diff --git a/config/exclusions/kotlin.yaml b/config/exclusions/kotlin.yaml index d646ee2d..81ec28c9 100644 --- a/config/exclusions/kotlin.yaml +++ b/config/exclusions/kotlin.yaml @@ -2,4 +2,4 @@ exclusions: - id: Exclusions.Template name: Exclude template file patterns: - - "(?i)(.*template.kt|.*template(s)?/.*)" \ No newline at end of file + - "(?i)(.*.kts|.*template.kt|.*template(s)?/.*)" diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml index 8d07ce12..30e4b39f 100644 --- a/config/systemConfig/javascript.yaml +++ b/config/systemConfig/javascript.yaml @@ -1,12 +1,12 @@ systemConfig: - key: apiHttpLibraries - value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).* + value: (?i)\${0,1}(request|fetch|axios|vue-axios|urllib|reqwest|ajax-client|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).* - key: ignoredSinks value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* - key: apiSinks - value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|useSWR|useSWRInfinite|useSWRSubscription|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on|track|addEventListener) + value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|useSWR|useSWRInfinite|useSWRSubscription|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|del|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on|track|addEventListener|ajax) - key: apiIdentifier value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker|tracker|paymentservice)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).* diff --git a/rules/sinks/leakages/logs/go.yaml b/rules/sinks/leakages/logs/go.yaml index 55c9ffb3..f5c944f0 100644 --- a/rules/sinks/leakages/logs/go.yaml +++ b/rules/sinks/leakages/logs/go.yaml @@ -64,7 +64,7 @@ sinks: - id: Leakages.Log.Console name: Log Console patterns: - - "(?i)(fmt)[.](Println|Print)(f?)" + - "(?i)(fmt)[.](F|S)?(Println|Print)(f?)" tags: - id: Leakages.Log.Trace diff --git a/rules/sinks/leakages/logs/javascript.yaml b/rules/sinks/leakages/logs/javascript.yaml index 4b92548f..d3c51625 100644 --- a/rules/sinks/leakages/logs/javascript.yaml +++ b/rules/sinks/leakages/logs/javascript.yaml @@ -15,7 +15,7 @@ sinks: - id: Leakages.Log.Debug name: Log Debug patterns: - - "(?i).*(?:console|logger|bunyan|winston|log4js|pino|kax).*(debug|trace)|.*debuglog.*|.*debug" + - "(?i).*(?:console|logger|bunyan|winston|log4js|pino|kax).*(debug|trace)|.*debuglog" tags: - id: Leakages.Log.Info diff --git a/rules/sinks/third_parties/sdk/amazon/javascript.yaml b/rules/sinks/third_parties/sdk/amazon/javascript.yaml index c2d2abd1..a09c003f 100644 --- a/rules/sinks/third_parties/sdk/amazon/javascript.yaml +++ b/rules/sinks/third_parties/sdk/amazon/javascript.yaml @@ -11,7 +11,7 @@ sinks: patterns: - "aws-sqs-" - "@aws-solutions-constructs\\/aws-(lambda-sqs|sns-sqs|lambda-sqs|sqs-helper|apigateway-sqs|s3-sqs)" - - "graphql-sqs-subscriptions|sns-sqs-slq-code7|@battleline\\/sqs-large-payload-nodejs|typescript-aws-sqs-helper" + - "graphql-sqs-subscriptions|sns-sqs-slq-code7|@battleline\\/sqs-large-payload-nodejs|typescript-aws-sqs-helper|sqs-consumer" tags: - id: ThirdParties.SDK.Amazonaws.Athena diff --git a/rules/sinks/third_parties/sdk/auth0/javascript.yaml b/rules/sinks/third_parties/sdk/auth0/javascript.yaml index f072feaf..501d3563 100644 --- a/rules/sinks/third_parties/sdk/auth0/javascript.yaml +++ b/rules/sinks/third_parties/sdk/auth0/javascript.yaml @@ -9,5 +9,5 @@ sinks: domains: - "auth0.com" patterns: - - "wdi-auth0-js|@ctx-core\\/auth0-service|@zedeid-sdk\\/zedeid-did-siop-lib|@lgastler\\/remix-auth|express-nemo-auth0-jwt-verify|auth0-mfa-flow|cimpress-express-auth0|auth0-react-lock|@auth0\\/auth0-spa-js|auth0|auth0-js|idtoken-verifier|auth0-lock|@auth0\\/auth0-react|webtask-tools|@auth0\\/nextjs-auth0|auth0-api-jwt-rsa-validation|@hapi\\/bell|nativescript-auth0|@status\\/codes|auth0-lock-passwordless|loopback-auth0-jwt|auth0-deploy|nodebb-plugin-sso-auth0|express-auth0-simple|@auth0\\/auth0-angular|auth0-retrieve-user|keyfetch|fastify-auth0-verify|@ctx-core\\/auth0|passport-wsfed-saml2|@ctx-core\\/auth0-management|@auth0\\/cordova|auth0-extension-tools|use-auth0-hooks|supertokens-auth0-spa-js|@wmfs\\/tymly-auth-auth0-plugin|fastify-authz-jwks|bashleigh-idtoken-verifier|react-auth-hook|auth0-oauth2-express|is4-spa-js|faisalil-auth0-spa-js|auth0-spa-js-ionic|@xtiannyeto\\/vue-auth0|auth0-guardian-js|@shanks42\\/auth0-spa-js|@ctx-core\\/auth0-lock|@ctx-core\\/auth0-ui|remix-auth|@cobuildlab\\/auth0-utils|storybook-addon-next-auth0|auth0-contact-form|electron-auth0-login|auth0-bundler|@simulacrum\\/auth0-simulator|gatsby-theme-auth0|vue-auth0-plugin|@tadashi\\/koa-jwt-authz|jwt-passport|auth0-sso-login|ember-simple-auth-auth0|auth0-js-react|@httptoolkit\\/auth0-lock|nuxt-auth0-spa|express-jwt-scope|@hustle\\/auth0-js|@exponent\\/node-auth0|@bcwdev\\/auth0provider|gatsby-theme-auth0-ts|@mrzwick\\/auth0-vue-plugin|@wizzn\\/auth0-capacitor|@cobuildlab\\/8base-auth0|auth0-ember-simple-auth|f-jwt-decode|@aaxis\\/auth0-spa-js|express-gateway-plugin-jwks|@salte-auth\\/auth0|@jokka\\/auth0-lock-passwordless|node-red-contrib-http-auth0|auth0-extension-express-tools|@webundsoehne\\/nestjs-auth0-guard|sveltekit-openid-connect|auth0-extension-hapi-tools|jwt-check|auth0-get-all-users|@morphatic\\/feathers-auth0-strategy|@tridnguyen\\/auth|@zeytech\\/auth0-adonisjs|auth0-log-extension-tools|hurbis-ui-seguranca-v1-snapshot|@cyrusbio\\/auth0-authorization|cap-authentication|auth0-extension-ui|auth0-vuex|@marketredesign\\/auth0-spa-vue|tomslutsky-remix-auth|netlify-plugin-auth0-patch-urls|auth-angular|@huz-com\\/subscription-sdk|@ethiclab\\/vue-auth0|node-red-contrib-websocket-auth0|react-auth0-helper|auth0-rule-sandbox|fastify-jwt-authz|ipyauth|x2node-ws-auth-jwt|react-use-auth0|@coldstartai\\/auth0-spa-js|x-kholub-auth0-spa-js|@morphatic\\/feathers-auth0|auth0-verify|@magikcraft\\/ember-simple-auth-auth0|fastify-auth0|ally-auth0|@ngx-auth\\/auth0|cordova-plugin-auth0|@bcwdev\\/auth0-vue|auth0-extension-s3-tools|@brettm12345\\/react-auth-hook|fastify-jwt-webapp|magnet-auth0|hurbis-ui-seguranca-v1|@userfront\\/bell|auth0-spa-ts|@cmotion\\/ionic-keycloak-auth|vue-auth0-handler|react-observable-auth0|auth0-angular2|hapi-bell-other|generator-auth0-rules|@thecla\\/auth0-angular|npm-auth0|auth0-autorenewing-token|simple-lock|@logicalroute\\/angular-authguard|@william_swannell\\/nextjs-auth0|hapi-auth-auth0|@bgipyauth\\/ipyauth|hapi-hodor|@nhi\\/auth0-spa-js|ericraj-auth0-nextjs|auth0-authorization-extension-wrapper|gsandf-auth0-js|@future-grid\\/fgp-auth|cyclejs-auth0|vuepress-auth0" + - "auth0|wdi-auth0-js|@ctx-core\\/auth0-service|@zedeid-sdk\\/zedeid-did-siop