From 6287cee1eb550bc370a1b5f5837a3be653376b2b Mon Sep 17 00:00:00 2001 From: Dattaprasad Mundada Date: Wed, 19 Jul 2023 09:32:15 +0530 Subject: [PATCH 1/5] Support for Ruby HTTP client rules --- config/systemConfig/ruby.yaml | 12 ++++++++++++ rules/sinks/internal_apis/api/ruby.yaml | 6 ++++++ 2 files changed, 18 insertions(+) create mode 100644 config/systemConfig/ruby.yaml create mode 100644 rules/sinks/internal_apis/api/ruby.yaml diff --git a/config/systemConfig/ruby.yaml b/config/systemConfig/ruby.yaml new file mode 100644 index 00000000..50430135 --- /dev/null +++ b/config/systemConfig/ruby.yaml @@ -0,0 +1,12 @@ +systemConfig: + - key: apiHttpLibraries + value: (?i)(faraday|rest-client|httparty|http.client|net.http|curb|sawyer|unirest|excon|typhoeus||.*(Http(.){0,2}Client|RestClient|HTTParty|Faraday|Unirest)).* + + - key: ignoredSinks + value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* + + - key: apiSinks + value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit) + + - key: apiIdentifier + value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).* \ No newline at end of file diff --git a/rules/sinks/internal_apis/api/ruby.yaml b/rules/sinks/internal_apis/api/ruby.yaml new file mode 100644 index 00000000..3c5363a5 --- /dev/null +++ b/rules/sinks/internal_apis/api/ruby.yaml @@ -0,0 +1,6 @@ +sinks: + - id: Sinks.API.InternalAPI + name: Internal APIs + patterns: + - "((http|https|ftp|ssh):\\/\\/){0,1}(((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}|(localhost))(:[0-9]{2,4}){0,1}(\\/([a-z]){0,1}){0,1}.*" + tags: From 542ffb29f50956f244df1fe44a0e0cf6b4765489 Mon Sep 17 00:00:00 2001 From: Dattaprasad Mundada Date: Wed, 19 Jul 2023 09:33:38 +0530 Subject: [PATCH 2/5] Update the apiHttpLibraries rule for ruby --- config/systemConfig/ruby.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/systemConfig/ruby.yaml b/config/systemConfig/ruby.yaml index 50430135..8259aa9f 100644 --- a/config/systemConfig/ruby.yaml +++ b/config/systemConfig/ruby.yaml @@ -1,6 +1,6 @@ systemConfig: - key: apiHttpLibraries - value: (?i)(faraday|rest-client|httparty|http.client|net.http|curb|sawyer|unirest|excon|typhoeus||.*(Http(.){0,2}Client|RestClient|HTTParty|Faraday|Unirest)).* + value: (?i)(faraday|rest-client|httparty|http.client|net.http|curb|sawyer|unirest|excon|typhoeus|.*(Http(.){0,2}Client|RestClient|HTTParty|Faraday|Unirest)).* - key: ignoredSinks value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* From 3a920fa1b1aaf1f32100b1425df28cca90ae671d Mon Sep 17 00:00:00 2001 From: Dattaprasad Mundada Date: Thu, 27 Jul 2023 15:24:14 +0530 Subject: [PATCH 3/5] Additional ruby sdk + minor JS fixes --- config/systemConfig/javascript.yaml | 6 +++--- rules/sinks/storages/couchdb/javascript.yaml | 2 +- rules/sinks/storages/postgres/javascript.yaml | 2 +- .../third_parties/sdk/braintreepayments/ruby.yaml | 13 +++++++++++++ .../sinks/third_parties/sdk/google/javascript.yaml | 2 +- .../third_parties/sdk/launchdarkly/javascript.yaml | 2 +- rules/sinks/third_parties/sdk/paddle_pay/ruby.yaml | 13 +++++++++++++ 7 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 rules/sinks/third_parties/sdk/braintreepayments/ruby.yaml create mode 100644 rules/sinks/third_parties/sdk/paddle_pay/ruby.yaml diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml index c64a140f..8246c397 100644 --- a/config/systemConfig/javascript.yaml +++ b/config/systemConfig/javascript.yaml @@ -1,12 +1,12 @@ systemConfig: - key: apiHttpLibraries - value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\\/common\\/http|.*(HttpClient)).* + value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\\/common\\/http|@(.){2,25}\\/http|.*(HttpClient)).* - key: ignoredSinks value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* - key: apiSinks - value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on) + value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|fetapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on) - key: apiIdentifier - value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).* \ No newline at end of file + value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker|tracker)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).* \ No newline at end of file diff --git a/rules/sinks/storages/couchdb/javascript.yaml b/rules/sinks/storages/couchdb/javascript.yaml index 24b49b78..9b0feec4 100644 --- a/rules/sinks/storages/couchdb/javascript.yaml +++ b/rules/sinks/storages/couchdb/javascript.yaml @@ -6,7 +6,7 @@ sinks: - couchdb.apache.org - apache.org patterns: - - "(?:couchdb|couchdb-.*|rxdb|sqltomango|cradle|crypto-pouch|nano|@treehouses/cli|database-cleaner|couch-db|couch-admin|couchster|fauxton|couch-box|couch-nacl-permit|superlogin|npm-registry-couchapp|putdoc|connect-couchdb|couch-slouch|nano-option|tough-rate|couchdown|connect-cloudant-store|geopouch|filter-pouch|@zargu/couchdb-designer|changemachine|translator-couch|angular-eha.couchdb-auth|moleculer-db-adapter-couchdb-nano|typed-nano|sneakerjs|node-red-contrib-cloudantplus|node-couchdb|@scienceai/create-error|@inator/pouchdb-users|delta-pouch|@hoodie/task-client|stampee-couchdb-change-events|hoodie-server-task|couch-proxy-auth|designer|spawn-pouchdb-server|roy-replicator|connect-nano|ouch-rx|@hoodie/store-server|@hoodie/store-server-api|catlog|resourceful|@stanlemon/react-couchdb-authentication|tibet|@hoodie/account-server|replicate-couchdb-cluster|noflo-couchdb|pouch-datalog|@prescrire/pouchdb-replication-stream|@stanlemon/react-pouchdb|node-couchdb-logger|sync-gateway|@hoodie/account-server-api|jwt-couchdb|couch-login|nano-doc-updater|@twilson63/palmetto-couchdb|hapi-auth-couchdb-cookie|pino-couchdb|@nicodejong/nest-couchdb|winston-couchdb|express-user-couchdb).*" + - "(?:couchdb|couchdb-.*|rxdb|sqltomango|cradle|crypto-pouch|nano(?!-md5)|@treehouses/cli|database-cleaner|couch-db|couch-admin|couchster|fauxton|couch-box|couch-nacl-permit|superlogin|npm-registry-couchapp|putdoc|connect-couchdb|couch-slouch|nano-option|tough-rate|couchdown|connect-cloudant-store|geopouch|filter-pouch|@zargu/couchdb-designer|changemachine|translator-couch|angular-eha.couchdb-auth|moleculer-db-adapter-couchdb-nano|typed-nano|sneakerjs|node-red-contrib-cloudantplus|node-couchdb|@scienceai/create-error|@inator/pouchdb-users|delta-pouch|@hoodie/task-client|stampee-couchdb-change-events|hoodie-server-task|couch-proxy-auth|designer|spawn-pouchdb-server|roy-replicator|connect-nano|ouch-rx|@hoodie/store-server|@hoodie/store-server-api|catlog|resourceful|@stanlemon/react-couchdb-authentication|tibet|@hoodie/account-server|replicate-couchdb-cluster|noflo-couchdb|pouch-datalog|@prescrire/pouchdb-replication-stream|@stanlemon/react-pouchdb|node-couchdb-logger|sync-gateway|@hoodie/account-server-api|jwt-couchdb|couch-login|nano-doc-updater|@twilson63/palmetto-couchdb|hapi-auth-couchdb-cookie|pino-couchdb|@nicodejong/nest-couchdb|winston-couchdb|express-user-couchdb).*" tags: - id: Storages.RxDB.ReadAndWrite diff --git a/rules/sinks/storages/postgres/javascript.yaml b/rules/sinks/storages/postgres/javascript.yaml index 230b5cd5..f1711a5f 100644 --- a/rules/sinks/storages/postgres/javascript.yaml +++ b/rules/sinks/storages/postgres/javascript.yaml @@ -4,5 +4,5 @@ sinks: domains: - postgresql.org patterns: - - "(?:pg|pg-pool|pg-hstore|postgres-bytea|sql-template-strings|pg-native|pg-promise|libpq|sql-bricks|pgsql-ast-parser|mongo-sql|marv-pg-driver|pg-migrator|ts-postgres|@fastify/postgres|pgpass|ah-sequelize-plugin|confabulous|pg-error|aws-xray-sdk-postgres|pg-copy-streams|pogi|pg-escape|@wmfs/pg-diff-sync|data-elevator-postgres|yesql|knex-postgis|trailpack-plv8|pg-query-stream|pg-large-object|sql-bricks-postgres|schemart|pg-x|@yugabytedb/pg-pool|dbh-pg|api-core|postgres-cleaner|persistanz|@wmfs/relationize|@getlago/pgsql-ast-parser|postgres-date|pg-query-native|@wmfs/pg-info|postgres-interval|postgres-array|@urbica/pg-migrate|lego-sql|massive|qlobber-pg|@npm/pg-db-session|node-pg-migrate|v-protocol|@wmp-sbd/aws-xray-sdk-postgres|pg-query-parser|akeke_sequelize_egg_mysql_model|pg-schemats|pg-to-ts|@wmfs/supercopy|schemats|@mgolestan/schemats|v-pool|pg-ast-utils|pg-types|posigrade|pg-x-redis|pg-connect|sequelize-gen|hapi-postgres-connection|@smoke-trees/postgres-backend|pg-patch|postgres|save|pg-cursor|sequelize-replace-enum-postgres|node-postgres-named|pg-protocol|slonik|nact-persistence-postgres|jugglingdb|@trifacta/database-js-postgres|mongo-query-to-postgres-jsonb|@grouparoo/postgres|postgresql-service|related-postgres-analyzer|@runnerty/executor-postgres|@mft/postgres-migrations|@obi-tec/manager-postgres-database|machinepack-postgresql|@gasbuddy/configured-postgres-client|postgres-node-container|sqlutils|extract-pg-schema|kanel|pg-connection-string|@meotimdihia/postgres|psqlorm|sails-postgresql|think-model-postgresql|postgres-repo).*" + - "(?:pg-pool|pg-hstore|postgres-bytea|sql-template-strings|pg-native|pg-promise|libpq|sql-bricks|pgsql-ast-parser|mongo-sql|marv-pg-driver|pg-migrator|ts-postgres|@fastify/postgres|pgpass|ah-sequelize-plugin|confabulous|pg-error|aws-xray-sdk-postgres|pg-copy-streams|pogi|pg-escape|@wmfs/pg-diff-sync|data-elevator-postgres|yesql|knex-postgis|trailpack-plv8|pg-query-stream|pg-large-object|sql-bricks-postgres|schemart|pg-x|@yugabytedb/pg-pool|dbh-pg|api-core|postgres-cleaner|persistanz|@wmfs/relationize|@getlago/pgsql-ast-parser|postgres-date|pg-query-native|@wmfs/pg-info|postgres-interval|postgres-array|@urbica/pg-migrate|lego-sql|massive|qlobber-pg|@npm/pg-db-session|node-pg-migrate|v-protocol|@wmp-sbd/aws-xray-sdk-postgres|pg-query-parser|akeke_sequelize_egg_mysql_model|pg-schemats|pg-to-ts|@wmfs/supercopy|schemats|@mgolestan/schemats|v-pool|pg-ast-utils|pg-types|posigrade|pg-x-redis|pg-connect|sequelize-gen|hapi-postgres-connection|@smoke-trees/postgres-backend|pg-patch|postgres|pg-cursor|sequelize-replace-enum-postgres|node-postgres-named|pg-protocol|slonik|nact-persistence-postgres|jugglingdb|@trifacta/database-js-postgres|mongo-query-to-postgres-jsonb|@grouparoo/postgres|postgresql-service|related-postgres-analyzer|@runnerty/executor-postgres|@mft/postgres-migrations|@obi-tec/manager-postgres-database|machinepack-postgresql|@gasbuddy/configured-postgres-client|postgres-node-container|sqlutils|extract-pg-schema|kanel|pg-connection-string|@meotimdihia/postgres|psqlorm|sails-postgresql|think-model-postgresql|postgres-repo).*" tags: diff --git a/rules/sinks/third_parties/sdk/braintreepayments/ruby.yaml b/rules/sinks/third_parties/sdk/braintreepayments/ruby.yaml new file mode 100644 index 00000000..cc4d76de --- /dev/null +++ b/rules/sinks/third_parties/sdk/braintreepayments/ruby.yaml @@ -0,0 +1,13 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Braintreepayments + name: Braintreepayments + domains: + - "braintreepayments.com" + patterns: + - "(?i)(braintree).*" + tags: diff --git a/rules/sinks/third_parties/sdk/google/javascript.yaml b/rules/sinks/third_parties/sdk/google/javascript.yaml index 4c2b88e2..fdf9a0e0 100644 --- a/rules/sinks/third_parties/sdk/google/javascript.yaml +++ b/rules/sinks/third_parties/sdk/google/javascript.yaml @@ -65,7 +65,7 @@ sinks: domains: - "analytics.google.com" patterns: - - "[@]{0,1}google-analytics|@firebase\\/analytics" + - "@firebase\\/analytics|.*google-analytics|GoogleAnalyticsService" tags: - id: ThirdParties.SDK.Google.Cloud diff --git a/rules/sinks/third_parties/sdk/launchdarkly/javascript.yaml b/rules/sinks/third_parties/sdk/launchdarkly/javascript.yaml index bd695af5..13d7842c 100644 --- a/rules/sinks/third_parties/sdk/launchdarkly/javascript.yaml +++ b/rules/sinks/third_parties/sdk/launchdarkly/javascript.yaml @@ -9,5 +9,5 @@ sinks: domains: - "launchdarkly.com" patterns: - - "launchdarkly-node-server-sdk" + - "launchdarkly-node-server-sdk|launchdarkly-react-client-sdk" tags: diff --git a/rules/sinks/third_parties/sdk/paddle_pay/ruby.yaml b/rules/sinks/third_parties/sdk/paddle_pay/ruby.yaml new file mode 100644 index 00000000..7998a4b2 --- /dev/null +++ b/rules/sinks/third_parties/sdk/paddle_pay/ruby.yaml @@ -0,0 +1,13 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Paddle_Pay + name: Paddle Pay + domains: + - "paddle.com" + patterns: + - "(?i)(paddle_pay).*" + tags: From 257241e3acac2e6f93c7a604fec20e10da954f3b Mon Sep 17 00:00:00 2001 From: Dattaprasad Mundada Date: Thu, 27 Jul 2023 15:38:26 +0530 Subject: [PATCH 4/5] Minor corrections in rules --- config/systemConfig/javascript.yaml | 2 +- rules/sinks/third_parties/sdk/google/javascript.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml index 8246c397..d21ee2e3 100644 --- a/config/systemConfig/javascript.yaml +++ b/config/systemConfig/javascript.yaml @@ -1,6 +1,6 @@ systemConfig: - key: apiHttpLibraries - value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\\/common\\/http|@(.){2,25}\\/http|.*(HttpClient)).* + value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)).* - key: ignoredSinks value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* diff --git a/rules/sinks/third_parties/sdk/google/javascript.yaml b/rules/sinks/third_parties/sdk/google/javascript.yaml index fdf9a0e0..83246ba0 100644 --- a/rules/sinks/third_parties/sdk/google/javascript.yaml +++ b/rules/sinks/third_parties/sdk/google/javascript.yaml @@ -65,7 +65,7 @@ sinks: domains: - "analytics.google.com" patterns: - - "@firebase\\/analytics|.*google-analytics|GoogleAnalyticsService" + - "@firebase\\/analytics|.*(google-analytics|GoogleAnalyticsService)" tags: - id: ThirdParties.SDK.Google.Cloud From 66e111a2492ecdaa30198b587ad1084408ec6586 Mon Sep 17 00:00:00 2001 From: Dattaprasad Mundada Date: Thu, 27 Jul 2023 15:42:30 +0530 Subject: [PATCH 5/5] Fix the typo in fetchapi --- config/systemConfig/javascript.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml index d21ee2e3..8a939956 100644 --- a/config/systemConfig/javascript.yaml +++ b/config/systemConfig/javascript.yaml @@ -6,7 +6,7 @@ systemConfig: value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* - key: apiSinks - value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|fetapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on) + value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on) - key: apiIdentifier value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker|tracker)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).* \ No newline at end of file