Skip to content

Commit

Permalink
feat: add datadog rule
Browse files Browse the repository at this point in the history
  • Loading branch information
didroe committed Oct 26, 2023
1 parent 7acdc63 commit c36bb12
Show file tree
Hide file tree
Showing 8 changed files with 715 additions and 0 deletions.
6 changes: 6 additions & 0 deletions rules/php/shared/lang/instance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@ languages:
- php
patterns:
- new $<CLASS>;
- function($<...>$<CLASS> $<!>$$<_>$<...>) {}
- function $<_>($<...>$<CLASS> $<!>$$<_>$<...>) {}
- |
class $<_> {
public function $<_>($<...>$<CLASS> $<!>$<_>$<...>) {}
}
- |
class $<_> {
public function $<_>($<...>$<CLASS> $<!>$<_>$<...>) {}
Expand Down
107 changes: 107 additions & 0 deletions rules/php/third_parties/datadog.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
imports:
- php_shared_lang_datatype
- php_shared_lang_instance
patterns:
- pattern: \DDTrace\$<FUNCTION>($<...>$<DATA_TYPE>$<...>)
filters:
- variable: FUNCTION
values:
- add_global_tag
- add_distributed_tag
- set_user
- variable: DATA_TYPE
detection: php_shared_lang_datatype
scope: result
- pattern: $<SPAN>->$<_> = $<DATA_TYPE>
filters:
- variable: SPAN
detection: php_third_parties_datadog_span
scope: cursor
- variable: DATA_TYPE
detection: php_shared_lang_datatype
scope: result
- pattern: $<SPAN>->$<_>[$<_>] = $<DATA_TYPE>
filters:
- variable: SPAN
detection: php_third_parties_datadog_span
scope: cursor
- variable: DATA_TYPE
detection: php_shared_lang_datatype
scope: result
- pattern: $<SPAN>->setTag($<...>$<DATA_TYPE>$<...>)
filters:
- variable: SPAN
detection: php_third_parties_datadog_span
scope: cursor
- variable: DATA_TYPE
detection: php_shared_lang_datatype
scope: result
languages:
- php
auxiliary:
- id: php_third_parties_datadog_tracer
patterns:
- \DDTrace\GlobalTracer::get()
- id: php_third_parties_datadog_span
patterns:
- \DDTrace\trace_function($<_>, function($<!>$<SPAN>$<...>) {})
- \DDTrace\trace_function($<_>, [$<_> => function($<!>$<SPAN>$<...>) {}])
- \DDTrace\trace_method($<_>, $<_>, function($<!>$<SPAN>$<...>) {})
- \DDTrace\trace_method($<_>, $<_>, [$<_> => function($<!>$<SPAN>$<...>) {}])
- pattern: \DDTrace\$<FUNCTION>()
filters:
- variable: FUNCTION
values:
- active_span
- root_span
- start_span
- start_trace_span
- pattern: $<TRACER>->$<METHOD>()
filters:
- variable: METHOD
values:
- startSpan
- getActiveSpan
- variable: TRACER
detection: php_third_parties_datadog_tracer
scope: cursor
- pattern: $<SCOPE>->getSpan()
filters:
- variable: SCOPE
detection: php_third_parties_datadog_span_scope
scope: cursor
- pattern: $<INSTANCE>;
filters:
- variable: INSTANCE
detection: php_shared_lang_instance
scope: cursor_strict
filters:
- variable: CLASS
regex: \A(\\?DDTrace\\)?SpanData\z
- id: php_third_parties_datadog_span_scope
patterns:
- pattern: $<TRACER>->startActiveSpan()
filters:
- variable: TRACER
detection: php_third_parties_datadog_tracer
scope: cursor
skip_data_types:
- "Unique Identifier"
metadata:
description: "Sensitive data sent to Datadog detected."
remediation_message: |
## Description
Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.
## Remediations
When logging errors or events, ensure all sensitive data is removed.
## Resources
- [Datadog docs](https://docs.datadoghq.com)
- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)
cwe_id:
- 201
associated_recipe: Datadog
id: php_third_parties_datadog
documentation_url: https://docs.bearer.com/reference/rules/php_third_parties_datadog
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,74 @@ exports[`php_lang_xml_external_entity_vulnerability shared_instance 1`] = `
"fingerprint": "2e1892d145b5cb527043784fa089ab30_0",
"old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_0",
"code_extract": " $e->XML($userInput, $encoding, $flags);"
},
{
"cwe_ids": [
"611"
],
"id": "php_lang_xml_external_entity_vulnerability",
"title": "XML External Entity vulnerability detected.",
"description": "## Description\\nAvoid parsing untrusted data as XML. Such data could include URIs that resolve to resources that are outside of the current context, leading to XML External Entity (XXE) injection.\\n\\n## Remediations\\n❌ Do not enable parsing of external entities.\\n\\nFor LibXML, for example, do not set the \`LIBXML_NOENT\` flag.\\n\\n## Resources\\n- [OWASP XML External Entity (XXE) prevention cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)\\n",
"documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xml_external_entity_vulnerability",
"line_number": 17,
"full_filename": "/tmp/bearer-scan/shared_instance.php",
"filename": ".",
"source": {
"start": 17,
"end": 17,
"column": {
"start": 3,
"end": 41
}
},
"sink": {
"start": 17,
"end": 17,
"column": {
"start": 3,
"end": 41
},
"content": "$r->XML($userInput, $encoding, $flags)"
},
"parent_line_number": 17,
"snippet": "$r->XML($userInput, $encoding, $flags)",
"fingerprint": "2e1892d145b5cb527043784fa089ab30_1",
"old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_1",
"code_extract": " $r->XML($userInput, $encoding, $flags);"
},
{
"cwe_ids": [
"611"
],
"id": "php_lang_xml_external_entity_vulnerability",
"title": "XML External Entity vulnerability detected.",
"description": "## Description\\nAvoid parsing untrusted data as XML. Such data could include URIs that resolve to resources that are outside of the current context, leading to XML External Entity (XXE) injection.\\n\\n## Remediations\\n❌ Do not enable parsing of external entities.\\n\\nFor LibXML, for example, do not set the \`LIBXML_NOENT\` flag.\\n\\n## Resources\\n- [OWASP XML External Entity (XXE) prevention cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)\\n",
"documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xml_external_entity_vulnerability",
"line_number": 21,
"full_filename": "/tmp/bearer-scan/shared_instance.php",
"filename": ".",
"source": {
"start": 21,
"end": 21,
"column": {
"start": 3,
"end": 41
}
},
"sink": {
"start": 21,
"end": 21,
"column": {
"start": 3,
"end": 41
},
"content": "$r->XML($userInput, $encoding, $flags)"
},
"parent_line_number": 21,
"snippet": "$r->XML($userInput, $encoding, $flags)",
"fingerprint": "2e1892d145b5cb527043784fa089ab30_2",
"old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_2",
"code_extract": " $r->XML($userInput, $encoding, $flags);"
}
]
}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,11 @@
} catch (FooError $f) {
} finally {
}

function ($f, XMLReader $r) {
$r->XML($userInput, $encoding, $flags);
}

function foo($f, XMLReader $r) {
$r->XML($userInput, $encoding, $flags);
}
Loading

0 comments on commit c36bb12

Please sign in to comment.