-lib|@lgastler\\/remix-auth|express-nemo-auth0-jwt-verify|auth0-mfa-flow|cimpress-express-auth0|auth0-react-lock|@auth0\\/auth0-spa-js|auth0|auth0-js|idtoken-verifier|auth0-lock|@auth0\\/auth0-react|webtask-tools|@auth0\\/nextjs-auth0|auth0-api-jwt-rsa-validation|@hapi\\/bell|nativescript-auth0|@status\\/codes|auth0-lock-passwordless|loopback-auth0-jwt|auth0-deploy|nodebb-plugin-sso-auth0|express-auth0-simple|@auth0\\/auth0-angular|auth0-retrieve-user|keyfetch|fastify-auth0-verify|@ctx-core\\/auth0|passport-wsfed-saml2|@ctx-core\\/auth0-management|@auth0\\/cordova|auth0-extension-tools|use-auth0-hooks|supertokens-auth0-spa-js|@wmfs\\/tymly-auth-auth0-plugin|fastify-authz-jwks|bashleigh-idtoken-verifier|react-auth-hook|auth0-oauth2-express|is4-spa-js|faisalil-auth0-spa-js|auth0-spa-js-ionic|@xtiannyeto\\/vue-auth0|auth0-guardian-js|@shanks42\\/auth0-spa-js|@ctx-core\\/auth0-lock|@ctx-core\\/auth0-ui|remix-auth|@cobuildlab\\/auth0-utils|storybook-addon-next-auth0|auth0-contact-form|electron-auth0-login|auth0-bundler|@simulacrum\\/auth0-simulator|gatsby-theme-auth0|vue-auth0-plugin|@tadashi\\/koa-jwt-authz|jwt-passport|auth0-sso-login|ember-simple-auth-auth0|auth0-js-react|@httptoolkit\\/auth0-lock|nuxt-auth0-spa|express-jwt-scope|@hustle\\/auth0-js|@exponent\\/node-auth0|@bcwdev\\/auth0provider|gatsby-theme-auth0-ts|@mrzwick\\/auth0-vue-plugin|@wizzn\\/auth0-capacitor|@cobuildlab\\/8base-auth0|auth0-ember-simple-auth|f-jwt-decode|@aaxis\\/auth0-spa-js|express-gateway-plugin-jwks|@salte-auth\\/auth0|@jokka\\/auth0-lock-passwordless|node-red-contrib-http-auth0|auth0-extension-express-tools|@webundsoehne\\/nestjs-auth0-guard|sveltekit-openid-connect|auth0-extension-hapi-tools|jwt-check|auth0-get-all-users|@morphatic\\/feathers-auth0-strategy|@tridnguyen\\/auth|@zeytech\\/auth0-adonisjs|auth0-log-extension-tools|hurbis-ui-seguranca-v1-snapshot|@cyrusbio\\/auth0-authorization|cap-authentication|auth0-extension-ui|auth0-vuex|@marketredesign\\/auth0-spa-vue|tomslutsky-remix-auth|netlify-plugin-auth0-patch-urls|auth-angular|@huz-com\\/subscription-sdk|@ethiclab\\/vue-auth0|node-red-contrib-websocket-auth0|react-auth0-helper|auth0-rule-sandbox|fastify-jwt-authz|ipyauth|x2node-ws-auth-jwt|react-use-auth0|@coldstartai\\/auth0-spa-js|x-kholub-auth0-spa-js|@morphatic\\/feathers-auth0|auth0-verify|@magikcraft\\/ember-simple-auth-auth0|fastify-auth0|ally-auth0|@ngx-auth\\/auth0|cordova-plugin-auth0|@bcwdev\\/auth0-vue|auth0-extension-s3-tools|@brettm12345\\/react-auth-hook|fastify-jwt-webapp|magnet-auth0|hurbis-ui-seguranca-v1|@userfront\\/bell|auth0-spa-ts|@cmotion\\/ionic-keycloak-auth|vue-auth0-handler|react-observable-auth0|auth0-angular2|hapi-bell-other|generator-auth0-rules|@thecla\\/auth0-angular|npm-auth0|auth0-autorenewing-token|simple-lock|@logicalroute\\/angular-authguard|@william_swannell\\/nextjs-auth0|hapi-auth-auth0|@bgipyauth\\/ipyauth|hapi-hodor|@nhi\\/auth0-spa-js|ericraj-auth0-nextjs|auth0-authorization-extension-wrapper|gsandf-auth0-js|@future-grid\\/fgp-auth|cyclejs-auth0|vuepress-auth0" tags: diff --git a/rules/sinks/third_parties/sdk/bing/javascript.yaml b/rules/sinks/third_parties/sdk/bing/javascript.yaml index 7b25a6fd..ee640c8c 100644 --- a/rules/sinks/third_parties/sdk/bing/javascript.yaml +++ b/rules/sinks/third_parties/sdk/bing/javascript.yaml @@ -11,3 +11,12 @@ sinks: patterns: - "@translate-tools\\/core|node-bing-api|bing.search|bing-translate-api|wonderful-bing-wallpaper|bing-spell-checker|simple-bing-geocoder|bing-translate-result|bing-image-search-api-scraper|ping_bing|hpsweb-bingmaps-distance|scorebing-api|bing-elevation|bingtranslator" tags: + + - id: ThirdParties.SDK.Script.Bing + name: Bing + domains: + - "bing.com" + filterProperty: "code" + patterns: + - ".