fix: update patterns

Bearer · May 16, 2024 · 6fb766a · 6fb766a
1 parent 9107b8d
commit 6fb766a
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 4 deletions.
diff --git a/rules/python/lang/insecure_cookie.yml b/rules/python/lang/insecure_cookie.yml
@@ -1,9 +1,9 @@
 patterns:
   - pattern: |
-      $<COOKIE_INIT>[$<_>]['secure'] = $<FALSE>
+      $<COOKIE_SESSION>['secure'] = $<FALSE>
     filters:
-      - variable: COOKIE_INIT
-        detection: python_lang_insecure_cookie_init
+      - variable: COOKIE_SESSION
+        detection: python_lang_insecure_cookie_session
         scope: cursor
       - variable: "FALSE"
         detection: python_lang_insecure_cookie_false
@@ -12,12 +12,39 @@ auxiliary:
   - id: python_lang_insecure_cookie_false
     patterns:
       - "False"
+  - id: python_lang_insecure_cookie_session
+    patterns:
+      - pattern: $<COOKIE_INIT>[$<_>]
+        filters:
+          - variable: COOKIE_INIT
+            detection: python_lang_insecure_cookie_init
+            scope: result
   - id: python_lang_insecure_cookie_init
     patterns:
       - pattern: $<COOKIE>()
         filters:
           - variable: COOKIE
+            detection: python_lang_insecure_cookie_class
+            scope: result
+  - id: python_lang_insecure_cookie_class
+    patterns:
+      - pattern: $<COOKIE_CLASS>
+        filters:
+          - variable: COOKIE_CLASS
             regex: \A(http\.)?(cookies\.)?(Simple|Base)Cookie\z
+      - pattern: from http.cookies import $<COOKIE_CLASS>
+        filters:
+          - variable: COOKIE_CLASS
+            values:
+              - SimpleCookie
+              - BaseCookie
+      - pattern: from http.cookies import $<COOKIE_CLASS> as $<!>$<_>
+        filters:
+          - variable: COOKIE_CLASS
+            values:
+              - SimpleCookie
+              - BaseCookie
+
 languages:
   - python
 severity: medium

diff --git a/rules/python/shared/django/http_response.yml b/rules/python/shared/django/http_response.yml
@@ -2,8 +2,13 @@ type: shared
 languages:
   - python
 patterns:
-  - HttpResponse()
   - HttpResponse
+  - from django.http import $<!>HttpResponse
+  - from django.http import HttpResponse as $<!>$<_>
+  - pattern: $<HTTP_RESPONSE>
+    filters:
+      - variable: HTTP_RESPONSE
+        regex: \A(django\.)?(http\.)?HttpResponse\z
 metadata:
   description: "Python Django HTTP Response."
   id: python_shared_django_http_response