feat(JS rules): add CWE 601 for express (Open Redirect) (#641)

feat: add cwe 601 open redirect for JS express

integration/rules/javascript_test.go

@@ -39,6 +39,11 @@ func TestJavascriptLangFileGeneration(t *testing.T) {
 	getRunner(t).runTest(t, javascriptRulesPath+"lang/file_generation")
 }
 
+func TestJavascriptExpressOpenRedirect(t *testing.T) {
+	t.Parallel()
+	getRunner(t).runTest(t, javascriptRulesPath+"express/open_redirect")
+}
+
 func TestJavascriptExpressUnsafeDeserialization(t *testing.T) {
 	t.Parallel()
 	getRunner(t).runTest(t, javascriptRulesPath+"express/unsafe_deserialization")

pkg/commands/process/settings/rules/javascript/express/open_redirect.yml

@@ -0,0 +1,23 @@
+patterns:
+  - pattern: |
+      res.redirect($<EXPRESS_REQ>$<...>)
+    filters:
+      - variable: EXPRESS_REQ
+        detection: javascript_express_open_redirect_request_obj
+auxiliary:
+  - id: javascript_express_open_redirect_request_obj
+    patterns:
+      - req.$<_>
+languages:
+  - javascript
+trigger: presence
+severity:
+  default: "low"
+metadata:
+  description: "Open redirect detected."
+  remediation_message: |
+    ## Description
+    TODO.
+  cwe_id:
+    - 601
+  id: "javascript_express_open_redirect"

pkg/commands/process/settings/rules/javascript/express/open_redirect/.snapshots/TestJavascriptExpressOpenRedirect--ok_no_open_redirect.yml

@@ -0,0 +1,3 @@
+{}
+
+

pkg/commands/process/settings/rules/javascript/express/open_redirect/.snapshots/TestJavascriptExpressOpenRedirect--open_redirect.yml

@@ -0,0 +1,35 @@
+low:
+    - rule_dsrid: ""
+      rule_display_id: javascript_express_open_redirect
+      rule_description: Open redirect detected.
+      rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
+      line_number: 2
+      filename: open_redirect.js
+      parent_line_number: 2
+      parent_content: res.redirect(req.params.url)
+    - rule_dsrid: ""
+      rule_display_id: javascript_express_open_redirect
+      rule_description: Open redirect detected.
+      rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
+      line_number: 3
+      filename: open_redirect.js
+      parent_line_number: 3
+      parent_content: res.redirect(req.query.url + "/bar")
+    - rule_dsrid: ""
+      rule_display_id: javascript_express_open_redirect
+      rule_description: Open redirect detected.
+      rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
+      line_number: 4
+      filename: open_redirect.js
+      parent_line_number: 4
+      parent_content: res.redirect("https://" + req.params.url + "/bar")
+    - rule_dsrid: ""
+      rule_display_id: javascript_express_open_redirect
+      rule_description: Open redirect detected.
+      rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
+      line_number: 5
+      filename: open_redirect.js
+      parent_line_number: 5
+      parent_content: res.redirect("http://" + req.params.path + "/bar")
+
+

pkg/commands/process/settings/rules/javascript/express/open_redirect/testdata/ok_no_open_redirect.js

@@ -0,0 +1,3 @@
+module.exports.foo = function(_req, res){
+  res.redirect("https://google.com")
+}

pkg/commands/process/settings/rules/javascript/express/open_redirect/testdata/open_redirect.js

@@ -0,0 +1,6 @@
+module.exports.foo = function(req, res){
+  res.redirect(req.params.url)
+  res.redirect(req.query.url + "/bar")
+  res.redirect("https://" + req.params.url + "/bar")
+  res.redirect("http://" + req.params.path + "/bar")
+}