diff --git a/rules/python/lang/logger.yml b/rules/python/lang/logger.yml index 94bdee7cd..09166fd54 100644 --- a/rules/python/lang/logger.yml +++ b/rules/python/lang/logger.yml @@ -1,23 +1,47 @@ imports: - python_shared_lang_datatype + - python_shared_lang_instance + - python_shared_lang_import1 patterns: - - pattern: logging.$($) + - pattern: $.$($) filters: + - variable: LOGGER + detection: python_lang_logger_init - variable: METHOD values: + - critical - debug - - warning - - info - error + - exception + - info + - log + - warning - variable: DATA_TYPE detection: python_shared_lang_datatype scope: result +auxiliary: + - id: python_lang_logger_init + patterns: + - pattern: $ + filters: + - variable: LOGGER + detection: python_shared_lang_instance + scope: cursor_strict + filters: + - variable: CLASS + detection: python_shared_lang_import1 + scope: cursor + filters: + - variable: MODULE1 + values: [logging] + - variable: NAME + values: [getLogger] languages: - python skip_data_types: - "Unique Identifier" metadata: - description: "Leakage of sensitive information in logger message" + description: Leakage of sensitive information in logger message remediation_message: |- ## Description diff --git a/tests/python/lang/logger/test.js b/tests/python/lang/logger/test.js index 890c22c8c..9dc9fe56e 100644 --- a/tests/python/lang/logger/test.js +++ b/tests/python/lang/logger/test.js @@ -6,35 +6,14 @@ const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) describe(ruleId, () => { const invoke = createNewInvoker(ruleId, ruleFile, testBase) + test("main", () => { + const testCase = "main.py" - - test("bad", () => { - const testCase = "bad.py" + const results = invoke(testCase) - const results = invoke(testCase) - - expect(results.Missing).toEqual([]) - expect(results.Extra).toEqual([]) - }) - - - test("ok", () => { - const testCase = "ok.py" - - const results = invoke(testCase) - - expect(results.Missing).toEqual([]) - expect(results.Extra).toEqual([]) - }) - - - test("shared_datatype", () => { - const testCase = "shared_datatype.py" - - const results = invoke(testCase) - - expect(results.Missing).toEqual([]) - expect(results.Extra).toEqual([]) + expect(results).toEqual({ + Missing: [], + Extra: [] }) - + }) }) \ No newline at end of file diff --git a/tests/python/lang/logger/testdata/bad.py b/tests/python/lang/logger/testdata/bad.py deleted file mode 100644 index b8304f669..000000000 --- a/tests/python/lang/logger/testdata/bad.py +++ /dev/null @@ -1,9 +0,0 @@ -import logging - -def do_something(user): - user.email - -def authenticate(user): - do_something() -# bearer:expected python_lang_logger - logging.info(f"User '{user.email}' logged") \ No newline at end of file diff --git a/tests/python/lang/logger/testdata/main.py b/tests/python/lang/logger/testdata/main.py new file mode 100644 index 000000000..ec9f153cd --- /dev/null +++ b/tests/python/lang/logger/testdata/main.py @@ -0,0 +1,18 @@ +import logging + +myLogger = logging.getLogger(__name__) + +def bad(user): + # bearer:expected python_lang_logger + myLogger.info(f"User '{user.email}' logged") + +def bad2(user): + # bearer:expected python_lang_logger + myLogger.debug(f"Some debug info about '{user.email}'") + +import logging as something_else + +def bad3(user): + myOtherLogger = something_else.getLogger(__name__) + # bearer:expected python_lang_logger + myOtherLogger.debug(f"User '{user.email}' logged") diff --git a/tests/python/lang/logger/testdata/ok.py b/tests/python/lang/logger/testdata/ok.py deleted file mode 100644 index 6ca09a550..000000000 --- a/tests/python/lang/logger/testdata/ok.py +++ /dev/null @@ -1,8 +0,0 @@ -import logging - -def do_something(user): - user.email - -def authenticate(user): - do_something() - logging.info(f"User '{user.uuid}' logged") \ No newline at end of file diff --git a/tests/python/lang/logger/testdata/shared_datatype.py b/tests/python/lang/logger/testdata/shared_datatype.py deleted file mode 100644 index 1b93ac934..000000000 --- a/tests/python/lang/logger/testdata/shared_datatype.py +++ /dev/null @@ -1,8 +0,0 @@ -# tests for python_shared_lang_datatype - -import logging - -user = { "email": "foo@example.com" } - -logging.info(user.uuid) -logging.info(user["uuid"])