fix: bigquery rule

Bearer · Oct 26, 2023 · b119a25 · b119a25
1 parent c36bb12
commit b119a25
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 6 deletions.
diff --git a/rules/php/third_parties/bigquery.yml b/rules/php/third_parties/bigquery.yml
@@ -25,7 +25,7 @@ auxiliary:
         filters:
           - variable: CLIENT
             detection: php_shared_lang_instance
-            scope: cursor_strict
+            scope: cursor
             filters:
               - variable: CLASS
                 regex: \A(\\?Google\\Cloud\\BigQuery\\)?BigQueryClient\z

diff --git a/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap b/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap
@@ -317,6 +317,74 @@ exports[`php_lang_xml_external_entity_vulnerability shared_instance 1`] = `
       "fingerprint": "2e1892d145b5cb527043784fa089ab30_2",
       "old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_2",
       "code_extract": "  $r->XML($userInput, $encoding, $flags);"
+    },
+    {
+      "cwe_ids": [
+        "611"
+      ],
+      "id": "php_lang_xml_external_entity_vulnerability",
+      "title": "XML External Entity vulnerability detected.",
+      "description": "## Description\\nAvoid parsing untrusted data as XML. Such data could include URIs that resolve to resources that are outside of the current context, leading to XML External Entity (XXE) injection.\\n\\n## Remediations\\n❌ Do not enable parsing of external entities.\\n\\nFor LibXML, for example, do not set the \`LIBXML_NOENT\` flag.\\n\\n## Resources\\n- [OWASP XML External Entity (XXE) prevention cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)\\n",
+      "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xml_external_entity_vulnerability",
+      "line_number": 25,
+      "full_filename": "/tmp/bearer-scan/shared_instance.php",
+      "filename": ".",
+      "source": {
+        "start": 25,
+        "end": 25,
+        "column": {
+          "start": 1,
+          "end": 40
+        }
+      },
+      "sink": {
+        "start": 25,
+        "end": 25,
+        "column": {
+          "start": 1,
+          "end": 40
+        },
+        "content": "$r1->XML($userInput, $encoding, $flags)"
+      },
+      "parent_line_number": 25,
+      "snippet": "$r1->XML($userInput, $encoding, $flags)",
+      "fingerprint": "2e1892d145b5cb527043784fa089ab30_3",
+      "old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_3",
+      "code_extract": "$r1->XML($userInput, $encoding, $flags);"
+    },
+    {
+      "cwe_ids": [
+        "611"
+      ],
+      "id": "php_lang_xml_external_entity_vulnerability",
+      "title": "XML External Entity vulnerability detected.",
+      "description": "## Description\\nAvoid parsing untrusted data as XML. Such data could include URIs that resolve to resources that are outside of the current context, leading to XML External Entity (XXE) injection.\\n\\n## Remediations\\n❌ Do not enable parsing of external entities.\\n\\nFor LibXML, for example, do not set the \`LIBXML_NOENT\` flag.\\n\\n## Resources\\n- [OWASP XML External Entity (XXE) prevention cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)\\n",
+      "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xml_external_entity_vulnerability",
+      "line_number": 27,
+      "full_filename": "/tmp/bearer-scan/shared_instance.php",
+      "filename": ".",
+      "source": {
+        "start": 27,
+        "end": 27,
+        "column": {
+          "start": 1,
+          "end": 40
+        }
+      },
+      "sink": {
+        "start": 27,
+        "end": 27,
+        "column": {
+          "start": 1,
+          "end": 40
+        },
+        "content": "$r2->XML($userInput, $encoding, $flags)"
+      },
+      "parent_line_number": 27,
+      "snippet": "$r2->XML($userInput, $encoding, $flags)",
+      "fingerprint": "2e1892d145b5cb527043784fa089ab30_4",
+      "old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_4",
+      "code_extract": "$r2->XML($userInput, $encoding, $flags);"
     }
   ]
 }"

diff --git a/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php b/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php
@@ -15,8 +15,13 @@
 
 function ($f, XMLReader $r) {
   $r->XML($userInput, $encoding, $flags);
-}
+};
 
 function foo($f, XMLReader $r) {
   $r->XML($userInput, $encoding, $flags);
 }
+
+$r1 = new XMLReader;
+$r1->XML($userInput, $encoding, $flags);
+$r2 = new XMLReader($foo);
+$r2->XML($userInput, $encoding, $flags);
diff --git a/tests/php/third_parties/bigquery/__snapshots__/test.js.snap b/tests/php/third_parties/bigquery/__snapshots__/test.js.snap
@@ -9,7 +9,7 @@ exports[`php_third_parties_bigquery bad 1`] = `
       ],
       "id": "php_third_parties_bigquery",
       "title": "Sensitive data sent to BigQuery detected.",
-      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs)\\n",
+      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs/reference/cloud-bigquery/latest)\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_bigquery",
       "line_number": 9,
       "full_filename": "/tmp/bearer-scan/bad.php",
@@ -51,7 +51,7 @@ exports[`php_third_parties_bigquery bad 1`] = `
       ],
       "id": "php_third_parties_bigquery",
       "title": "Sensitive data sent to BigQuery detected.",
-      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs)\\n",
+      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs/reference/cloud-bigquery/latest)\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_bigquery",
       "line_number": 10,
       "full_filename": "/tmp/bearer-scan/bad.php",
@@ -93,7 +93,7 @@ exports[`php_third_parties_bigquery bad 1`] = `
       ],
       "id": "php_third_parties_bigquery",
       "title": "Sensitive data sent to BigQuery detected.",
-      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs)\\n",
+      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs/reference/cloud-bigquery/latest)\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_bigquery",
       "line_number": 13,
       "full_filename": "/tmp/bearer-scan/bad.php",
@@ -135,7 +135,7 @@ exports[`php_third_parties_bigquery bad 1`] = `
       ],
       "id": "php_third_parties_bigquery",
       "title": "Sensitive data sent to BigQuery detected.",
-      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs)\\n",
+      "description": "## Description\\nLeaking sensitive data to third-party data tools is a common cause of data\\nleaks and can lead to data breaches. This rule looks for instances of\\nsensitive data sent to BigQuery.\\n\\n## Remediations\\nWhen sending data to third-party services, ensure all sensitive data is removed.\\n\\n## Resources\\n- [BigQuery docs](https://cloud.google.com/php/docs/reference/cloud-bigquery/latest)\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_bigquery",
       "line_number": 14,
       "full_filename": "/tmp/bearer-scan/bad.php",