diff --git a/rules/sinks/leakages/logs/php.yaml b/rules/sinks/leakages/logs/php.yaml new file mode 100644 index 00000000..e7e40281 --- /dev/null +++ b/rules/sinks/leakages/logs/php.yaml @@ -0,0 +1,30 @@ +sinks: + - id: Leakages.Log.Critical + name: Log Critical + patterns: + - "(?i).*(?:log|logger)->.*(?:emergency|alert|critical).*" + tags: + + - id: Leakages.Log.Error + name: Log Error + patterns: + - "(?i).*(?:log|logger)->.*(?:error).*" + tags: + + - id: Leakages.Log.Warn + name: Log Warn + patterns: + - "(?i).*(?:log|logger)->.*(?:warning).*" + tags: + + - id: Leakages.Log.Debug + name: Log Debug + patterns: + - "(?i).*(?:log|logger)->.*(?:debug).*" + tags: + + - id: Leakages.Log.Info + name: Log Info + patterns: + - "(?i).*(?:log|logger)->.*(?:info|notice).*" + tags: diff --git a/rules/sinks/storages/cassandra/java.yaml b/rules/sinks/storages/cassandra/java.yaml index a0e56892..2e7e2495 100644 --- a/rules/sinks/storages/cassandra/java.yaml +++ b/rules/sinks/storages/cassandra/java.yaml @@ -10,4 +10,5 @@ sinks: - apache.org patterns: - "(?i).*(?:CassandraConnector|Cluster[.]builder|com[.]datastax[.]oss|com[.]datastax[.]driver[.]core|com[.]noorq[.]casser|org[.]eclipse[.]jnosql[.]mapping[.]cassandra).*" + - "org.apache.flink.streaming.connectors.cassandra.CassandraSink.addSink.*" tags: diff --git a/rules/sinks/storages/doctrine/php.yaml b/rules/sinks/storages/doctrine/php.yaml new file mode 100644 index 00000000..b0a799e8 --- /dev/null +++ b/rules/sinks/storages/doctrine/php.yaml @@ -0,0 +1,18 @@ + +# Sink Rules for Doctrine DB Interface + +sinks: + - id: Storages.Doctrine.Interface.Initialize + name: Doctrine Interface (Initialize) + domains: + - www.doctrine-project.org + patterns: + - "(?i).*(?:Doctrine\\\\ORM\\\\EntityManager).*(__construct)" + + - id: Storages.Doctrine.Interface.ReadAndWrite + name: Doctrine Interface (Read and Write) + domains: + - www.doctrine-project.org + patterns: + - "(?i).*(?:Doctrine\\\\ORM\\\\EntityManager).*(getConnection|getMetadataFactory|getExpressionBuilder|beginTransaction|transactional|commit|rollback|getClassMetadata|createQuery|createNamedQuery|createNativeQuery|createNamedNativeQuery|createQueryBuilder|flush|find|getReference|getPartialReference|clear|close|persist|remove|refresh|detach|merge|copy|lock|getEventManager|create|insert|delete)" + tags: diff --git a/rules/sinks/storages/dynamodb/java.yaml b/rules/sinks/storages/dynamodb/java.yaml index 9b40bd95..6fa3b4cf 100644 --- a/rules/sinks/storages/dynamodb/java.yaml +++ b/rules/sinks/storages/dynamodb/java.yaml @@ -29,4 +29,5 @@ sinks: - amazon.com patterns: - "(?i)((?:com[.]amazonaws[.]services[.]dynamodbv2[.]((AmazonDynamoDB|AmazonDynamoDBAsyncClient|AmazonDynamoDBClient|AbstractAmazonDynamoDB|AbstractAmazonDynamoDBAsync|document[.]Table)[.]((batchWrite|delete|put|update)Item|transactWriteItems)[:].*))|(?:com[.]amazonaws[.]services[.]dynamodbv2[.]datamodeling[.]DynamoDBMapper[.](batchWrite|delete|save|transactionWrite)[:].*))" + - "org.apache.flink.connector.dynamodb.sink.DynamoDbSink.builder.