JS Fixes (#283)

* Ruby http libraries (#278) * Support for Ruby HTTP client rules * Update the apiHttpLibraries rule for ruby * Update personal_characteristics.yaml * Ruby SDK + JS Fixes (#282) * Support for Ruby HTTP client rules * Update the apiHttpLibraries rule for ruby * Additional ruby sdk + minor JS fixes * Minor corrections in rules * Fix the typo in fetchapi --------- Co-authored-by: Hitesh Mahajan <[email protected]>
Privado-Inc · Jul 27, 2023 · 0d3345d · 0d3345d
1 parent a52a047
commit 0d3345d
Show file tree

Hide file tree

Showing 10 changed files with 60 additions and 16 deletions.
diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml
@@ -1,12 +1,12 @@
 systemConfig:
   - key: apiHttpLibraries
-    value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\\/common\\/http|.*(HttpClient)).*
+    value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)).*
 
   - key: ignoredSinks
     value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).*
 
   - key: apiSinks
-    value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on)
+    value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on)
 
   - key: apiIdentifier
-    value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).*
+    value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker|tracker)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).*
diff --git a/config/systemConfig/ruby.yaml b/config/systemConfig/ruby.yaml
@@ -0,0 +1,12 @@
+systemConfig:
+  - key: apiHttpLibraries
+    value: (?i)(faraday|rest-client|httparty|http.client|net.http|curb|sawyer|unirest|excon|typhoeus|.*(Http(.){0,2}Client|RestClient|HTTParty|Faraday|Unirest)).*
+
+  - key: ignoredSinks
+    value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).*
+
+  - key: apiSinks
+    value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|fetch|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit)
+
+  - key: apiIdentifier
+    value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).*
diff --git a/rules/sinks/internal_apis/api/ruby.yaml b/rules/sinks/internal_apis/api/ruby.yaml
@@ -0,0 +1,6 @@
+sinks:
+  - id: Sinks.API.InternalAPI
+    name: Internal APIs
+    patterns: 
+      - "((http|https|ftp|ssh):\\/\\/){0,1}(((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}|(localhost))(:[0-9]{2,4}){0,1}(\\/([a-z]){0,1}){0,1}.*"
+    tags:
diff --git a/rules/sinks/storages/couchdb/javascript.yaml b/rules/sinks/storages/couchdb/javascript.yaml
@@ -6,7 +6,7 @@ sinks:
       - couchdb.apache.org
       - apache.org
     patterns:
-      - "(?:couchdb|couchdb-.*|rxdb|sqltomango|cradle|crypto-pouch|nano|@treehouses/cli|database-cleaner|couch-db|couch-admin|couchster|fauxton|couch-box|couch-nacl-permit|superlogin|npm-registry-couchapp|putdoc|connect-couchdb|couch-slouch|nano-option|tough-rate|couchdown|connect-cloudant-store|geopouch|filter-pouch|@zargu/couchdb-designer|changemachine|translator-couch|angular-eha.couchdb-auth|moleculer-db-adapter-couchdb-nano|typed-nano|sneakerjs|node-red-contrib-cloudantplus|node-couchdb|@scienceai/create-error|@inator/pouchdb-users|delta-pouch|@hoodie/task-client|stampee-couchdb-change-events|hoodie-server-task|couch-proxy-auth|designer|spawn-pouchdb-server|roy-replicator|connect-nano|ouch-rx|@hoodie/store-server|@hoodie/store-server-api|catlog|resourceful|@stanlemon/react-couchdb-authentication|tibet|@hoodie/account-server|replicate-couchdb-cluster|noflo-couchdb|pouch-datalog|@prescrire/pouchdb-replication-stream|@stanlemon/react-pouchdb|node-couchdb-logger|sync-gateway|@hoodie/account-server-api|jwt-couchdb|couch-login|nano-doc-updater|@twilson63/palmetto-couchdb|hapi-auth-couchdb-cookie|pino-couchdb|@nicodejong/nest-couchdb|winston-couchdb|express-user-couchdb).*"
+      - "(?:couchdb|couchdb-.*|rxdb|sqltomango|cradle|crypto-pouch|nano(?!-md5)|@treehouses/cli|database-cleaner|couch-db|couch-admin|couchster|fauxton|couch-box|couch-nacl-permit|superlogin|npm-registry-couchapp|putdoc|connect-couchdb|couch-slouch|nano-option|tough-rate|couchdown|connect-cloudant-store|geopouch|filter-pouch|@zargu/couchdb-designer|changemachine|translator-couch|angular-eha.couchdb-auth|moleculer-db-adapter-couchdb-nano|typed-nano|sneakerjs|node-red-contrib-cloudantplus|node-couchdb|@scienceai/create-error|@inator/pouchdb-users|delta-pouch|@hoodie/task-client|stampee-couchdb-change-events|hoodie-server-task|couch-proxy-auth|designer|spawn-pouchdb-server|roy-replicator|connect-nano|ouch-rx|@hoodie/store-server|@hoodie/store-server-api|catlog|resourceful|@stanlemon/react-couchdb-authentication|tibet|@hoodie/account-server|replicate-couchdb-cluster|noflo-couchdb|pouch-datalog|@prescrire/pouchdb-replication-stream|@stanlemon/react-pouchdb|node-couchdb-logger|sync-gateway|@hoodie/account-server-api|jwt-couchdb|couch-login|nano-doc-updater|@twilson63/palmetto-couchdb|hapi-auth-couchdb-cookie|pino-couchdb|@nicodejong/nest-couchdb|winston-couchdb|express-user-couchdb).*"
     tags:
 
