From 94b20d0ef2edb93d63a28d28fcf1d37c72a87f19 Mon Sep 17 00:00:00 2001
From: vjerci <27707350+vjerci@users.noreply.github.com>
Date: Tue, 28 Feb 2023 12:14:23 +0100
Subject: [PATCH] feat: enrich js axios rule

---
 .../rules/javascript/lang/http_insecure.yml         | 13 +++++++++++++
 ...riptHTTPInsecure--axios_with_config_insecure.yml | 13 +++++++++++++
 .../testdata/axios_with_config_insecure.js          |  7 +++++++
 3 files changed, 33 insertions(+)
 create mode 100644 pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_with_config_insecure.yml
 create mode 100644 pkg/commands/process/settings/rules/javascript/lang/http_insecure/testdata/axios_with_config_insecure.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml
index f2879edf4..09bff2eba 100644
--- a/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml
+++ b/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml
@@ -14,6 +14,11 @@ patterns:
           - post
           - patch
           - delete
+  - pattern: |
+      axios($<INSECURE_CONFIG>)
+    filters:
+      - variable: INSECURE_CONFIG
+        detection: javascript_http_insecure_axios_object
   - pattern: |
       fetch($<INSECURE_URL>$<...>)
     filters:
@@ -29,6 +34,14 @@ patterns:
           - req
           - request
           - xhttp
+auxiliary:
+  - id: javascript_http_insecure_axios_object
+    patterns:
+      - pattern: |
+          { url: $<INSECURE_URL> }
+        filters:
+          - variable: INSECURE_URL
+            detection: insecure_url
 languages:
   - javascript
 trigger: presence
diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_with_config_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_with_config_insecure.yml
new file mode 100644
index 000000000..6603ceb18
--- /dev/null
+++ b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_with_config_insecure.yml
@@ -0,0 +1,13 @@
+low:
+    - rule:
+        cwe_ids:
+            - "319"
+        id: javascript_http_insecure
+        description: Connection with an unsecure HTTP communication detected.
+        documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure
+      line_number: 7
+      filename: axios_with_config_insecure.js
+      parent_line_number: 7
+      parent_content: axios(config)
+
+
diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/testdata/axios_with_config_insecure.js b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/testdata/axios_with_config_insecure.js
new file mode 100644
index 000000000..f95e15f99
--- /dev/null
+++ b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/testdata/axios_with_config_insecure.js
@@ -0,0 +1,7 @@
+const insecure_url = "http://domain.com/api/movies";
+const config = {
+	method: "GET",
+	headers: { "content-type": "application/json" },
+	url: insecure_url,
+};
+axios(config);