diff --git a/rules/php/shared/lang/instance.yml b/rules/php/shared/lang/instance.yml index c940b8eb7..2ccdbe4ca 100644 --- a/rules/php/shared/lang/instance.yml +++ b/rules/php/shared/lang/instance.yml @@ -3,6 +3,12 @@ languages: - php patterns: - new $; + - function($<...>$ $$$<_>$<...>) {} + - function $<_>($<...>$ $$$<_>$<...>) {} + - | + class $<_> { + public function $<_>($<...>$ $$<_>$<...>) {} + } - | class $<_> { public function $<_>($<...>$ $$<_>$<...>) {} diff --git a/rules/php/third_parties/datadog.yml b/rules/php/third_parties/datadog.yml new file mode 100644 index 000000000..9d54e02a7 --- /dev/null +++ b/rules/php/third_parties/datadog.yml @@ -0,0 +1,107 @@ +imports: + - php_shared_lang_datatype + - php_shared_lang_instance +patterns: + - pattern: \DDTrace\$($<...>$$<...>) + filters: + - variable: FUNCTION + values: + - add_global_tag + - add_distributed_tag + - set_user + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: $->$<_> = $ + filters: + - variable: SPAN + detection: php_third_parties_datadog_span + scope: cursor + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: $->$<_>[$<_>] = $ + filters: + - variable: SPAN + detection: php_third_parties_datadog_span + scope: cursor + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: $->setTag($<...>$$<...>) + filters: + - variable: SPAN + detection: php_third_parties_datadog_span + scope: cursor + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result +languages: + - php +auxiliary: + - id: php_third_parties_datadog_tracer + patterns: + - \DDTrace\GlobalTracer::get() + - id: php_third_parties_datadog_span + patterns: + - \DDTrace\trace_function($<_>, function($$$<...>) {}) + - \DDTrace\trace_function($<_>, [$<_> => function($$$<...>) {}]) + - \DDTrace\trace_method($<_>, $<_>, function($$$<...>) {}) + - \DDTrace\trace_method($<_>, $<_>, [$<_> => function($$$<...>) {}]) + - pattern: \DDTrace\$() + filters: + - variable: FUNCTION + values: + - active_span + - root_span + - start_span + - start_trace_span + - pattern: $->$() + filters: + - variable: METHOD + values: + - startSpan + - getActiveSpan + - variable: TRACER + detection: php_third_parties_datadog_tracer + scope: cursor + - pattern: $->getSpan() + filters: + - variable: SCOPE + detection: php_third_parties_datadog_span_scope + scope: cursor + - pattern: $; + filters: + - variable: INSTANCE + detection: php_shared_lang_instance + scope: cursor_strict + filters: + - variable: CLASS + regex: \A(\\?DDTrace\\)?SpanData\z + - id: php_third_parties_datadog_span_scope + patterns: + - pattern: $->startActiveSpan() + filters: + - variable: TRACER + detection: php_third_parties_datadog_tracer + scope: cursor +skip_data_types: + - "Unique Identifier" +metadata: + description: "Sensitive data sent to Datadog detected." + remediation_message: | + ## Description + Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog. + + ## Remediations + + When logging errors or events, ensure all sensitive data is removed. + + ## Resources + - [Datadog docs](https://docs.datadoghq.com) + - [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans) + cwe_id: + - 201 + associated_recipe: Datadog + id: php_third_parties_datadog + documentation_url: https://docs.bearer.com/reference/rules/php_third_parties_datadog diff --git a/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap b/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap index 27fe1dc94..0402cb296 100644 --- a/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap +++ b/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap @@ -249,6 +249,74 @@ exports[`php_lang_xml_external_entity_vulnerability shared_instance 1`] = ` "fingerprint": "2e1892d145b5cb527043784fa089ab30_0", "old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_0", "code_extract": " $e->XML($userInput, $encoding, $flags);" + }, + { + "cwe_ids": [ + "611" + ], + "id": "php_lang_xml_external_entity_vulnerability", + "title": "XML External Entity vulnerability detected.", + "description": "## Description\\nAvoid parsing untrusted data as XML. Such data could include URIs that resolve to resources that are outside of the current context, leading to XML External Entity (XXE) injection.\\n\\n## Remediations\\n❌ Do not enable parsing of external entities.\\n\\nFor LibXML, for example, do not set the \`LIBXML_NOENT\` flag.\\n\\n## Resources\\n- [OWASP XML External Entity (XXE) prevention cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xml_external_entity_vulnerability", + "line_number": 17, + "full_filename": "/tmp/bearer-scan/shared_instance.php", + "filename": ".", + "source": { + "start": 17, + "end": 17, + "column": { + "start": 3, + "end": 41 + } + }, + "sink": { + "start": 17, + "end": 17, + "column": { + "start": 3, + "end": 41 + }, + "content": "$r->XML($userInput, $encoding, $flags)" + }, + "parent_line_number": 17, + "snippet": "$r->XML($userInput, $encoding, $flags)", + "fingerprint": "2e1892d145b5cb527043784fa089ab30_1", + "old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_1", + "code_extract": " $r->XML($userInput, $encoding, $flags);" + }, + { + "cwe_ids": [ + "611" + ], + "id": "php_lang_xml_external_entity_vulnerability", + "title": "XML External Entity vulnerability detected.", + "description": "## Description\\nAvoid parsing untrusted data as XML. Such data could include URIs that resolve to resources that are outside of the current context, leading to XML External Entity (XXE) injection.\\n\\n## Remediations\\n❌ Do not enable parsing of external entities.\\n\\nFor LibXML, for example, do not set the \`LIBXML_NOENT\` flag.\\n\\n## Resources\\n- [OWASP XML External Entity (XXE) prevention cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xml_external_entity_vulnerability", + "line_number": 21, + "full_filename": "/tmp/bearer-scan/shared_instance.php", + "filename": ".", + "source": { + "start": 21, + "end": 21, + "column": { + "start": 3, + "end": 41 + } + }, + "sink": { + "start": 21, + "end": 21, + "column": { + "start": 3, + "end": 41 + }, + "content": "$r->XML($userInput, $encoding, $flags)" + }, + "parent_line_number": 21, + "snippet": "$r->XML($userInput, $encoding, $flags)", + "fingerprint": "2e1892d145b5cb527043784fa089ab30_2", + "old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_2", + "code_extract": " $r->XML($userInput, $encoding, $flags);" } ] }" diff --git a/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php b/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php index 8e77dfd94..3cdcff4cd 100644 --- a/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php +++ b/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php @@ -12,3 +12,11 @@ } catch (FooError $f) { } finally { } + +function ($f, XMLReader $r) { + $r->XML($userInput, $encoding, $flags); +} + +function foo($f, XMLReader $r) { + $r->XML($userInput, $encoding, $flags); +} diff --git a/tests/php/third_parties/datadog/__snapshots__/test.js.snap b/tests/php/third_parties/datadog/__snapshots__/test.js.snap new file mode 100644 index 000000000..f5debc6b2 --- /dev/null +++ b/tests/php/third_parties/datadog/__snapshots__/test.js.snap @@ -0,0 +1,430 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`php_third_parties_datadog bad 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 8, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 8, + "end": 8, + "column": { + "start": 23, + "end": 35 + } + }, + "sink": { + "start": 8, + "end": 8, + "column": { + "start": 9, + "end": 35 + }, + "content": "$span->name = $user->email" + }, + "parent_line_number": 8, + "snippet": "$span->name = $user->email", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_0", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_0", + "code_extract": " $span->name = $user->email;" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 9, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 9, + "end": 9, + "column": { + "start": 36, + "end": 48 + } + }, + "sink": { + "start": 9, + "end": 9, + "column": { + "start": 9, + "end": 48 + }, + "content": "$span->meta['something'] = $user->email" + }, + "parent_line_number": 