crash.software
Projects
Pull Requests
Issues
Builds
bearer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY bearer Commits e4ad4ef8
🤬

  • feat: add new relic rules and improve sentry rules (#471)

    * feat: new relic rules

* feat: add more sentry rules

* fix: include aux rules when using 'only' option

* test: only load rule under test
  • Loading...
  • David Roe committed with GitHub 1 year ago
    e4ad4ef8
    1 parent df77f19d
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    integration/rules/rules_test.go
    skipped 11 lines
    12 12   
    13 13  var rulesFs = &rules.Rules
    14 14   
    15  -func buildRulesTestCase(name, reportType, filename string) testhelper.TestCase {
     15 +func buildRulesTestCase(name, reportType, ruleID, filename string) testhelper.TestCase {
    16 16   arguments := []string{
    17 17   "scan",
    18 18   filepath.Join("pkg", "commands", "process", "settings", "rules", filename),
    19 19   "--report=" + reportType,
    20 20   "--format=yaml",
     21 + "--only-rule=" + ruleID,
    21 22   }
    22 23   options := testhelper.TestCaseOptions{}
    23 24   
    skipped 2 lines
    26 27   
    27 28  func TestRubyLangCookiesSummary(t *testing.T) {
    28 29   t.Parallel()
    29  - runRulesTest("ruby/lang/cookies", "summary", t)
     30 + runRulesTest("ruby/lang/cookies", "summary", "ruby_lang_cookies", t)
    30 31  }
    31 32   
    32 33  func TestRubyLangCookiesDataflow(t *testing.T) {
    33 34   t.Parallel()
    34  - runRulesTest("ruby/lang/cookies", "dataflow", t)
     35 + runRulesTest("ruby/lang/cookies", "dataflow", "ruby_lang_cookies", t)
    35 36  }
    36 37   
    37 38  func TestRubyLangFileGenerationSummary(t *testing.T) {
    38 39   t.Parallel()
    39  - runRulesTest("ruby/lang/file_generation", "summary", t)
     40 + runRulesTest("ruby/lang/file_generation", "summary", "ruby_lang_file_generation", t)
    40 41  }
    41 42   
    42 43  func TestRubyLangFileGenerationDataflow(t *testing.T) {
    43 44   t.Parallel()
    44  - runRulesTest("ruby/lang/file_generation", "dataflow", t)
     45 + runRulesTest("ruby/lang/file_generation", "dataflow", "ruby_lang_file_generation", t)
    45 46  }
    46 47   
    47 48  func TestRubyLangHttpGetParamsSummary(t *testing.T) {
    48 49   t.Parallel()
    49  - runRulesTest("ruby/lang/http_get_params", "summary", t)
     50 + runRulesTest("ruby/lang/http_get_params", "summary", "ruby_lang_http_get_params", t)
    50 51  }
    51 52   
    52 53  func TestRubyLangHttpGetParamsDataflow(t *testing.T) {
    53 54   t.Parallel()
    54  - runRulesTest("ruby/lang/http_get_params", "dataflow", t)
     55 + runRulesTest("ruby/lang/http_get_params", "dataflow", "ruby_lang_http_get_params", t)
    55 56  }
    56 57   
    57 58  func TestRubyLangHttpInsecureSummary(t *testing.T) {
    58 59   t.Parallel()
    59  - runRulesTest("ruby/lang/http_insecure", "summary", t)
     60 + runRulesTest("ruby/lang/http_insecure", "summary", "ruby_lang_http_insecure", t)
    60 61  }
    61 62   
    62 63  func TestRubyLangHttpInsecureDataflow(t *testing.T) {
    63 64   t.Parallel()
    64  - runRulesTest("ruby/lang/http_insecure", "dataflow", t)
     65 + runRulesTest("ruby/lang/http_insecure", "dataflow", "ruby_lang_http_insecure", t)
    65 66  }
    66 67   
    67 68  func TestRubyLangHttpPostInsecureWithDataSummary(t *testing.T) {
    68 69   t.Parallel()
    69  - runRulesTest("ruby/lang/http_post_insecure_with_data", "summary", t)
     70 + runRulesTest("ruby/lang/http_post_insecure_with_data", "summary", "ruby_lang_http_post_insecure_with_data", t)
    70 71  }
    71 72   
    72 73  func TestRubyLangHttpPostInsecureWithDataDataflow(t *testing.T) {
    73 74   t.Parallel()
    74  - runRulesTest("ruby/lang/http_post_insecure_with_data", "dataflow", t)
     75 + runRulesTest("ruby/lang/http_post_insecure_with_data", "dataflow", "ruby_lang_http_post_insecure_with_data", t)
    75 76  }
    76 77   
    77 78  func TestRubyLangInsecureFtpSummary(t *testing.T) {
    78 79   t.Parallel()
    79  - runRulesTest("ruby/lang/insecure_ftp", "summary", t)
     80 + runRulesTest("ruby/lang/insecure_ftp", "summary", "ruby_lang_insecure_ftp", t)
    80 81  }
    81 82   
    82 83  func TestRubyLangInsecureFtpDataflow(t *testing.T) {
    83 84   t.Parallel()
    84  - runRulesTest("ruby/lang/insecure_ftp", "dataflow", t)
     85 + runRulesTest("ruby/lang/insecure_ftp", "dataflow", "ruby_lang_insecure_ftp", t)
    85 86  }
    86 87   
    87 88  func TestRubyLangJwtSummary(t *testing.T) {
    88 89   t.Parallel()
    89  - runRulesTest("ruby/lang/jwt", "summary", t)
     90 + runRulesTest("ruby/lang/jwt", "summary", "ruby_lang_jwt", t)
    90 91  }
    91 92   
    92 93  func TestRubyLangJwtDataflow(t *testing.T) {
    93 94   t.Parallel()
    94  - runRulesTest("ruby/lang/jwt", "dataflow", t)
     95 + runRulesTest("ruby/lang/jwt", "dataflow", "ruby_lang_jwt", t)
    95 96  }
    96 97   
    97 98  func TestRubyLangLoggerSummary(t *testing.T) {
    98 99   t.Parallel()
    99  - runRulesTest("ruby/lang/logger", "summary", t)
     100 + runRulesTest("ruby/lang/logger", "summary", "ruby_lang_logger", t)
    100 101  }
    101 102   
    102 103  func TestRubyLangLoggerDataflow(t *testing.T) {
    103 104   t.Parallel()
    104  - runRulesTest("ruby/lang/logger", "dataflow", t)
     105 + runRulesTest("ruby/lang/logger", "dataflow", "ruby_lang_logger", t)
    105 106  }
    106 107   
    107 108  func TestRubyLangSslVerificationSummary(t *testing.T) {
    108 109   t.Parallel()
    109  - runRulesTest("ruby/lang/ssl_verification", "summary", t)
     110 + runRulesTest("ruby/lang/ssl_verification", "summary", "ruby_lang_ssl_verification", t)
    110 111  }
    111 112   
    112 113  func TestRubyLangSslVerificationDataflow(t *testing.T) {
    113 114   t.Parallel()
    114  - runRulesTest("ruby/lang/ssl_verification", "dataflow", t)
     115 + runRulesTest("ruby/lang/ssl_verification", "dataflow", "ruby_lang_ssl_verification", t)
    115 116  }
    116 117   
    117 118  func TestRubyLangWeakEncryptionSummary(t *testing.T) {
    118 119   t.Parallel()
    119  - runRulesTest("ruby/lang/weak_encryption", "summary", t)
     120 + runRulesTest("ruby/lang/weak_encryption", "summary", "ruby_lang_weak_encryption", t)
    120 121  }
    121 122   
    122 123  func TestRubyLangWeakEncryptionDataflow(t *testing.T) {
    123 124   t.Parallel()
    124  - runRulesTest("ruby/lang/weak_encryption", "dataflow", t)
     125 + runRulesTest("ruby/lang/weak_encryption", "dataflow", "ruby_lang_weak_encryption", t)
    125 126  }
    126 127   
    127 128  func TestRubyLangWeakEncryptionWithDataSummary(t *testing.T) {
    128 129   t.Parallel()
    129  - runRulesTest("ruby/lang/weak_encryption_with_data", "summary", t)
     130 + runRulesTest("ruby/lang/weak_encryption_with_data", "summary", "ruby_lang_weak_encryption_with_data", t)
    130 131  }
    131 132   
    132 133  func TestRubyLangWeakEncryptionWithDataDataflow(t *testing.T) {
    133 134   t.Parallel()
    134  - runRulesTest("ruby/lang/weak_encryption_with_data", "dataflow", t)
     135 + runRulesTest("ruby/lang/weak_encryption_with_data", "dataflow", "ruby_lang_weak_encryption_with_data", t)
    135 136  }
    136 137   
    137 138  func TestRubyRailsDefaultEncryptionSummary(t *testing.T) {
    138 139   t.Parallel()
    139  - runRulesTest("ruby/rails/default_encryption", "summary", t)
     140 + runRulesTest("ruby/rails/default_encryption", "summary", "ruby_rails_default_encryption", t)
    140 141  }
    141 142   
    142 143  func TestRubyRailsDefaultEncryptionDataflow(t *testing.T) {
    143 144   t.Parallel()
    144  - runRulesTest("ruby/rails/default_encryption", "dataflow", t)
     145 + runRulesTest("ruby/rails/default_encryption", "dataflow", "ruby_rails_default_encryption", t)
    145 146  }
    146 147   
    147 148  func TestRubyRailsInsecureCommunicationSummary(t *testing.T) {
    148 149   t.Parallel()
    149  - runRulesTest("ruby/rails/insecure_communication", "summary", t)
     150 + runRulesTest("ruby/rails/insecure_communication", "summary", "ruby_rails_insecure_communication", t)
    150 151  }
    151 152   
    152 153  func TestRubyRailsInsecureCommunicationDataflow(t *testing.T) {
    153 154   t.Parallel()
    154  - runRulesTest("ruby/rails/insecure_communication", "dataflow", t)
     155 + runRulesTest("ruby/rails/insecure_communication", "dataflow", "ruby_rails_insecure_communication", t)
    155 156  }
    156 157   
    157 158  func TestRubyRailsInsecureSmtpSummary(t *testing.T) {
