diff --git a/rules/java/lang/crlf_injection.yml b/rules/java/lang/crlf_injection.yml index 07791a3eb..aa94f39ff 100644 --- a/rules/java/lang/crlf_injection.yml +++ b/rules/java/lang/crlf_injection.yml @@ -1,9 +1,18 @@ +imports: + - java_shared_lang_user_input + - java_shared_lang_logger_methods patterns: - pattern: | $.$($<...>$$<...>) filters: + - variable: LOG + values: + - log + - logger + - variable: METHOD + detection: java_shared_lang_logger_methods - variable: UNSANITIZED_USER_INPUT - detection: java_lang_log_dynamic_input + detection: java_shared_lang_user_input scope: result - not: variable: UNSANITIZED_USER_INPUT @@ -13,57 +22,10 @@ patterns: variable: UNSANITIZED_USER_INPUT detection: java_lang_log_dynamic_bundle_input scope: result - - variable: METHOD - values: - - config - - debug - - entering - - error - - exiting - - fine - - finer - - finest - - info - - log - - logp - - logrb - - severe - - throwing - - trace - - warn - - variable: LOG - values: - - log - - logger auxiliary: - id: java_lang_log_dynamic_bundle_input patterns: - pattern: $<_> + "bundle" - - id: java_lang_log_dynamic_input - patterns: - - pattern: $.$() - filters: - - variable: REQUEST - values: - - req - - request - - variable: REQUEST_METHOD - values: - - getCookies - - getHeader - - getQueryString - - getRequestURI - - getRequestURL - - getAttribute - - getInputStream - - getParameter - - getParameterMap - - getParameterNames - - getParameterValues - - getReader - - getHeaderNames - - getPart - - getParts - id: java_lang_log_sanitized_dynamic_input patterns: - pattern: $<_>.$($, $<_>); diff --git a/rules/java/lang/log_injection.yml b/rules/java/lang/log_injection.yml index 3c4e57d2e..2fdf476bf 100644 --- a/rules/java/lang/log_injection.yml +++ b/rules/java/lang/log_injection.yml @@ -1,59 +1,19 @@ +imports: + - java_shared_lang_user_input + - java_shared_lang_logger_methods patterns: - pattern: | $.$($<...>$$<...>) filters: - variable: USER_INPUT - detection: java_lang_log_dynamic_input + detection: java_shared_lang_user_input scope: result - variable: METHOD - values: - - config - - debug - - entering - - error - - exiting - - fine - - finer - - finest - - info - - log - - logp - - logrb - - severe - - throwing - - trace - - warn + detection: java_shared_lang_logger_methods - variable: LOG values: - log - logger -auxiliary: - - id: java_lang_log_dynamic_input - patterns: - - pattern: | - $.$() - filters: - - variable: REQUEST - values: - - req - - request - - variable: REQUEST_METHOD - values: - - getCookies - - getHeader - - getQueryString - - getRequestURI - - getRequestURL - - getAttribute - - getInputStream - - getParameter - - getParameterMap - - getParameterNames - - getParameterValues - - getReader - - getHeaderNames - - getPart - - getParts languages: - java diff --git a/rules/java/lang/logger.yml b/rules/java/lang/logger.yml index e6cefbc29..20a8e1efb 100644 --- a/rules/java/lang/logger.yml +++ b/rules/java/lang/logger.yml @@ -1,5 +1,6 @@ imports: - java_shared_lang_datatype + - java_shared_lang_logger_methods patterns: - pattern: | $.$($<...>$$<...>) @@ -8,12 +9,7 @@ patterns: detection: java_shared_lang_datatype scope: result - variable: METHOD - values: - - log - - debug - - warn - - info - - error + detection: java_shared_lang_logger_methods - variable: LOG values: - log diff --git a/rules/java/shared/lang/logger_methods.yml b/rules/java/shared/lang/logger_methods.yml new file mode 100644 index 000000000..0e79ac98a --- /dev/null +++ b/rules/java/shared/lang/logger_methods.yml @@ -0,0 +1,27 @@ +type: shared +languages: + - java +patterns: + - pattern: $; + filters: + - variable: METHOD + values: + - config + - debug + - entering + - error + - exiting + - fine + - finer + - finest + - info + - log + - logp + - logrb + - severe + - throwing + - trace + - warn +metadata: + description: "Java Logger Methods" + id: java_shared_lang_logger_methods