feat(java): third parties new relic

Bearer · Feb 14, 2024 · 14b8614 · 14b8614
1 parent 98e5a81
commit 14b8614
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 0 deletions.
diff --git a/rules/java/third_parties/new_relic.yml b/rules/java/third_parties/new_relic.yml
@@ -0,0 +1,44 @@
+imports:
+  - java_shared_lang_datatype
+patterns:
+  - pattern: |
+      $<NEW_RELIC>.$<METHOD>($<...>$<DATA_TYPE>$<...>)
+    filters:
+      - variable: NEW_RELIC
+        regex: \A(com\.newrelic\.api\.agent\.)?NewRelic\z
+      - variable: METHOD
+        values:
+          - addCustomParameter
+          - noticeError
+          - recordMetric
+          - setAccountName
+          - setInstanceName
+          - setProductName
+          - setUserId
+          - setUserName
+      - variable: DATA_TYPE
+        detection: java_shared_lang_datatype
+languages:
+  - java
+skip_data_types:
+  - "Unique Identifier"
+metadata:
+  description: "Leakage of sensitive data to New Relic"
+  remediation_message: |
+    ## Description
+    Leaking sensitive data to third-party loggers is a common cause of data
+    leaks and can lead to data breaches. This rule looks for instances of
+    sensitive data sent to New Relic.
+
+    ## Remediations
+
+    When logging errors or events, ensure all sensitive data is removed.
+
+    ## Resources
+    - [New Relic Docs](https://docs.newrelic.com/)
+    - [Log obfuscation](https://docs.newrelic.com/docs/logs/ui-data/obfuscation-ui/)
+  cwe_id:
+    - 201
+  associated_recipe: New Relic
+  id: java_third_parties_new_relic
+  documentation_url: https://docs.bearer.com/reference/rules/java_third_parties_new_relic
diff --git a/tests/java/third_parties/new_relic/test.js b/tests/java/third_parties/new_relic/test.js
@@ -0,0 +1,18 @@
+const {
+  createNewInvoker,
+  getEnvironment,
+} = require("../../../helper.js")
+const { ruleId, ruleFile, testBase } = getEnvironment(__dirname)
+
+describe(ruleId, () => {
+  const invoke = createNewInvoker(ruleId, ruleFile, testBase)
+
+  test("new_relic", () => {
+    const testCase = "main.java"
+
+    const results = invoke(testCase)
+
+    expect(results.Missing).toEqual([])
+    expect(results.Extra).toEqual([])
+  })
+})
diff --git a/tests/java/third_parties/new_relic/testdata/main.java b/tests/java/third_parties/new_relic/testdata/main.java
@@ -0,0 +1,46 @@
+// Use bearer:expected java_third_parties_new_relic to flag expected findings
+import com.newrelic.api.agent.NewRelic;
+
+public class FooBar {
+  public void bad(User user) {
+    // ...
+    // bearer:expected java_third_parties_new_relic
+    NewRelic.addCustomParameter("userEmail", user.email);
+    // ...
+  }
+
+  public void bad2(User user) {
+    // ...
+    // bearer:expected java_third_parties_new_relic
+    NewRelic.recordMetric(user.name, 123);
+    // ...
+  }
+
+  public void bad3(User user) {
+    // ...
+    // bearer:expected java_third_parties_new_relic
+    NewRelic.noticeError("Some error for user " + user.email);
+    // ...
+  }
+
+  public void bad4(User user) {
+    // ...
+    // bearer:expected java_third_parties_new_relic
+    NewRelic.setUserId(user.email);
+    // ...
+  }
+
+  public void bad5(User user) {
+    // ...
+    // bearer:expected java_third_parties_new_relic
+    NewRelic.setUserName(user.name);
+    // ...
+  }
+
+  public void bad5(User user) {
+    // ...
+    NewRelic.setUserId(user.uuid);
+    NewRelic.addCustomParameter("user", user.uuid);
+    // ...
+  }
+}