From 21a512b4a730615af93116548d7d71a799b9f2c5 Mon Sep 17 00:00:00 2001 From: Hitesh Mahajan Date: Thu, 15 Feb 2024 13:27:23 +0530 Subject: [PATCH 1/8] golang - Fprint and Sprint fmt loggers (#400) --- rules/sinks/leakages/logs/go.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/sinks/leakages/logs/go.yaml b/rules/sinks/leakages/logs/go.yaml index 55c9ffb3..f5c944f0 100644 --- a/rules/sinks/leakages/logs/go.yaml +++ b/rules/sinks/leakages/logs/go.yaml @@ -64,7 +64,7 @@ sinks: - id: Leakages.Log.Console name: Log Console patterns: - - "(?i)(fmt)[.](Println|Print)(f?)" + - "(?i)(fmt)[.](F|S)?(Println|Print)(f?)" tags: - id: Leakages.Log.Trace From 1557da8e498ea2b353b3a8593b713fae8297b547 Mon Sep 17 00:00:00 2001 From: Sriram <159151843+sriram-privado@users.noreply.github.com> Date: Thu, 15 Feb 2024 13:29:04 +0530 Subject: [PATCH 2/8] Do not match names are that are capitals + underscores (#398) Usually constant namings. --- rules/sources/financial_data.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/sources/financial_data.yaml b/rules/sources/financial_data.yaml index fe66ef95..3d8d12ff 100644 --- a/rules/sources/financial_data.yaml +++ b/rules/sources/financial_data.yaml @@ -25,7 +25,7 @@ sources: isSensitive: False sensitivity: high patterns: - - "(?i).*((?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card[^\\s/(;)#|,=!>]{0,10}(number|no|num|nbr)|(?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card)|cc[-_]{0,1}(number|num|nbr|no)" + - "(?![A-Z_]+)(?i).*((?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card[^\\s/(;)#|,=!>]{0,10}(number|no|num|nbr)|(?:credit|debit)[^\\s/(;)#|,=!>]{0,10}card)|cc[-_]{0,1}(number|num|nbr|no)" tags: law: GDPR From e3dbf1500dbb52ce21b25dcb79144babf7a07dca Mon Sep 17 00:00:00 2001 From: Hitesh Mahajan Date: Thu, 15 Feb 2024 17:01:26 +0530 Subject: [PATCH 3/8] *debug* - too broad (#399) --- rules/sinks/leakages/logs/javascript.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/sinks/leakages/logs/javascript.yaml b/rules/sinks/leakages/logs/javascript.yaml index 4b92548f..d3c51625 100644 --- a/rules/sinks/leakages/logs/javascript.yaml +++ b/rules/sinks/leakages/logs/javascript.yaml @@ -15,7 +15,7 @@ sinks: - id: Leakages.Log.Debug name: Log Debug patterns: - - "(?i).*(?:console|logger|bunyan|winston|log4js|pino|kax).*(debug|trace)|.*debuglog.*|.*debug" + - "(?i).*(?:console|logger|bunyan|winston|log4js|pino|kax).*(debug|trace)|.*debuglog" tags: - id: Leakages.Log.Info From 4de0b419282c3f612d263de0073e41bd06f3d692 Mon Sep 17 00:00:00 2001 From: Ankit Kumar <118803988+ankit-privado@users.noreply.github.com> Date: Thu, 15 Feb 2024 17:06:21 +0530 Subject: [PATCH 4/8] Rules for JS Audit (#391) * Added rules for JS * changed rule * removed Sequelize as third party --- .../sinks/third_parties/sdk/amazon/javascript.yaml | 2 +- rules/sinks/third_parties/sdk/auth0/javascript.yaml | 2 +- .../sinks/third_parties/sdk/enzoic/javascript.yaml | 13 +++++++++++++ rules/sources/contact_data.yaml | 2 +- rules/sources/financial_data.yaml | 4 ++-- rules/sources/purchase_data.yaml | 2 +- 6 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 rules/sinks/third_parties/sdk/enzoic/javascript.yaml diff --git a/rules/sinks/third_parties/sdk/amazon/javascript.yaml b/rules/sinks/third_parties/sdk/amazon/javascript.yaml index c2d2abd1..a09c003f 100644 --- a/rules/sinks/third_parties/sdk/amazon/javascript.yaml +++ b/rules/sinks/third_parties/sdk/amazon/javascript.yaml @@ -11,7 +11,7 @@ sinks: patterns: - "aws-sqs-" - "@aws-solutions-constructs\\/aws-(lambda-sqs|sns-sqs|lambda-sqs|sqs-helper|apigateway-sqs|s3-sqs)" - - "graphql-sqs-subscriptions|sns-sqs-slq-code7|@battleline\\/sqs-large-payload-nodejs|typescript-aws-sqs-helper" + - "graphql-sqs-subscriptions|sns-sqs-slq-code7|@battleline\\/sqs-large-payload-nodejs|typescript-aws-sqs-helper|sqs-consumer" tags: - id: ThirdParties.SDK.Amazonaws.Athena diff --git a/rules/sinks/third_parties/sdk/auth0/javascript.yaml b/rules/sinks/third_parties/sdk/auth0/javascript.yaml index f072feaf..501d3563 100644 --- a/rules/sinks/third_parties/sdk/auth0/javascript.yaml +++ b/rules/sinks/third_parties/sdk/auth0/javascript.yaml @@ -9,5 +9,5 @@ sinks: domains: - "auth0.com" patterns: - - "wdi-auth0-js|@ctx-core\\/auth0-service|@zedeid-sdk\\/zedeid-did-siop-lib|@lgastler\\/remix-auth|express-nemo-auth0-jwt-verify|auth0-mfa-flow|cimpress-express-auth0|auth0-react-lock|@auth0\\/auth0-spa-js|auth0|auth0-js|idtoken-verifier|auth0-lock|@auth0\\/auth0-react|webtask-tools|@auth0\\/nextjs-auth0|auth0-api-jwt-rsa-validation|@hapi\\/bell|nativescript-auth0|@status\\/codes|auth0-lock-passwordless|loopback-auth0-jwt|auth0-deploy|nodebb-plugin-sso-auth0|express-auth0-simple|@auth0\\/auth0-angular|auth0-retrieve-user|keyfetch|fastify-auth0-verify|@ctx-core\\/auth0|passport-wsfed-saml2|@ctx-core\\/auth0-management|@auth0\\/cordova|auth0-extension-tools|use-auth0-hooks|supertokens-auth0-spa-js|@wmfs\\/tymly-auth-auth0-plugin|fastify-authz-jwks|bashleigh-idtoken-verifier|react-auth-hook|auth0-oauth2-express|is4-spa-js|faisalil-auth0-spa-js|auth0-spa-js-ionic|@xtiannyeto\\/vue-auth0|auth0-guardian-js|@shanks42\\/auth0-spa-js|@ctx-core\\/auth0-lock|@ctx-core\\/auth0-ui|remix-auth|@cobuildlab\\/auth0-utils|storybook-addon-next-auth0|auth0-contact-form|electron-auth0-login|auth0-bundler|@simulacrum\\/auth0-simulator|gatsby-theme-auth0|vue-auth0-plugin|@tadashi\\/koa-jwt-authz|jwt-passport|auth0-sso-login|ember-simple-auth-auth0|auth0-js-react|@httptoolkit\\/auth0-lock|nuxt-auth0-spa|express-jwt-scope|@hustle\\/auth0-js|@exponent\\/node-auth0|@bcwdev\\/auth0provider|gatsby-theme-auth0-ts|@mrzwick\\/auth0-vue-plugin|@wizzn\\/auth0-capacitor|@cobuildlab\\/8base-auth0|auth0-ember-simple-auth|f-jwt-decode|@aaxis\\/auth0-spa-js|express-gateway-plugin-jwks|@salte-auth\\/auth0|@jokka\\/auth0-lock-passwordless|node-red-contrib-http-auth0|auth0-extension-express-tools|@webundsoehne\\/nestjs-auth0-guard|sveltekit-openid-connect|auth0-extension-hapi-tools|jwt-check|auth0-get-all-users|@morphatic\\/feathers-auth0-strategy|@tridnguyen\\/auth|@zeytech\\/auth0-adonisjs|auth0-log-extension-tools|hurbis-ui-seguranca-v1-snapshot|@cyrusbio\\/auth0-authorization|cap-authentication|auth0-extension-ui|auth0-vuex|@marketredesign\\/auth0-spa-vue|tomslutsky-remix-auth|netlify-plugin-auth0-patch-urls|auth-angular|@huz-com\\/subscription-sdk|@ethiclab\\/vue-auth0|node-red-contrib-websocket-auth0|react-auth0-helper|auth0-rule-sandbox|fastify-jwt-authz|ipyauth|x2node-ws-auth-jwt|react-use-auth0|@coldstartai\\/auth0-spa-js|x-kholub-auth0-spa-js|@morphatic\\/feathers-auth0|auth0-verify|@magikcraft\\/ember-simple-auth-auth0|fastify-auth0|ally-auth0|@ngx-auth\\/auth0|cordova-plugin-auth0|@bcwdev\\/auth0-vue|auth0-extension-s3-tools|@brettm12345\\/react-auth-hook|fastify-jwt-webapp|magnet-auth0|hurbis-ui-seguranca-v1|@userfront\\/bell|auth0-spa-ts|@cmotion\\/ionic-keycloak-auth|vue-auth0-handler|react-observable-auth0|auth0-angular2|hapi-bell-other|generator-auth0-rules|@thecla\\/auth0-angular|npm-auth0|auth0-autorenewing-token|simple-lock|@logicalroute\\/angular-authguard|@william_swannell\\/