    158 159   t.Parallel()
    159  - runRulesTest("ruby/rails/insecure_smtp", "summary", t)
     160 + runRulesTest("ruby/rails/insecure_smtp", "summary", "ruby_rails_insecure_smtp", t)
    160 161  }
    161 162   
    162 163  func TestRubyRailsInsecureSmtpDataflow(t *testing.T) {
    163 164   t.Parallel()
    164  - runRulesTest("ruby/rails/insecure_smtp", "dataflow", t)
     165 + runRulesTest("ruby/rails/insecure_smtp", "dataflow", "ruby_rails_insecure_smtp", t)
    165 166  }
    166 167   
    167 168  func TestRubyRailsLoggerSummary(t *testing.T) {
    168 169   t.Parallel()
    169  - runRulesTest("ruby/rails/logger", "summary", t)
     170 + runRulesTest("ruby/rails/logger", "summary", "ruby_rails_logger", t)
    170 171  }
    171 172   
    172 173  func TestRubyRailsLoggerDataflow(t *testing.T) {
    173 174   t.Parallel()
    174  - runRulesTest("ruby/rails/logger", "dataflow", t)
     175 + runRulesTest("ruby/rails/logger", "dataflow", "ruby_rails_logger", t)
    175 176  }
    176 177   
    177 178  func TestRubyRailsPasswordLengthSummary(t *testing.T) {
    178 179   t.Parallel()
    179  - runRulesTest("ruby/rails/password_length", "summary", t)
     180 + runRulesTest("ruby/rails/password_length", "summary", "ruby_rails_password_length", t)
    180 181  }
    181 182   
    182 183  func TestRubyRailsPasswordLengthDataflow(t *testing.T) {
    183 184   t.Parallel()
    184  - runRulesTest("ruby/rails/password_length", "dataflow", t)
     185 + runRulesTest("ruby/rails/password_length", "dataflow", "ruby_rails_password_length", t)
    185 186  }
    186 187   
    187 188  func TestRubyRailsSessionSummary(t *testing.T) {
    188 189   t.Parallel()
    189  - runRulesTest("ruby/rails/session", "summary", t)
     190 + runRulesTest("ruby/rails/session", "summary", "ruby_rails_session", t)
    190 191  }
    191 192   
    192 193  func TestRubyRailsSessionDataflow(t *testing.T) {
    193 194   t.Parallel()
    194  - runRulesTest("ruby/rails/session", "dataflow", t)
     195 + runRulesTest("ruby/rails/session", "dataflow", "ruby_rails_session", t)
     196 +}
     197 + 
     198 +func TestRubyThirdPartiesNewRelicSummary(t *testing.T) {
     199 + t.Parallel()
     200 + runRulesTest("ruby/third_parties/new_relic", "summary", "ruby_third_parties_new_relic", t)
     201 +}
     202 + 
     203 +func TestRubyThirdPartiesNewRelicDataflow(t *testing.T) {
     204 + t.Parallel()
     205 + runRulesTest("ruby/third_parties/new_relic", "dataflow", "ruby_third_parties_new_relic", t)
    195 206  }
    196 207   
    197 208  func TestRubyThirdPartiesSentrySummary(t *testing.T) {
    198 209   t.Parallel()
    199  - runRulesTest("ruby/third_parties/sentry", "summary", t)
     210 + runRulesTest("ruby/third_parties/sentry", "summary", "ruby_third_parties_sentry", t)
    200 211  }
    201 212   
    202 213  func TestRubyThirdPartiesSentryDataflow(t *testing.T) {
    203 214   t.Parallel()
    204  - runRulesTest("ruby/third_parties/sentry", "dataflow", t)
     215 + runRulesTest("ruby/third_parties/sentry", "dataflow", "ruby_third_parties_sentry", t)
    205 216  }
    206 217   
    207  -func runRulesTest(folderPath string, format string, t *testing.T) {
     218 +func runRulesTest(folderPath, format, ruleID string, t *testing.T) {
    208 219   snapshotDirectory := "../../pkg/commands/process/settings/rules/" + folderPath + "/.snapshots"
    209 220   testdataDirEntries, err := rulesFs.ReadDir(fmt.Sprintf("%s/testdata", folderPath))
    210 221   if err != nil {
    skipped 9 lines
    220 231   buildRulesTestCase(
    221 232   testName,
    222 233   format,
     234 + ruleID,
    223 235   fmt.Sprintf("%s/testdata/%s", folderPath, name),
    224 236   ),
    225 237   )
    skipped 5 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/load_external_rules.go
    1  -package settings
    2  - 
    3  -import (
    4  - "fmt"
    5  - "io/fs"
    6  - "os"
    7  - "path/filepath"
    8  - "strings"
    9  - 
    10  - "gopkg.in/yaml.v3"
    11  -)
    12  - 
    13  -func LoadExternalRules(directories []string) (map[string]Rule, error) {
    14  - rules := make(map[string]Rule)
    15  - 
    16  - for _, dirPath := range directories {
    17  - 
    18  - err := filepath.WalkDir(dirPath, func(filePath string, d fs.DirEntry, errReading error) error {
    19  - if errReading != nil {
    20  - return errReading
    21  - }
    22  - 
    23  - fileName := d.Name()
    24  - ext := filepath.Ext(fileName)
    25  - 
    26  - if d.IsDir() {
    27  - return nil
    28  - }
    29  - 
    30  - if ext != ".yaml" && ext != ".yml" {
    31  - return nil
    32  - }
    33  - 
    34  - fileContent, err := os.ReadFile(filePath)
    35  - if err != nil {
    36  - return fmt.Errorf("error reading file: %s %s", filePath, err)
    37  - }
    38  - 
    39  - ruleName := strings.TrimSuffix(fileName, ext)
    40  - 
    41  - var rule Rule
    42  - err = yaml.Unmarshal(fileContent, &rule)
    43  - if err != nil {
    44  - return fmt.Errorf("failed to unmarshal yaml file: %s %s", filePath, err)
    45  - }
    46  - 
    47  - rules[ruleName] = rule
    48  - 
    49  - return nil
    50  - })
    51  - 
    52  - if err != nil {
    53  - return nil, err
    54  - }
    55  - }
    56  - 
    57  - return rules, nil
    58  -}
    59  - 
  • ■ ■ ■ ■
    pkg/commands/process/settings/rules/internal/internal/gitleaks.yml
    skipped 17 lines
    18 18   ## Resources
    19 19   - [Gitleaks](https://gitleaks.io/)
    20 20   dsr_id: "DSR-4"
    21  - id: "internal_gitleaks"
     21 + id: "gitleaks"
    22 22   
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithDataDataflow-dataflow_ruby_lang_http_post_insecure_with_data_insecure_post_form_with_datatype.rb
    skipped 28 lines
    29 29   line_number: 1
    30 30   content: 'Net::HTTP.post_form("http://my.api.com/users/search", email: user.email)'
    31 31   object_name: user
    32  - - detector_id: ruby_lang_http_insecure
    33  - locations:
    34  - - filename: pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/testdata/insecure_post_form_with_datatype.rb
    35  - line_number: 1
    36  - parent:
    37  - line_number: 1
    38  - content: 'Net::HTTP.post_form("http://my.api.com/users/search", email: user.email)'
    39  - content: |
    40  - Net::HTTP.post_form($<INSECURE_URL>)
    41 32  components: []
    42 33   
    43 34   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithDataDataflow-dataflow_ruby_lang_http_post_insecure_with_data_insecure_post_with_datatype.rb
    skipped 28 lines
    29 29   line_number: 1
    30 30   content: 'HTTParty.post("http://my.api.com/users/search", body: user.email)'
    31 31   object_name: user
    32  - - detector_id: ruby_lang_http_insecure
    33  - locations:
    34  - - filename: pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/testdata/insecure_post_with_datatype.rb
    35  - line_number: 1
    36  - parent:
    37  - line_number: 1
    38  - content: 'HTTParty.post("http://my.api.com/users/search", body: user.email)'
    39  - content: |
    40  - $<CLIENT>.post($<INSECURE_URL>)
    41 32  components: []
    42 33   
    43 34   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithDataSummary-summary_ruby_lang_http_post_insecure_with_data_insecure_post_form_with_datatype.rb
    skipped 8 lines
    9 9   - PII
    10 10   parent_line_number: 1
    11 11   parent_content: 'Net::HTTP.post_form("http://my.api.com/users/search", email: user.email)'
    12  -low:
    13  - - policy_name: ""
    14  - policy_dsrid: DSR-2
    15  - policy_display_id: ruby_lang_http_insecure
    16  - policy_description: Only communicate using HTTPS connections.
    17  - line_number: 1
    18  - filename: pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/testdata/insecure_post_form_with_datatype.rb
    19  - category_groups:
    20  - - PII
    21  - parent_line_number: 1
    22  - parent_content: 'Net::HTTP.post_form("http://my.api.com/users/search", email: user.email)'
    23 12   
    24 13   
    25 14  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithDataSummary-summary_ruby_lang_http_post_insecure_with_data_insecure_post_with_datatype.rb
    skipped 8 lines
    9 9   - PII
    10 10   parent_line_number: 1
    11 11   parent_content: 'HTTParty.post("http://my.api.com/users/search", body: user.email)'
    12  -low:
    13  - - policy_name: ""
    14  - policy_dsrid: DSR-2
    15  - policy_display_id: ruby_lang_http_insecure
    16  - policy_description: Only communicate using HTTPS connections.
    17  - line_number: 1
    18  - filename: pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/testdata/insecure_post_with_datatype.rb
    19  - category_groups:
    20  - - PII
    21  - parent_line_number: 1
    22  - parent_content: 'HTTParty.post("http://my.api.com/users/search", body: user.email)'
    23 12   
    24 13   
    25 14  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataDataflow-dataflow_ruby_lang_weak_encryption_with_data_blowfish_data.rb
    skipped 58 lines
    59 59   line_number: 5
    60 60   content: Crypt::Blowfish.new("your-key").encrypt_string(user.email)
    61 61   object_name: user
    62  - - detector_id: ruby_lang_weak_encryption
    63  - locations:
    64  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/blowfish_data.rb
    65  - line_number: 1
    66  - parent:
    67  - line_number: 1
    68  - content: |-
    69  - Crypt::Blowfish.new("insecure").encrypt_block do |user|
    70  - user.password
    71  - end
    72  - content: |
    73  - $<VAR>.$<METHOD> do
    74  - $<_>
    75  - end
    76  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/blowfish_data.rb
    77  - line_number: 1
    78  - parent:
    79  - line_number: 1
    80  - content: |-
    81  - Crypt::Blowfish.new("insecure").encrypt_block do |user|
    82  - user.password
    83  - end
    84  - content: |
    85  - $<VAR>.$<METHOD> do
    86  - $<_>
    87  - end
    88  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/blowfish_data.rb
    89  - line_number: 5
    90  - parent:
    91  - line_number: 5
    92  - content: Crypt::Blowfish.new("your-key").encrypt_string(user.email)
    93  - content: |
    94  - $<VAR>.$<METHOD>()
    95 62  components: []
    96 63   
    97 64   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataDataflow-dataflow_ruby_lang_weak_encryption_with_data_digest_md5.rb
    skipped 28 lines
    29 29   line_number: 1
    30 30   content: Digest::MD5.hexdigest(user.address)
    31 31   object_name: user
    32  - - detector_id: ruby_lang_weak_encryption
    33  - locations:
    34  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/digest_md5.rb
    35  - line_number: 1
    36  - parent:
    37  - line_number: 1
    38  - content: Digest::MD5.hexdigest(user.address)
    39  - content: |
    40  - Digest::MD5.hexdigest()
    41 32  components: []
    42 33   
    43 34   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataDataflow-dataflow_ruby_lang_weak_encryption_with_data_digest_sha1.rb
    skipped 28 lines
    29 29   line_number: 1
    30 30   content: Digest::SHA1.hexidigest(user.first_name)
    31 31   object_name: user
    32  - - detector_id: ruby_lang_weak_encryption
    33  - locations:
    34  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/digest_sha1.rb
    35  - line_number: 1
    36  - parent:
    37  - line_number: 1
    38  - content: Digest::SHA1.hexidigest(user.first_name)
    39  - content: |
    40  - Digest::SHA1.hexidigest()
    41 32  components: []
    42 33   
    43 34   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataDataflow-dataflow_ruby_lang_weak_encryption_with_data_openssl_dsa_data.rb
    skipped 61 lines
    62 62   content: OpenSSL::PKey::DSA.new(2048)
    63 63   content: |
    64 64   OpenSSL::PKey::DSA.new()
    65  - - detector_id: ruby_lang_weak_encryption
    66  - locations:
    67  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_dsa_data.rb
    68  - line_number: 3
    69  - parent:
    70  - line_number: 3
    71  - content: dsa_encrypt.export(cipher, user.email)
    72  - content: |
    73  - $<VAR>.$<METHOD>($<_>)
    74  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_dsa_data.rb
    75  - line_number: 5
    76  - parent:
    77  - line_number: 5
    78  - content: OpenSSL::PKey::RSA.new(2048).to_pem(cipher, user.first_name)
    79  - content: |
    80  - $<VAR>.$<METHOD>($<_>)
    81 65  components: []
    82 66   
    83 67   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataDataflow-dataflow_ruby_lang_weak_encryption_with_data_openssl_rsa_data.rb
    skipped 78 lines
    79 79   content: OpenSSL::PKey::RSA.new(2048)
    80 80   content: |
    81 81   OpenSSL::PKey::RSA.new()
    82  - - detector_id: ruby_lang_weak_encryption
    83  - locations:
    84  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_rsa_data.rb
    85  - line_number: 1
    86  - parent:
    87  - line_number: 1
    88  - content: OpenSSL::PKey::RSA.new(File.read('rsa.pem')).private_encrypt(user.password)
    89  - content: |
    90  - $<VAR>.$<METHOD>($<_>)
    91  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_rsa_data.rb
    92  - line_number: 5
    93  - parent:
    94  - line_number: 5
    95  - content: rsa_encrypt.export(cipher, user.password)
    96  - content: |
    97  - $<VAR>.$<METHOD>($<_>)
    98  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_rsa_data.rb
    99  - line_number: 7
    100  - parent:
    101  - line_number: 7
    102  - content: OpenSSL::PKey::RSA.new(2048).to_pem(cipher, user.first_name)
    103  - content: |
    104  - $<VAR>.$<METHOD>($<_>)
    105 82  components: []
    106 83   
    107 84   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataDataflow-dataflow_ruby_lang_weak_encryption_with_data_rc4_data.rb
    skipped 54 lines
    55 55   content: RC4.new("insecure")
    56 56   content: |
    57 57   RC4.new()
    58  - - detector_id: ruby_lang_weak_encryption
    59  - locations:
    60  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/rc4_data.rb
    61  - line_number: 1
    62  - parent:
    63  - line_number: 1
    64  - content: RC4.new("insecure").encrypt(user.password)
    65  - content: |
    66  - $<VAR>.$<METHOD>($<_>)
    67  - - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/rc4_data.rb
    68  - line_number: 4
    69  - parent:
    70  - line_number: 4
    71  - content: rc4_encrypt.encrypt!(user.password)
    72  - content: |
    73  - $<VAR>.$<METHOD>($<_>)
    74 58  components: []
    75 59   
    76 60   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataSummary-summary_ruby_lang_weak_encryption_with_data_blowfish_data.rb
    skipped 21 lines
    22 22   - PII
    23 23   parent_line_number: 5
    24 24   parent_content: Crypt::Blowfish.new("your-key").encrypt_string(user.email)
    25  -low:
    26  - - policy_name: ""
    27  - policy_dsrid: DSR-7
    28  - policy_display_id: ruby_lang_weak_encryption
    29  - policy_description: Avoid weak encryption libraries.
    30  - line_number: 1
    31  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/blowfish_data.rb
    32  - category_groups:
    33  - - PII
    34  - parent_line_number: 1
    35  - parent_content: |-
    36  - Crypt::Blowfish.new("insecure").encrypt_block do |user|
    37  - user.password
    38  - end
    39  - - policy_name: ""
    40  - policy_dsrid: DSR-7
    41  - policy_display_id: ruby_lang_weak_encryption
    42  - policy_description: Avoid weak encryption libraries.
    43  - line_number: 5
    44  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/blowfish_data.rb
    45  - category_groups:
    46  - - PII
    47  - parent_line_number: 5
    48  - parent_content: Crypt::Blowfish.new("your-key").encrypt_string(user.email)
    49 25   
    50 26   
    51 27  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataSummary-summary_ruby_lang_weak_encryption_with_data_digest_md5.rb
    skipped 8 lines
    9 9   - PII
    10 10   parent_line_number: 1
    11 11   parent_content: Digest::MD5.hexdigest(user.address)
    12  -low:
    13  - - policy_name: ""
    14  - policy_dsrid: DSR-7
    15  - policy_display_id: ruby_lang_weak_encryption
    16  - policy_description: Avoid weak encryption libraries.
    17  - line_number: 1
    18  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/digest_md5.rb
    19  - category_groups:
    20  - - PII
    21  - parent_line_number: 1
    22  - parent_content: Digest::MD5.hexdigest(user.address)
    23 12   
    24 13   
    25 14  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataSummary-summary_ruby_lang_weak_encryption_with_data_digest_sha1.rb
    skipped 8 lines
    9 9   - PII
    10 10   parent_line_number: 1
    11 11   parent_content: Digest::SHA1.hexidigest(user.first_name)
    12  -low:
    13  - - policy_name: ""
    14  - policy_dsrid: DSR-7
    15  - policy_display_id: ruby_lang_weak_encryption
    16  - policy_description: Avoid weak encryption libraries.
    17  - line_number: 1
    18  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/digest_sha1.rb
    19  - category_groups:
    20  - - PII
    21  - parent_line_number: 1
    22  - parent_content: Digest::SHA1.hexidigest(user.first_name)
    23 12   
    24 13   
    25 14  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataSummary-summary_ruby_lang_weak_encryption_with_data_openssl_dsa_data.rb
    skipped 18 lines
    19 19   - PII
    20 20   parent_line_number: 5
    21 21   parent_content: OpenSSL::PKey::RSA.new(2048).to_pem(cipher, user.first_name)
    22  -low:
    23  - - policy_name: ""
    24  - policy_dsrid: DSR-7
    25  - policy_display_id: ruby_lang_weak_encryption
    26  - policy_description: Avoid weak encryption libraries.
    27  - line_number: 3
    28  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_dsa_data.rb
    29  - category_groups:
    30  - - PII
    31  - parent_line_number: 3
    32  - parent_content: dsa_encrypt.export(cipher, user.email)
    33  - - policy_name: ""
    34  - policy_dsrid: DSR-7
    35  - policy_display_id: ruby_lang_weak_encryption
    36  - policy_description: Avoid weak encryption libraries.
    37  - line_number: 5
    38  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_dsa_data.rb
    39  - category_groups:
    40  - - PII
    41  - parent_line_number: 5
    42  - parent_content: OpenSSL::PKey::RSA.new(2048).to_pem(cipher, user.first_name)
    43 22   
    44 23   
    45 24  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataSummary-summary_ruby_lang_weak_encryption_with_data_openssl_rsa_data.rb
    skipped 28 lines
    29 29   - PII
    30 30   parent_line_number: 7
    31 31   parent_content: OpenSSL::PKey::RSA.new(2048).to_pem(cipher, user.first_name)
    32  -low:
    33  - - policy_name: ""
    34  - policy_dsrid: DSR-7
    35  - policy_display_id: ruby_lang_weak_encryption
    36  - policy_description: Avoid weak encryption libraries.
    37  - line_number: 1
    38  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_rsa_data.rb
    39  - category_groups:
    40  - - PII
    41  - parent_line_number: 1
    42  - parent_content: OpenSSL::PKey::RSA.new(File.read('rsa.pem')).private_encrypt(user.password)
    43  - - policy_name: ""
    44  - policy_dsrid: DSR-7
    45  - policy_display_id: ruby_lang_weak_encryption
    46  - policy_description: Avoid weak encryption libraries.
    47  - line_number: 5
    48  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_rsa_data.rb
    49  - category_groups:
    50  - - PII
    51  - parent_line_number: 5
    52  - parent_content: rsa_encrypt.export(cipher, user.password)
    53  - - policy_name: ""
    54  - policy_dsrid: DSR-7
    55  - policy_display_id: ruby_lang_weak_encryption
    56  - policy_description: Avoid weak encryption libraries.
    57  - line_number: 7
    58  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/openssl_rsa_data.rb
    59  - category_groups:
    60  - - PII
    61  - parent_line_number: 7
    62  - parent_content: OpenSSL::PKey::RSA.new(2048).to_pem(cipher, user.first_name)
    63 32   
    64 33   
    65 34  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithDataSummary-summary_ruby_lang_weak_encryption_with_data_rc4_data.rb
    skipped 18 lines
    19 19   - PII
    20 20   parent_line_number: 4
    21 21   parent_content: rc4_encrypt.encrypt!(user.password)
    22  -low:
    23  - - policy_name: ""
    24  - policy_dsrid: DSR-7
    25  - policy_display_id: ruby_lang_weak_encryption
    26  - policy_description: Avoid weak encryption libraries.
    27  - line_number: 1
    28  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/rc4_data.rb
    29  - category_groups:
    30  - - PII
    31  - parent_line_number: 1
    32  - parent_content: RC4.new("insecure").encrypt(user.password)
    33  - - policy_name: ""
    34  - policy_dsrid: DSR-7
    35  - policy_display_id: ruby_lang_weak_encryption
    36  - policy_description: Avoid weak encryption libraries.
