Skip to content

Commit

Permalink
refactor: clean up and add shared methods
Browse files Browse the repository at this point in the history
  • Loading branch information
elsapet committed Jan 26, 2024
1 parent de1a719 commit dd512dc
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 99 deletions.
58 changes: 10 additions & 48 deletions rules/java/lang/crlf_injection.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,18 @@
imports:
- java_shared_lang_user_input
- java_shared_lang_logger_methods
patterns:
- pattern: |
$<LOG>.$<METHOD>($<...>$<UNSANITIZED_USER_INPUT>$<...>)
filters:
- variable: LOG
values:
- log
- logger
- variable: METHOD
detection: java_shared_lang_logger_methods
- variable: UNSANITIZED_USER_INPUT
detection: java_lang_log_dynamic_input
detection: java_shared_lang_user_input
scope: result
- not:
variable: UNSANITIZED_USER_INPUT
Expand All @@ -13,57 +22,10 @@ patterns:
variable: UNSANITIZED_USER_INPUT
detection: java_lang_log_dynamic_bundle_input
scope: result
- variable: METHOD
values:
- config
- debug
- entering
- error
- exiting
- fine
- finer
- finest
- info
- log
- logp
- logrb
- severe
- throwing
- trace
- warn
- variable: LOG
values:
- log
- logger
auxiliary:
- id: java_lang_log_dynamic_bundle_input
patterns:
- pattern: $<_> + "bundle"
- id: java_lang_log_dynamic_input
patterns:
- pattern: $<REQUEST>.$<REQUEST_METHOD>()
filters:
- variable: REQUEST
values:
- req
- request
- variable: REQUEST_METHOD
values:
- getCookies
- getHeader
- getQueryString
- getRequestURI
- getRequestURL
- getAttribute
- getInputStream
- getParameter
- getParameterMap
- getParameterNames
- getParameterValues
- getReader
- getHeaderNames
- getPart
- getParts
- id: java_lang_log_sanitized_dynamic_input
patterns:
- pattern: $<_>.$<METHOD>($<SOURCE>, $<_>);
Expand Down
50 changes: 5 additions & 45 deletions rules/java/lang/log_injection.yml
Original file line number Diff line number Diff line change
@@ -1,59 +1,19 @@
imports:
- java_shared_lang_user_input
- java_shared_lang_logger_methods
patterns:
- pattern: |
$<LOG>.$<METHOD>($<...>$<USER_INPUT>$<...>)
filters:
- variable: USER_INPUT
detection: java_lang_log_dynamic_input
detection: java_shared_lang_user_input
scope: result
- variable: METHOD
values:
- config
- debug
- entering
- error
- exiting
- fine
- finer
- finest
- info
- log
- logp
- logrb
- severe
- throwing
- trace
- warn
detection: java_shared_lang_logger_methods
- variable: LOG
values:
- log
- logger
auxiliary:
- id: java_lang_log_dynamic_input
patterns:
- pattern: |
$<REQUEST>.$<REQUEST_METHOD>()
filters:
- variable: REQUEST
values:
- req
- request
- variable: REQUEST_METHOD
values:
- getCookies
- getHeader
- getQueryString
- getRequestURI
- getRequestURL
- getAttribute
- getInputStream
- getParameter
- getParameterMap
- getParameterNames
- getParameterValues
- getReader
- getHeaderNames
- getPart
- getParts
languages:
- java

Expand Down
8 changes: 2 additions & 6 deletions rules/java/lang/logger.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
imports:
- java_shared_lang_datatype
- java_shared_lang_logger_methods
patterns:
- pattern: |
$<LOG>.$<METHOD>($<...>$<DATA_TYPE>$<...>)
Expand All @@ -8,12 +9,7 @@ patterns:
detection: java_shared_lang_datatype
scope: result
- variable: METHOD
values:
- log
- debug
- warn
- info
- error
detection: java_shared_lang_logger_methods
- variable: LOG
values:
- log
Expand Down
27 changes: 27 additions & 0 deletions rules/java/shared/lang/logger_methods.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
type: shared
languages:
- java
patterns:
- pattern: $<METHOD>;
filters:
- variable: METHOD
values:
- config
- debug
- entering
- error
- exiting
- fine
- finer
- finest
- info
- log
- logp
- logrb
- severe
- throwing
- trace
- warn
metadata:
description: "Java Logger Methods"
id: java_shared_lang_logger_methods

0 comments on commit dd512dc

Please sign in to comment.