nextjs-auth0|hapi-auth-auth0|@bgipyauth\\/ipyauth|hapi-hodor|@nhi\\/auth0-spa-js|ericraj-auth0-nextjs|auth0-authorization-extension-wrapper|gsandf-auth0-js|@future-grid\\/fgp-auth|cyclejs-auth0|vuepress-auth0" + - "auth0|wdi-auth0-js|@ctx-core\\/auth0-service|@zedeid-sdk\\/zedeid-did-siop-lib|@lgastler\\/remix-auth|express-nemo-auth0-jwt-verify|auth0-mfa-flow|cimpress-express-auth0|auth0-react-lock|@auth0\\/auth0-spa-js|auth0|auth0-js|idtoken-verifier|auth0-lock|@auth0\\/auth0-react|webtask-tools|@auth0\\/nextjs-auth0|auth0-api-jwt-rsa-validation|@hapi\\/bell|nativescript-auth0|@status\\/codes|auth0-lock-passwordless|loopback-auth0-jwt|auth0-deploy|nodebb-plugin-sso-auth0|express-auth0-simple|@auth0\\/auth0-angular|auth0-retrieve-user|keyfetch|fastify-auth0-verify|@ctx-core\\/auth0|passport-wsfed-saml2|@ctx-core\\/auth0-management|@auth0\\/cordova|auth0-extension-tools|use-auth0-hooks|supertokens-auth0-spa-js|@wmfs\\/tymly-auth-auth0-plugin|fastify-authz-jwks|bashleigh-idtoken-verifier|react-auth-hook|auth0-oauth2-express|is4-spa-js|faisalil-auth0-spa-js|auth0-spa-js-ionic|@xtiannyeto\\/vue-auth0|auth0-guardian-js|@shanks42\\/auth0-spa-js|@ctx-core\\/auth0-lock|@ctx-core\\/auth0-ui|remix-auth|@cobuildlab\\/auth0-utils|storybook-addon-next-auth0|auth0-contact-form|electron-auth0-login|auth0-bundler|@simulacrum\\/auth0-simulator|gatsby-theme-auth0|vue-auth0-plugin|@tadashi\\/koa-jwt-authz|jwt-passport|auth0-sso-login|ember-simple-auth-auth0|auth0-js-react|@httptoolkit\\/auth0-lock|nuxt-auth0-spa|express-jwt-scope|@hustle\\/auth0-js|@exponent\\/node-auth0|@bcwdev\\/auth0provider|gatsby-theme-auth0-ts|@mrzwick\\/auth0-vue-plugin|@wizzn\\/auth0-capacitor|@cobuildlab\\/8base-auth0|auth0-ember-simple-auth|f-jwt-decode|@aaxis\\/auth0-spa-js|express-gateway-plugin-jwks|@salte-auth\\/auth0|@jokka\\/auth0-lock-passwordless|node-red-contrib-http-auth0|auth0-extension-express-tools|@webundsoehne\\/nestjs-auth0-guard|sveltekit-openid-connect|auth0-extension-hapi-tools|jwt-check|auth0-get-all-users|@morphatic\\/feathers-auth0-strategy|@tridnguyen\\/auth|@zeytech\\/auth0-adonisjs|auth0-log-extension-tools|hurbis-ui-seguranca-v1-snapshot|@cyrusbio\\/auth0-authorization|cap-authentication|auth0-extension-ui|auth0-vuex|@marketredesign\\/auth0-spa-vue|tomslutsky-remix-auth|netlify-plugin-auth0-patch-urls|auth-angular|@huz-com\\/subscription-sdk|@ethiclab\\/vue-auth0|node-red-contrib-websocket-auth0|react-auth0-helper|auth0-rule-sandbox|fastify-jwt-authz|ipyauth|x2node-ws-auth-jwt|react-use-auth0|@coldstartai\\/auth0-spa-js|x-kholub-auth0-spa-js|@morphatic\\/feathers-auth0|auth0-verify|@magikcraft\\/ember-simple-auth-auth0|fastify-auth0|ally-auth0|@ngx-auth\\/auth0|cordova-plugin-auth0|@bcwdev\\/auth0-vue|auth0-extension-s3-tools|@brettm12345\\/react-auth-hook|fastify-jwt-webapp|magnet-auth0|hurbis-ui-seguranca-v1|@userfront\\/bell|auth0-spa-ts|@cmotion\\/ionic-keycloak-auth|vue-auth0-handler|react-observable-auth0|auth0-angular2|hapi-bell-other|generator-auth0-rules|@thecla\\/auth0-angular|npm-auth0|auth0-autorenewing-token|simple-lock|@logicalroute\\/angular-authguard|@william_swannell\\/nextjs-auth0|hapi-auth-auth0|@bgipyauth\\/ipyauth|hapi-hodor|@nhi\\/auth0-spa-js|ericraj-auth0-nextjs|auth0-authorization-extension-wrapper|gsandf-auth0-js|@future-grid\\/fgp-auth|cyclejs-auth0|vuepress-auth0" tags: diff --git a/rules/sinks/third_parties/sdk/enzoic/javascript.yaml b/rules/sinks/third_parties/sdk/enzoic/javascript.yaml new file mode 100644 index 00000000..ecc3566e --- /dev/null +++ b/rules/sinks/third_parties/sdk/enzoic/javascript.yaml @@ -0,0 +1,13 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Enzoic + name: Enzoic + domains: + - "enzoic.com" + patterns: + - "enzoic" + tags: \ No newline at end of file diff --git a/rules/sources/contact_data.yaml b/rules/sources/contact_data.yaml index aec313c5..9f8f73e3 100644 --- a/rules/sources/contact_data.yaml +++ b/rules/sources/contact_data.yaml @@ -5,7 +5,7 @@ sources: isSensitive: False sensitivity: medium patterns: - - "(?i)(.