Skip to content

Commit

Permalink
feat: add ruby rollbar rule (#515)
Browse files Browse the repository at this point in the history 
feat: add rollbar rule
  • Loading branch information
@didroe
didroe authored Feb 8, 2023
1 parent e34ab52 commit 5f9935f
Show file tree
Hide file tree
Showing 23 changed files with 620 additions and 0 deletions.
10 changes: 10 additions & 0 deletions integration/rules/ruby_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,16 @@ func TestRubyThirdPartiesNewRelicDataflow(t *testing.T) {
runRulesTest("ruby/third_parties/new_relic", "dataflow", "ruby_third_parties_new_relic", t)
}

func TestRubyThirdPartiesRollbarSummary(t *testing.T) {
t.Parallel()
runRulesTest("ruby/third_parties/rollbar", "summary", "ruby_third_parties_rollbar", t)
}

func TestRubyThirdPartiesRollbarDataflow(t *testing.T) {
t.Parallel()
runRulesTest("ruby/third_parties/rollbar", "dataflow", "ruby_third_parties_rollbar", t)
}

func TestRubyThirdPartiesSentrySummary(t *testing.T) {
t.Parallel()
runRulesTest("ruby/third_parties/sentry", "summary", "ruby_third_parties_sentry", t)
Expand Down
68 changes: 68 additions & 0 deletions pkg/commands/process/settings/rules/ruby/third_parties/rollbar.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
patterns:
- pattern: |
$<_>.rollbar_context = $<DATA_TYPE>
filters:
- variable: DATA_TYPE
detection: datatype
- pattern: |
Rollbar.$<METHOD>($<...>$<DATA_TYPE>$<...>)
filters:
- variable: METHOD
values:
- critical
- error
- debug
- info
- warning
- scope
- scope!
- variable: DATA_TYPE
detection: datatype
- pattern: |
Rollbar.log($<_>, $<...>$<DATA_TYPE>$<...>)
filters:
- variable: DATA_TYPE
detection: datatype
- pattern: |
$<INSTANCE>.scope($<...>$<DATA_TYPE>$<...>)
filters:
- variable: INSTANCE
detection: ruby_third_parties_rollbar_scope
- variable: DATA_TYPE
detection: datatype
- pattern: |
Rollbar.scoped($<...>$<DATA_TYPE>$<...>)$<...>
filters:
- variable: DATA_TYPE
detection: datatype
languages:
- ruby
auxiliary:
- id: ruby_third_parties_rollbar_scope
patterns:
- |
Rollbar.scope()
trigger: local
severity:
default: low
PII: critical
PHI: medium
PD: high
skip_data_types:
- "Unique Identifier"
metadata:
description: "Do not send sensitive data to Rollbar."
remediation_message: |
## Description
Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Rollbar.
## Remediations
When logging errors or events, ensure all sensitive data is removed.
## Resources
- [Rollbar docs](https://docs.rollbar.com/docs/ruby)
- [Scrubbing items](https://docs.rollbar.com/docs/ruby#section-scrubbing-items)
dsr_id: DSR-1
associated_recipe: Rollbar
id: ruby_third_parties_rollbar
19 changes: 19 additions & 0 deletions ...ubyThirdPartiesRollbarDataflow-dataflow_ruby_third_parties_rollbar_datatype_in_context.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
risks:
- detector_id: ruby_third_parties_rollbar
data_types:
- name: Email Address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_context.rb
line_number: 1
parent:
line_number: 1
content: 'exception.rollbar_context = { user: { email: "someone@example.com" } }'
field_name: email
object_name: user
subject_name: User
components: []


--

57 changes: 57 additions & 0 deletions ...estRubyThirdPartiesRollbarDataflow-dataflow_ruby_third_parties_rollbar_datatype_in_log.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
data_types:
- name: Email Address
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log.rb
line_number: 1
field_name: email
object_name: user
subject_name: User
- name: Firstname
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log.rb
line_number: 3
field_name: first_name
object_name: user
subject_name: User
risks:
- detector_id: ruby_third_parties_rollbar
data_types:
- name: Email Address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log.rb
line_number: 1
parent:
line_number: 1
content: 'Rollbar.log("error", "oops #{user.email}")'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log.rb
line_number: 2
parent:
line_number: 2
content: 'Rollbar.log("error", "oops", user: { email: "someone@example.com" })'
field_name: email
object_name: user
subject_name: User
- name: Firstname
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log.rb
line_number: 3
parent:
line_number: 3
content: 'Rollbar.log("error", "oops", { user: { first_name: "someone" } })'
field_name: first_name
object_name: user
subject_name: User
components: []


--

122 changes: 122 additions & 0 deletions ...ThirdPartiesRollbarDataflow-dataflow_ruby_third_parties_rollbar_datatype_in_log_helper.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
data_types:
- name: Email Address
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 1
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 2
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 6
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 8
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 10
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 12
field_name: email
object_name: user
subject_name: User
- name: Firstname
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 4
field_name: first_name
object_name: user
subject_name: User
risks:
- detector_id: ruby_third_parties_rollbar
data_types:
- name: Email Address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 1
parent:
line_number: 1
content: 'Rollbar.critical("oops #{user.email}")'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 2
parent:
line_number: 2
content: 'Rollbar.critical(e, "oops #{user.email}")'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 3
parent:
line_number: 3
content: 'Rollbar.critical(e, user: { email: "someone@example.com" })'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 6
parent:
line_number: 6
content: 'Rollbar.error("oops #{user.email}")'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 8
parent:
line_number: 8
content: 'Rollbar.debug("oops #{user.email}")'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 10
parent:
line_number: 10
content: 'Rollbar.info("oops #{user.email}")'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 12
parent:
line_number: 12
content: 'Rollbar.warning("oops #{user.email}")'
field_name: email
object_name: user
subject_name: User
- name: Firstname
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_log_helper.rb
line_number: 4
parent:
line_number: 4
content: 'Rollbar.critical(e, { user: { first_name: "someone" } })'
field_name: first_name
object_name: user
subject_name: User
components: []


--

62 changes: 62 additions & 0 deletions ...tRubyThirdPartiesRollbarDataflow-dataflow_ruby_third_parties_rollbar_datatype_in_scope.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
data_types:
- name: Email Address
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_scope.rb
line_number: 1
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_scope.rb
line_number: 3
field_name: email
object_name: user
subject_name: User
risks:
- detector_id: ruby_third_parties_rollbar
data_types:
- name: Email Address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_scope.rb
line_number: 1
parent:
line_number: 1
content: 'Rollbar.scope!({ user: { email: "someone@example.com" }})'
field_name: email
object_name: user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_scope.rb
line_number: 3
parent:
line_number: 5
content: Rollbar.scope(user)
field_name: email
object_name: user
subject_name: User
- name: Firstname
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_scope.rb
line_number: 7
parent:
line_number: 7
content: 'notifier.scope(user: { first_name: "someone" })'
field_name: first_name
object_name: user
subject_name: User
- detector_id: ruby_third_parties_rollbar_scope
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_scope.rb
line_number: 5
parent:
line_number: 5
content: Rollbar.scope(user)
content: |
Rollbar.scope()
components: []


--

22 changes: 22 additions & 0 deletions ...RubyThirdPartiesRollbarDataflow-dataflow_ruby_third_parties_rollbar_datatype_in_scoped.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
risks:
- detector_id: ruby_third_parties_rollbar
data_types:
- name: Email Address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/datatype_in_scoped.rb
line_number: 1
parent:
line_number: 3
content: |-
Rollbar.scoped(scope) do
call
end
field_name: email
object_name: person
subject_name: User
components: []


--

19 changes: 19 additions & 0 deletions ...ubyThirdPartiesRollbarDataflow-dataflow_ruby_third_parties_rollbar_ok_datatype_ignored.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
risks:
- detector_id: ruby_third_parties_rollbar
data_types:
- name: Unique Identifier
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/rollbar/testdata/ok_datatype_ignored.rb
line_number: 1
parent:
line_number: 1
content: 'exception.rollbar_context = { user: { user_id: 123 } }'
field_name: user_id
object_name: user
subject_name: User
components: []


--

5 changes: 5 additions & 0 deletions ...TestRubyThirdPartiesRollbarDataflow-dataflow_ruby_third_parties_rollbar_ok_no_datatype.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
components: []


--

Loading

0 comments on commit 5f9935f

Please sign in to comment.