    37  - line_number: 4
    38  - filename: pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/testdata/rc4_data.rb
    39  - category_groups:
    40  - - PII
    41  - parent_line_number: 4
    42  - parent_content: rc4_encrypt.encrypt!(user.password)
    43 22   
    44 23   
    45 24  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicDataflow-dataflow_ruby_third_parties_new_relic_datatype_in_add_custom_attributes.rb
     1 +data_types:
     2 + - name: Email Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     7 + line_number: 1
     8 + field_name: email
     9 + object_name: user
     10 +risks:
     11 + - detector_id: ruby_third_parties_new_relic
     12 + data_types:
     13 + - name: Email Address
     14 + stored: false
     15 + locations:
     16 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     17 + line_number: 1
     18 + parent:
     19 + line_number: 2
     20 + content: NewRelic::Agent.add_custom_attributes(user)
     21 + field_name: email
     22 + object_name: user
     23 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     24 + line_number: 3
     25 + parent:
     26 + line_number: 3
     27 + content: 'NewRelic::Agent.add_custom_attributes(a: "test", user: { email: "[email protected]" }, other: 42)'
     28 + field_name: email
     29 + object_name: user
     30 + - name: Unique Identifier
     31 + stored: false
     32 + locations:
     33 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     34 + line_number: 1
     35 + parent:
     36 + line_number: 2
     37 + content: NewRelic::Agent.add_custom_attributes(user)
     38 + object_name: user
     39 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     40 + line_number: 3
     41 + parent:
     42 + line_number: 3
     43 + content: 'NewRelic::Agent.add_custom_attributes(a: "test", user: { email: "[email protected]" }, other: 42)'
     44 + object_name: user
     45 +components: []
     46 + 
     47 + 
     48 +--
     49 + 
     50 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicDataflow-dataflow_ruby_third_parties_new_relic_datatype_in_add_custom_parameters.rb
     1 +data_types:
     2 + - name: Physical Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     7 + line_number: 1
     8 + field_name: address
     9 + object_name: user
     10 +risks:
     11 + - detector_id: ruby_third_parties_new_relic
     12 + data_types:
     13 + - name: Email Address
     14 + stored: false
     15 + locations:
     16 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     17 + line_number: 3
     18 + parent:
     19 + line_number: 3
     20 + content: 'NewRelic::Agent.add_custom_parameters(user: { email: "[email protected]" })'
     21 + field_name: email
     22 + object_name: user
     23 + - name: Physical Address
     24 + stored: false
     25 + locations:
     26 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     27 + line_number: 1
     28 + parent:
     29 + line_number: 2
     30 + content: NewRelic::Agent.add_custom_parameters(user)
     31 + field_name: address
     32 + object_name: user
     33 + - name: Unique Identifier
     34 + stored: false
     35 + locations:
     36 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     37 + line_number: 1
     38 + parent:
     39 + line_number: 2
     40 + content: NewRelic::Agent.add_custom_parameters(user)
     41 + object_name: user
     42 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     43 + line_number: 3
     44 + parent:
     45 + line_number: 3
     46 + content: 'NewRelic::Agent.add_custom_parameters(user: { email: "[email protected]" })'
     47 + object_name: user
     48 +components: []
     49 + 
     50 + 
     51 +--
     52 + 
     53 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicDataflow-dataflow_ruby_third_parties_new_relic_datatype_in_notice_error.rb
     1 +data_types:
     2 + - name: Firstname
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_notice_error.rb
     7 + line_number: 1
     8 + field_name: first_name
     9 + object_name: user
     10 +risks:
     11 + - detector_id: ruby_third_parties_new_relic
     12 + data_types:
     13 + - name: Firstname
     14 + stored: false
     15 + locations:
     16 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_notice_error.rb
     17 + line_number: 1
     18 + parent:
     19 + line_number: 2
     20 + content: 'NewRelic::Agent.notice_error(exception, { custom_params: user })'
     21 + field_name: first_name
     22 + object_name: user
     23 + - name: Lastname
     24 + stored: false
     25 + locations:
     26 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_notice_error.rb
     27 + line_number: 3
     28 + parent:
     29 + line_number: 3
     30 + content: 'NewRelic::Agent.notice_error(exception, expected: true, custom_params: { last_name: "foo" }, metric: "test")'
     31 + field_name: last_name
     32 + object_name: custom_params
     33 + - name: Unique Identifier
     34 + stored: false
     35 + locations:
     36 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_notice_error.rb
     37 + line_number: 1
     38 + parent:
     39 + line_number: 2
     40 + content: 'NewRelic::Agent.notice_error(exception, { custom_params: user })'
     41 + object_name: user
     42 +components: []
     43 + 
     44 + 
     45 +--
     46 + 
     47 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicDataflow-dataflow_ruby_third_parties_new_relic_ok_datatype_ignored.rb
     1 +data_types:
     2 + - name: Unique Identifier
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/ok_datatype_ignored.rb
     7 + line_number: 1
     8 + field_name: user_id
     9 + object_name: user
     10 +risks:
     11 + - detector_id: ruby_third_parties_new_relic
     12 + data_types:
     13 + - name: Unique Identifier
     14 + stored: false
     15 + locations:
     16 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/ok_datatype_ignored.rb
     17 + line_number: 1
     18 + parent:
     19 + line_number: 1
     20 + content: 'NewRelic::Agent.add_custom_attributes(user_id: user.user_id)'
     21 + field_name: user_id
     22 + object_name: user
     23 +components: []
     24 + 
     25 + 
     26 +--
     27 + 
     28 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicDataflow-dataflow_ruby_third_parties_new_relic_ok_no_datatype.rb
     1 +components: []
     2 + 
     3 + 
     4 +--
     5 + 
     6 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicSummary-summary_ruby_third_parties_new_relic_datatype_in_add_custom_attributes.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_new_relic
     5 + policy_description: Do not send sensitive data to New Relic.
     6 + line_number: 1
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 2
     11 + parent_content: NewRelic::Agent.add_custom_attributes(user)
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_new_relic
     15 + policy_description: Do not send sensitive data to New Relic.
     16 + line_number: 3
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 3
     21 + parent_content: 'NewRelic::Agent.add_custom_attributes(a: "test", user: { email: "[email protected]" }, other: 42)'
     22 + 
     23 + 
     24 +--
     25 + 
     26 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicSummary-summary_ruby_third_parties_new_relic_datatype_in_add_custom_parameters.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_new_relic
     5 + policy_description: Do not send sensitive data to New Relic.
     6 + line_number: 1
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 2
     11 + parent_content: NewRelic::Agent.add_custom_parameters(user)
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_new_relic
     15 + policy_description: Do not send sensitive data to New Relic.
     16 + line_number: 3
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 3
     21 + parent_content: 'NewRelic::Agent.add_custom_parameters(user: { email: "[email protected]" })'
     22 + 
     23 + 
     24 +--
     25 + 
     26 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicSummary-summary_ruby_third_parties_new_relic_datatype_in_notice_error.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_new_relic
     5 + policy_description: Do not send sensitive data to New Relic.
     6 + line_number: 1
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_notice_error.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 2
     11 + parent_content: 'NewRelic::Agent.notice_error(exception, { custom_params: user })'
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_new_relic
     15 + policy_description: Do not send sensitive data to New Relic.
     16 + line_number: 3
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_notice_error.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 3
     21 + parent_content: 'NewRelic::Agent.notice_error(exception, expected: true, custom_params: { last_name: "foo" }, metric: "test")'
     22 + 
     23 + 
     24 +--
     25 + 
     26 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicSummary-summary_ruby_third_parties_new_relic_ok_datatype_ignored.rb
     1 +{}
     2 + 
     3 + 
     4 +--
     5 + 
     6 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelicSummary-summary_ruby_third_parties_new_relic_ok_no_datatype.rb
     1 +{}
     2 + 
     3 + 
     4 +--
     5 + 
     6 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_attributes.rb
     1 +user = { email: "[email protected]" }
     2 +NewRelic::Agent.add_custom_attributes(user)
     3 +NewRelic::Agent.add_custom_attributes(a: "test", user: { email: "[email protected]" }, other: 42)
     4 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_add_custom_parameters.rb
     1 +user = { address: "foo" }
     2 +NewRelic::Agent.add_custom_parameters(user)
     3 +NewRelic::Agent.add_custom_parameters(user: { email: "[email protected]" })
     4 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/datatype_in_notice_error.rb
     1 +user = { first_name: "foo" }
     2 +NewRelic::Agent.notice_error(exception, { custom_params: user })
     3 +NewRelic::Agent.notice_error(exception, expected: true, custom_params: { last_name: "foo" }, metric: "test")
     4 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/ok_datatype_ignored.rb
     1 +NewRelic::Agent.add_custom_attributes(user_id: user.user_id)
     2 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic/testdata/ok_no_datatype.rb
     1 +NewRelic::Agent.add_custom_attributes(other: 42)
     2 +NewRelic::Agent.add_custom_parameters(foo: "bar")
     3 +NewRelic::Agent.notice_error(exception)
     4 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/new_relic.yml
     1 +type: "risk"
     2 +patterns:
     3 + - pattern: |
     4 + NewRelic::Agent.add_custom_attributes($<...>$<DATA_TYPE>$<...>)
     5 + filters:
     6 + - variable: DATA_TYPE
     7 + detection: datatype
     8 + - pattern: |
     9 + NewRelic::Agent.add_custom_parameters($<...>$<DATA_TYPE>$<...>)
     10 + filters:
     11 + - variable: DATA_TYPE
     12 + detection: datatype
     13 + - pattern: |
     14 + NewRelic::Agent.notice_error($<...>$<DATA_TYPE>$<...>)
     15 + filters:
     16 + - variable: DATA_TYPE
     17 + detection: datatype
     18 +languages:
     19 + - ruby
     20 +trigger: "local"
     21 +severity:
     22 + default: "low"
     23 + PII: "critical"
     24 + PHI: "medium"
     25 + PD: "high"
     26 +skip_data_types:
     27 + - "Unique Identifier"
     28 +metadata:
     29 + description: "Do not send sensitive data to New Relic."
     30 + remediation_message: ""
     31 + dsr_id: "DSR-1"
     32 + id: "ruby_third_parties_new_relic"
     33 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_capture_message.rb
     1 +data_types:
     2 + - name: Email Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     7 + line_number: 1
     8 + field_name: email
     9 + object_name: user
     10 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     11 + line_number: 2
     12 + field_name: email
     13 + object_name: user
     14 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     15 + line_number: 3
     16 + field_name: email
     17 + object_name: user
     18 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     19 + line_number: 4
     20 + field_name: email
     21 + object_name: user
     22 +risks:
     23 + - detector_id: ruby_third_parties_sentry
     24 + data_types:
     25 + - name: Email Address
     26 + stored: false
     27 + locations:
     28 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     29 + line_number: 1
     30 + parent:
     31 + line_number: 1
     32 + content: 'Sentry.capture_message("test: #{user.email}")'
     33 + field_name: email
     34 + object_name: user
     35 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     36 + line_number: 2
     37 + parent:
     38 + line_number: 2
     39 + content: 'Sentry.capture_message("test", extra: { email: user.email })'
     40 + field_name: email
     41 + object_name: user
     42 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     43 + line_number: 3
     44 + parent:
     45 + line_number: 3
     46 + content: 'Sentry.capture_message("test", tags: { email: user.email })'
     47 + field_name: email
     48 + object_name: user
     49 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     50 + line_number: 4
     51 + parent:
     52 + line_number: 4
     53 + content: 'Sentry.capture_message("test", user: { email: user.email })'
     54 + field_name: email
     55 + object_name: user
     56 + - name: Unique Identifier
     57 + stored: false
     58 + locations:
     59 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     60 + line_number: 1
     61 + parent:
     62 + line_number: 1
     63 + content: 'Sentry.capture_message("test: #{user.email}")'
     64 + object_name: user
     65 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     66 + line_number: 2
     67 + parent:
     68 + line_number: 2
     69 + content: 'Sentry.capture_message("test", extra: { email: user.email })'
     70 + object_name: user
     71 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     72 + line_number: 3
     73 + parent:
     74 + line_number: 3
     75 + content: 'Sentry.capture_message("test", tags: { email: user.email })'
     76 + object_name: user
     77 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     78 + line_number: 4
     79 + parent:
     80 + line_number: 4
     81 + content: 'Sentry.capture_message("test", user: { email: user.email })'
     82 + object_name: user
     83 +components: []
     84 + 
     85 + 
     86 +--
     87 + 
     88 + 
  • ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_init.rb
    skipped 15 lines
    16 16   - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_init.rb
    17 17   line_number: 3