*(?]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line]" + - "(?i)(.*(?]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line]|(?:address)[-_.]{0,2}line[-_.]\\d" tags: law: GDPR diff --git a/rules/sources/financial_data.yaml b/rules/sources/financial_data.yaml index 3d8d12ff..c649cc41 100644 --- a/rules/sources/financial_data.yaml +++ b/rules/sources/financial_data.yaml @@ -55,7 +55,7 @@ sources: isSensitive: False sensitivity: medium patterns: - - "(?i).*(payment[^\\s/(;)#|,=!>]{0,5}(?:mode|method|option|options))" + - "(?i).*(payment[^\\s/(;)#|,=!>]{0,5}(?:mode|method|option|options|methodtype))" tags: law: GDPR @@ -75,7 +75,7 @@ sources: isSensitive: False sensitivity: high patterns: - - "(?i)(tax[^\\s/(;)#|,=!>]{0,5}(?:information|group|rate|info|percent|statement|detail|amount|calculate|type|slip)|taxable[^\\s/(;)#|,=!>]{0,10}value|(?:standard|income|without)[^\\s/(;)#|,=!>]{0,10}tax|(form|name|box|item)1099)" + - "(?i)(tax[^\\s/(;)#|,=!>]{0,5}(?:information|group|rate|info|percent|statement|detail|amount|calculate|type|slip|number)|taxable[^\\s/(;)#|,=!>]{0,10}value|(?:standard|income|without)[^\\s/(;)#|,=!>]{0,10}tax|(form|name|box|item)1099)" tags: law: GDPR diff --git a/rules/sources/purchase_data.yaml b/rules/sources/purchase_data.yaml index 6a0b4671..e5ebe891 100644 --- a/rules/sources/purchase_data.yaml +++ b/rules/sources/purchase_data.yaml @@ -25,7 +25,7 @@ sources: isSensitive: False sensitivity: medium patterns: - - "(?i).*((order|shipping|billing|invoice)(subscription|charge)?[^\\s/(;)#|,=!>]{0,5}(number|code|num|no|id))" + - "(?i).*((order|shipping|billing|invoice|total)(subscription|charge|charged)?[^\\s/(;)#|,=!>]{0,5}(number|code|num|no|id|amount))" tags: law: GDPR From e8a12226f73b7f2cf9d1b94436b280a760470343 Mon Sep 17 00:00:00 2001 From: Ankit Kumar <118803988+ankit-privado@users.noreply.github.com> Date: Thu, 15 Feb 2024 17:06:53 +0530 Subject: [PATCH 5/8] API Http library addition (#389) * added api http library * modified api libraries --- config/systemConfig/javascript.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml index 8d07ce12..5000daf3 100644 --- a/config/systemConfig/javascript.yaml +++ b/config/systemConfig/javascript.yaml @@ -1,12 +1,12 @@ systemConfig: - key: apiHttpLibraries - value: (?i)(request|fetch|axios|vue-axios|urllib|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).* + value: (?i)(request|fetch|axios|vue-axios|urllib|reqwest|ajax-client|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).* - key: ignoredSinks value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* - key: apiSinks - value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|useSWR|useSWRInfinite|useSWRSubscription|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on|track|addEventListener) + value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|usequery|useSWR|useSWRInfinite|useSWRSubscription|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|del|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on|track|addEventListener|ajax) - key: apiIdentifier value: (?i).*((hook|base|auth|prov|endp|install|cloud|host|request|service|gateway|route|resource|upload|api|worker|tracker|paymentservice)(.){0,12}url|(slack|web)(.){0,4}hook|(sentry|segment)(.){0,1}(dsn)|(rest|api|host|cloud|request|service)(.){0,4}(endpoint|gateway|route)).* From c78dd397ae6adfcf98a04f820f8234caf3306365 Mon Sep 17 00:00:00 2001 From: Ankit Kumar <118803988+ankit-privado@users.noreply.github.com> Date: Fri, 16 Feb 2024 16:48:33 +0530 Subject: [PATCH 6/8] Script Tag Rule (#394) * added pendo and google script tag rule * code refactoring * code refactoring * added escape character * js api http libraries change * resolve review comment * rule change * rule change * added segment rule * removed segment rule --- config/systemConfig/javascript.yaml | 2 +- .../third_parties/sdk/google/javascript.yaml | 20 ++++++++++++++++++- .../third_parties/sdk/pendo/javascript.yaml | 9 +++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/config/systemConfig/javascript.yaml b/config/systemConfig/javascript.yaml index 5000daf3..30e4b39f 100644 --- a/config/systemConfig/javascript.yaml +++ b/config/systemConfig/javascript.yaml @@ -1,6 +1,6 @@ systemConfig: - key: apiHttpLibraries - value: (?i)(request|fetch|axios|vue-axios|urllib|reqwest|ajax-client|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).* + value: (?i)\${0,1}(request|fetch|axios|vue-axios|urllib|reqwest|ajax-client|http|client|react-query|swr|socket(.){0,1}io|xmlhttprequest|node.http|cors|got|apollo|superagent|wretch|@angular\/common\/http|@(.){2,25}\/http|.*(HttpClient)|reconnecting-websocket).* - key: ignoredSinks value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).* diff --git a/rules/sinks/third_parties/sdk/google/javascript.yaml b/rules/sinks/third_parties/sdk/google/javascript.yaml index babe915e..27a5f52c 100644 --- a/rules/sinks/third_parties/sdk/google/javascript.yaml +++ b/rules/sinks/third_parties/sdk/google/javascript.yaml @@ -39,7 +39,7 @@ sinks: - id: ThirdParties.SDK.Google.TagManager name: Google Tag Manager domains: - - "admob.google.com" + - "analytics.google.com" patterns: - "@analytics\\/google-tag-manager|gatsby-plugin-google-gtag|react-gtm-module" tags: @@ -375,4 +375,22 @@ sinks: - "cloud.google.com/recaptcha-enterprise" patterns: - "react-google-recaptcha|vue-recaptcha|@google-cloud\\/recaptcha-enterprise|react-google-recaptcha-v3" + tags: + + - id: ThirdParties.SDK.Pixel.Google.Analytics + name: Google Analytics + domains: + - "analytics.google.com" + filterProperty: "code" + patterns: + - "(?i)(.*(window|w|this)[.])?ga[(].*" + tags: + + - id: ThirdParties.SDK.Pixel.Google.TagManager + name: Google Tag Manager + domains: + - "analytics.google.com" + filterProperty: "code" + patterns: + - "(?i)(.*(window|w|this)[.])?(datalayer[.]push|gtag)[(].*" tags: \ No newline at end of file diff --git a/rules/sinks/third_parties/sdk/pendo/javascript.yaml b/rules/sinks/third_parties/sdk/pendo/javascript.yaml index d803f0a6..c059cedd 100644 --- a/rules/sinks/third_parties/sdk/pendo/javascript.yaml +++ b/rules/sinks/third_parties/sdk/pendo/javascript.yaml @@ -11,3 +11,12 @@ sinks: patterns: - "rn-pendo-sdk|ngx-pendo" tags: + + - id: ThirdParties.SDK.Pixel.Pendo + name: Pendo + domains: + - "pendo.io" + filterProperty: "code" + patterns: + - "(?i)(.*[.])?(pendo)([.]initialize)?[(].