Merge pull request #541 from Privado-Inc/dev

Release PR

config/exclusions/csharp.yaml

@@ -0,0 +1,5 @@
+exclusions:
+  - id: Exclusions.Test
+    name: Exclude test source code
+    patterns:
+      - "(.*(?i)(Tests|UnitTest(s)?)/.*)|/.*Test(s)?[.]cs$"

config/systemConfig/csharp.yaml

@@ -0,0 +1,9 @@
+systemConfig:
+  - key: apiHttpLibraries
+    value: ^(?i)(System[.]Net[.]Http|RestSharp|EasyHttp|Flurl[.]Http|Refit|Restease|Nancy[.]HttpClient|FluentHttp|Polly|EasyHttp|Windows[.]Web[.]Http|FluentRest|Restup|FiddlerCore|NHttp).*
+
+  - key: apiSinks
+    value: (?i)(?:url|client|open|request|execute|newCall|load|host|access|list|set|put|post|proceed|trace|patch|Path|send|remove|delete|write|read|postForEntity|call|createCall|createEndpoint|dispatch|invoke|getInput|getOutput|getResponse|do)
+
+  - key: apiIdentifier
+    value: (?i).*((hook|base|auth|prov|endp|install|request|service|gateway|route|resource)(.){0,12}url|(slack|web)(.){0,4}hook|(rest|api|request|service)(.){0,4}(endpoint|gateway|route)).*

rules/sinks/internal_apis/api/csharp.yaml

@@ -0,0 +1,6 @@
+sinks:
+  - id: Sinks.API.InternalAPI
+    name: Internal APIs
+    patterns:
+      - "((http|https|ftp|ssh):\\/\\/){0,1}(((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}|(localhost))(:[0-9]{2,4}){0,1}(\\/([a-z]){0,1}){0,1}.*"
+    tags:

rules/sinks/third_parties/api/csharp.yaml

@@ -0,0 +1,7 @@
+sinks:
+
+  - id: Sinks.ThirdParties.API
+    name: Third Party API
+    patterns:
+      - "(?i)((?:http:|https:|ftp:|ssh:|udp:|wss:|ws:){0,1}(\\/){0,2}[a-zA-Z0-9_-][^)\\/(#|,!>\\s@]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
+    tags:

rules/sinks/third_parties/api/go.yaml

@@ -3,6 +3,6 @@ sinks:
   - id: Sinks.ThirdParties.API
     name: Third Party API
     patterns:   
-      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
+      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s@]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
       - "(?i).*((hook|base|auth|prov|endp|install|request|service|gateway|route|resource)(.){0,12}url|(slack|web)(.){0,4}hook|(rest|api|request|service)(.){0,4}(endpoint|gateway|route)).*"
     tags:

rules/sinks/third_parties/api/java.yaml

@@ -3,6 +3,6 @@ sinks:
   - id: Sinks.ThirdParties.API
     name: Third Party API
     patterns:   
-      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
+      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s@]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
       - "(?i).*((hook|base|auth|prov|endp|install|request|service|gateway|route|resource)(.){0,12}url|(slack|web)(.){0,4}hook|(rest|api|request|service)(.){0,4}(endpoint|gateway|route)).*"
     tags:

rules/sinks/third_parties/api/javascript.yaml

@@ -3,5 +3,5 @@ sinks:
   - id: Sinks.ThirdParties.API
     name: Third Party API
     patterns:   
-      - "(?i)((?:http:|https:|ftp:|ssh:|udp:|wss:|ws:){0,1}(\\/){0,2}[a-zA-Z0-9_-][^)\\/(#|,!>\\s]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
+      - "(?i)((?:http:|https:|ftp:|ssh:|udp:|wss:|ws:){0,1}(\\/){0,2}[a-zA-Z0-9_-][^)\\/(#|,!>\\s@]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
     tags:

rules/sinks/third_parties/api/php.yaml

@@ -3,5 +3,5 @@ sinks:
   - id: Sinks.ThirdParties.API
     name: Third Party API
     patterns:   
-      - "(?i)((?:http:|https:|ftp:|ssh:|udp:|wss:|ws:){0,1}(\\/){0,2}[a-zA-Z0-9_-][^)\\/(#|,!>\\s]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
+      - "(?i)((?:http:|https:|ftp:|ssh:|udp:|wss:|ws:){0,1}(\\/){0,2}[a-zA-Z0-9_-][^)\\/(#|,!>\\s@]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
     tags:

rules/sinks/third_parties/api/python.yaml

@@ -3,5 +3,5 @@ sinks:
   - id: Sinks.ThirdParties.API
     name: Third Party API
     patterns:   
-      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
+      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s@]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
     tags:

rules/sinks/third_parties/api/ruby.yaml

@@ -3,6 +3,6 @@ sinks:
   - id: Sinks.ThirdParties.API
     name: Third Party API
     patterns:   
-      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
+      - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s@]{1,50}\\.\\b(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)\\b).*(?<!png|jpeg|jpg|txt|blob|css|html|js|svg)"
       - "(?i).*((hook|base|auth|prov|endp|install|request|service|gateway|route|resource)(.){0,12}url|(slack|web)(.){0,4}hook|(rest|api|request|service)(.){0,4}(endpoint|gateway|route)).*"
     tags:

rules/sinks/third_parties/sdk/auth0/java.yaml

@@ -9,5 +9,6 @@ sinks:
     domains:
       - "auth0.com"
     patterns:
-      - "(?i)(auth0-clojure|auth0-ring|com[.]auth0[.]android[.]gradle-credentials|com[.]auth0[.]android|com[.]auth0[.]gradle[.]java-oss-library|com[.]auth0[.]gradle[.]oss-library[.]android|com[.]auth0[.]gradle[.]oss-library[.]java|com[.]auth0[.]gradle[.]oss-library|com[.]auth0[.]gradle|com[.]auth0|gradle[.]plugin[.]com[.]auth0[.]android|gradle[.]plugin[.]com[.]auth0[.]gradle|org[.]webjars[.]bowergithub[.]auth0|org[.]wso2[.]km[.]ext[.]auth0).*"
+      - "(?i)(auth0-clojure|auth0-ring|com[.]auth0[.]android[.]gradle-credentials|com[.]auth0[.]android|com[.]auth0[.]gradle|gradle[.]plugin[.]com[.]auth0[.]android|gradle[.]plugin[.]com[.]auth0[.]gradle|org[.]webjars[.]bowergithub[.]auth0|org[.]wso2[.]km[.]ext[.]auth0).*"
+      - "(?i)(com[.]auth0[.](?!jwt\b|jwt[.]|utils?\b|utils?[.]|helpers?\b|helpers?[.]|common\b|common[.]|core\b|core[.]).+)"
     tags: