feat(python): algolia third parties rule

rules/python/third_parties/algolia.yml

@@ -0,0 +1,67 @@
+imports:
+  - python_shared_lang_datatype
+  - python_shared_lang_import2
+patterns:
+  - pattern: |
+      $<INDEX>.$<METHOD>($<...>$<DATA_TYPE>$<...>)
+    filters:
+      - variable: INDEX
+        detection: python_third_parties_algolia_index
+        scope: cursor
+      - variable: METHOD
+        values:
+          - save_object
+          - save_objects
+          - update_object
+          - update_objects
+          - partial_update_object
+          - partial_update_objects
+          - replace_all_objects
+      - variable: DATA_TYPE
+        detection: python_shared_lang_datatype
+        scope: result
+auxiliary:
+  - id: python_third_parties_algolia_index
+    patterns:
+      - pattern: $<SEARCH_CLIENT>.init_index($<...>)
+        filters:
+          - variable: SEARCH_CLIENT
+            detection: python_third_parties_algolia_search_client
+            scope: cursor
+  - id: python_third_parties_algolia_search_client
+    patterns:
+      - pattern: $<SEARCH_CLIENT>.create($<...>)
+        filters:
+          - variable: SEARCH_CLIENT
+            detection: python_shared_lang_import2
+            scope: cursor
+            filters:
+              - variable: MODULE1
+                values: [algoliasearch]
+              - variable: MODULE2
+                values: [search_client]
+              - variable: NAME
+                values: [SearchClient]
+languages:
+  - python
+severity: medium
+skip_data_types:
+  - Unique Identifier
+metadata:
+  description: Leakage of sensitive data to Algolia
+  remediation_message: |
+    ## Description
+
+    Leaking sensitive data to third-party data tools like Algolia is a common cause of data leaks and can lead to data breaches.
+
+    ## Remediations
+
+    - **Do** ensure all sensitive data is removed when sending data to third-party services like Algolia.
+
+    ## References
+    - [Algolia docs](https://www.algolia.com/doc/)
+  cwe_id:
+    - 201
+  associated_recipe: Algolia
+  id: python_third_parties_algolia
+  documentation_url: https://docs.bearer.com/reference/rules/python_third_parties_algolia

tests/python/third_parties/algolia/test.js

@@ -0,0 +1,20 @@
+const {
+  createNewInvoker,
+  getEnvironment,
+} = require("../../../helper.js")
+const { ruleId, ruleFile, testBase } = getEnvironment(__dirname)
+
+describe(ruleId, () => {
+  const invoke = createNewInvoker(ruleId, ruleFile, testBase)
+
+  test("algolia", () => {
+    const testCase = "main.py"
+
+    const results = invoke(testCase)
+
+    expect(results).toEqual({
+      Missing: [],
+      Extra: []
+    })
+  })
+})

tests/python/third_parties/algolia/testdata/main.py

@@ -0,0 +1,35 @@
+# Use bearer:expected python_third_parties_algolia to flag expected findings
+from algoliasearch.search_client import SearchClient
+
+client = SearchClient.create('YourApplicationID', 'YourWriteAPIKey')
+index = client.init_index('your_index_name')
+
+# bearer:expected python_third_parties_algolia
+index.save_object({
+    'firstname': user.firstname,
+    'lastname': user.lastname,
+    'objectID': user.uuid
+})
+# bearer:expected python_third_parties_algolia
+res = index.save_objects([{'firstname': user.firstname, 'lastname': user.lastname, 'objectID': user.uuid}])
+
+# bearer:expected python_third_parties_algolia
+index.partial_update_object({"objectID": user.uuid, "email": user.email})
+# bearer:expected python_third_parties_algolia
+index.partial_update_objects([
+    {'objectID': user1.uuid, 'firstname': user1.firstname},
+    {'objectID': user1.uuid, 'firstname': user2.firstname}
+])
+
+# bearer:expected python_third_parties_algolia
+index.replace_all_objects(
+  [{'firstname': user.firstname, 'lastname': user.lastname, 'objectID': user.uuid}], 
+  { 'safe': True }
+)
+
+# ok 
+index.save_object({
+  'firstname': 'Mish',
+  'lastname': 'Bear',
+  'objectID': 'mish001'
+})