*" + tags: \ No newline at end of file From 66b23ed02417ea9cb1f5b225af68e902adc55af0 Mon Sep 17 00:00:00 2001 From: Hitesh Mahajan Date: Fri, 16 Feb 2024 17:26:20 +0530 Subject: [PATCH 7/8] Scripttags (#393) * Pixel tracking APIs (#392) * Pixel tracking APIs Ref: https://github.com/Privado-Inc/privado-core/pull/945 * newline * change names * new pattern * regex fix * regex fix again * pixel trackers --------- Co-authored-by: Pandurang Patil Co-authored-by: KhemrajSingh Rathore Co-authored-by: Suchakra Sharma Co-authored-by: Hitesh Mahajan Co-authored-by: Ankit Kumar --- .../third_parties/sdk/bing/javascript.yaml | 9 +++++++++ .../third_parties/sdk/branch/javascript.yaml | 18 ++++++++++++++++++ .../sinks/third_parties/sdk/braze/kotlin.yaml | 9 +++++++++ .../third_parties/sdk/facebook/javascript.yaml | 9 +++++++++ .../third_parties/sdk/google/javascript.yaml | 9 +++++++++ .../third_parties/sdk/impact/javascript.yaml | 14 ++++++++++++++ .../sdk/pinterest/javascript.yaml | 11 +++++++++++ .../third_parties/sdk/snapchat/javascript.yaml | 14 ++++++++++++++ .../third_parties/sdk/spotify/javascript.yaml | 9 +++++++++ .../third_parties/sdk/tiktok/javascript.yaml | 10 ++++++++++ 10 files changed, 112 insertions(+) create mode 100644 rules/sinks/third_parties/sdk/braze/kotlin.yaml create mode 100644 rules/sinks/third_parties/sdk/impact/javascript.yaml create mode 100644 rules/sinks/third_parties/sdk/pinterest/javascript.yaml create mode 100644 rules/sinks/third_parties/sdk/snapchat/javascript.yaml create mode 100644 rules/sinks/third_parties/sdk/tiktok/javascript.yaml diff --git a/rules/sinks/third_parties/sdk/bing/javascript.yaml b/rules/sinks/third_parties/sdk/bing/javascript.yaml index 7b25a6fd..ee640c8c 100644 --- a/rules/sinks/third_parties/sdk/bing/javascript.yaml +++ b/rules/sinks/third_parties/sdk/bing/javascript.yaml @@ -11,3 +11,12 @@ sinks: patterns: - "@translate-tools\\/core|node-bing-api|bing.search|bing-translate-api|wonderful-bing-wallpaper|bing-spell-checker|simple-bing-geocoder|bing-translate-result|bing-image-search-api-scraper|ping_bing|hpsweb-bingmaps-distance|scorebing-api|bing-elevation|bingtranslator" tags: + + - id: ThirdParties.SDK.Script.Bing + name: Bing + domains: + - "bing.com" + filterProperty: "code" + patterns: + - ".*(bing[a-zA-Z0-9_]{0,25}|uetq)[.](push)[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/branch/javascript.yaml b/rules/sinks/third_parties/sdk/branch/javascript.yaml index 8514ff01..951ed6a1 100644 --- a/rules/sinks/third_parties/sdk/branch/javascript.yaml +++ b/rules/sinks/third_parties/sdk/branch/javascript.yaml @@ -11,3 +11,21 @@ sinks: patterns: - "react-native-branch" tags: + + - id: ThirdParties.SDK.Branch + name: Branch + domains: + - "branch.io" + patterns: + - "branchio-sdk|branch-sdk" + tags: + + - id: ThirdParties.SDK.Script.Branch + name: Branch + filterProperty: "code" + domains: + - "branch.io" + patterns: + - ".*(branch[a-zA-Z0-9_]{0,25}[.](link|init|setBranchViewData|track|qrCode|setIdentity|logEvent)[(]).*" + tags: + diff --git a/rules/sinks/third_parties/sdk/braze/kotlin.yaml b/rules/sinks/third_parties/sdk/braze/kotlin.yaml new file mode 100644 index 00000000..c3ede6f5 --- /dev/null +++ b/rules/sinks/third_parties/sdk/braze/kotlin.yaml @@ -0,0 +1,9 @@ +sinks: + - id: ThirdParties.SDK.Braze + name: Braze + domains: + - "braze.com" + patterns: + - "(?i)(com[.]braze[.]).