*(bing[a-zA-Z0-9_]{0,25}|uetq)[.](push)[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/branch/javascript.yaml b/rules/sinks/third_parties/sdk/branch/javascript.yaml index 754c387e..a8777091 100644 --- a/rules/sinks/third_parties/sdk/branch/javascript.yaml +++ b/rules/sinks/third_parties/sdk/branch/javascript.yaml @@ -11,3 +11,21 @@ sinks: patterns: - "react-native-branch|branch-sdk" tags: + + - id: ThirdParties.SDK.Branch + name: Branch + domains: + - "branch.io" + patterns: + - "branchio-sdk|branch-sdk" + tags: + + - id: ThirdParties.SDK.Script.Branch + name: Branch + filterProperty: "code" + domains: + - "branch.io" + patterns: + - ".*(branch[a-zA-Z0-9_]{0,25}[.](link|init|setBranchViewData|track|qrCode|setIdentity|logEvent)[(]).*" + tags: + diff --git a/rules/sinks/third_parties/sdk/braze/kotlin.yaml b/rules/sinks/third_parties/sdk/braze/kotlin.yaml new file mode 100644 index 00000000..c3ede6f5 --- /dev/null +++ b/rules/sinks/third_parties/sdk/braze/kotlin.yaml @@ -0,0 +1,9 @@ +sinks: + - id: ThirdParties.SDK.Braze + name: Braze + domains: + - "braze.com" + patterns: + - "(?i)(com[.]braze[.]).*" + tags: + diff --git a/rules/sinks/third_parties/sdk/enzoic/javascript.yaml b/rules/sinks/third_parties/sdk/enzoic/javascript.yaml new file mode 100644 index 00000000..ecc3566e --- /dev/null +++ b/rules/sinks/third_parties/sdk/enzoic/javascript.yaml @@ -0,0 +1,13 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Enzoic + name: Enzoic + domains: + - "enzoic.com" + patterns: + - "enzoic" + tags: \ No newline at end of file diff --git a/rules/sinks/third_parties/sdk/facebook/javascript.yaml b/rules/sinks/third_parties/sdk/facebook/javascript.yaml index 2e7f6cfb..af0038d3 100644 --- a/rules/sinks/third_parties/sdk/facebook/javascript.yaml +++ b/rules/sinks/third_parties/sdk/facebook/javascript.yaml @@ -18,5 +18,5 @@ sinks: domains: - "facebook.com" patterns: - - "fbq[(].*" + - "((window|w|this)[.])?fbq[(].*" tags: diff --git a/rules/sinks/third_parties/sdk/google/javascript.yaml b/rules/sinks/third_parties/sdk/google/javascript.yaml index 0845f0f0..2c91675e 100644 --- a/rules/sinks/third_parties/sdk/google/javascript.yaml +++ b/rules/sinks/third_parties/sdk/google/javascript.yaml @@ -39,7 +39,7 @@ sinks: - id: ThirdParties.SDK.Google.TagManager name: Google Tag Manager domains: - - "admob.google.com" + - "analytics.google.com" patterns: - "@analytics\\/google-tag-manager|gatsby-plugin-google-gtag|react-gtm-module" tags: @@ -50,7 +50,7 @@ sinks: domains: - "admob.google.com" patterns: - - "(gtag|dataLayer.push)[(].*" + - "((window|w|this)[.])?(gtag|dataLayer.push)[(].*" tags: - id: ThirdParties.SDK.Google.Spreadsheet @@ -384,4 +384,22 @@ sinks: - "cloud.google.com/recaptcha-enterprise" patterns: - "react-google-recaptcha|vue-recaptcha|@google-cloud\\/recaptcha-enterprise|react-google-recaptcha-v3" - tags: \ No newline at end of file + tags: + + - id: ThirdParties.SDK.Pixel.Google.Analytics + name: Google Analytics + domains: + - "analytics.google.com" + filterProperty: "code" + patterns: + - "(?i)(.