diff --git a/.gitignore b/.gitignore index a973bfc7..379e8018 100644 --- a/.gitignore +++ b/.gitignore @@ -246,4 +246,6 @@ dist # files privado notes.md + +#Directory created by IDE workspace \ No newline at end of file diff --git a/config/systemConfig/go.yaml b/config/systemConfig/go.yaml new file mode 100644 index 00000000..e773a593 --- /dev/null +++ b/config/systemConfig/go.yaml @@ -0,0 +1,9 @@ +systemConfig: + - key: apiHttpLibraries + value: ^(?i)(net/http|github.com/parnurzeal/gorequest|gopkg.in/resty|github.com/gojektech/heimdall/v\\d/httpclient|github.com/levigross/grequests|github.com/PuerkitoBio/rehttp|github.com/machinebox/graphql).* + + - key: apiSinks + value: (?i)(?:url|client|open|request|execute|newCall|load|host|access|list|set|put|post|proceed|trace|patch|Path|send|remove|delete|write|read|postForEntity|call|createCall|createEndpoint|dispatch|invoke|getInput|getOutput|getResponse|do) + + - key: apiIdentifier + value: (?i).*((hook|base|auth|prov|endp|install|request|service|gateway|route|resource)(.){0,12}url|(slack|web)(.){0,4}hook|(rest|api|request|service)(.){0,4}(endpoint|gateway|route)).* \ No newline at end of file diff --git a/rules/sinks/internal_apis/api/go.yaml b/rules/sinks/internal_apis/api/go.yaml new file mode 100644 index 00000000..3c5363a5 --- /dev/null +++ b/rules/sinks/internal_apis/api/go.yaml @@ -0,0 +1,6 @@ +sinks: + - id: Sinks.API.InternalAPI + name: Internal APIs + patterns: + - "((http|https|ftp|ssh):\\/\\/){0,1}(((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}|(localhost))(:[0-9]{2,4}){0,1}(\\/([a-z]){0,1}){0,1}.*" + tags: diff --git a/rules/sinks/third_parties/api/go.yaml b/rules/sinks/third_parties/api/go.yaml new file mode 100644 index 00000000..fbfd0570 --- /dev/null +++ b/rules/sinks/third_parties/api/go.yaml @@ -0,0 +1,8 @@ +sinks: + + - id: Sinks.ThirdParties.API + name: Third Party API + patterns: + - "(?i)((?:http|https):\\/\\/[a-zA-Z0-9_-][^)\\/(#|,!>\\s]{1,50}\\.(?:com|net|org|de|in|uk|us|io|gov|cn|ml|ai|ly|dev|cloud|me|icu|ru|info|top|tk|tr|cn|ga|cf|nl)).*(?