*" + tags: + diff --git a/rules/sinks/third_parties/sdk/facebook/javascript.yaml b/rules/sinks/third_parties/sdk/facebook/javascript.yaml index 91e63e17..af0038d3 100644 --- a/rules/sinks/third_parties/sdk/facebook/javascript.yaml +++ b/rules/sinks/third_parties/sdk/facebook/javascript.yaml @@ -11,3 +11,12 @@ sinks: patterns: - "social-feed-api|facebook-chat-api|asq-react-native-facebook-log-in|fb-messenger|fb-messenger-api|silex-bundle-facebook|messenger-events|fb-messenger-bot-chat|fb-chat-api|fca-xuyen-get|helyt|lawerpr0ject-api|facebook-business-sdk-ts|fb-graph|facebook-bot-messenger|fca-unofficial-force|facebook-proxy|node-facebook|proof-facebook-nodejs-business-sdk|launch-vehicle-fbm|fb-sdk-wrapper|fb-sdk|angularjs-facebook|lazy-fb|use-facebook|react-native-facebook-account-kit|ngx-fb|ng2-account-kit|@jemys89\\/ngx-facebook|@fadidev\\/react-native-fblogin|fb-node-sdk|fb-instant-games|socializr|social-api|token-dealer|sieudangyeu|fbgraph|facebook-nodejs-business-sdk|fb-graph-api|fbsub|facebook-image-selector|fbmessenger-node-bot|fb-messenger-app|fbscrape|messengerbot|node-messenger-bot|fb-messenger-bot-api|facebook-send-api|fbvideos|facebook-nodejs-ads-sdk|@maihuybao\\/fca-unofficial|facebook-node-withfetch|@zenvia\\/sdk|prism-facebook-marketing-api|messenger-node|facebook-javascript-all-photos|@procodermew\\/fca-unofficial|fbam|@frizhub\\/fbgraph|react-native-facebook-login|@publidata\\/utils-socials|facebook-api-video-upload|fbgraphapi|botly|facebook-search|facebook-chat|fb-react-sdk|facebook-ads-sdk|fb-chat|fbbot|angular-facebook-factory|messenger-api|api-messenger|fqb|facebook-sdk|@procodermew\\/fca-onefile|ts-messenger-api|chatfuel-api|@ezsper\\/facebook|fbsdk-ts|graph-api|@denimlabs\\/facebook-nodejs-business-sdk|fbm-send|faceapi|fb-node|hamactruonggiang|fcamod|@livescale\\/fbgraph|node-facebook-marketing|fql-workbench|angular-facebook-api|azsa|fb-upload-video-api|fbm|tiny-facebook-wrapper|fb-chat-api-plus|facebookgraph|fship|cocoon-plugin-social-android-facebook|smsg|facebook-business-sdk|cocoon-plugin-social-ios-facebook|ngx-facebook|ng2-facebook-sdk|social|passport-facebook|react-facebook-login|react-share|fbjs|fbjs-scripts|@gatsbyjs\\/relay-compiler|@vincentriemer\\/relay-runtime|@coral-forks\\/relay-runtime|@dbslone\\/relay-runtime|@boltline\\/relay-runtime|@dww\\/relay-compiler|@mattkrick\\/relay-runtime|@coral-forks\\/relay-compiler|@vincentriemer\\/relay-compiler|dww-relay-compiler|relay-config" tags: + + - id: ThirdParties.SDK.FacebookPixel + name: Facebook + filterProperty: "code" + domains: + - "facebook.com" + patterns: + - "((window|w|this)[.])?fbq[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/google/javascript.yaml b/rules/sinks/third_parties/sdk/google/javascript.yaml index 27a5f52c..09db1249 100644 --- a/rules/sinks/third_parties/sdk/google/javascript.yaml +++ b/rules/sinks/third_parties/sdk/google/javascript.yaml @@ -44,6 +44,15 @@ sinks: - "@analytics\\/google-tag-manager|gatsby-plugin-google-gtag|react-gtm-module" tags: + - id: ThirdParties.SDK.Google.TagManagerPixel + name: Google Tag Manager + filterProperty: "code" + domains: + - "admob.google.com" + patterns: + - "((window|w|this)[.])?(gtag|dataLayer.push)[(].*" + tags: + - id: ThirdParties.SDK.Google.Spreadsheet name: Google Spreadsheet domains: diff --git a/rules/sinks/third_parties/sdk/impact/javascript.yaml b/rules/sinks/third_parties/sdk/impact/javascript.yaml new file mode 100644 index 00000000..a4467268 --- /dev/null +++ b/rules/sinks/third_parties/sdk/impact/javascript.yaml @@ -0,0 +1,14 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Pixel.Impact + name: Impact + domains: + - "impact.com" + filterProperty: "code" + patterns: + - ".*(ire)[(].(identify|generate|track).*" + tags: diff --git a/rules/sinks/third_parties/sdk/pinterest/javascript.yaml b/rules/sinks/third_parties/sdk/pinterest/javascript.yaml new file mode 100644 index 00000000..0de3fdd2 --- /dev/null +++ b/rules/sinks/third_parties/sdk/pinterest/javascript.yaml @@ -0,0 +1,11 @@ +sinks: + + - id: ThirdParties.SDK.PinterestPixel + name: Pinterest + filterProperty: "code" + domains: + - "pinterest.com" + patterns: + - "((window|w|this)[.])