Merge pull request #401 from Privado-Inc/dev

Dev
Privado-Inc · Feb 19, 2024 · b2bf8e7 · b2bf8e7
2 parents 4d82f1c + d35d745
commit b2bf8e7
Showing 21 changed files with 131 additions and 18 deletions.
diff --git a/config/exclusions/kotlin.yaml b/config/exclusions/kotlin.yaml
@@ -2,4 +2,4 @@ exclusions:
   - id: Exclusions.Template
     name: Exclude template file
     patterns:
-      - "(?i)(.*template.kt|.*template(s)?/.*)"
+      - "(?i)(.*.kts|.*template.kt|.*template(s)?/.*)"
diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml
@@ -1,12 +1,12 @@
 systemConfig:
   - key: apiHttpLibraries
-    value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).*
+    value: (?i)\${0,1}(request|fetch|axios|vue-axios|urllib|reqwest|ajax-client|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).*
 
   - key: ignoredSinks
     value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).*
 
   - key: apiSinks
-    value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|useSWR|useSWRInfinite|useSWRSubscription|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on|track|addEventListener)
+    value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|useSWR|useSWRInfinite|useSWRSubscription|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|del|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on|track|addEventListener|ajax)
 
   - key: apiIdentifier
     value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker|tracker|paymentservice)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).*

diff --git a/rules/sinks/leakages/logs/go.yaml b/rules/sinks/leakages/logs/go.yaml
@@ -64,7 +64,7 @@ sinks:
   - id: Leakages.Log.Console
     name: Log Console
     patterns:
-      - "(?i)(fmt)[.](Println|Print)(f?)"
+      - "(?i)(fmt)[.](F|S)?(Println|Print)(f?)"
     tags:
 
   - id: Leakages.Log.Trace

diff --git a/rules/sinks/leakages/logs/javascript.yaml b/rules/sinks/leakages/logs/javascript.yaml
@@ -15,7 +15,7 @@ sinks:
   - id: Leakages.Log.Debug
     name: Log Debug
     patterns:
-      - "(?i).*(?:console|logger|bunyan|winston|log4js|pino|kax).*(debug|trace)|.*debuglog.*|.*debug"
+      - "(?i).*(?:console|logger|bunyan|winston|log4js|pino|kax).*(debug|trace)|.*debuglog"
     tags:
 
   - id: Leakages.Log.Info

diff --git a/rules/sinks/third_parties/sdk/amazon/javascript.yaml b/rules/sinks/third_parties/sdk/amazon/javascript.yaml
@@ -11,7 +11,7 @@ sinks:
     patterns:
       - "aws-sqs-"
       - "@aws-solutions-constructs\\/aws-(lambda-sqs|sns-sqs|lambda-sqs|sqs-helper|apigateway-sqs|s3-sqs)"
-      - "graphql-sqs-subscriptions|sns-sqs-slq-code7|@battleline\\/sqs-large-payload-nodejs|typescript-aws-sqs-helper"
+      - "graphql-sqs-subscriptions|sns-sqs-slq-code7|@battleline\\/sqs-large-payload-nodejs|typescript-aws-sqs-helper|sqs-consumer"
     tags:
 
   - id: ThirdParties.SDK.Amazonaws.Athena

diff --git a/rules/sinks/third_parties/sdk/auth0/javascript.yaml b/rules/sinks/third_parties/sdk/auth0/javascript.yaml
@@ -9,5 +9,5 @@ sinks:
     domains:
       - "auth0.com"
     patterns:
-      - "wdi-auth0-js|@ctx-core\\/auth0-service|@zedeid-sdk\\/zedeid-did-siop-lib|@lgastler\\/remix-auth|express-nemo-auth0-jwt-verify|auth0-mfa-flow|cimpress-express-auth0|auth0-react-lock|@auth0\\/auth0-spa-js|auth0|auth0-js|idtoken-verifier|auth0-lock|@auth0\\/auth0-react|webtask-tools|@auth0\\/nextjs-auth0|auth0-api-jwt-rsa-validation|@hapi\\/bell|nativescript-auth0|@status\\/codes|auth0-lock-passwordless|loopback-auth0-jwt|auth0-deploy|nodebb-plugin-sso-auth0|express-auth0-simple|@auth0\\/auth0-angular|auth0-retrieve-user|keyfetch|fastify-auth0-verify|@ctx-core\\/auth0|passport-wsfed-saml2|@ctx-core\\/auth0-management|@auth0\\/cordova|auth0-extension-tools|use-auth0-hooks|supertokens-auth0-spa-js|@wmfs\\/tymly-auth-auth0-plugin|fastify-authz-jwks|bashleigh-idtoken-verifier|react-auth-hook|auth0-oauth2-express|is4-spa-js|faisalil-auth0-spa-js|auth0-spa-js-ionic|@xtiannyeto\\/vue-auth0|auth0-guardian-js|@shanks42\\/auth0-spa-js|@ctx-core\\/auth0-lock|@ctx-core\\/auth0-ui|remix-auth|@cobuildlab\\/auth0-utils|storybook-addon-next-auth0|auth0-contact-form|electron-auth0-login|auth0-bundler|@simulacrum\\/auth0-simulator|gatsby-theme-auth0|vue-auth0-plugin|@tadashi\\/koa-jwt-authz|jwt-passport|auth0-sso-login|ember-simple-auth-auth0|auth0-js-react|@httptoolkit\\/auth0-lock|nuxt-auth0-spa|express-jwt-scope|@hustle\\/auth0-js|@exponent\\/node-auth0|@bcwdev\\/auth0provider|gatsby-theme-auth0-ts|@mrzwick\\/auth0-vue-plugin|@wizzn\\/auth0-capacitor|@cobuildlab\\/8base-auth0|auth0-ember-simple-auth|f-jwt-decode|@aaxis\\/auth0-spa-js|express-gateway-plugin-jwks|@salte-auth\\/auth0|@jokka\\/auth0-lock-passwordless|node-red-contrib-http-auth0|auth0-extension-express-tools|@webundsoehne\\/nestjs-auth0-guard|sveltekit-openid-connect|auth0-extension-hapi-tools|jwt-check|auth0-get-all-users|@morphatic\\/feathers-auth0-strategy|@tridnguyen\\/auth|@zeytech\\/auth0-adonisjs|auth0-log-extension-tools|hurbis-ui-seguranca-v1-snapshot|@cyrusbio\\/auth0-authorization|cap-authentication|auth0-extension-ui|auth0-vuex|@marketredesign\\/auth0-spa-vue|tomslutsky-remix-auth|netlify-plugin-auth0-patch-urls|auth-angular|@huz-com\\/subscription-sdk|@ethiclab\\/vue-auth0|node-red-contrib-websocket-auth0|react-auth0-helper|auth0-rule-sandbox|fastify-jwt-authz|ipyauth|x2node-ws-auth-jwt|react-use-auth0|@coldstartai\\/auth0-spa-js|x-kholub-auth0-spa-js|@morphatic\\/feathers-auth0|auth0-verify|@magikcraft\\/ember-simple-auth-auth0|fastify-auth0|ally-auth0|@ngx-auth\\/auth0|cordova-plugin-auth0|@bcwdev\\/auth0-vue|auth0-extension-s3-tools|@brettm12345\\/react-auth-hook|fastify-jwt-webapp|magnet-auth0|hurbis-ui-seguranca-v1|@userfront\\/bell|auth0-spa-ts|@cmotion\\/ionic-keycloak-auth|vue-auth0-handler|react-observable-auth0|auth0-angular2|hapi-bell-other|generator-auth0-rules|@thecla\\/auth0-angular|npm-auth0|auth0-autorenewing-token|simple-lock|@logicalroute\\/angular-authguard|@william_swannell\\/nextjs-auth0|hapi-auth-auth0|@bgipyauth\\/ipyauth|hapi-hodor|@nhi\\/auth0-spa-js|ericraj-auth0-nextjs|auth0-authorization-extension-wrapper|gsandf-auth0-js|@future-grid\\/fgp-auth|cyclejs-auth0|vuepress-auth0"
+      - "auth0|wdi-auth0-js|@ctx-core\\/auth0-service|@zedeid-sdk\\/zedeid-did-siop-lib|@lgastler\\/remix-auth|express-nemo-auth0-jwt-verify|auth0-mfa-flow|cimpress-express-auth0|auth0-react-lock|@auth0\\/auth0-spa-js|auth0|auth0-js|idtoken-verifier|auth0-lock|@auth0\\/auth0-react|webtask-tools|@auth0\\/nextjs-auth0|auth0-api-jwt-rsa-validation|@hapi\\/bell|nativescript-auth0|@status\\/codes|auth0-lock-passwordless|loopback-auth0-jwt|auth0-deploy|nodebb-plugin-sso-auth0|express-auth0-simple|@auth0\\/auth0-angular|auth0-retrieve-user|keyfetch|fastify-auth0-verify|@ctx-core\\/auth0|passport-wsfed-saml2|@ctx-core\\/auth0-management|@auth0\\/cordova|auth0-extension-tools|use-auth0-hooks|supertokens-auth0-spa-js|@wmfs\\/tymly-auth-auth0-plugin|fastify-authz-jwks|bashleigh-idtoken-verifier|react-auth-hook|auth0-oauth2-express|is4-spa-js|faisalil-auth0-spa-js|auth0-spa-js-ionic|@xtiannyeto\\/vue-auth0|auth0-guardian-js|@shanks42\\/auth0-spa-js|@ctx-core\\/auth0-lock|@ctx-core\\/auth0-ui|remix-auth|@cobuildlab\\/auth0-utils|storybook-addon-next-auth0|auth0-contact-form|electron-auth0-login|auth0-bundler|@simulacrum\\/auth0-simulator|gatsby-theme-auth0|vue-auth0-plugin|@tadashi\\/koa-jwt-authz|jwt-passport|auth0-sso-login|ember-simple-auth-auth0|auth0-js-react|@httptoolkit\\/auth0-lock|nuxt-auth0-spa|express-jwt-scope|@hustle\\/auth0-js|@exponent\\/node-auth0|@bcwdev\\/auth0provider|gatsby-theme-auth0-ts|@mrzwick\\/auth0-vue-plugin|@wizzn\\/auth0-capacitor|@cobuildlab\\/8base-auth0|auth0-ember-simple-auth|f-jwt-decode|@aaxis\\/auth0-spa-js|express-gateway-plugin-jwks|@salte-auth\\/auth0|@jokka\\/auth0-lock-passwordless|node-red-contrib-http-auth0|auth0-extension-express-tools|@webundsoehne\\/nestjs-auth0-guard|sveltekit-openid-connect|auth0-extension-hapi-tools|jwt-check|auth0-get-all-users|@morphatic\\/feathers-auth0-strategy|@tridnguyen\\/auth|@zeytech\\/auth0-adonisjs|auth0-log-extension-tools|hurbis-ui-seguranca-v1-snapshot|@cyrusbio\\/auth0-authorization|cap-authentication|auth0-extension-ui|auth0-vuex|@marketredesign\\/auth0-spa-vue|tomslutsky-remix-auth|netlify-plugin-auth0-patch-urls|auth-angular|@huz-com\\/subscription-sdk|@ethiclab\\/vue-auth0|node-red-contrib-websocket-auth0|react-auth0-helper|auth0-rule-sandbox|fastify-jwt-authz|ipyauth|x2node-ws-auth-jwt|react-use-auth0|@coldstartai\\/auth0-spa-js|x-kholub-auth0-spa-js|@morphatic\\/feathers-auth0|auth0-verify|@magikcraft\\/ember-simple-auth-auth0|fastify-auth0|ally-auth0|@ngx-auth\\/auth0|cordova-plugin-auth0|@bcwdev\\/auth0-vue|auth0-extension-s3-tools|@brettm12345\\/react-auth-hook|fastify-jwt-webapp|magnet-auth0|hurbis-ui-seguranca-v1|@userfront\\/bell|auth0-spa-ts|@cmotion\\/ionic-keycloak-auth|vue-auth0-handler|react-observable-auth0|auth0-angular2|hapi-bell-other|generator-auth0-rules|@thecla\\/auth0-angular|npm-auth0|auth0-autorenewing-token|simple-lock|@logicalroute\\/angular-authguard|@william_swannell\\/nextjs-auth0|hapi-auth-auth0|@bgipyauth\\/ipyauth|hapi-hodor|@nhi\\/auth0-spa-js|ericraj-auth0-nextjs|auth0-authorization-extension-wrapper|gsandf-auth0-js|@future-grid\\/fgp-auth|cyclejs-auth0|vuepress-auth0"
     tags:
diff --git a/rules/sinks/third_parties/sdk/bing/javascript.yaml b/rules/sinks/third_parties/sdk/bing/javascript.yaml
@@ -11,3 +11,12 @@ sinks:
     patterns:
       - "@translate-tools\\/core|node-bing-api|bing.search|bing-translate-api|wonderful-bing-wallpaper|bing-spell-checker|simple-bing-geocoder|bing-translate-result|bing-image-search-api-scraper|ping_bing|hpsweb-bingmaps-distance|scorebing-api|bing-elevation|bingtranslator"
     tags:
+
+  - id: ThirdParties.SDK.Script.Bing
+    name: Bing
+    domains:
+      - "bing.com"
+    filterProperty: "code"
+    patterns:
+      - ".*(bing[a-zA-Z0-9_]{0,25}|uetq)[.](push)[(].*"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/branch/javascript.yaml b/rules/sinks/third_parties/sdk/branch/javascript.yaml
@@ -11,3 +11,21 @@ sinks:
     patterns:
       - "react-native-branch|branch-sdk"
     tags:
+
+  - id: ThirdParties.SDK.Branch
+    name: Branch
+    domains:
+      - "branch.io"
+    patterns:
+      - "branchio-sdk|branch-sdk"
+    tags:
+
+  - id: ThirdParties.SDK.Script.Branch
+    name: Branch
+    filterProperty: "code"
+    domains:
+      - "branch.io"
+    patterns:
+      - ".*(branch[a-zA-Z0-9_]{0,25}[.](link|init|setBranchViewData|track|qrCode|setIdentity|logEvent)[(]).*"
+    tags:
+
diff --git a/rules/sinks/third_parties/sdk/braze/kotlin.yaml b/rules/sinks/third_parties/sdk/braze/kotlin.yaml
@@ -0,0 +1,9 @@
+sinks:
+  - id: ThirdParties.SDK.Braze
+    name: Braze
+    domains:
+      - "braze.com"
+    patterns:
+      - "(?i)(com[.]braze[.]).*"
+    tags:
+
diff --git a/rules/sinks/third_parties/sdk/enzoic/javascript.yaml b/rules/sinks/third_parties/sdk/enzoic/javascript.yaml
@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Enzoic
+    name: Enzoic
+    domains:
+      - "enzoic.com"
+    patterns:
+      - "enzoic"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/facebook/javascript.yaml b/rules/sinks/third_parties/sdk/facebook/javascript.yaml
@@ -18,5 +18,5 @@ sinks:
     domains:
       - "facebook.com"
     patterns:
-      - "fbq[(].*"
+      - "((window|w|this)[.])?fbq[(].*"
     tags:
diff --git a/rules/sinks/third_parties/sdk/google/javascript.yaml b/rules/sinks/third_parties/sdk/google/javascript.yaml
@@ -39,7 +39,7 @@ sinks:
   - id: ThirdParties.SDK.Google.TagManager
     name: Google Tag Manager
     domains:
-      - "admob.google.com"
+      - "analytics.google.com"
     patterns:
       - "@analytics\\/google-tag-manager|gatsby-plugin-google-gtag|react-gtm-module"
     tags:
@@ -50,7 +50,7 @@ sinks:
     domains:
       - "admob.google.com"
     patterns:
-      - "(gtag|dataLayer.push)[(].*"
+      - "((window|w|this)[.])?(gtag|dataLayer.push)[(].*"
     tags:
 
