Merge pull request #479 from Privado-Inc/dev

Release PR

config/systemConfig/php.yaml

@@ -1,6 +1,6 @@
 systemConfig:
   - key: apiHttpLibraries
-    value: (?i)(guzzlehttp|curl_init|requests|buzz.browser|httpful|phphttp|zend.http|buzz.client|unirest.request|curler.client|rollingcurlx|restclient|react.http|goutte.client|nyholm.psr7|restrequest|.*(httpclient)).*
+    value: (?i)(guzzlehttp|curl_init|requests|buzz.browser|httpful|phphttp|zend.http|buzz.client|unirest.request|curler.client|rollingcurlx|restclient|react.http|goutte.client|nyholm.psr7|restrequest|.*(httpclient)|psr\\\\http\\\\client|microsoft\\\\kiota|cebe\\\\openapi).*
 
   - key: apiSinks
     value: (?:url|request|sendRequest|create|client|openConnection|curl_init|request|execute|newCall|load|host|access|usequery|fetch|fetchapi|fetchlegacyxml|createfetch|postform|axios|cors|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|del|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity|call|createCall|createEndpoint|dispatch|invoke|newMessage|getInput|getOutput|getResponse|marshall|unmarshall|send|asyncSend|emit|on|track|addEventListener|ajax)

rules/sinks/leakages/logs/csharp.yaml

@@ -9,6 +9,7 @@ sinks:
     name: Log Info
     patterns:
       - "(?i).*(Microsoft[.]Extensions[.]Logging[.]ILogger).*(LogInformation|LogTrace).*"
+      - "(?i).*(Serilog).*(Information).*"
     tags:
 
   - id: Leakages.Log.Error
@@ -21,10 +22,12 @@ sinks:
     name: Log Warn
     patterns:
       - "(?i).*(Microsoft[.]Extensions[.]Logging[.]ILogger).*(LogWarning).*"
+      - "(?i).*(Serilog).*(Warning).*"
     tags:
 
   - id: Leakages.Log.Debug
     name: Log Debug
     patterns:
       - "(?i).*(Microsoft[.]Extensions[.]Logging[.]ILogger).*(LogDebug).*"
+      - "(?i).*(Serilog).*(Debug).*"
     tags:

rules/sinks/storages/doctrine/php.yaml

@@ -5,14 +5,14 @@ sinks:
   - id: Storages.Doctrine.Interface.Initialize
     name: Doctrine Interface (Initialize)
     domains:
-      - www.doctrine-project.org
+      - doctrine-project.org
     patterns:
       - "(?i).*(?:Doctrine\\\\ORM\\\\EntityManager).*(__construct)"
 
   - id: Storages.Doctrine.Interface.ReadAndWrite
     name: Doctrine Interface (Read and Write)
     domains:
-      - www.doctrine-project.org
+      - doctrine-project.org
     patterns:
       - "(?i).*(?:Doctrine\\\\ORM\\\\EntityManager).*(getConnection|getMetadataFactory|getExpressionBuilder|beginTransaction|transactional|commit|rollback|getClassMetadata|createQuery|createNamedQuery|createNativeQuery|createNamedNativeQuery|createQueryBuilder|flush|find|getReference|getPartialReference|clear|close|persist|remove|refresh|detach|merge|copy|lock|getEventManager|create|insert|delete)"
     tags:

rules/sinks/storages/mongodb/php.yaml

@@ -0,0 +1,17 @@
+
+# Sink Rules for storage database MongoDB - https://www.mongodb.com/
+
+sinks:
+  - id: Storages.MongoDB.Read
+    name: MongoDB(Read)
+    domains:
+      - mongodb.com
+    patterns:
+      - "(?i).*(MongoDB(\\\\)?(Client|Driver)).*(find|findOne|findAndModify|distinct|aggregate|execute|executeQuery)"
+
+  - id: Storages.MongoDB.Write
+    name: MongoDB(Write)
+    domains:
+      - mongodb.com
+    patterns:
+      - "(?i).*(MongoDB(\\\\)?(Client|Driver)).*(insertOne|update|updateMany|replaceOne|deleteOne|deleteMany|bulkWrite)"