   - id: Storages.RxDB.ReadAndWrite

diff --git a/rules/sinks/storages/postgres/javascript.yaml b/rules/sinks/storages/postgres/javascript.yaml
@@ -4,5 +4,5 @@ sinks:
     domains:
       - postgresql.org
     patterns:
-      - "(?:pg|pg-pool|pg-hstore|postgres-bytea|sql-template-strings|pg-native|pg-promise|libpq|sql-bricks|pgsql-ast-parser|mongo-sql|marv-pg-driver|pg-migrator|ts-postgres|@fastify/postgres|pgpass|ah-sequelize-plugin|confabulous|pg-error|aws-xray-sdk-postgres|pg-copy-streams|pogi|pg-escape|@wmfs/pg-diff-sync|data-elevator-postgres|yesql|knex-postgis|trailpack-plv8|pg-query-stream|pg-large-object|sql-bricks-postgres|schemart|pg-x|@yugabytedb/pg-pool|dbh-pg|api-core|postgres-cleaner|persistanz|@wmfs/relationize|@getlago/pgsql-ast-parser|postgres-date|pg-query-native|@wmfs/pg-info|postgres-interval|postgres-array|@urbica/pg-migrate|lego-sql|massive|qlobber-pg|@npm/pg-db-session|node-pg-migrate|v-protocol|@wmp-sbd/aws-xray-sdk-postgres|pg-query-parser|akeke_sequelize_egg_mysql_model|pg-schemats|pg-to-ts|@wmfs/supercopy|schemats|@mgolestan/schemats|v-pool|pg-ast-utils|pg-types|posigrade|pg-x-redis|pg-connect|sequelize-gen|hapi-postgres-connection|@smoke-trees/postgres-backend|pg-patch|postgres|save|pg-cursor|sequelize-replace-enum-postgres|node-postgres-named|pg-protocol|slonik|nact-persistence-postgres|jugglingdb|@trifacta/database-js-postgres|mongo-query-to-postgres-jsonb|@grouparoo/postgres|postgresql-service|related-postgres-analyzer|@runnerty/executor-postgres|@mft/postgres-migrations|@obi-tec/manager-postgres-database|machinepack-postgresql|@gasbuddy/configured-postgres-client|postgres-node-container|sqlutils|extract-pg-schema|kanel|pg-connection-string|@meotimdihia/postgres|psqlorm|sails-postgresql|think-model-postgresql|postgres-repo).*"
+      - "(?:pg-pool|pg-hstore|postgres-bytea|sql-template-strings|pg-native|pg-promise|libpq|sql-bricks|pgsql-ast-parser|mongo-sql|marv-pg-driver|pg-migrator|ts-postgres|@fastify/postgres|pgpass|ah-sequelize-plugin|confabulous|pg-error|aws-xray-sdk-postgres|pg-copy-streams|pogi|pg-escape|@wmfs/pg-diff-sync|data-elevator-postgres|yesql|knex-postgis|trailpack-plv8|pg-query-stream|pg-large-object|sql-bricks-postgres|schemart|pg-x|@yugabytedb/pg-pool|dbh-pg|api-core|postgres-cleaner|persistanz|@wmfs/relationize|@getlago/pgsql-ast-parser|postgres-date|pg-query-native|@wmfs/pg-info|postgres-interval|postgres-array|@urbica/pg-migrate|lego-sql|massive|qlobber-pg|@npm/pg-db-session|node-pg-migrate|v-protocol|@wmp-sbd/aws-xray-sdk-postgres|pg-query-parser|akeke_sequelize_egg_mysql_model|pg-schemats|pg-to-ts|@wmfs/supercopy|schemats|@mgolestan/schemats|v-pool|pg-ast-utils|pg-types|posigrade|pg-x-redis|pg-connect|sequelize-gen|hapi-postgres-connection|@smoke-trees/postgres-backend|pg-patch|postgres|pg-cursor|sequelize-replace-enum-postgres|node-postgres-named|pg-protocol|slonik|nact-persistence-postgres|jugglingdb|@trifacta/database-js-postgres|mongo-query-to-postgres-jsonb|@grouparoo/postgres|postgresql-service|related-postgres-analyzer|@runnerty/executor-postgres|@mft/postgres-migrations|@obi-tec/manager-postgres-database|machinepack-postgresql|@gasbuddy/configured-postgres-client|postgres-node-container|sqlutils|extract-pg-schema|kanel|pg-connection-string|@meotimdihia/postgres|psqlorm|sails-postgresql|think-model-postgresql|postgres-repo).*"
     tags:
diff --git a/rules/sinks/third_parties/sdk/braintreepayments/ruby.yaml b/rules/sinks/third_parties/sdk/braintreepayments/ruby.yaml
@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Braintreepayments
+    name: Braintreepayments
+    domains:
+      - "braintreepayments.com"
+    patterns:
+      - "(?i)(braintree).*"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/google/javascript.yaml b/rules/sinks/third_parties/sdk/google/javascript.yaml
@@ -65,7 +65,7 @@ sinks:
     domains:
       - "analytics.google.com"
     patterns:
-      - "[@]{0,1}google-analytics|@firebase\\/analytics"
+      - "@firebase\\/analytics|.*(google-analytics|GoogleAnalyticsService)"
     tags:
 