   - id: ThirdParties.SDK.Google.Spreadsheet
@@ -384,4 +384,22 @@ sinks:
       - "cloud.google.com/recaptcha-enterprise"
     patterns:
       - "react-google-recaptcha|vue-recaptcha|@google-cloud\\/recaptcha-enterprise|react-google-recaptcha-v3"
-    tags:
+    tags:
+
+  - id: ThirdParties.SDK.Pixel.Google.Analytics
+    name: Google Analytics
+    domains:
+      - "analytics.google.com"
+    filterProperty: "code"
+    patterns:
+      - "(?i)(.*(window|w|this)[.])?ga[(].*"
+    tags:
+
+  - id: ThirdParties.SDK.Pixel.Google.TagManager
+    name: Google Tag Manager
+    domains:
+      - "analytics.google.com"
+    filterProperty: "code"
+    patterns:
+      - "(?i)(.*(window|w|this)[.])?(datalayer[.]push|gtag)[(].*"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/impact/javascript.yaml b/rules/sinks/third_parties/sdk/impact/javascript.yaml
@@ -0,0 +1,14 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Pixel.Impact
+    name: Impact
+    domains:
+      - "impact.com"
+    filterProperty: "code"
+    patterns:
+      - ".*(ire)[(].(identify|generate|track).*"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/pendo/javascript.yaml b/rules/sinks/third_parties/sdk/pendo/javascript.yaml
@@ -11,3 +11,12 @@ sinks:
     patterns:
       - "rn-pendo-sdk|ngx-pendo"
     tags:
+
+  - id: ThirdParties.SDK.Pixel.Pendo
+    name: Pendo
+    domains:
+      - "pendo.io"
+    filterProperty: "code"
+    patterns:
+      - "(?i)(.*[.])?(pendo)([.]initialize)?[(].*"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/pinterest/javascript.yaml b/rules/sinks/third_parties/sdk/pinterest/javascript.yaml
@@ -6,6 +6,6 @@ sinks:
     domains:
       - "pinterest.com"
     patterns:
-      - "pintrk[(].*"
+      - "((window|w|this)[.])?pintrk[(].*"
     tags:
 
