Merge pull request #491 from Privado-Inc/dev

Release PR
Privado-Inc · Jul 22, 2024 · ab0fedd · ab0fedd
2 parents 7f1004c + 3fed4bf
commit ab0fedd
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 12 deletions.
diff --git a/config/systemConfig/default.yaml b/config/systemConfig/default.yaml
@@ -13,9 +13,3 @@ systemConfig:
 
   - key: maxCharLimit
     value: "1000"
-
-  - key: dataflowElementInPathLimit
-    value: "-1"
-
-  - key: dataflowSourceSinkPairPathLimit
-    value: "-1"
diff --git a/rules/sinks/leakages/logs/java.yaml b/rules/sinks/leakages/logs/java.yaml
@@ -3,25 +3,25 @@ sinks:
   - id: Leakages.Log.Error
     name: Log Error
     patterns:
-      - "(?i)(?:org.slf4j.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(?:wtf|error|severe|fatal|[.]e[:]).*"
+      - "(?i)(?:org.slf4j.Logger|org.blueshift.logger.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(?:wtf|error|severe|fatal|[.]e[:]).*"
     tags:
 
   - id: Leakages.Log.Warn
     name: Log Warn
     patterns:
-      - "(?i)(?:org.slf4j.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(warn|warning|[.]w[:]).*"
+      - "(?i)(?:org.slf4j.Logger|org.blueshift.logger.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(warn|warning|[.]w[:]).*"
     tags:
 
   - id: Leakages.Log.Debug
     name: Log Debug
     patterns:
-      - "(?i)(?:org.slf4j.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(debug|trace|[.](log|d|v|t)[:]).*"
+      - "(?i)(?:org.slf4j.Logger|org.blueshift.logger.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(debug|trace|[.](log|d|v|t)[:]).*"
     tags:
 
   - id: Leakages.Log.Info
     name: Log Info
     patterns:
-      - "(?i)(?:org.slf4j.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|java.util.logging|ch.qos.logback|timber.log.Timber|android.util.Log).*(info|[.]i[:]).*"
+      - "(?i)(?:org.slf4j.Logger|org.blueshift.logger.Logger|org.apache.(logging.log4j|commons.logging.Log)|org.tinylog.Logger|java.util.logging|ch.qos.logback|timber.log.Timber|android.util.Log).*(info|[.]i[:]).*"
     tags:
 
   - id: Leakages.Log.Console

diff --git a/rules/sinks/third_parties/sdk/intuit/javascript.yaml b/rules/sinks/third_parties/sdk/intuit/javascript.yaml
@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Intuit.Quickbooks
+    name: Intuit QuickBooks
+    domains:
+      - "intuit.com"
+    patterns:
+      - "(?i)(node-quickbooks).*"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/taxjar/java.yaml b/rules/sinks/third_parties/sdk/taxjar/java.yaml
@@ -0,0 +1,12 @@
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Taxjar
+    name: Taxjar
+    domains:
+      - "taxjar.com"
+    patterns:
+      - "(?i)(com.taxjar.*)"
+    tags:
diff --git a/rules/sinks/third_parties/sdk/twilio/java.yaml b/rules/sinks/third_parties/sdk/twilio/java.yaml
@@ -9,5 +9,5 @@ sinks:
     domains:
       - "twilio.com"
     patterns:
-      - "(?i)(com[.]twilio.*(sdk|http|rest|base|security|twiml|Twilio|connect|disconnect|release|initialize|getState|createDevice))|(com[.]authy).*"
+      - "(?i)(com[.]twilio.*(sdk|http|rest|base|security|twiml|Twilio|connect|disconnect|release|initialize|getState|createDevice).*)|(com[.]authy).*"
     tags:
diff --git a/rules/sinks/third_parties/sdk/twilio/javascript.yaml b/rules/sinks/third_parties/sdk/twilio/javascript.yaml
@@ -9,5 +9,5 @@ sinks:
     domains:
       - "twilio.com"
     patterns:
-      - "@sendgrid\\/design-primitives"
+      - "@sendgrid\\/design-primitives|twilio"
     tags:
diff --git a/rules/sinks/third_parties/sdk/xero/javascript.yaml b/rules/sinks/third_parties/sdk/xero/javascript.yaml
@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Xero
+    name: Xero
+    domains:
+      - "xero.com"
+    patterns:
+      - "(?i)(xero-node).*"
+    tags: