Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: javascript http insecure rule #551

Merged
merged 6 commits into from
Feb 13, 2023
Merged

feat: javascript http insecure rule #551

merged 6 commits into from
Feb 13, 2023

Conversation

vjerci
Copy link
Contributor

@vjerci vjerci commented Feb 10, 2023

Description

This pr adds rule for detecting communications with http insecure urls
It also cleans up a little bit other javascript rules.

patterns it looks for:

  - pattern: |
      $<LIBRARY>.$<METHOD>($<INSECURE_URL>)
    filters:
      - variable: INSECURE_URL
        detection: insecure_url
      - variable: LIBRARY
        values:
          - axios
          - http
      - variable: METHOD
        values:
          - get
          - post
          - patch
          - delete
  - pattern: |
      fetch($<INSECURE_URL>)
    filters:
      - variable: INSECURE_URL
        detection: insecure_url
  - pattern: |
      $<REQUEST>.open($<_>, $<INSECURE_URL>);
    filters:
      - variable: INSECURE_URL
        detection: insecure_url
      - variable: REQUEST
        values:
          - req
          - request
          - xhttp

Related

Checklist

  • I've added test coverage that shows my fix or feature works as expected.
  • I've updated or added documentation if required.
  • I've included usage information in the description if CLI behavior was updated or added.
  • PR title follows Conventional Commits format

@vjerci vjerci mentioned this pull request Feb 10, 2023
32 tasks
@vjerci vjerci marked this pull request as ready for review February 10, 2023 16:00
@vjerci vjerci merged commit e4fc9ba into main Feb 13, 2023
@vjerci vjerci deleted the feat/http_insecure branch February 13, 2023 14:38
@elsapet elsapet mentioned this pull request Feb 28, 2023
26 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants