ZupIT · wiliansilvazup · Apr 4, 2022 · Apr 1, 2022
diff --git a/internal/services/custom_rules/custom_rule_test.go b/internal/services/custom_rules/custom_rule_test.go
@@ -18,12 +18,11 @@ import (
 	"regexp"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
 	"github.com/ZupIT/horusec-devkit/pkg/enums/confidence"
 	"github.com/ZupIT/horusec-devkit/pkg/enums/languages"
 	"github.com/ZupIT/horusec-devkit/pkg/enums/severities"
 	"github.com/ZupIT/horusec-engine/text"
+	"github.com/stretchr/testify/require"
 )
 
 func TestValidate(t *testing.T) {
@@ -325,7 +324,6 @@ func TestGetRuleType(t *testing.T) {
 }
 
 func TestGetExpressions(t *testing.T) {
-
 	exprs := []string{"testOne", "testTwo"}
 	exprOne, _ := regexp.Compile(exprs[0])
 	exprTwo, _ := regexp.Compile(exprs[1])

diff --git a/internal/services/engines/java/rule_manager.go b/internal/services/engines/java/rule_manager.go
@@ -143,6 +143,7 @@ func Rules() []engine.Rule {
 		// NewMessageDigest(),
 		NewOverlyPermissiveFilePermission(),
 		NewCipherGetInstanceInsecure(),
+		NewVulnerableRemoteCodeExecutionSpringFramework(),
 
 		// Regular rules
 		NewHiddenElements(),

diff --git a/internal/services/engines/java/rules.go b/internal/services/engines/java/rules.go
@@ -2634,3 +2634,21 @@ func NewUncheckedClassInstatiation() *text.Rule {
 		},
 	}
 }
+
+func NewVulnerableRemoteCodeExecutionSpringFramework() *text.Rule {
+	return &text.Rule{
+		Metadata: engine.Metadata{
+			ID:          "HS-JAVA-152",
+			Name:        "Spring Framework Remote Code Execution",
+			Description: "It has been identified that versions prior to < 5.3.18 or < 5.2.20 of the spring framework are vulnerable to remote code execution. Please upgrade to version >= 5.3.18 or >= 5.2.20. For more information checkout the CVE-2022-22965 (https://tanzu.vmware.com/security/cve-2022-22965) advisory.",
+			Severity:    severities.Critical.ToString(),
+			Confidence:  confidence.Medium.ToString(),
+		},
+		Type: text.OrMatch,
+		Expressions: []*regexp.Regexp{
+			regexp.MustCompile(`<dependency.*org="org\.springframework".*\s.*(5\.[0-3]\.(1[0-7]|[0-9]\.|[0-9]"))|([0-4]\.[0-9]+\.[0-9]+).*/>`),
+			regexp.MustCompile(`compile.*"org\.springframework:spring-context.*((5\.[0-3]\.(1[0-7]|[0-9]\.|[0-9]"))|([0-4]\.[0-9]+\.[0-9]+).*"\))`),
+			regexp.MustCompile(`<groupId>\s*org\.springframework\s*</groupId>\s*<artifactId>.*\s*spring-context.*\s*</artifactId>\s*(<version>\s*((5\.[0-3]\.(1[0-7]|[0-9]\.|[0-9]"))|([0-4]\.[0-9]+\.[0-9]+)).*)\s*</version>`),
+		},
+	}
+}
diff --git a/internal/services/engines/java/rules_test.go b/internal/services/engines/java/rules_test.go
@@ -723,6 +723,54 @@ func TestRulesVulnerableCode(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name:     "HS-JAVA-152",
+			Rule:     NewVulnerableRemoteCodeExecutionSpringFramework(),
+			Src:      Sample1IvyVulnerableHSJAVA152,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152.1", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<dependency org=\"org.springframework\"",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152.1", ".test")),
+						Line:     2,
+						Column:   0,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-152",
+			Rule:     NewVulnerableRemoteCodeExecutionSpringFramework(),
+			Src:      Sample2GradleVulnerableHSJAVA152,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152.2", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "compile(\"org.springframework:spring-context:5.3.17.RELEASE\")",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152.2", ".test")),
+						Line:     3,
+						Column:   4,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-152",
+			Rule:     NewVulnerableRemoteCodeExecutionSpringFramework(),
+			Src:      Sample3MavenVulnerableHSJAVA152,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152.3", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<groupId>org.springframework</groupId>",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152.3", ".test")),
+						Line:     4,
+						Column:   8,
+					},
+				},
+			},
+		},
 	}
 
 	testutil.TestVulnerableCode(t, testcases)
@@ -1007,6 +1055,24 @@ func TestRulesSafeCode(t *testing.T) {
 			Src:      Sample5MavenSafeHSJAVA151,
 			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
 		},
+		{
+			Name:     "HS-JAVA-152",
+			Rule:     NewVulnerableRemoteCodeExecutionSpringFramework(),
+			Src:      Sample1IvySafeHSJAVA152,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-152",
+			Rule:     NewVulnerableRemoteCodeExecutionSpringFramework(),
+			Src:      Sample2GradleSafeHSJAVA152,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-152",
+			Rule:     NewVulnerableRemoteCodeExecutionSpringFramework(),
+			Src:      Sample3MavenSafeHSJAVA152,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-152", ".test")),
+		},
 	}
 	testutil.TestSafeCode(t, testcases)
 }
diff --git a/internal/services/engines/java/sample_test.go b/internal/services/engines/java/sample_test.go
@@ -1444,5 +1444,51 @@ test {
         </dependency>
     </dependencies>
 </project>
+`
+
+	Sample1IvyVulnerableHSJAVA152 = `
+<dependency org="org.springframework"
+    name="spring-core" rev="5.3.17.RELEASE" conf="compile->runtime"/>
+`
+
+	Sample1IvySafeHSJAVA152 = `
+<dependency org="org.springframework"
+    name="spring-core" rev="5.3.18.RELEASE" conf="compile->runtime"/>
+`
+
+	Sample2GradleVulnerableHSJAVA152 = `
+dependencies {
+    compile("org.springframework:spring-context:5.3.17.RELEASE")
+    testCompile("org.springframework:spring-test:5.3.17.RELEASE")
+}
+`
+
+	Sample2GradleSafeHSJAVA152 = `
+dependencies {
+    compile("org.springframework:spring-context:5.3.18.RELEASE")
+    testCompile("org.springframework:spring-test:5.3.18.RELEASE")
+}
+`
+
+	Sample3MavenVulnerableHSJAVA152 = `
+<dependencies>
+    <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-context</artifactId>
+        <version>5.3.17.RELEASE</version>
+        <scope>runtime</scope>
+    </dependency>
+</dependencies>
+`
+
+	Sample3MavenSafeHSJAVA152 = `
+<dependencies>
+    <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-context</artifactId>
+        <version>5.3.18.RELEASE</version>
+        <scope>runtime</scope>
+    </dependency>
+</dependencies>
 `
 )
diff --git a/internal/services/engines/rules_test.go b/internal/services/engines/rules_test.go
@@ -67,7 +67,7 @@ func TestGetRules(t *testing.T) {
 		{
 			engine:             "Java",
 			manager:            java.NewRules(),
-			expectedTotalRules: 182,
+			expectedTotalRules: 183,
 		},
 		{
 			engine:             "Dart",