*(window|w|this)[.])?ga[(].*" + tags: + + - id: ThirdParties.SDK.Pixel.Google.TagManager + name: Google Tag Manager + domains: + - "analytics.google.com" + filterProperty: "code" + patterns: + - "(?i)(.*(window|w|this)[.])?(datalayer[.]push|gtag)[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/impact/javascript.yaml b/rules/sinks/third_parties/sdk/impact/javascript.yaml new file mode 100644 index 00000000..a4467268 --- /dev/null +++ b/rules/sinks/third_parties/sdk/impact/javascript.yaml @@ -0,0 +1,14 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Pixel.Impact + name: Impact + domains: + - "impact.com" + filterProperty: "code" + patterns: + - ".*(ire)[(].(identify|generate|track).*" + tags: diff --git a/rules/sinks/third_parties/sdk/pendo/javascript.yaml b/rules/sinks/third_parties/sdk/pendo/javascript.yaml index d803f0a6..c059cedd 100644 --- a/rules/sinks/third_parties/sdk/pendo/javascript.yaml +++ b/rules/sinks/third_parties/sdk/pendo/javascript.yaml @@ -11,3 +11,12 @@ sinks: patterns: - "rn-pendo-sdk|ngx-pendo" tags: + + - id: ThirdParties.SDK.Pixel.Pendo + name: Pendo + domains: + - "pendo.io" + filterProperty: "code" + patterns: + - "(?i)(.*[.])?(pendo)([.]initialize)?[(].*" + tags: \ No newline at end of file diff --git a/rules/sinks/third_parties/sdk/pinterest/javascript.yaml b/rules/sinks/third_parties/sdk/pinterest/javascript.yaml index 405a2d6a..0de3fdd2 100644 --- a/rules/sinks/third_parties/sdk/pinterest/javascript.yaml +++ b/rules/sinks/third_parties/sdk/pinterest/javascript.yaml @@ -6,6 +6,6 @@ sinks: domains: - "pinterest.com" patterns: - - "pintrk[(].*" + - "((window|w|this)[.])?pintrk[(].*" tags: diff --git a/rules/sinks/third_parties/sdk/snapchat/javascript.yaml b/rules/sinks/third_parties/sdk/snapchat/javascript.yaml new file mode 100644 index 00000000..f78c2a29 --- /dev/null +++ b/rules/sinks/third_parties/sdk/snapchat/javascript.yaml @@ -0,0 +1,14 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Pixel.Snapchat + name: Snapchat + domains: + - "snapchat.com" + filterProperty: "code" + patterns: + - ".*(snaptr)[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/spotify/javascript.yaml b/rules/sinks/third_parties/sdk/spotify/javascript.yaml index 76b2d2cd..8a808082 100644 --- a/rules/sinks/third_parties/sdk/spotify/javascript.yaml +++ b/rules/sinks/third_parties/sdk/spotify/javascript.yaml @@ -11,3 +11,12 @@ sinks: patterns: - "node-spotify-helper|vue-spotify|spotify-web-utils|@ngx-spotify-api\\/core|@cameronriu\\/spotify-web-api-node|spotify-mp3-playlist-downloader|@vilp1l\\/spotify.js|spotify-metadata-search|spotify-web-api-node|spotify-web-api-js|spotify|node-spotify-webhelper|spotify-finder|spotify-middleware-webapi|angular-spotify|react-native-spotify|spdl-core|@panz3r\\/spotify-js|spotify-info.js|deezer-api-ts|spotify-api-request|react-spotify-api|spotify-playback-sdk|spotify-api.js|spotify-lyrics-api|spotify-web-sdk|easy-spotify-ts|spotify-personal-auth|spotydrive|spotify-cover-art-api|angular2-spotify|rc-angular-spotify|spotify-webhelper|adonis-spotify|spotify-api|visdi-deezer-api-ts|@g749\\/spotify-web-api-node|spotify-types|spotify-objects|simple-spotify|spotify-web-playback|@kaname-png\\/erela.js-spotify|@redline187\\/spotify-web-api-node|spotify-service-rg|js-spotify-api|@kywagaha\\/spotify-event-api|spotify-web-api-node-server|spotify-playback-sdk-node|canvacordpalaexpress|spotify-manager" tags: + + - id: ThirdParties.SDK.Pixel.Spotify + name: Spotify + domains: + - "spotify.com" + filterProperty: "code" + patterns: + - "((window|w|this)[.])