9, + "snippet": "$span->meta['something'] = $user->email", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_1", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_1", + "code_extract": " $span->meta['something'] = $user->email;" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 15, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 15, + "end": 15, + "column": { + "start": 36, + "end": 48 + } + }, + "sink": { + "start": 15, + "end": 15, + "column": { + "start": 9, + "end": 48 + }, + "content": "$span->meta['something'] = $user->email" + }, + "parent_line_number": 15, + "snippet": "$span->meta['something'] = $user->email", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_2", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_2", + "code_extract": " $span->meta['something'] = $user->email;" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 20, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 20, + "end": 20, + "column": { + "start": 32, + "end": 44 + } + }, + "sink": { + "start": 20, + "end": 20, + "column": { + "start": 5, + "end": 44 + }, + "content": "$span->meta['something'] = $user->email" + }, + "parent_line_number": 20, + "snippet": "$span->meta['something'] = $user->email", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_3", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_3", + "code_extract": " $span->meta['something'] = $user->email;" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 27, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 27, + "end": 27, + "column": { + "start": 23, + "end": 35 + } + }, + "sink": { + "start": 27, + "end": 27, + "column": { + "start": 9, + "end": 35 + }, + "content": "$span->name = $user->email" + }, + "parent_line_number": 27, + "snippet": "$span->name = $user->email", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_4", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_4", + "code_extract": " $span->name = $user->email;" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 28, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 28, + "end": 28, + "column": { + "start": 36, + "end": 48 + } + }, + "sink": { + "start": 28, + "end": 28, + "column": { + "start": 9, + "end": 48 + }, + "content": "$span->meta['something'] = $user->email" + }, + "parent_line_number": 28, + "snippet": "$span->meta['something'] = $user->email", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_5", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_5", + "code_extract": " $span->meta['something'] = $user->email;" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 33, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 33, + "end": 33, + "column": { + "start": 45, + "end": 57 + } + }, + "sink": { + "start": 33, + "end": 33, + "column": { + "start": 1, + "end": 57 + }, + "content": "\\\\DDTrace\\\\active_span()->meta['something'] = $user->email" + }, + "parent_line_number": 33, + "snippet": "\\\\DDTrace\\\\active_span()->meta['something'] = $user->email", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_6", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_6", + "code_extract": "\\\\DDTrace\\\\active_span()->meta['something'] = $user->email;" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 36, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 36, + "end": 36, + "column": { + "start": 40, + "end": 52 + } + }, + "sink": { + "start": 36, + "end": 36, + "column": { + "start": 1, + "end": 53 + }, + "content": "$scope->getSpan()->setTag('something', $user->email)" + }, + "parent_line_number": 36, + "snippet": "$scope->getSpan()->setTag('something', $user->email)", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_7", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_7", + "code_extract": "$scope->getSpan()->setTag('something', $user->email);" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 37, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 37, + "end": 37, + "column": { + "start": 68, + "end": 80 + } + }, + "sink": { + "start": 37, + "end": 37, + "column": { + "start": 1, + "end": 81 + }, + "content": "\\\\DDTrace\\\\GlobalTracer::get()->getActiveSpan()->setTag('something', $user->email)" + }, + "parent_line_number": 37, + "snippet": "\\\\DDTrace\\\\GlobalTracer::get()->getActiveSpan()->setTag('something', $user->email)", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_8", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_8", + "code_extract": "\\\\DDTrace\\\\GlobalTracer::get()->getActiveSpan()->setTag('something', $user->email);" + }, + { + "cwe_ids": [ + "201" + ], + "id": "php_third_parties_datadog", + "title": "Sensitive data sent to Datadog detected.", + "description": "## Description\\nLeaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog.\\n\\n## Remediations\\n\\nWhen logging errors or events, ensure all sensitive data is removed.\\n\\n## Resources\\n- [Datadog docs](https://docs.datadoghq.com)\\n- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_datadog", + "line_number": 39, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 39, + "end": 39, + "column": { + "start": 38, + "end": 50 + } + }, + "sink": { + "start": 39, + "end": 39, + "column": { + "start": 1, + "end": 51 + }, + "content": "\\\\DDTrace\\\\add_global_tag('something', $user->email)" + }, + "parent_line_number": 39, + "snippet": "\\\\DDTrace\\\\add_global_tag('something', $user->email)", + "fingerprint": "b5a0101cf01f75091e545fe2d64b3945_9", + "old_fingerprint": "cd928b4207041e9093f2a5ab5ece7e4b_9", + "code_extract": "\\\\DDTrace\\\\add_global_tag('something', $user->email);" + } + ] +}" +`; + +exports[`php_third_parties_datadog ok 1`] = `"{}"`; diff --git a/tests/php/third_parties/datadog/test.js b/tests/php/third_parties/datadog/test.js new file mode 100644 index 000000000..6c150c42d --- /dev/null +++ b/tests/php/third_parties/datadog/test.js @@ -0,0 +1,18 @@ +const { createInvoker, getEnvironment } = require("../../../helper.js") +const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) + +describe(ruleId, () => { + const invoke = createInvoker(ruleId, ruleFile, testBase) + + + test("bad", () => { + const testCase = "bad.php" + expect(invoke(testCase)).toMatchSnapshot(); + }) + + + test("ok", () => { + const testCase = "ok.php" + expect(invoke(testCase)).toMatchSnapshot(); + }) +}) diff --git a/tests/php/third_parties/datadog/testdata/bad.php b/tests/php/third_parties/datadog/testdata/bad.php new file mode 100644 index 000000000..ca787ba1a --- /dev/null +++ b/tests/php/third_parties/datadog/testdata/bad.php @@ -0,0 +1,39 @@ +name = $user->email; + $span->meta['something'] = $user->email; + } +); + +\DDTrace\trace_function('foo', [ + 'prehook' => function ($span, $args) { + $span->meta['something'] = $user->email; + } +]); + +function foo (\DDTrace\SpanData $span) { + $span->meta['something'] = $user->email; +} + +\DDTrace\trace_method( + 'myClass', + 'myMeth', + function(SpanData $span, $args, $retval) { + $span->name = $user->email; + $span->meta['something'] = $user->email; + } +); + + +\DDTrace\active_span()->meta['something'] = $user->email; + +$scope = \DDTrace\GlobalTracer::get()->startActiveSpan('foo'); +$scope->getSpan()->setTag('something', $user->email); +\DDTrace\GlobalTracer::get()->getActiveSpan()->setTag('something', $user->email); + +\DDTrace\add_global_tag('something', $user->email); diff --git a/tests/php/third_parties/datadog/testdata/ok.php b/tests/php/third_parties/datadog/testdata/ok.php new file mode 100644 index 000000000..4cfec3259 --- /dev/null +++ b/tests/php/third_parties/datadog/testdata/ok.php @@ -0,0 +1,39 @@ +name = $user->id; + $span->meta['something'] = $user->id; + } +); + +function foo (\DDTrace\SpanData $span) { + $span->meta['something'] = $user->id; +} + +\DDTrace\trace_function('foo', [ + 'prehook' => function (\DDTrace\SpanData $span, array $args) { + $span->meta['something'] = $user->id; + } +]); + +\DDTrace\trace_method( + 'myClass', + 'myMeth', + function(SpanData $span, $args, $retval) { + $span->name = $user->id; + $span->meta['something'] = $user->id; + } +); + + +\DDTrace\active_span()->meta['something'] = $user->id; + +$scope = \DDTrace\GlobalTracer::get()->startActiveSpan('foo'); +$scope->getSpan()->setTag('something', $user->id); +\DDTrace\GlobalTracer::get()->getActiveSpan()->setTag('something', $user->id); + +\DDTrace\add_global_tag('something', $user->id);