diff --git a/rules/sinks/third_parties/sdk/snapchat/javascript.yaml b/rules/sinks/third_parties/sdk/snapchat/javascript.yaml
@@ -0,0 +1,14 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Pixel.Snapchat
+    name: Snapchat
+    domains:
+      - "snapchat.com"
+    filterProperty: "code"
+    patterns:
+      - ".*(snaptr)[(].*"
+    tags:      
diff --git a/rules/sinks/third_parties/sdk/spotify/javascript.yaml b/rules/sinks/third_parties/sdk/spotify/javascript.yaml
@@ -11,3 +11,12 @@ sinks:
     patterns:
       - "node-spotify-helper|vue-spotify|spotify-web-utils|@ngx-spotify-api\\/core|@cameronriu\\/spotify-web-api-node|spotify-mp3-playlist-downloader|@vilp1l\\/spotify.js|spotify-metadata-search|spotify-web-api-node|spotify-web-api-js|spotify|node-spotify-webhelper|spotify-finder|spotify-middleware-webapi|angular-spotify|react-native-spotify|spdl-core|@panz3r\\/spotify-js|spotify-info.js|deezer-api-ts|spotify-api-request|react-spotify-api|spotify-playback-sdk|spotify-api.js|spotify-lyrics-api|spotify-web-sdk|easy-spotify-ts|spotify-personal-auth|spotydrive|spotify-cover-art-api|angular2-spotify|rc-angular-spotify|spotify-webhelper|adonis-spotify|spotify-api|visdi-deezer-api-ts|@g749\\/spotify-web-api-node|spotify-types|spotify-objects|simple-spotify|spotify-web-playback|@kaname-png\\/erela.js-spotify|@redline187\\/spotify-web-api-node|spotify-service-rg|js-spotify-api|@kywagaha\\/spotify-event-api|spotify-web-api-node-server|spotify-playback-sdk-node|canvacordpalaexpress|spotify-manager"
     tags:
+
+  - id: ThirdParties.SDK.Pixel.Spotify
+    name: Spotify
+    domains:
+      - "spotify.com"
+    filterProperty: "code"
+    patterns:
+      - "((window|w|this)[.])?(spdt)([.]q[.]push)?[(].*"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/tiktok/javascript.yaml b/rules/sinks/third_parties/sdk/tiktok/javascript.yaml
@@ -6,5 +6,5 @@ sinks:
     domains:
       - "tiktok.com"
     patterns:
-      - "ttq.track[(].*"
+      - "((window|w|this)[.])?ttq.track[(].*"
     tags:
diff --git a/rules/sources/contact_data.yaml b/rules/sources/contact_data.yaml
@@ -5,7 +5,7 @@ sources:
     isSensitive: False
     sensitivity: medium
     patterns:
-      - "(?i)(.*(?<!(ip|mac|email|server|logical|physical|port|public|private|inet[46]?|cc|bcc|to|data|internet|host|remote)[-_]?)address)|(?:home|house|billing|mailing|shipping|contact|delivery|office|person|policyholder|insurer|claimant)[^\\s/(;)#|,=!>]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line]"
+      - "(?i)(.*(?<!(ip|mac|email|server|logical|physical|port|public|private|inet[46]?|cc|bcc|to|data|internet|host|remote)[-_]?)address)|(?:home|house|billing|mailing|shipping|contact|delivery|office|person|policyholder|insurer|claimant)[^\\s/(;)#|,=!>]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line]|(?:address)[-_.]{0,2}line[-_.]\\d"
     tags:
       law: GDPR
 