*" tags: diff --git a/rules/sinks/storages/elasticsearch/java.yaml b/rules/sinks/storages/elasticsearch/java.yaml index e18ac598..6f242e4f 100644 --- a/rules/sinks/storages/elasticsearch/java.yaml +++ b/rules/sinks/storages/elasticsearch/java.yaml @@ -8,7 +8,7 @@ sinks: domains: - elastic.co patterns: - - "(?i).*(?:org[.]opensearch[.](action|client)|org[.]elasticsearch[.]client[.]|org[.]eclipse[.]jnosql[.]mapping[.]elasticsearch).*(?:get|list|head|select|view|find|search|match).*" + - "(?i).*(?:org[.]elasticsearch[.]client[.]|org[.]eclipse[.]jnosql[.]mapping[.]elasticsearch).*(?:get|list|head|select|view|find|search|match).*" tags: - id: Storages.Elasticsearch.Write @@ -16,5 +16,6 @@ sinks: domains: - elastic.co patterns: - - "(?i).*(?:org[.]opensearch[.](action|client)|org[.]elasticsearch[.]client[.]|org[.]eclipse[.]jnosql[.]mapping[.]elasticsearch).*(?:add|copy|apply|create|delete|modify|remove|reset|restore|insert|drop|rename|save|set|update|bulkWrite).*" + - "(?i).*(?:org[.]elasticsearch[.]client[.]|org[.]eclipse[.]jnosql[.]mapping[.]elasticsearch).*(?:add|copy|apply|create|delete|modify|remove|reset|restore|insert|drop|rename|save|set|update|bulkWrite).*" + - "org.apache.flink.connector.elasticsearch.sink.Elasticsearch.SinkBuilder.*" tags: diff --git a/rules/sinks/storages/jdbc/java.yaml b/rules/sinks/storages/jdbc/java.yaml index 46f2e7a9..814ca030 100644 --- a/rules/sinks/storages/jdbc/java.yaml +++ b/rules/sinks/storages/jdbc/java.yaml @@ -17,6 +17,7 @@ sinks: - oracle.com patterns: - "(?i)((java[.]sql[.](Statement|PreparedStatement)[.](executeUpdate|executeLargeUpdate).*)|(org[.]springframework[.]jdbc[.]core[.]JdbcTemplate[.].*update[:].*))" + - "org.apache.flink.connector.jdbc.sink.JdbcSink.builder.*" tags: - id: Storages.SpringFramework.Jdbc.Read diff --git a/rules/sinks/storages/kinesis/java.yaml b/rules/sinks/storages/kinesis/java.yaml index feeb4202..37f4f9ed 100644 --- a/rules/sinks/storages/kinesis/java.yaml +++ b/rules/sinks/storages/kinesis/java.yaml @@ -19,4 +19,5 @@ sinks: - amazon.com patterns: - "(?i).*(?:KinesisAsyncClient|KinesisClient|software.amazon.awssdk.services.kinesis).*(add|create|delete|merge|put|remove|update|set|send).*" + - "org.apache.flink.connector.kinesis.sink.KinesisStreamsSink.builder.*" tags: diff --git a/rules/sinks/storages/laravel/php.yml b/rules/sinks/storages/laravel/php.yml new file mode 100644 index 00000000..e8235aad --- /dev/null +++ b/rules/sinks/storages/laravel/php.yml @@ -0,0 +1,18 @@ + +# Sink Rules for Laravel DB Facade + +sinks: + - id: Storages.Laravel.Facade.Initialize + name: Laravel Facade (Initialize) + domains: + - laravel.com + patterns: + - "(?i).*(?:Illuminate\\\\Support\\\\Facades\\\\DB).*(connection)" + + - id: Storages.Laravel.Facade.ReadAndWrite + name: Laravel Facade (Read and Write) + domains: + - laravel.com + patterns: + - "(?i).*(?:Illuminate\\\\Support\\\\Facades\\\\DB).*(select|selectResultSets|scalar|insert|prepareBindings|unprepared|statement|delete|update|transaction|commit|begin_transaction|rollBack|table)" + tags: diff --git a/rules/sinks/storages/messagingqueue/java.yaml b/rules/sinks/storages/messagingqueue/java.yaml index ae9e71df..10057d97 100644 --- a/rules/sinks/storages/messagingqueue/java.yaml +++ b/rules/sinks/storages/messagingqueue/java.yaml @@ -6,6 +6,7 @@ sinks: - apache.com patterns: - "(?i).*((org[.]springframework[.]kafka[.]core[.]KafkaTemplate[.](doSend|send|sendAndReceive|convertAndSend|execute|commit|produce|write)[:])|(org[.]apache[.]kafka[.]clients[.]producer[.]KafkaProducer[.](sendOffsetsToTransaction|send|commit|produce|write|sendAsync)[:])|(com[.]salesforce[.]heroku[.]kafka[.]producer[.]HerokuKafkaProducer[.]send[:])|(io[.]lenses[.]kafka[.]client[.]producer[.]Producer[.]send)|(io[.]confluent[.]kafka[.]clients[.]producer[.]KafkaProducer[.]send)|(io[.]quarkus[.]kafka[.]producer[.]KafkaProducer[.]send)).*" + - "(org.apache.flink.connector.kafka.sink.KafkaSink.builder|org.apache.flink.streaming.connectors.kafka.FlinkKafkaProducer).*" tags: - id: Messaging.Queue.Kafka.Consumer @@ -22,6 +23,7 @@ sinks: - rabbitmq.com patterns: - "(?i).*(org[.]springframework[.]amqp[.]rabbit[.]core[.]RabbitTemplate[.](doSend|send|sendAndReceive|convertAndSend|execute)[:]).*" + - "org.apache.flink.streaming.connectors.rabbitmq.RMQSink.*" tags: - id: Messaging.Service.JMS.Producer diff --git a/rules/sinks/storages/mongodb/java.yaml b/rules/sinks/storages/mongodb/java.yaml index dfccd934..f34fe3d9 100644 --- a/rules/sinks/storages/mongodb/java.yaml +++ b/rules/sinks/storages/mongodb/java.yaml @@ -19,6 +19,7 @@ sinks: - mongodb.com patterns: - "(?i)(com[.]mongodb[.](client[.]MongoCollection|DBCollection)[.]((delete|deleteMany|deleteOne|findOneAnd(Delete|Replace|Update)|replace|replaceOne|replaceMany|update|updateOne|updateMany|bulkWrite|insert|insertOne|insertMany)[:].*))" + - "org.apache.flink.connector.mongodb.sink.MongoSink.builder.*" tags: - id: Storages.MongoDB.Morphia.Read diff --git a/rules/sinks/storages/mysql/php.yml b/rules/sinks/storages/mysql/php.yml new file mode 100644 index 00000000..a9fb5eaa --- /dev/null +++ b/rules/sinks/storages/mysql/php.yml @@ -0,0 +1,26 @@ + +# Sink Rules for MySQL + +sinks: + - id: Storages.MySQL.Initialize + name: MySQL DB (Initialize) + domains: + - mysql.com + patterns: + - "(?i).*(?:mysqli|mysql).*(construct|connect)" + + - id: Storages.MySQL.ReadAndWrite + name: MySQL DB (Read and Write) + domains: + - mysql.com + patterns: + - "(?i).*(?:mysqli|mysql|PDO).*(affected_rows|create_db|drop_db|construct|query|prepare|execute|bindValue|bind_param|setAttribute|store_result|fetch_all|fetch_array|fetch_row|num_fields|num_rows|next_result)" + tags: + + - id: Storages.MySQL.ClearResources + name: MySQL DB (Clear resources) + domains: + - mysql.com + patterns: + - "(?i).*(?:mysqli|mysql|PDO).*(free_result|close)" + tags: diff --git a/rules/sinks/storages/opensearch/java.yaml b/rules/sinks/storages/opensearch/java.yaml new file mode 100644 index 00000000..480090a6 --- /dev/null +++ b/rules/sinks/storages/opensearch/java.yaml @@ -0,0 +1,21 @@ + +# Sink Rules for storage database Elasticsearch - https://www.opensearch.org + +sinks: + + - id: Storages.Opensearch.Read + name: Opensearch(Read) + domains: + - opensearch.org + patterns: + - "(?i).