feat: add symfony cookies rule

rules/php/symfony/cookies.yml

@@ -0,0 +1,38 @@
+patterns:
+  - pattern: |
+      $<CLASS>::create($<_>, $<DATA_TYPE>$<...>)
+    filters:
+      - variable: CLASS
+        regex: \A(Symfony\\Component\\HttpFoundation\\)?Cookie\z
+      - variable: DATA_TYPE
+        detection: datatype
+        scope: result
+  - pattern: |
+      new $<CLASS>($<_>, $<DATA_TYPE>$<...>)
+    filters:
+      - variable: CLASS
+        regex: \A(Symfony\\Component\\HttpFoundation\\)?Cookie\z
+      - variable: DATA_TYPE
+        detection: datatype
+        scope: result
+languages:
+  - php
+metadata:
+  description: "Sensitive data stored in a cookie detected."
+  remediation_message: |
+    ## Description
+
+    Storing sensitive data in cookies can lead to a data breach. This rule looks for instances where sensitive data is stored in browser cookies.
+
+    ## Remediations
+
+    ❌ Avoid storing sensitive data in unencrypted cookies:
+
+    ```php
+    $cookie = Cookie::create("user_email", $user->email);
+    ```
+  cwe_id:
+    - 315
+    - 539
+  id: php_symfony_cookies
+  documentation_url: https://docs.bearer.com/reference/rules/php_symfony_cookies

tests/php/symfony/cookies/__snapshots__/test.js.snap

@@ -0,0 +1,96 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`php_symfony_cookies bad 1`] = `
+"{
+  "high": [
+    {
+      "cwe_ids": [
+        "315",
+        "539"
+      ],
+      "id": "php_symfony_cookies",
+      "title": "Sensitive data stored in a cookie detected.",
+      "description": "## Description\\n\\nStoring sensitive data in cookies can lead to a data breach. This rule looks for instances where sensitive data is stored in browser cookies.\\n\\n## Remediations\\n\\n❌ Avoid storing sensitive data in unencrypted cookies:\\n\\n\`\`\`php\\n$cookie = Cookie::create(\\"user_email\\", $user->email);\\n\`\`\`\\n",
+      "documentation_url": "https://docs.bearer.com/reference/rules/php_symfony_cookies",
+      "line_number": 5,
+      "full_filename": "/tmp/bearer-scan/bad.php",
+      "filename": ".",
+      "data_type": {
+        "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b",
+        "name": "Email Address"
+      },
+      "category_groups": [
+        "PII",
+        "Personal Data"
+      ],
+      "source": {
+        "start": 5,
+        "end": 5,
+        "column": {
+          "start": 53,
+          "end": 65
+        }
+      },
+      "sink": {
+        "start": 5,
+        "end": 5,
+        "column": {
+          "start": 31,
+          "end": 66
+        },
+        "content": "Cookie::create('foo', $user->email)"
+      },
+      "parent_line_number": 5,
+      "snippet": "Cookie::create('foo', $user->email)",
+      "fingerprint": "535bbb3f15a98ed2e1531ccacf6d0165_0",
+      "old_fingerprint": "52064a029f9879585df19320e29f6653_0",
+      "code_extract": "$response->headers->setCookie(Cookie::create('foo', $user->email));"
+    },
+    {
+      "cwe_ids": [
+        "315",
+        "539"
+      ],
+      "id": "php_symfony_cookies",
+      "title": "Sensitive data stored in a cookie detected.",
+      "description": "## Description\\n\\nStoring sensitive data in cookies can lead to a data breach. This rule looks for instances where sensitive data is stored in browser cookies.\\n\\n## Remediations\\n\\n❌ Avoid storing sensitive data in unencrypted cookies:\\n\\n\`\`\`php\\n$cookie = Cookie::create(\\"user_email\\", $user->email);\\n\`\`\`\\n",
+      "documentation_url": "https://docs.bearer.com/reference/rules/php_symfony_cookies",
+      "line_number": 6,
+      "full_filename": "/tmp/bearer-scan/bad.php",
+      "filename": ".",
+      "data_type": {
+        "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b",
+        "name": "Email Address"
+      },
+      "category_groups": [
+        "PII",
+        "Personal Data"
+      ],
+      "source": {
+        "start": 6,
+        "end": 6,
+        "column": {
+          "start": 49,
+          "end": 61
+        }
+      },
+      "sink": {
+        "start": 6,
+        "end": 6,
+        "column": {
+          "start": 31,
+          "end": 62
+        },
+        "content": "new Cookie('foo', $user->email)"
+      },
+      "parent_line_number": 6,
+      "snippet": "new Cookie('foo', $user->email)",
+      "fingerprint": "535bbb3f15a98ed2e1531ccacf6d0165_1",
+      "old_fingerprint": "52064a029f9879585df19320e29f6653_1",
+      "code_extract": "$response->headers->setCookie(new Cookie('foo', $user->email));"
+    }
+  ]
+}"
+`;
+
+exports[`php_symfony_cookies ok 1`] = `"{}"`;

tests/php/symfony/cookies/test.js

@@ -0,0 +1,16 @@
+const { createInvoker, getEnvironment } = require("../../../helper.js")
+const { ruleId, ruleFile, testBase } = getEnvironment(__dirname)
+
+describe(ruleId, () => {
+  const invoke = createInvoker(ruleId, ruleFile, testBase)
+
+  test("bad", () => {
+    const testCase = "bad.php"
+    expect(invoke(testCase)).toMatchSnapshot()
+  })
+
+  test("ok", () => {
+    const testCase = "ok.php"
+    expect(invoke(testCase)).toMatchSnapshot()
+  })
+})

tests/php/symfony/cookies/testdata/bad.php

@@ -0,0 +1,6 @@
+<?php
+
+use Symfony\Component\HttpFoundation\Cookie;
+
+$response->headers->setCookie(Cookie::create('foo', $user->email));
+$response->headers->setCookie(new Cookie('foo', $user->email));

tests/php/symfony/cookies/testdata/ok.php

@@ -0,0 +1,6 @@
+<?php
+
+use Symfony\Component\HttpFoundation\Cookie;
+
+$response->headers->setCookie(Cookie::create('foo', $ok));
+$response->headers->setCookie(new Cookie('foo', $ok));