    18 18   parent:
    19  - line_number: 1
    20  - content: |-
    21  - Sentry.init do |config|
    22  - config.before_breadcrumb = lambda do |breadcrumb, hint|
    23  - breadcrumb.message = "Authenticated user #{current_user.email}"
    24  - breadcrumb
    25  - end
    26  - end
     19 + line_number: 3
     20 + content: 'breadcrumb.message = "Authenticated user #{current_user.email}"'
    27 21   field_name: email
    28 22   object_name: current_user
    29 23   - name: Unique Identifier
    skipped 2 lines
    32 26   - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_init.rb
    33 27   line_number: 3
    34 28   parent:
    35  - line_number: 1
    36  - content: |-
    37  - Sentry.init do |config|
    38  - config.before_breadcrumb = lambda do |breadcrumb, hint|
    39  - breadcrumb.message = "Authenticated user #{current_user.email}"
    40  - breadcrumb
    41  - end
    42  - end
     29 + line_number: 3
     30 + content: 'breadcrumb.message = "Authenticated user #{current_user.email}"'
    43 31   object_name: current_user
    44 32  components: []
    45 33   
    skipped 4 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_set_context.rb
     1 +data_types:
     2 + - name: Email Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     7 + line_number: 1
     8 + field_name: email
     9 + object_name: user
     10 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     11 + line_number: 4
     12 + field_name: email
     13 + object_name: user
     14 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     15 + line_number: 8
     16 + field_name: email
     17 + object_name: user
     18 +risks:
     19 + - detector_id: ruby_third_parties_sentry
     20 + data_types:
     21 + - name: Email Address
     22 + stored: false
     23 + locations:
     24 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     25 + line_number: 1
     26 + parent:
     27 + line_number: 1
     28 + content: 'Sentry.set_context(''email'', { email: user.email })'
     29 + field_name: email
     30 + object_name: user
     31 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     32 + line_number: 4
     33 + parent:
     34 + line_number: 4
     35 + content: 'scope.set_context(''email'', { email: user.email })'
     36 + field_name: email
     37 + object_name: user
     38 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     39 + line_number: 8
     40 + parent:
     41 + line_number: 8
     42 + content: 'scope.set_context(''email'', { email: user.email })'
     43 + field_name: email
     44 + object_name: user
     45 + - name: Unique Identifier
     46 + stored: false
     47 + locations:
     48 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     49 + line_number: 1
     50 + parent:
     51 + line_number: 1
     52 + content: 'Sentry.set_context(''email'', { email: user.email })'
     53 + object_name: user
     54 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     55 + line_number: 4
     56 + parent:
     57 + line_number: 4
     58 + content: 'scope.set_context(''email'', { email: user.email })'
     59 + object_name: user
     60 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     61 + line_number: 8
     62 + parent:
     63 + line_number: 8
     64 + content: 'scope.set_context(''email'', { email: user.email })'
     65 + object_name: user
     66 +components: []
     67 + 
     68 + 
     69 +--
     70 + 
     71 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_set_extra.rb
     1 +data_types:
     2 + - name: Email Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     7 + line_number: 2
     8 + field_name: email
     9 + object_name: user
     10 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     11 + line_number: 6
     12 + field_name: email
     13 + object_name: user
     14 +risks:
     15 + - detector_id: ruby_third_parties_sentry
     16 + data_types:
     17 + - name: Email Address
     18 + stored: false
     19 + locations:
     20 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     21 + line_number: 2
     22 + parent:
     23 + line_number: 2
     24 + content: scope.set_extra(:email, user.email)
     25 + field_name: email
     26 + object_name: user
     27 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     28 + line_number: 6
     29 + parent:
     30 + line_number: 6
     31 + content: scope.set_extra(:email, user.email)
     32 + field_name: email
     33 + object_name: user
     34 + - name: Unique Identifier
     35 + stored: false
     36 + locations:
     37 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     38 + line_number: 2
     39 + parent:
     40 + line_number: 2
     41 + content: scope.set_extra(:email, user.email)
     42 + object_name: user
     43 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     44 + line_number: 6
     45 + parent:
     46 + line_number: 6
     47 + content: scope.set_extra(:email, user.email)
     48 + object_name: user
     49 +components: []
     50 + 
     51 + 
     52 +--
     53 + 
     54 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_set_extras.rb
     1 +data_types:
     2 + - name: Email Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     7 + line_number: 1
     8 + field_name: email
     9 + object_name: user
     10 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     11 + line_number: 4
     12 + field_name: email
     13 + object_name: user
     14 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     15 + line_number: 8
     16 + field_name: email
     17 + object_name: user
     18 +risks:
     19 + - detector_id: ruby_third_parties_sentry
     20 + data_types:
     21 + - name: Email Address
     22 + stored: false
     23 + locations:
     24 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     25 + line_number: 1
     26 + parent:
     27 + line_number: 1
     28 + content: 'Sentry.set_extras(email: user.email)'
     29 + field_name: email
     30 + object_name: user
     31 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     32 + line_number: 4
     33 + parent:
     34 + line_number: 4
     35 + content: 'scope.set_extras(email: user.email)'
     36 + field_name: email
     37 + object_name: user
     38 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     39 + line_number: 8
     40 + parent:
     41 + line_number: 8
     42 + content: 'scope.set_extras(email: user.email)'
     43 + field_name: email
     44 + object_name: user
     45 + - name: Unique Identifier
     46 + stored: false
     47 + locations:
     48 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     49 + line_number: 1
     50 + parent:
     51 + line_number: 1
     52 + content: 'Sentry.set_extras(email: user.email)'
     53 + object_name: user
     54 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     55 + line_number: 4
     56 + parent:
     57 + line_number: 4
     58 + content: 'scope.set_extras(email: user.email)'
     59 + object_name: user
     60 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     61 + line_number: 8
     62 + parent:
     63 + line_number: 8
     64 + content: 'scope.set_extras(email: user.email)'
     65 + object_name: user
     66 +components: []
     67 + 
     68 + 
     69 +--
     70 + 
     71 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_set_tag.rb
     1 +data_types:
     2 + - name: Email Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     7 + line_number: 2
     8 + field_name: email
     9 + object_name: user
     10 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     11 + line_number: 6
     12 + field_name: email
     13 + object_name: user
     14 +risks:
     15 + - detector_id: ruby_third_parties_sentry
     16 + data_types:
     17 + - name: Email Address
     18 + stored: false
     19 + locations:
     20 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     21 + line_number: 2
     22 + parent:
     23 + line_number: 2
     24 + content: scope.set_tag(:email, user.email)
     25 + field_name: email
     26 + object_name: user
     27 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     28 + line_number: 6
     29 + parent:
     30 + line_number: 6
     31 + content: scope.set_tag(:email, user.email)
     32 + field_name: email
     33 + object_name: user
     34 + - name: Unique Identifier
     35 + stored: false
     36 + locations:
     37 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     38 + line_number: 2
     39 + parent:
     40 + line_number: 2
     41 + content: scope.set_tag(:email, user.email)
     42 + object_name: user
     43 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     44 + line_number: 6
     45 + parent:
     46 + line_number: 6
     47 + content: scope.set_tag(:email, user.email)
     48 + object_name: user
     49 +components: []
     50 + 
     51 + 
     52 +--
     53 + 
     54 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_set_tags.rb
     1 +data_types:
     2 + - name: Email Address
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     7 + line_number: 1
     8 + field_name: email
     9 + object_name: user
     10 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     11 + line_number: 4
     12 + field_name: email
     13 + object_name: user
     14 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     15 + line_number: 8
     16 + field_name: email
     17 + object_name: user
     18 +risks:
     19 + - detector_id: ruby_third_parties_sentry
     20 + data_types:
     21 + - name: Email Address
     22 + stored: false
     23 + locations:
     24 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     25 + line_number: 1
     26 + parent:
     27 + line_number: 1
     28 + content: 'Sentry.set_tags(email: user.email)'
     29 + field_name: email
     30 + object_name: user
     31 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     32 + line_number: 4
     33 + parent:
     34 + line_number: 4
     35 + content: 'scope.set_tags(email: user.email)'
     36 + field_name: email
     37 + object_name: user
     38 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     39 + line_number: 8
     40 + parent:
     41 + line_number: 8
     42 + content: 'scope.set_tags(email: user.email)'
     43 + field_name: email
     44 + object_name: user
     45 + - name: Unique Identifier
     46 + stored: false
     47 + locations:
     48 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     49 + line_number: 1
     50 + parent:
     51 + line_number: 1
     52 + content: 'Sentry.set_tags(email: user.email)'
     53 + object_name: user
     54 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     55 + line_number: 4
     56 + parent:
     57 + line_number: 4
     58 + content: 'scope.set_tags(email: user.email)'
     59 + object_name: user
     60 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     61 + line_number: 8
     62 + parent:
     63 + line_number: 8
     64 + content: 'scope.set_tags(email: user.email)'
     65 + object_name: user
     66 +components: []
     67 + 
     68 + 
     69 +--
     70 + 
     71 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_datatype_in_set_user.rb
    skipped 6 lines
    7 7   line_number: 3
    8 8   field_name: email
    9 9   object_name: user
     10 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     11 + line_number: 6
     12 + field_name: email
     13 + object_name: user
     14 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     15 + line_number: 10
     16 + field_name: email
     17 + object_name: user
    10 18  risks:
    11 19   - detector_id: ruby_third_parties_sentry
    12 20   data_types:
    skipped 7 lines
    20 28   content: 'Sentry.set_user(email: user.email)'
    21 29   field_name: email
    22 30   object_name: user
     31 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     32 + line_number: 6
     33 + parent:
     34 + line_number: 6
     35 + content: 'scope.set_user(email: user.email)'
     36 + field_name: email
     37 + object_name: user
     38 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     39 + line_number: 10
     40 + parent:
     41 + line_number: 10
     42 + content: 'scope.set_user(email: user.email)'
     43 + field_name: email
     44 + object_name: user
    23 45   - name: Unique Identifier
    24 46   stored: false
    25 47   locations:
    skipped 2 lines
    28 50   parent:
    29 51   line_number: 3
    30 52   content: 'Sentry.set_user(email: user.email)'
     53 + object_name: user
     54 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     55 + line_number: 6
     56 + parent:
     57 + line_number: 6
     58 + content: 'scope.set_user(email: user.email)'
     59 + object_name: user
     60 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     61 + line_number: 10
     62 + parent:
     63 + line_number: 10
     64 + content: 'scope.set_user(email: user.email)'
    31 65   object_name: user
    32 66  components: []
    33 67   
    skipped 4 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentryDataflow-dataflow_ruby_third_parties_sentry_ok_datatype_ignored.rb
     1 +data_types:
     2 + - name: Unique Identifier
     3 + detectors:
     4 + - name: ruby
     5 + locations:
     6 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/ok_datatype_ignored.rb
     7 + line_number: 3
     8 + field_name: user_id
     9 + object_name: current_user
     10 +risks:
     11 + - detector_id: ruby_third_parties_sentry
     12 + data_types:
     13 + - name: Unique Identifier
     14 + stored: false
     15 + locations:
     16 + - filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/ok_datatype_ignored.rb
     17 + line_number: 3
     18 + parent:
     19 + line_number: 1
     20 + content: |-
     21 + Sentry::Breadcrumb.new(
     22 + category: "auth",
     23 + message: "user has authenticated #{current_user.user_id}",
     24 + level: "info"
     25 + )
     26 + field_name: user_id
     27 + object_name: current_user
    1 28  components: []
    2 29   
    3 30   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_capture_message.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_sentry
     5 + policy_description: Do not send sensitive data to Sentry.
     6 + line_number: 1
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 1
     11 + parent_content: 'Sentry.capture_message("test: #{user.email}")'
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_sentry
     15 + policy_description: Do not send sensitive data to Sentry.
     16 + line_number: 2
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 2
     21 + parent_content: 'Sentry.capture_message("test", extra: { email: user.email })'
     22 + - policy_name: ""
     23 + policy_dsrid: DSR-1
     24 + policy_display_id: ruby_third_parties_sentry
     25 + policy_description: Do not send sensitive data to Sentry.
