploaded to Privado Dashboard | |
| `--disable-deduplication` | When specified, the engine does not remove duplicate and subset dataflows. This option is useful if you wish to review all flows (including duplicates) manually. When specified, the engine does not remove duplicate and subset dataflows. This option is useful if you wish to review all flows (including duplicates) manually | To know more about how to view and understand results, click here. |
| `--ignore-default-rules` | If specified, the default rules are ignored and only the specified rules via configuration are considered | To know more about what Privado Rules are, click here. |
| `--overwrite` | If specified, the warning prompt for existing scan results is disabled and any existing results are overwritten | |
Expand Down
6 changes: 6 additions & 0 deletions rules/collections/default/javascript.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
collections:
- id: Collections.Express
name: Express framework restendpoint
patterns:
- "express.(post|get|all|delete|put|patch|head|subscribe|unsubscribe)"
tags:
6 changes: 6 additions & 0 deletions rules/sinks/internal_apis/api/javascript.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
sinks:
- id: Sinks.API.InternalAPI
name: Internal APIs
patterns:
- "((http|https|ftp|ssh):\\/\\/){0,1}(((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}|(localhost))(:[0-9]{2,4}){0,1}(\\/([a-z]){0,1}){0,1}.*"
tags:
13 changes: 13 additions & 0 deletions rules/sinks/leakages/logs/javascript.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
sinks:

- id: Leakages.Log.Console
name: Log Console
patterns:
- "console.(?:log|error|info|warn|debug)"
tags:

- id: Leakages.Log.Log4js
name: Log4js
patterns:
- "log4js.(?:error|info|warn|debug)"
tags:
9 changes: 9 additions & 0 deletions rules/sinks/storages/amazonS3/javascript.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
sinks:

- id: Storages.AmazonS3.ReadAndWrite
name: Amazon S3
domains:
- aws.amazon.com
patterns:
- "(?:mongo-dump-s3-2|mongodb-dump-backup-aws-s3|cloudrail-si|node-mongodump-s3|amazons3-files-copier|node-document-storage-amazons3|@filesrocket/amazons3|filesrocket-amazons3|rf-amazons3-upload|@royal-fox/rf-amazons3-upload).*"
tags:
9 changes: 9 additions & 0 deletions rules/sinks/storages/arangodb/javascript.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
sinks:

- id: Storages.ArangoDB.ReadAndWrite
name: ArangoDB
domains:
- arangodb.com
patterns:
- "(?:arangodb-error-codes|arango|mongo-aql|arangojs-fork|fastify-arangodb|@drwade/feathers-arangodb|feathers-arangodb|loopback-connector-arangodb-3|migrado|arangojs|arangodb-query-parser|foxxsupertest|jollof|@leansdk/leanrc-arango-extension|type-arangodb|arangojs-extended|mongo-aql-fixed|sails-arangodb|entite|nomatic-arangodb-adapter|egg-arango|fastango|bunyan-arangodb|type-arango|arango-model|arango-migrate|@recallgraph/foxx-tracer|@partoutx/sails-arangodb|arangosearch|foxxy|arangojs-enlightenedcode|loopback-edge-arangodb|oada-lib-arangodb|foxx-framework|graphql-to-arangodb|arangrate2|arangojs-debug|foxx_generator|loopback-connector-arangodb|time-logger|@mattnick/arangosdk|arangodb-cubejs-driver|arangojs-with-timeout|arangrate|@hp4k1h5/aqlquerybuilder.js|arango.client|arango-util|arangochair|arangoreal|arango-lock|arangodb-typescript-setup|@recallgraph/foxx-tracer-reporter-datadog|@recallgraph/foxx-tracer-reporter-console|arango-up|ley-driver-arangojs|arangomigration|arangodb-helper|@kasai/arango|pims|pims-arangodb|fastango3|arangetrum|connect-arango|guesser|@bonsaya/arangodb-timetravel|@simplus/facades-arango|arangodep|install-arangodb-on-ubuntu|vargasjs|@danwkennedy/arango-datasource|local_argasmei|acl-arangodb|archive-arangodb|kronos-step-archive-arangodb|deepstream.io-storage-arangodb|@acastellon/arango|jugglingdb-arango|acoa|foxx-cli|loopback3-connector-arangodb3|arangodb-adapter|@internalfx/arangofs|arangolize|loopback-connector-arango|arm-app|feathers-arangodb-collection|graphql-arangodb|k-livedb-arango|@bitdiver/logadapter-arangodb|k-sync-arango-debug|k-sync-arango|loopback-node-arangodb|gitbook-plugin-theme-arangodb|nodecommons-es-database-arangodb|seneca-arango-store|@bitdiver/logadapter|@types/arangodb|node-red-contrib-arangodb|tramway-connection-arangodb|arango-express|arango-tools|hemera-arango-store|arangorize|jollof-data-arangodb|connect-arangodb-session|arangodb-foxx-upload|@cloudhub-js/sails-arangojs|sails-arangojs|orango|datasources-migrator-simple-arangorm|kyubi|simple-arangorm|sails-arango-database|ignitor.js).*"
tags:
10 changes: 10 additions & 0 deletions rules/sinks/storages/bigtable/javascript.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
sinks:

- id: Storages.CloudBigtable.ReadAndWrite
name: Google Cloud Bigtable
domains:
- cloud.google.com
- google.com
patterns:
- "(?:bigtable-kafka-connect|@google-cloud/bigtable|hypertable-driver|vertical-db|yildiz|b-cell|vertical-client|vertical-server|bigtable-erd-generator|tablelize|@maxim_mazurok/gapi.client.bigtableadmin|@maxim_mazurok/gapi.client.bigtableadmin-v2|@googleapis/bigtableadmin|@types/gapi.client.bigtableadmin|@types/gapi.client.bigtableadmin-v2|bigtable-client|js-data-bigtable|el-bigtable|@datafire/google_bigtableadmin|@bigtable/ng-bigtable).*"
tags:
Loading

0 comments on commit 78257e2

Please sign in to comment.