?pintrk[(].*" + tags: + diff --git a/rules/sinks/third_parties/sdk/snapchat/javascript.yaml b/rules/sinks/third_parties/sdk/snapchat/javascript.yaml new file mode 100644 index 00000000..f78c2a29 --- /dev/null +++ b/rules/sinks/third_parties/sdk/snapchat/javascript.yaml @@ -0,0 +1,14 @@ + +# Sink rule for ThirdParty SDK +# The id follows a format : "ThirdParties.SDK.." + +sinks: + + - id: ThirdParties.SDK.Pixel.Snapchat + name: Snapchat + domains: + - "snapchat.com" + filterProperty: "code" + patterns: + - ".*(snaptr)[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/spotify/javascript.yaml b/rules/sinks/third_parties/sdk/spotify/javascript.yaml index 76b2d2cd..8a808082 100644 --- a/rules/sinks/third_parties/sdk/spotify/javascript.yaml +++ b/rules/sinks/third_parties/sdk/spotify/javascript.yaml @@ -11,3 +11,12 @@ sinks: patterns: - "node-spotify-helper|vue-spotify|spotify-web-utils|@ngx-spotify-api\\/core|@cameronriu\\/spotify-web-api-node|spotify-mp3-playlist-downloader|@vilp1l\\/spotify.js|spotify-metadata-search|spotify-web-api-node|spotify-web-api-js|spotify|node-spotify-webhelper|spotify-finder|spotify-middleware-webapi|angular-spotify|react-native-spotify|spdl-core|@panz3r\\/spotify-js|spotify-info.js|deezer-api-ts|spotify-api-request|react-spotify-api|spotify-playback-sdk|spotify-api.js|spotify-lyrics-api|spotify-web-sdk|easy-spotify-ts|spotify-personal-auth|spotydrive|spotify-cover-art-api|angular2-spotify|rc-angular-spotify|spotify-webhelper|adonis-spotify|spotify-api|visdi-deezer-api-ts|@g749\\/spotify-web-api-node|spotify-types|spotify-objects|simple-spotify|spotify-web-playback|@kaname-png\\/erela.js-spotify|@redline187\\/spotify-web-api-node|spotify-service-rg|js-spotify-api|@kywagaha\\/spotify-event-api|spotify-web-api-node-server|spotify-playback-sdk-node|canvacordpalaexpress|spotify-manager" tags: + + - id: ThirdParties.SDK.Pixel.Spotify + name: Spotify + domains: + - "spotify.com" + filterProperty: "code" + patterns: + - "((window|w|this)[.])?(spdt)([.]q[.]push)?[(].*" + tags: diff --git a/rules/sinks/third_parties/sdk/tiktok/javascript.yaml b/rules/sinks/third_parties/sdk/tiktok/javascript.yaml new file mode 100644 index 00000000..bd86dca3 --- /dev/null +++ b/rules/sinks/third_parties/sdk/tiktok/javascript.yaml @@ -0,0 +1,10 @@ +sinks: + + - id: ThirdParties.SDK.TikTok + name: TikTok + filterProperty: "code" + domains: + - "tiktok.com" + patterns: + - "((window|w|this)[.])?ttq.track[(].*" + tags: From d35d7458bea64e50f2f17371a182e7c79fe010f0 Mon Sep 17 00:00:00 2001 From: Pandurang Patil Date: Mon, 19 Feb 2024 14:33:02 +0530 Subject: [PATCH 8/8] Excluding .kts build file while generating the CPG (#402) Excluding .kts build file while generating the CPG, as its resulting into some errors in that specific file and in turn was exiting out of the AST creation pass. This exclusion across will help ignoring those build files which are not required to be processed for CPG creation. --- config/exclusions/kotlin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/exclusions/kotlin.yaml b/config/exclusions/kotlin.yaml index d646ee2d..81ec28c9 100644 --- a/config/exclusions/kotlin.yaml +++ b/config/exclusions/kotlin.yaml @@ -2,4 +2,4 @@ exclusions: - id: Exclusions.Template name: Exclude template file patterns: - - "(?i)(.*template.kt|.*template(s)?/.*)" \ No newline at end of file + - "(?i)(.*.kts|.*template.kt|.*template(s)?/.*)"