     26 + line_number: 3
     27 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     28 + category_groups:
     29 + - PII
     30 + parent_line_number: 3
     31 + parent_content: 'Sentry.capture_message("test", tags: { email: user.email })'
     32 + - policy_name: ""
     33 + policy_dsrid: DSR-1
     34 + policy_display_id: ruby_third_parties_sentry
     35 + policy_description: Do not send sensitive data to Sentry.
     36 + line_number: 4
     37 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     38 + category_groups:
     39 + - PII
     40 + parent_line_number: 4
     41 + parent_content: 'Sentry.capture_message("test", user: { email: user.email })'
     42 + 
     43 + 
     44 +--
     45 + 
     46 + 
  • ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_init.rb
    skipped 6 lines
    7 7   filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_init.rb
    8 8   category_groups:
    9 9   - PII
    10  - parent_line_number: 1
    11  - parent_content: |-
    12  - Sentry.init do |config|
    13  - config.before_breadcrumb = lambda do |breadcrumb, hint|
    14  - breadcrumb.message = "Authenticated user #{current_user.email}"
    15  - breadcrumb
    16  - end
    17  - end
     10 + parent_line_number: 3
     11 + parent_content: 'breadcrumb.message = "Authenticated user #{current_user.email}"'
    18 12   
    19 13   
    20 14  --
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_set_context.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_sentry
     5 + policy_description: Do not send sensitive data to Sentry.
     6 + line_number: 1
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 1
     11 + parent_content: 'Sentry.set_context(''email'', { email: user.email })'
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_sentry
     15 + policy_description: Do not send sensitive data to Sentry.
     16 + line_number: 4
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 4
     21 + parent_content: 'scope.set_context(''email'', { email: user.email })'
     22 + - policy_name: ""
     23 + policy_dsrid: DSR-1
     24 + policy_display_id: ruby_third_parties_sentry
     25 + policy_description: Do not send sensitive data to Sentry.
     26 + line_number: 8
     27 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     28 + category_groups:
     29 + - PII
     30 + parent_line_number: 8
     31 + parent_content: 'scope.set_context(''email'', { email: user.email })'
     32 + 
     33 + 
     34 +--
     35 + 
     36 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_set_extra.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_sentry
     5 + policy_description: Do not send sensitive data to Sentry.
     6 + line_number: 2
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 2
     11 + parent_content: scope.set_extra(:email, user.email)
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_sentry
     15 + policy_description: Do not send sensitive data to Sentry.
     16 + line_number: 6
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 6
     21 + parent_content: scope.set_extra(:email, user.email)
     22 + 
     23 + 
     24 +--
     25 + 
     26 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_set_extras.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_sentry
     5 + policy_description: Do not send sensitive data to Sentry.
     6 + line_number: 1
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 1
     11 + parent_content: 'Sentry.set_extras(email: user.email)'
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_sentry
     15 + policy_description: Do not send sensitive data to Sentry.
     16 + line_number: 4
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 4
     21 + parent_content: 'scope.set_extras(email: user.email)'
     22 + - policy_name: ""
     23 + policy_dsrid: DSR-1
     24 + policy_display_id: ruby_third_parties_sentry
     25 + policy_description: Do not send sensitive data to Sentry.
     26 + line_number: 8
     27 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     28 + category_groups:
     29 + - PII
     30 + parent_line_number: 8
     31 + parent_content: 'scope.set_extras(email: user.email)'
     32 + 
     33 + 
     34 +--
     35 + 
     36 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_set_tag.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_sentry
     5 + policy_description: Do not send sensitive data to Sentry.
     6 + line_number: 2
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 2
     11 + parent_content: scope.set_tag(:email, user.email)
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_sentry
     15 + policy_description: Do not send sensitive data to Sentry.
     16 + line_number: 6
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 6
     21 + parent_content: scope.set_tag(:email, user.email)
     22 + 
     23 + 
     24 +--
     25 + 
     26 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_set_tags.rb
     1 +critical:
     2 + - policy_name: ""
     3 + policy_dsrid: DSR-1
     4 + policy_display_id: ruby_third_parties_sentry
     5 + policy_description: Do not send sensitive data to Sentry.
     6 + line_number: 1
     7 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     8 + category_groups:
     9 + - PII
     10 + parent_line_number: 1
     11 + parent_content: 'Sentry.set_tags(email: user.email)'
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_sentry
     15 + policy_description: Do not send sensitive data to Sentry.
     16 + line_number: 4
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 4
     21 + parent_content: 'scope.set_tags(email: user.email)'
     22 + - policy_name: ""
     23 + policy_dsrid: DSR-1
     24 + policy_display_id: ruby_third_parties_sentry
     25 + policy_description: Do not send sensitive data to Sentry.
     26 + line_number: 8
     27 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     28 + category_groups:
     29 + - PII
     30 + parent_line_number: 8
     31 + parent_content: 'scope.set_tags(email: user.email)'
     32 + 
     33 + 
     34 +--
     35 + 
     36 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentrySummary-summary_ruby_third_parties_sentry_datatype_in_set_user.rb
    skipped 8 lines
    9 9   - PII
    10 10   parent_line_number: 3
    11 11   parent_content: 'Sentry.set_user(email: user.email)'
     12 + - policy_name: ""
     13 + policy_dsrid: DSR-1
     14 + policy_display_id: ruby_third_parties_sentry
     15 + policy_description: Do not send sensitive data to Sentry.
     16 + line_number: 6
     17 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     18 + category_groups:
     19 + - PII
     20 + parent_line_number: 6
     21 + parent_content: 'scope.set_user(email: user.email)'
     22 + - policy_name: ""
     23 + policy_dsrid: DSR-1
     24 + policy_display_id: ruby_third_parties_sentry
     25 + policy_description: Do not send sensitive data to Sentry.
     26 + line_number: 10
     27 + filename: pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
     28 + category_groups:
     29 + - PII
     30 + parent_line_number: 10
     31 + parent_content: 'scope.set_user(email: user.email)'
    12 32   
    13 33   
    14 34  --
    skipped 2 lines
  • ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_capture_message.rb
     1 +Sentry.capture_message("test: #{user.email}")
     2 +Sentry.capture_message("test", extra: { email: user.email })
     3 +Sentry.capture_message("test", tags: { email: user.email })
     4 +Sentry.capture_message("test", user: { email: user.email })
     5 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_context.rb
     1 +Sentry.set_context('email', { email: user.email })
     2 + 
     3 +Sentry.configure_scope do |scope|
     4 + scope.set_context('email', { email: user.email })
     5 +end
     6 + 
     7 +Sentry.with_scope do |scope|
     8 + scope.set_context('email', { email: user.email })
     9 +end
     10 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extra.rb
     1 +Sentry.configure_scope do |scope|
     2 + scope.set_extra(:email, user.email)
     3 +end
     4 + 
     5 +Sentry.with_scope do |scope|
     6 + scope.set_extra(:email, user.email)
     7 +end
     8 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_extras.rb
     1 +Sentry.set_extras(email: user.email)
     2 + 
     3 +Sentry.configure_scope do |scope|
     4 + scope.set_extras(email: user.email)
     5 +end
     6 + 
     7 +Sentry.with_scope do |scope|
     8 + scope.set_extras(email: user.email)
     9 +end
     10 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tag.rb
     1 +Sentry.configure_scope do |scope|
     2 + scope.set_tag(:email, user.email)
     3 +end
     4 + 
     5 +Sentry.with_scope do |scope|
     6 + scope.set_tag(:email, user.email)
     7 +end
     8 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_tags.rb
     1 +Sentry.set_tags(email: user.email)
     2 + 
     3 +Sentry.configure_scope do |scope|
     4 + scope.set_tags(email: user.email)
     5 +end
     6 + 
     7 +Sentry.with_scope do |scope|
     8 + scope.set_tags(email: user.email)
     9 +end
     10 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/datatype_in_set_user.rb
    skipped 1 lines
    2 2  # https://docs.sentry.io/platforms/ruby/guides/rails/enriching-events/identify-user/
    3 3  Sentry.set_user(email: user.email)
    4 4   
     5 +Sentry.configure_scope do |scope|
     6 + scope.set_user(email: user.email)
     7 +end
     8 + 
     9 +Sentry.with_scope do |scope|
     10 + scope.set_user(email: user.email)
     11 +end
     12 + 
  • ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/ok_datatype_ignored.rb
    1 1  Sentry::Breadcrumb.new(
    2 2   category: "auth",
    3  - message: "user has authenticated #{current_user.id}",
     3 + message: "user has authenticated #{current_user.user_id}",
    4 4   level: "info"
    5 5  )
    6 6   
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry/testdata/ok_no_datatype.rb
    skipped 3 lines
    4 4   level: "info"
    5 5  )
    6 6   
     7 +Sentry.capture_message("test")
     8 + 
     9 +Sentry.init do |config|
     10 + config.before_breadcrumb = lambda do |breadcrumb, hint|
     11 + breadcrumb
     12 + end
     13 +end
     14 + 
     15 +Sentry.set_context(something: "hey")
     16 +Sentry.set_extras(something: "hey")
     17 +Sentry.set_tags(something: "hey")
     18 +Sentry.set_user(something: "hey")
     19 + 
     20 +Sentry.configure_scope do |scope|
     21 + scope.set_context('something', { hey: "there" })
     22 + scope.set_extra('something', "hey")
     23 + scope.set_extras(something: "hey")
     24 + scope.set_tag('something', "hey")