?(spdt)([.]q[.]push)?[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/tiktok/javascript.yaml b/rules/sinks/third_parties/sdk/tiktok/javascript.yaml index 5fbce7c8..bd86dca3 100644 --- a/rules/sinks/third_parties/sdk/tiktok/javascript.yaml +++ b/rules/sinks/third_parties/sdk/tiktok/javascript.yaml @@ -6,5 +6,5 @@ sinks: domains: - "tiktok.com" patterns: - - "ttq.track[(].*" + - "((window|w|this)[.])?ttq.track[(].*" tags: diff --git a/rules/sources/contact_data.yaml b/rules/sources/contact_data.yaml index aec313c5..9f8f73e3 100644 --- a/rules/sources/contact_data.yaml +++ b/rules/sources/contact_data.yaml @@ -5,7 +5,7 @@ sources: isSensitive: False sensitivity: medium patterns: - - "(?i)(.*(?]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line]" + - "(?i)(.*(?]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line]|(?:address)[-_.]{0,2}line[-_.]\\d" tags: law: GDPR diff --git a/rules/sources/financial_data.yaml b/rules/sources/financial_data.yaml index fe66ef95..c649cc41 100644 --- a/rules/sources/financial_data.yaml +++ b/rules/sources/financial_data.yaml @@ -25,7 +25,7 @@ sources: isSensitive: False sensitivity: high patterns: - - "(?i).*((?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card[^\\s/(;)#|,=!>]{0,10}(number|no|num|nbr)|(?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card)|cc[-_]{0,1}(number|num|nbr|no)" + - "(?![A-Z_]+)(?i).*((?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card[^\\s/(;)#|,=!>]{0,10}(number|no|num|nbr)|(?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card)|cc[-_]{0,1}(number|num|nbr|no)" tags: law: GDPR @@ -55,7 +55,7 @@ sources: isSensitive: False sensitivity: medium patterns: - - "(?i).*(payment[^\\s/(;)#|,=!>]{0,5}(?:mode|method|option|options))" + - "(?i).*(payment[^\\s/(;)#|,=!>]{0,5}(?:mode|method|option|options|methodtype))" tags: law: GDPR @@ -75,7 +75,7 @@ sources: isSensitive: False sensitivity: high patterns: - - "(?i)(tax[^\\s/(;)#|,=!>]{0,5}(?:information|group|rate|info|percent|statement|detail|amount|calculate|type|slip)|taxable[^\\s/(;)#|,=!>]{0,10}value|(?:standard|income|without)[^\\s/(;)#|,=!>]{0,10}tax|(form|name|box|item)1099)" + - "(?i)(tax[^\\s/(;)#|,=!>]{0,5}(?:information|group|rate|info|percent|statement|detail|amount|calculate|type|slip|number)|taxable[^\\s/(;)#|,=!>]{0,10}value|(?:standard|income|without)[^\\s/(;)#|,=!>]{0,10}tax|(form|name|box|item)1099)" tags: law: GDPR diff --git a/rules/sources/purchase_data.yaml b/rules/sources/purchase_data.yaml index 6a0b4671..e5ebe891 100644 --- a/rules/sources/purchase_data.yaml +++ b/rules/sources/purchase_data.yaml @@ -25,7 +25,7 @@ sources: isSensitive: False sensitivity: medium patterns: - - "(?i).*((order|shipping|billing|invoice)(subscription|charge)?[^\\s/(;)#|,=!>]{0,5}(number|code|num|no|id))" + - "(?i).*((order|shipping|billing|invoice|total)(subscription|charge|charged)?[^\\s/(;)#|,=!>]{0,5}(number|code|num|no|id|amount))" tags: law: GDPR