diff --git a/rules/sources/financial_data.yaml b/rules/sources/financial_data.yaml
@@ -25,7 +25,7 @@ sources:
     isSensitive: False
     sensitivity: high
     patterns:
-      - "(?i).*((?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card[^\\s/(;)#|,=!>]{0,10}(number|no|num|nbr)|(?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card)|cc[-_]{0,1}(number|num|nbr|no)"
+      - "(?![A-Z_]+)(?i).*((?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card[^\\s/(;)#|,=!>]{0,10}(number|no|num|nbr)|(?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card)|cc[-_]{0,1}(number|num|nbr|no)"
     tags:
       law: GDPR
 
@@ -55,7 +55,7 @@ sources:
     isSensitive: False
     sensitivity: medium
     patterns:
-      - "(?i).*(payment[^\\s/(;)#|,=!>]{0,5}(?:mode|method|option|options))"
+      - "(?i).*(payment[^\\s/(;)#|,=!>]{0,5}(?:mode|method|option|options|methodtype))"
     tags:
       law: GDPR
 
@@ -75,7 +75,7 @@ sources:
     isSensitive: False
     sensitivity: high
     patterns:
-      - "(?i)(tax[^\\s/(;)#|,=!>]{0,5}(?:information|group|rate|info|percent|statement|detail|amount|calculate|type|slip)|taxable[^\\s/(;)#|,=!>]{0,10}value|(?:standard|income|without)[^\\s/(;)#|,=!>]{0,10}tax|(form|name|box|item)1099)"
+      - "(?i)(tax[^\\s/(;)#|,=!>]{0,5}(?:information|group|rate|info|percent|statement|detail|amount|calculate|type|slip|number)|taxable[^\\s/(;)#|,=!>]{0,10}value|(?:standard|income|without)[^\\s/(;)#|,=!>]{0,10}tax|(form|name|box|item)1099)"
     tags:
       law: GDPR
 

diff --git a/rules/sources/purchase_data.yaml b/rules/sources/purchase_data.yaml
@@ -25,7 +25,7 @@ sources:
     isSensitive: False
     sensitivity: medium
     patterns:
-      - "(?i).*((order|shipping|billing|invoice)(subscription|charge)?[^\\s/(;)#|,=!>]{0,5}(number|code|num|no|id))"
+      - "(?i).*((order|shipping|billing|invoice|total)(subscription|charge|charged)?[^\\s/(;)#|,=!>]{0,5}(number|code|num|no|id|amount))"
     tags:
       law: GDPR