feat: add rollbar (#595)

Bearer · Feb 16, 2023 · ecebb04 · ecebb04
1 parent 3214c9a
commit ecebb04
Show file tree

Hide file tree

Showing 6 changed files with 73 additions and 0 deletions.
diff --git a/integration/rules/javascript_test.go b/integration/rules/javascript_test.go
@@ -96,3 +96,8 @@ func TestJavascriptNewRelicSummary(t *testing.T) {
 	t.Parallel()
 	runRulesTest("javascript/third_parties/new_relic", "summary", "javascript_third_parties_new_relic", t)
 }
+
+func TestJavascriptRollbarSummary(t *testing.T) {
+	t.Parallel()
+	runRulesTest("javascript/third_parties/rollbar", "summary", "javascript_rollbar", t)
+}
diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/rollbar.yml b/pkg/commands/process/settings/rules/javascript/third_parties/rollbar.yml
@@ -0,0 +1,42 @@
+patterns:
+  - pattern: |
+      $<ROLLBAR>.$<METHOD>($<...>$<DATA_TYPE>$<...>)
+    filters:
+      - variable: DATA_TYPE
+        detection: datatype
+      - variable: ROLLBAR
+        values:
+          - rollbar
+          - Rollbar
+      - variable: METHOD
+        values:
+          - critical
+          - error
+          - warning
+          - info
+          - debug
+languages:
+  - javascript
+trigger: local
+severity:
+  default: low
+  PII: critical
+  PHI: medium
+  PD: high
+metadata:
+  description: "Do not send sensitive data to Rollbar."
+  remediation_message: |
+    ## Description
+
+    Leaking sensitive data to third-party error logging tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Rollbar.
+
+    ## Remediations
+
+    When sending data to logging libraries, ensure all sensitive data is removed.
+
+    <!--
+    ## Resources
+    Coming soon.
+    -->
+  dsr_id: DSR-1
+  id: "javascript_rollbar"
diff --git a/...s/TestJavascriptRollbarSummary-summary_javascript_third_parties_rollbar_browser_secure.js b/...s/TestJavascriptRollbarSummary-summary_javascript_third_parties_rollbar_browser_secure.js
@@ -0,0 +1,5 @@
+{}
+
+
+--
+
diff --git a/...TestJavascriptRollbarSummary-summary_javascript_third_parties_rollbar_browser_unsecure.js b/...TestJavascriptRollbarSummary-summary_javascript_third_parties_rollbar_browser_unsecure.js
@@ -0,0 +1,15 @@
+critical:
+    - rule_dsrid: DSR-1
+      rule_display_id: javascript_rollbar
+      rule_description: Do not send sensitive data to Rollbar.
+      rule_documentation_url: https://curio.sh/reference/rules/javascript_rollbar
+      line_number: 1
+      filename: pkg/commands/process/settings/rules/javascript/third_parties/rollbar/testdata/browser_unsecure.js
+      category_groups:
+        - PII
+      parent_line_number: 3
+      parent_content: Rollbar.critical("Connection error from remote Payments API", user)
+
+
+--
+
diff --git a/...mmands/process/settings/rules/javascript/third_parties/rollbar/testdata/browser_secure.js b/...mmands/process/settings/rules/javascript/third_parties/rollbar/testdata/browser_secure.js
@@ -0,0 +1,3 @@
+const user = { uuid: "aacd05fd-8f5b-4bc6-aa8b-35e5fbf37325" };
+
+Rollbar.critical("Connection error from remote Payments API", user);
diff --git a/...ands/process/settings/rules/javascript/third_parties/rollbar/testdata/browser_unsecure.js b/...ands/process/settings/rules/javascript/third_parties/rollbar/testdata/browser_unsecure.js
@@ -0,0 +1,3 @@
+const user = { name: "jhon", email: "jhon@gmail.com" };
+
+Rollbar.critical("Connection error from remote Payments API", user);