rules/sinks/storages/opensearch/csharp.yaml

@@ -0,0 +1,20 @@
+
+# Sink Rules for storage database Elasticsearch - https://www.opensearch.org
+
+sinks:
+
+  - id: Storages.Opensearch.Read
+    name: Opensearch(Read)
+    domains:
+      - opensearch.org
+    patterns:
+      - "(?i).*(OpenSearch[.]Client).*(get|serarch|msearch|scroll|count|explain|termVectors|mget).*"
+    tags:
+
+  - id: Storages.Opensearch.Write
+    name: Opensearch(Write)
+    domains:
+      - opensearch.org
+    patterns:
+      - "(?i).*(Opensearch[.]Client).*(index|update|delete|bulk|reindex).*"
+    tags:

rules/sinks/storages/orm/csharp.yaml

@@ -0,0 +1,17 @@
+sinks:
+
+  - id: Storages.ORM.Dapper.Write
+    name: Dapper (Write)
+    domains:
+      - learndapper.com
+    patterns:
+      - "(?i)(Dapper).*(Execute|Insert|Update|Delete)(Async)?.*"
+    tags:
+
+  - id: Storage.ORM.Dapper.Read
+    name: Dapper (Read)
+    domains:
+      - learndapper.com
+    patterns:
+      - "(?i)(Dapper).*(Query|QuerySingle|QueryFirst|QueryMultiple)(Async)?.*"
+    tags:

rules/sinks/storages/orm/kotlin.yaml

@@ -0,0 +1,17 @@
+sinks:
+
+  - id: Storages.ORM.ORMLite.Read
+    name: ORMLite (Read)
+    domains:
+      - ormlite.com
+    patterns:
+      - "(?i)(com[.]j256[.]ormlite).*(queryForFirst|queryForId|queryForAll|countOf|queryBuilder)"
+    tags:
+
+  - id: Storages.ORM.ORMLite.Write
+    name: ORMLite (Write)
+    domains:
+      - ormlite.com
+    patterns:
+      - "(?i)(com[.]j256[.]ormlite).*(create|update|createOrUpdate|delete|deleteById|deleteBuilder)"
+    tags:

rules/sinks/storages/redis/csharp.yaml

@@ -0,0 +1,17 @@
+sinks:
+
+  - id: Storages.Redis.Read
+    name: Redis DB(Read)
+    domains:
+      - redis.io
+    patterns:
+      - "(?i)(stackExchange[.]redis).*[.](StringGet)"
+    tags:
+
+  - id: Storages.Redis.Write
+    name: Redis DB(Write)
+    domains:
+      - redis.io
+    patterns:
+      - "(?i)(stackExchange[.]redis).*[.](Set|HSet|Del)"
+    tags:

rules/sinks/third_parties/sdk/amazon/csharp.yaml

@@ -57,7 +57,7 @@ sinks:
     domains:
       - "aws.amazon.com/secrets-manager/"
     patterns:
-      - "(?i)(AWSSDK[.]SecretsManager|AWSSDK[.]SecretsManager[.]Caching).*"
+      - "(?i)((AWSSDK|Amazon)[.]SecretsManager|AWSSDK[.]SecretsManager[.]Caching).*"
     tags:
 
   - id: ThirdParties.SDK.Amazonaws.Lambda

rules/sinks/third_parties/sdk/amazon/php.yaml

@@ -11,6 +11,7 @@ sinks:
     patterns:
       - "(?i)(aws.laravel).*"
       - "(?i).*(easy.amazon.advertising|sns.push|instantaccess.sdk|kinesis|rds.data.service|amazon.advertising.laravel|selling.partner.api|amazon.advertising.api.sdk|amazon.pay.api.sdk.|paapisdk|predis.client.nette.extension|firehose|simple.s3|typo3.aws|amazon.mws.sdk|secrets.manager|cloud.watch.logs|step.functions|amazon.pay.sdk|cloud.watch|event.bridge|amazon.mws.bundle|dynamo.db.session|yii.aws|dynamodb.sessions.dependency.free|amazon.mws.complete|login.and.pay.with.amazon.sdk.|sp.api.sdk|amazon.paapi5.sdk|cognito.identity.provider|paapi5.sdk).*"
+      - "(?i).*(aws\\\\s3\\\\s3client).*"
     tags:
 