     25 + scope.set_tags(something: "hey")
     26 + scope.set_user(something: "hey")
     27 +end
     28 + 
     29 +Sentry.with_scope do |scope|
     30 + scope.set_context('something', { hey: "there" })
     31 + scope.set_extra('something', "hey")
     32 + scope.set_extras(something: "hey")
     33 + scope.set_tag('something', "hey")
     34 + scope.set_tags(something: "hey")
     35 + scope.set_user(something: "hey")
     36 +end
     37 + 
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules/ruby/third_parties/sentry.yml
    skipped 5 lines
    6 6   - variable: DATA_TYPE
    7 7   detection: datatype
    8 8   - pattern: |
     9 + Sentry.capture_message($<...>$<DATA_TYPE>$<...>)
     10 + filters:
     11 + - variable: DATA_TYPE
     12 + detection: datatype
     13 + - pattern: |
    9 14   Sentry.init do |$<CONFIG:identifier>|
    10 15   $<CONFIG>.before_breadcrumb = lambda do |$<BREADCRUMB:identifier>, $<_:identifier>|
    11  - $<BREADCRUMB>.message = $<DATA_TYPE>
     16 + $<!>$<BREADCRUMB>.message = $<DATA_TYPE>
    12 17   end
    13 18   end
    14 19   filters:
    15 20   - variable: DATA_TYPE
    16 21   detection: datatype
    17 22   - pattern: |
     23 + Sentry.set_context($<_>, $<...>$<DATA_TYPE>$<...>)
     24 + filters:
     25 + - variable: DATA_TYPE
     26 + detection: datatype
     27 + - pattern: |
     28 + Sentry.configure_scope do |$<SCOPE:identifier>|
     29 + $<!>$<SCOPE>.set_context($<_>, $<...>$<DATA_TYPE>$<...>)
     30 + end
     31 + filters:
     32 + - variable: DATA_TYPE
     33 + detection: datatype
     34 + - pattern: |
     35 + Sentry.with_scope do |$<SCOPE:identifier>|
     36 + $<!>$<SCOPE>.set_context($<_>, $<...>$<DATA_TYPE>$<...>)
     37 + end
     38 + filters:
     39 + - variable: DATA_TYPE
     40 + detection: datatype
     41 + - pattern: |
     42 + Sentry.configure_scope do |$<SCOPE:identifier>|
     43 + $<!>$<SCOPE>.set_extra($<_>, $<DATA_TYPE>)
     44 + end
     45 + filters:
     46 + - variable: DATA_TYPE
     47 + detection: datatype
     48 + - pattern: |
     49 + Sentry.with_scope do |$<SCOPE:identifier>|
     50 + $<!>$<SCOPE>.set_extra($<_>, $<DATA_TYPE>)
     51 + end
     52 + filters:
     53 + - variable: DATA_TYPE
     54 + detection: datatype
     55 + - pattern: |
     56 + Sentry.set_extras($<...>$<DATA_TYPE>$<...>)
     57 + filters:
     58 + - variable: DATA_TYPE
     59 + detection: datatype
     60 + - pattern: |
     61 + Sentry.configure_scope do |$<SCOPE:identifier>|
     62 + $<!>$<SCOPE>.set_extras($<...>$<DATA_TYPE>$<...>)
     63 + end
     64 + filters:
     65 + - variable: DATA_TYPE
     66 + detection: datatype
     67 + - pattern: |
     68 + Sentry.with_scope do |$<SCOPE:identifier>|
     69 + $<!>$<SCOPE>.set_extras($<...>$<DATA_TYPE>$<...>)
     70 + end
     71 + filters:
     72 + - variable: DATA_TYPE
     73 + detection: datatype
     74 + - pattern: |
     75 + Sentry.configure_scope do |$<SCOPE:identifier>|
     76 + $<!>$<SCOPE>.set_tag($<_>, $<DATA_TYPE>)
     77 + end
     78 + filters:
     79 + - variable: DATA_TYPE
     80 + detection: datatype
     81 + - pattern: |
     82 + Sentry.with_scope do |$<SCOPE:identifier>|
     83 + $<!>$<SCOPE>.set_tag($<_>, $<DATA_TYPE>)
     84 + end
     85 + filters:
     86 + - variable: DATA_TYPE
     87 + detection: datatype
     88 + - pattern: |
     89 + Sentry.set_tags($<...>$<DATA_TYPE>$<...>)
     90 + filters:
     91 + - variable: DATA_TYPE
     92 + detection: datatype
     93 + - pattern: |
     94 + Sentry.configure_scope do |$<SCOPE:identifier>|
     95 + $<!>$<SCOPE>.set_tags($<...>$<DATA_TYPE>$<...>)
     96 + end
     97 + filters:
     98 + - variable: DATA_TYPE
     99 + detection: datatype
     100 + - pattern: |
     101 + Sentry.with_scope do |$<SCOPE:identifier>|
     102 + $<!>$<SCOPE>.set_tags($<...>$<DATA_TYPE>$<...>)
     103 + end
     104 + filters:
     105 + - variable: DATA_TYPE
     106 + detection: datatype
     107 + - pattern: |
    18 108   Sentry.set_user($<...>$<DATA_TYPE>$<...>)
     109 + filters:
     110 + - variable: DATA_TYPE
     111 + detection: datatype
     112 + - pattern: |
     113 + Sentry.configure_scope do |$<SCOPE:identifier>|
     114 + $<!>$<SCOPE>.set_user($<...>$<DATA_TYPE>$<...>)
     115 + end
     116 + filters:
     117 + - variable: DATA_TYPE
     118 + detection: datatype
     119 + - pattern: |
     120 + Sentry.with_scope do |$<SCOPE:identifier>|
     121 + $<!>$<SCOPE>.set_user($<...>$<DATA_TYPE>$<...>)
     122 + end
    19 123   filters:
    20 124   - variable: DATA_TYPE
    21 125   detection: datatype
    skipped 25 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/rules.go
     1 +package settings
     2 + 
     3 +import (
     4 + "fmt"
     5 + "io/fs"
     6 + "os"
     7 + "path/filepath"
     8 + "strings"
     9 + 
     10 + "github.com/bearer/curio/pkg/flag"
     11 + "gopkg.in/yaml.v3"
     12 +)
     13 + 
     14 +func loadRules(externalRuleDirs []string, options flag.RuleOptions) (map[string]*Rule, error) {
     15 + definitions := make(map[string]RuleDefinition)
     16 + 
     17 + if err := loadRuleDefinitions(definitions, rulesFs); err != nil {
     18 + return nil, fmt.Errorf("error loading default rules: %w", err)
     19 + }
     20 + 
     21 + for _, dir := range externalRuleDirs {
     22 + if err := loadRuleDefinitions(definitions, os.DirFS(dir)); err != nil {
     23 + return nil, fmt.Errorf("error loading external rules from %s: %w", dir, err)
     24 + }
     25 + }
     26 + 
     27 + if err := validateRuleOptionIDs(options, definitions); err != nil {
     28 + return nil, err
     29 + }
     30 + 
     31 + enabledRules := getEnabledRules(options, definitions)
     32 + 
     33 + return buildRules(definitions, enabledRules), nil
     34 +}
     35 + 
     36 +func loadRuleDefinitions(definitions map[string]RuleDefinition, dir fs.FS) error {
     37 + return fs.WalkDir(dir, ".", func(path string, dirEntry fs.DirEntry, err error) error {
     38 + if err != nil {
     39 + return err
     40 + }
     41 + 
     42 + if dirEntry.IsDir() {
     43 + return nil
     44 + }
     45 + 
     46 + filename := dirEntry.Name()
     47 + ext := filepath.Ext(filename)
     48 + 
     49 + if ext != ".yaml" && ext != ".yml" {
     50 + return nil
     51 + }
     52 + 
     53 + entry, err := fs.ReadFile(dir, path)
     54 + if err != nil {
     55 + return fmt.Errorf("failed to read file %s: %w", path, err)
     56 + }
     57 + 
     58 + var ruleDefinition RuleDefinition
     59 + err = yaml.Unmarshal(entry, &ruleDefinition)
     60 + if err != nil {
     61 + return fmt.Errorf("failed to unmarshal rule %s: %w", path, err)
     62 + }
     63 + 
     64 + id := ruleDefinition.Metadata.ID
     65 + 
     66 + if _, exists := definitions[id]; exists {
     67 + return fmt.Errorf("duplicate rule ID %s", id)
     68 + }
     69 + 
     70 + definitions[id] = ruleDefinition
     71 + 
     72 + return nil
     73 + })
     74 +}
     75 + 
     76 +func validateRuleOptionIDs(options flag.RuleOptions, definitions map[string]RuleDefinition) error {
     77 + var invalidRuleIDs []string
     78 + 
     79 + for id := range options.OnlyRule {
     80 + if _, exists := definitions[id]; !exists {
     81 + invalidRuleIDs = append(invalidRuleIDs, id)
     82 + }
     83 + }
     84 + 
     85 + for id := range options.SkipRule {
     86 + if _, exists := definitions[id]; !exists {
     87 + invalidRuleIDs = append(invalidRuleIDs, id)
     88 + }
     89 + }
     90 + 
     91 + if len(invalidRuleIDs) > 0 {
     92 + return fmt.Errorf("invalid rule IDs in only/skip option: %s", strings.Join(invalidRuleIDs, ","))
     93 + }
     94 + 
     95 + return nil
     96 +}
     97 + 
     98 +func getEnabledRules(options flag.RuleOptions, definitions map[string]RuleDefinition) map[string]struct{} {
     99 + enabledRules := make(map[string]struct{})
     100 + 
     101 + for _, definition := range definitions {
     102 + id := definition.Metadata.ID
     103 + 
     104 + if definition.Disabled {
     105 + continue
     106 + }
     107 + 
     108 + if len(options.OnlyRule) > 0 && !options.OnlyRule[id] {
     109 + continue
     110 + }
     111 + 
     112 + if options.SkipRule[id] {
     113 + continue
     114 + }
     115 + 
     116 + enabledRules[id] = struct{}{}
     117 + 
     118 + for _, dependencyID := range definition.Detectors {
     119 + enabledRules[dependencyID] = struct{}{}
     120 + }
     121 + }
     122 + 
     123 + return enabledRules
     124 +}
     125 + 
     126 +func buildRules(definitions map[string]RuleDefinition, enabledRules map[string]struct{}) map[string]*Rule {
     127 + rules := make(map[string]*Rule)
     128 + 
     129 + for _, definition := range definitions {
     130 + id := definition.Metadata.ID
     131 + 
     132 + if _, enabled := enabledRules[id]; !enabled {
     133 + continue
     134 + }
     135 + 
     136 + rules[id] = &Rule{
     137 + Id: id,
     138 + Type: definition.Type,
     139 + Trigger: definition.Trigger,
     140 + OmitParentContent: definition.OmitParentContent,
     141 + SkipDataTypes: definition.SkipDataTypes,
     142 + OnlyDataTypes: definition.OnlyDataTypes,
     143 + Severity: definition.Severity,
     144 + Description: definition.Metadata.Description,
     145 + RemediationMessage: definition.Metadata.RemediationMessage,
     146 + Stored: definition.Stored,
     147 + Detectors: definition.Detectors,
     148 + Processors: definition.Processors,
     149 + AutoEncrytPrefix: definition.AutoEncrytPrefix,
     150 + DSRID: definition.Metadata.DSRID,
     151 + Languages: definition.Languages,
     152 + ParamParenting: definition.ParamParenting,
     153 + Patterns: definition.Patterns,
     154 + DetectPresence: definition.DetectPresence,
     155 + }
     156 + 
     157 + for _, auxiliaryDefinition := range definition.Auxiliary {
     158 + rules[auxiliaryDefinition.Id] = &Rule{
     159 + Type: auxiliaryDefinition.Type,
     160 + Languages: auxiliaryDefinition.Languages,
     161 + ParamParenting: auxiliaryDefinition.ParamParenting,
     162 + Patterns: auxiliaryDefinition.Patterns,
     163 + Stored: auxiliaryDefinition.Stored,
     164 + DetectPresence: auxiliaryDefinition.DetectPresence,
     165 + OmitParent: auxiliaryDefinition.OmitParent,
     166 + }
     167 + }
     168 + }
     169 + 
     170 + return rules
     171 +}
     172 + 
  • ■ ■ ■ ■ ■
    pkg/commands/process/settings/settings.go
    skipped 2 lines
    3 3  import (
    4 4   "embed"
    5 5   "fmt"
    6  - "path/filepath"
    7  - "strings"
    8 6   
    9 7   "github.com/rs/zerolog/log"
    10 8   "gopkg.in/yaml.v2"
    skipped 61 lines
    72 70  }
    73 71   
    74 72  type Auxiliary struct {
    75  - Id string `mapstructure:"id" json:"id" yaml:"id"`
    76  - Type string `mapstructure:"type" json:"type" yaml:"type"`
    77  - Languages []string `mapstructure:"languages" json:"languages" yaml:"languages"`
    78  - ParamParenting bool `mapstructure:"param_parenting" json:"param_parenting" yaml:"param_parenting"`
    79  - Patterns []RulePattern `mapstructure:"patterns" json:"patterns" yaml:"patterns"`
     73 + Id string `mapstructure:"id" json:"id" yaml:"id"`
     74 + Type string `mapstructure:"type" json:"type" yaml:"type"`
     75 + Languages []string `mapstructure:"languages" json:"languages" yaml:"languages"`
     76 + Patterns []RulePattern `mapstructure:"patterns" json:"patterns" yaml:"patterns"`
    80 77   
    81 78   RootSingularize bool `mapstructure:"root_singularize" yaml:"root_singularize" `
    82 79   RootLowercase bool `mapstructure:"root_lowercase" yaml:"root_lowercase"`
    skipped 2 lines
    85 82   Detectors []string `mapstructure:"detectors" json:"detectors,omitempty" yaml:"detectors,omitempty"`
    86 83   Processors []string `mapstructure:"processors" json:"processors,omitempty" yaml:"processors,omitempty"`
    87 84   AutoEncrytPrefix string `mapstructure:"auto_encrypt_prefix" json:"auto_encrypt_prefix,omitempty" yaml:"auto_encrypt_prefix,omitempty"`
    88  - DetectPresence bool `mapstructure:"detect_presence" json:"detect_presence" yaml:"detect_presence"`
    89  - OmitParent bool `mapstructure:"omit_parent" json:"omit_parent,omitempty" yaml:"omit_parent,omitempty"`
     85 + 
     86 + // FIXME: remove after refactor of sql
     87 + ParamParenting bool `mapstructure:"param_parenting" json:"param_parenting" yaml:"param_parenting"`
     88 + DetectPresence bool `mapstructure:"detect_presence" json:"detect_presence" yaml:"detect_presence"`
     89 + OmitParent bool `mapstructure:"omit_parent" json:"omit_parent,omitempty" yaml:"omit_parent,omitempty"`
    90 90  }
    91 91   
    92 92  type Rule struct {
    skipped 5 lines
    98 98   Processors []string `mapstructure:"processors" json:"processors,omitempty" yaml:"processors,omitempty"`
    99 99   Stored bool `mapstructure:"stored" json:"stored,omitempty" yaml:"stored,omitempty"`
    100 100   AutoEncrytPrefix string `mapstructure:"auto_encrypt_prefix" json:"auto_encrypt_prefix,omitempty" yaml:"auto_encrypt_prefix,omitempty"`
    101  - Auxiliary []Auxiliary `mapstructure:"auxiliary" json:"auxiliary" yaml:"auxiliary"`
    102 101   OmitParentContent bool `mapstructure:"omit_parent_content" json:"omit_parent_content,omitempty" yaml:"omit_parent_content,omitempty"`
    103 102   SkipDataTypes []string `mapstructure:"skip_data_types" json:"skip_data_types,omitempty" yaml:"skip_data_types,omitempty"`
    104 103   OnlyDataTypes []string `mapstructure:"only_data_types" json:"only_data_types,omitempty" yaml:"only_data_types,omitempty"`
    skipped 1 lines
    106 105   Description string `mapstructure:"description" json:"description" yaml:"description"`
    107 106   RemediationMessage string `mapstructure:"remediation_message" json:"remediation_messafe" yaml:"remediation_messafe"`
    108 107   DSRID string `mapstructure:"dsr_id" json:"dsr_id" yaml:"dsr_id"`
    109  - Disabled bool `mapstructure:"disabled" json:"disabled" yaml:"disabled"`
    110 108   Languages []string `mapstructure:"languages" json:"languages" yaml:"languages"`
    111  - ParamParenting bool `mapstructure:"param_parenting" json:"param_parenting" yaml:"param_parenting"`
    112 109   Patterns []RulePattern `mapstructure:"patterns" json:"patterns" yaml:"patterns"`
    113 110   
    114 111   // FIXME: remove after refactor of sql
    115 112   Metavars map[string]MetaVar `mapstructure:"metavars" json:"metavars" yaml:"metavars"`
     113 + ParamParenting bool `mapstructure:"param_parenting" json:"param_parenting" yaml:"param_parenting"`
    116 114   DetectPresence bool `mapstructure:"detect_presence" json:"detect_presence" yaml:"detect_presence"`
    117 115   OmitParent bool `mapstructure:"omit_parent" json:"omit_parent" yaml:"omit_parent"`
    118 116  }
    skipped 47 lines
    166 164   
    167 165  func FromOptions(opts flag.Options) (Config, error) {
    168 166   policies := DefaultPolicies()
    169  - rules := defaultRules()
    170 167   
    171  - externalRules, err := LoadExternalRules(opts.ExternalRuleDir)
     168 + rules, err := loadRules(opts.ExternalRuleDir, opts.RuleOptions)
    172 169   if err != nil {
    173  - return Config{}, fmt.Errorf("failed to load external rules %w", err)
    174  - }
    175  - 
    176  - for ruleName, rule := range externalRules {
    177  - _, ok := rules[ruleName]
    178  - if ok {
    179  - return Config{}, fmt.Errorf("tried to overwrite default rules %s with external rule", ruleName)
    180  - }
    181  - 
    182  - rules[ruleName] = &rule
     170 + return Config{}, err
    183 171   }
    184 172   
    185 173   for key := range policies {
    skipped 10 lines
    196 184   }
    197 185   }
    198 186   
    199  - // Rule options
    200  - onlyRule := opts.RuleOptions.OnlyRule
    201  - skipRule := opts.RuleOptions.SkipRule
    202  - 
    203  - // validate policy options - raise error if invalid DSW code given
    204  - var invalidRuleIds []string
    205  - for key := range onlyRule {
    206  - if rules[key] == nil {
    207  - invalidRuleIds = append(invalidRuleIds, key)
    208  - }
    209  - }
    210  - 
    211  - for key := range skipRule {
    212  - if rules[key] == nil {
    213  - invalidRuleIds = append(invalidRuleIds, key)
    214  - }
    215  - }
    216  - 
    217  - if len(invalidRuleIds) > 0 {
    218  - return Config{}, fmt.Errorf("unknown rule IDs %s", invalidRuleIds)
    219  - }
    220  - 
    221  - // apply policy options
    222  - for key := range rules {
    223  - rule := rules[key]
    224  - if len(onlyRule) > 0 && !onlyRule[rule.Id] {
    225  - delete(rules, key)
    226  - continue
    227  - }
    228  - 
    229  - if skipRule[rule.Id] {
    230  - delete(rules, key)
    231  - continue
    232  - }
    233  - }
    234  - 
    235 187   config := Config{
    236 188   Worker: opts.WorkerOptions,
    237 189   Scan: opts.ScanOptions,
    skipped 32 lines
    270 222   }
    271 223   
    272 224   return policies
    273  -}
    274  - 
    275  -func defaultRules() (rules map[string]*Rule) {
    276  - rules = make(map[string]*Rule)
    277  - 
    278  - // loop through rules langs
    279  - langDirs, err := rulesFs.ReadDir("rules")
    280  - if err != nil {
    281  - log.Fatal().Msgf("failed to read rules dir %e", err)
    282  - }
    283  - 
    284  - for _, langDir := range langDirs {
    285  - lang := langDir.Name()
    286  - 
    287  - if filepath.Ext(langDir.Name()) != "" {
    288  - // not a directory; skip it
    289  - continue
    290  - }
    291  - 
    292  - subLangDirs, err := rulesFs.ReadDir("rules/" + lang)
    293  - if err != nil {
    294  - log.Fatal().Msgf("failed to read rules/%s dir %e", lang, err)
    295  - }
    296  - 
    297  - for _, subLangDir := range subLangDirs {
    298  - subLang := subLangDir.Name()
    299  - dirEntries, err := rulesFs.ReadDir("rules/" + lang + "/" + subLang)
    300  - if err != nil {
    301  - log.Fatal().Msgf("failed to read rules/%s/%s dir %e", lang, subLang, err)
    302  - }
    303  - 
    304  - for _, dirEntry := range dirEntries {
    305  - filename := dirEntry.Name()
    306  - ext := filepath.Ext(filename)
    307  - 
    308  - if ext != ".yaml" && ext != ".yml" {
    309  - continue
    310  - }
    311  - 
    312  - entry, err := rulesFs.ReadFile("rules/" + lang + "/" + subLang + "/" + filename)
    313  - if err != nil {
    314  - log.Fatal().Msgf("failed to read rules/%s/%s/%s file %s", lang, subLang, filename, err)
    315  - }
    316  - 
    317  - var ruleDefinition *RuleDefinition
    318  - err = yaml.Unmarshal(entry, &ruleDefinition)
    319  - if err != nil {
    320  - log.Fatal().Msgf("failed to unmarshal rules/%s/%s/%s %s", lang, subLang, filename, err)
    321  - }
    322  - 
    323  - var ruleId string
    324  - var rule Rule
    325  - if subLang == "internal" {
    326  - ruleId = strings.TrimSuffix(filename, ext)
    327  - } else {
    328  - ruleId = ruleDefinition.Metadata.ID
    329  - }
    330  - 
    331  - rule = Rule{
    332  - Id: ruleId,
    333  - Type: ruleDefinition.Type,
    334  - Trigger: ruleDefinition.Trigger,
    335  - OmitParentContent: ruleDefinition.OmitParentContent,
    336  - SkipDataTypes: ruleDefinition.SkipDataTypes,
    337  - OnlyDataTypes: ruleDefinition.OnlyDataTypes,
    338  - Severity: ruleDefinition.Severity,
    339  - Description: ruleDefinition.Metadata.Description,
    340  - RemediationMessage: ruleDefinition.Metadata.RemediationMessage,
    341  - Stored: ruleDefinition.Stored,
    342  - Detectors: ruleDefinition.Detectors,
    343  - Processors: ruleDefinition.Processors,
    344  - AutoEncrytPrefix: ruleDefinition.AutoEncrytPrefix,
    345  - DSRID: ruleDefinition.Metadata.DSRID,
    346  - Disabled: ruleDefinition.Disabled,
    347  - Languages: ruleDefinition.Languages,
    348  - ParamParenting: ruleDefinition.ParamParenting,
    349  - Patterns: ruleDefinition.Patterns,
    350  - DetectPresence: ruleDefinition.DetectPresence,
    351  - }
    352  - 
    353  - for _, auxiliaryRuleDefinition := range ruleDefinition.Auxiliary {
    354  - auxiliaryRule := &Rule{
    355  - Type: auxiliaryRuleDefinition.Type,
    356  - Languages: auxiliaryRuleDefinition.Languages,
    357  - ParamParenting: auxiliaryRuleDefinition.ParamParenting,
    358  - Patterns: auxiliaryRuleDefinition.Patterns,
    359  - Stored: auxiliaryRuleDefinition.Stored,
    360  - DetectPresence: auxiliaryRuleDefinition.DetectPresence,
    361  - OmitParent: auxiliaryRuleDefinition.OmitParent,
    362  - }
    363  - 
    364  - rules[auxiliaryRuleDefinition.Id] = auxiliaryRule
    365  - }
    366  - 
    367  - rules[ruleId] = &rule
    368  - }
    369  - }
    370  - }
    371  - 
    372  - return rules
    373 225  }
    374 226   
    375 227  func ProcessorRegoModuleText(processorName string) (string, error) {
    skipped 19 lines
  • ■ ■ ■ ■ ■ ■
    pkg/detectors/custom/custom.go
    skipped 64 lines
    65 65   detector.rulesGroupedByLang = make(map[string][]config.CompiledRule)
    66 66   
    67 67   for ruleName, rule := range rulesConfig {
    68  - if rule.Disabled {
    69  - continue
    70  - }
    71 68   for _, lang := range rule.Languages {
    72 69   if lang != "sql" {
    73 70   continue
    skipped 397 lines
Please wait...
Page is in error, reload to recover