   - id: ThirdParties.SDK.Google.Cloud

diff --git a/rules/sinks/third_parties/sdk/launchdarkly/javascript.yaml b/rules/sinks/third_parties/sdk/launchdarkly/javascript.yaml
@@ -9,5 +9,5 @@ sinks:
     domains:
       - "launchdarkly.com"
     patterns:
-      - "launchdarkly-node-server-sdk"
+      - "launchdarkly-node-server-sdk|launchdarkly-react-client-sdk"
     tags:
diff --git a/rules/sinks/third_parties/sdk/paddle_pay/ruby.yaml b/rules/sinks/third_parties/sdk/paddle_pay/ruby.yaml
@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Paddle_Pay
+    name: Paddle Pay
+    domains:
+      - "paddle.com"
+    patterns:
+      - "(?i)(paddle_pay).*"
+    tags:
diff --git a/rules/sources/personal_characteristics.yaml b/rules/sources/personal_characteristics.yaml
@@ -1,13 +1,13 @@
 sources:
-  - id: Data.Sensitive.PersonalCharacteristics.Height
-    name: Height
-    category: Personal Characteristics
-    isSensitive: False
-    sensitivity: low
-    patterns:
-      - "(?i).*(height[^\\s/(;)#|,=!>]{0,5}(?:cms|inches|feet|meter|metre))|(?:body|person|patient|baby|student|user|girl|boy|male|female)[^\\s/(;)#|,=!>]{0,5}height|height"
-    tags:
-      law: GDPR
+  # - id: Data.Sensitive.PersonalCharacteristics.Height
+  #   name: Height
+  #   category: Personal Characteristics
+  #   isSensitive: False
+  #   sensitivity: low
+  #   patterns:
+  #     - "(?i).*(height[^\\s/(;)#|,=!>]{0,5}(?:cms|inches|feet|meter|metre))|(?:body|person|patient|baby|student|user|girl|boy|male|female)[^\\s/(;)#|,=!>]{0,5}height|height"
+  #   tags:
+  #     law: GDPR
 
   - id: Data.Sensitive.PersonalCharacteristics.MaritalStatus
     name: Marital Status