   - id: ThirdParties.SDK.Amazon

rules/sinks/third_parties/sdk/datadog/go.yaml → rules/sinks/third_parties/sdk/componentspace/csharp.yaml

@@ -4,10 +4,10 @@
 
 sinks:
 
-  - id: ThirdParties.SDK.Datadog
-    name: Datadog
+  - id: ThirdParties.SDK.ComponentSpace
+    name: ComponentSpace
     domains:
-      - "datadoghq.com"
+      - "componentspace.com"
     patterns:
-      - "(?i)(github.com|gopkg.in)(/)(DataDog)(/)(datadog-go|dd-trace-go).*"
+      - "(?i)(Component[.]Saml).*"
     tags:

rules/sinks/third_parties/sdk/datadoghq/go.yaml

@@ -9,5 +9,5 @@ sinks:
     domains:
       - "datadoghq.com"
     patterns:
-      - "(?i)(github.com)(/)(DataDog)(/)(opencensus-go-exporter-datadog).*"
+      - "(?i)(github.com|gopkg.in)(/)(DataDog)(/)(opencensus-go-exporter-datadog|datadog-go|dd-trace-go).*"
     tags:

rules/sinks/third_parties/sdk/google/java.yaml

@@ -1004,4 +1004,12 @@ sinks:
       - "firebase.google.com/docs/crashlytics"
     patterns:
       - "(?i)(com[.]crashlytics|com.firebase.crashlytics|com.google.firebase.crashlytics).*"
-    tags: 
+    tags:
+
+  - id: ThirdParties.SDK.Google.Firebase.Messaging
+    name: Google Firebase
+    domains:
+      - "firebase.google.com"
+    patterns:
+      - "(?i)(com[.]google[.]firebase[.](ktx|messaging)).*"
+    tags:

rules/sinks/third_parties/sdk/google/kotlin.yaml

@@ -7,4 +7,5 @@ sinks:
       - "(?i)(com[.]google[.]firebase)[.](?!(database)).*"
       - "(?i)(com[.]firebase)[.](?!(database)).*"
       - "(?i)(io[.]firebase)[.](?!(database)).*"
+      - "(?i)(com[.]google[.]firebase[.]remoteconfig).*"
     tags:

rules/sinks/third_parties/sdk/launchdarkly/csharp.yaml

@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Launchdarkly
+    name: Launchdarkly
+    domains:
+      - "launchdarkly.com"
+    patterns:
+      - "(?i)(LaunchDarkly[.]Sdk).*"
+    tags:

rules/sinks/third_parties/sdk/microsoft/php.yaml

@@ -301,3 +301,11 @@ sinks:
     patterns:
       - "(?i)azure.powerbi.*"
     tags:
+
+  - id: ThirdParties.SDK.Microsoft.Graph
+    name: Microsoft Graph
+    domains:
+      - "developer.microsoft.com/graph"
+    patterns:
+      - "(?i)Microsoft\\\\Graph.*"
+    tags:

rules/sinks/third_parties/sdk/opentelemetry/php.yaml

@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Opentelemetry
+    name: Opentelemetry
+    domains:
+      - "opentelemetry.io"
+    patterns:
+      - "(?i)(OpenTelemetry\\\\(sdk|api)).*"
+    tags:

rules/sinks/third_parties/sdk/pendo/java.yaml

@@ -0,0 +1,13 @@
+
+#  Sink rule for ThirdParty SDK
+#  The id follows a format : "ThirdParties.SDK.<THIRD_PARTY_ORGANISATION>.<SUB_ORGANISATION_IF_APPLICABLE>"
+
+sinks:
+
+  - id: ThirdParties.SDK.Pendo
+    name: Pendo
+    domains:
+      - "pendo.io"
+    patterns:
+      - "(?i)(sdk[.]pendo[.]io[.]Pendo).*"
+    tags:

rules/sources/financial_data.yaml

@@ -135,7 +135,7 @@ sources:
     isSensitive: False
     sensitivity: medium
     patterns:
-      - "(?i).*(salary[^\\s/(;)#|,=!>]{0,10}(?:details|detail|slip|pay)|employee[^\\s/(;)#|,=!>]{0,10}salary|basic[^\\s/(;)#|,=!>]{0,10}salary|(?:dearness|houserent)[^\\s/(;)#|,=!>]{0,10}allowance|salary)"
+      - "(?i).*(salary[^\\s/(;)#|,=!>]{0,10}(?:details|detail|slip|pay)|employee[^\\s/(;)#|,=!>]{0,10}salary|basic[^\\s/(;)#|,=!>]{0,10}salary|(?:dearness|houserent)[^\\s/(;)#|,=!>]{0,10}allowance|salary)|(previous|prev|current|curr)[^\\s/(;)#|,=!>]*(employee|employment)[^\\s/(;)#|,=!>]*(?:pay|salary)"
     tags:
       law: GDPR
 
@@ -155,6 +155,6 @@ sources:
     isSensitive: True
     sensitivity: high
     patterns:
-      - "(?i).*(insurance[^\\s/(;)#|,=!>]*(?:policy|plan|card|claim)|(?:insurance)[^\\s/(;)#|,=!>]*(?:card|policy|claim|plan|company)|card[^\\s/(;)#|,=!>]*insurance|insurance[^\\s/(;)#|,=!>]*policy[^\\s/(;)#|,=!>]*(?:nbr|number|id|no)|insurance[^\\s/(;)#|,=!>]*claim[^\\s/(;)#|,=!>]*(?:nbr|number|id|no))"
+      - "(?i).*(insurance[^\\s/(;)#|,=!>]*(?:policy|plan|card|claim)|(?:insurance)[^\\s/(;)#|,=!>]*(?:card|policy|claim|plan|company)|card[^\\s/(;)#|,=!>]*insurance|insurance[^\\s/(;)#|,=!>]*policy[^\\s/(;)#|,=!>]*(?:nbr|number|id|no)|insurance[^\\s/(;)#|,=!>]*claim[^\\s/(;)#|,=!>]*(?:nbr|number|id|no)|ni[-_]?(?:nbr|no|number))"
     tags:
       law: GDPR

rules/sources/national_identification_numbers.yaml

@@ -48,3 +48,13 @@ sources:
       - "(?i)(employer[^\\s/(;)#|,=!>]{0,3}(identification|id)[^\\s/(;)#|,=!>]{0,3}(?:number|no)|ein)"
     tags:
       law: GDPR
+
+  - id: Data.Sensitive.NationalIdentificationNumbers.PersonalPublicServiceNumber
+    name: Personal Public Service Number
+    category: National Identification Numbers
+    isSensitive: False
+    sensitivity: high
+    patterns:
+      - "(?i)(personal[^\\s/(;)#|,=!>]{0,3}(public)[^\\s/(;)#|,=!>]{0,3}(?:number|no)|pps[-_]?(?:nbr|no|number))"
+    tags:
+      law: GDPR

rules/sources/personal_identification.yaml

@@ -15,7 +15,7 @@ sources:
     isSensitive: False
     sensitivity: low
     patterns:
-      - "(?i).*((?:first|given)[^\\s/(;)#|,=!>]{0,5}|full)name"
+      - "(?i).*((?:first|given)[^\\s/(;)#|,=!>]{0,5}|fore[-_]?|full[-_]?)name"
     tags:
       law: GDPR