*(?:org[.]opensearch[.](action|client)).*(?:get|list|head|select|view|find|search|match).*" + tags: + + - id: Storages.Opensearch.Write + name: Opensearch(Write) + domains: + - opensearch.org + patterns: + - "(?i).*(?:org[.]opensearch[.](action|client)).*(?:add|copy|apply|create|delete|modify|remove|reset|restore|insert|drop|rename|save|set|update|bulkWrite).*" + - "org.apache.flink.connector.opensearch.sink.OpensearchSinkBuilder.*" + tags: diff --git a/rules/sinks/storages/postgres/php.yaml b/rules/sinks/storages/postgres/php.yaml new file mode 100644 index 00000000..ebc43863 --- /dev/null +++ b/rules/sinks/storages/postgres/php.yaml @@ -0,0 +1,26 @@ + +# Sink Rules for PostgreSQL + +sinks: + - id: Storages.PostgreSQL.Initialize + name: PostgreSQL DB (Initialize) + domains: + - postgresql.org + patterns: + - "(?i).*(pg_connect|pg_connect_poll|pg_connection).*" + + - id: Storages.PostgreSQL.ReadAndWrite + name: PostgreSQL DB (Read and Write) + domains: + - postgresql.org + patterns: + - "(?i).*(pg_query|pg_fetch|pg_field|pg_lo|pg_affected_rows|pg_num|pg_result|pg_set|pg_delete).*" + tags: + + - id: Storages.PostgreSQL.ClearResources + name: PostgreSQL DB (Clear resources) + domains: + - postgresql.org + patterns: + - "(?i).*(pg_free_result|pg_close|pg_cancel_query)" + tags: diff --git a/rules/sinks/third_parties/sdk/amazonaws/java.yaml b/rules/sinks/third_parties/sdk/amazonaws/java.yaml index e777c2cd..09c4a7a9 100644 --- a/rules/sinks/third_parties/sdk/amazonaws/java.yaml +++ b/rules/sinks/third_parties/sdk/amazonaws/java.yaml @@ -306,6 +306,7 @@ sinks: - "aws.amazon.com/kinesis/data-firehose" patterns: - "(?i)(com[.]amazonaws[.]services[.]kinesisfirehose).*" + - "org.apache.flink.connector.firehose.sink.KinesisFirehoseSink.builder.*" tags: - id: ThirdParties.SDK.Amazonaws.Pinpoint diff --git a/rules/sinks/third_parties/sdk/google/java.yaml b/rules/sinks/third_parties/sdk/google/java.yaml index fa092214..cdb2baef 100644 --- a/rules/sinks/third_parties/sdk/google/java.yaml +++ b/rules/sinks/third_parties/sdk/google/java.yaml @@ -9,7 +9,24 @@ sinks: domains: - "admob.google.com" patterns: - - "(?i)(com[.]google[.]ads[.]mediation|com[.]google[.]android[.]gms[.]ads|com[.]google[.]api[.]services[.]admob|com[.]google[.]ads).*" + - "(?i)(com[.]google[.]ads[.]mediation|com[.]google[.]android[.](gms[.]ads|ump)|com[.]google[.]api[.]services[.]admob).*" + tags: + + - id: ThirdParties.SDK.Google.Ads + name: Google Ads + domains: + - "ads.google.com" + patterns: + - "(?i)(com[.]google[.]android[.]gms[.]ads|com[.]google[.]ads[.](googleads|interactivemedia)).*" + - "(?i).*(ClickConversion[.]Builder[.]).*" + tags: + + - id: ThirdParties.SDK.Google.Adsense + name: Google Adsense + domains: + - "adsense.google.com" + patterns: + - "(?i)(com[.]google[.]api[.]services[.]adsense).*" tags: - id: ThirdParties.SDK.Google.Analytics @@ -98,6 +115,7 @@ sinks: - "cloud.google.com/pubsub" patterns: - "(?i)(com[.]google[.]cloud[.]pubsub|com[.]google[.]pubsub).*" + - "org.apache.flink.streaming.connectors.gcp.pubsub.PubSubSink.newBuilder.*" tags: - id: ThirdParties.SDK.Google.Bigquery