From c4432cbf1fd9d4321b4ecb7f890e33a68e5b1297 Mon Sep 17 00:00:00 2001 From: ritwikp Date: Fri, 29 Nov 2024 16:32:56 +0530 Subject: [PATCH 1/3] Changed @ast-grep/cli package version --- package-lock.json | 64 +++++++++++++++++++++++------------------------ package.json | 4 +-- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/package-lock.json b/package-lock.json index 28b69a9a..5baf8101 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,13 +9,13 @@ "version": "1.0.0", "license": "ISC", "devDependencies": { - "@ast-grep/cli": "^0.28.1" + "@ast-grep/cli": "^0.30.1" } }, "node_modules/@ast-grep/cli": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli/-/cli-0.28.1.tgz", - "integrity": "sha512-wWUYybgbM4iqODDSLEWfj8BsuHB18WwioQMe4eaybeyAVCGHp3XgAax2yFtbghvbfOjXjOtpd+FuTEI3kkbzFQ==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli/-/cli-0.30.1.tgz", + "integrity": "sha512-or1izzRdiqMCwM7/XbJhu2GSIwlf5iwjS8lXnCdEEPTPMVbmbsg0u872C2tU1oEsC8gluF6gI4xWUCGt4H1N5w==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -29,19 +29,19 @@ "node": ">= 12.0.0" }, "optionalDependencies": { - "@ast-grep/cli-darwin-arm64": "0.28.1", - "@ast-grep/cli-darwin-x64": "0.28.1", - "@ast-grep/cli-linux-arm64-gnu": "0.28.1", - "@ast-grep/cli-linux-x64-gnu": "0.28.1", - "@ast-grep/cli-win32-arm64-msvc": "0.28.1", - "@ast-grep/cli-win32-ia32-msvc": "0.28.1", - "@ast-grep/cli-win32-x64-msvc": "0.28.1" + "@ast-grep/cli-darwin-arm64": "0.30.1", + "@ast-grep/cli-darwin-x64": "0.30.1", + "@ast-grep/cli-linux-arm64-gnu": "0.30.1", + "@ast-grep/cli-linux-x64-gnu": "0.30.1", + "@ast-grep/cli-win32-arm64-msvc": "0.30.1", + "@ast-grep/cli-win32-ia32-msvc": "0.30.1", + "@ast-grep/cli-win32-x64-msvc": "0.30.1" } }, "node_modules/@ast-grep/cli-darwin-arm64": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-arm64/-/cli-darwin-arm64-0.28.1.tgz", - "integrity": "sha512-QumziVgEcGo5eWw4J+nxlCj1rEfwSDQp3PCsPp8VN2uWXDS46Wh84Ot7wQ4kXhQDPc8kVlrIa8ZEMT2KfAau4A==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-arm64/-/cli-darwin-arm64-0.30.1.tgz", + "integrity": "sha512-/ORnqrAnIieWVNmH1SxTLuitGbsImbtFB77feK9oYqCTOFrcCP5W1ldzXBtspm96nynA+X6e1TxGwDwG7Gr1og==", "cpu": [ "arm64" ], @@ -55,9 +55,9 @@ } }, "node_modules/@ast-grep/cli-darwin-x64": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-x64/-/cli-darwin-x64-0.28.1.tgz", - "integrity": "sha512-kzESf9X31j/TZYrpmxLHmowNfHB4mfhVPbgrqw8TdhvaRgb1qFNU2qsx35S10s1T6Z7ixjaoJCAKdqk0CrMsCA==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-x64/-/cli-darwin-x64-0.30.1.tgz", + "integrity": "sha512-oTe0nvGqwlI40qC1cGOSEU+tPLWi7KHolwEXWoWOqYwy9JKh9KTNvz7wuA9uKAxe/JEBNEbTPpgLlwN8wHyONg==", "cpu": [ "x64" ], @@ -71,9 +71,9 @@ } }, "node_modules/@ast-grep/cli-linux-arm64-gnu": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-0.28.1.tgz", - "integrity": "sha512-PWPTrhhVC5qoRDsgvZwkuHcC2C2vXtsFhMGQYb2Q0AXAcZckp38qCPwjyi1GBCDYpyx3Kydr1lpYCqpbTFL74Q==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-0.30.1.tgz", + "integrity": "sha512-v+YhYb7wAs7j8X6m1WemNajy/Uo6+ng8tPBSgWsPzYS4+BHbHaD3+MLMyw5uRY5N0sRDpDLQcMemLEUFyVSDpg==", "cpu": [ "arm64" ], @@ -87,9 +87,9 @@ } }, "node_modules/@ast-grep/cli-linux-x64-gnu": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-x64-gnu/-/cli-linux-x64-gnu-0.28.1.tgz", - "integrity": "sha512-claYczXenZj9BIEogpgp1o75+XNORgPlCivcLN/xVAI/ThHOJlu9rWSbkbHIbCVKRVIzwzOU3dyp/maU1kaCHg==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-x64-gnu/-/cli-linux-x64-gnu-0.30.1.tgz", + "integrity": "sha512-201roQu7EEi9h3wLFXHhr1j3VHPAnaqYPwJgR8OhKd82IWYSy2Cm245Xdesgav0BDk/3gZ2u/9drBdPaFd27mA==", "cpu": [ "x64" ], @@ -103,9 +103,9 @@ } }, "node_modules/@ast-grep/cli-win32-arm64-msvc": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-0.28.1.tgz", - "integrity": "sha512-gCsyBC0IeuhjzVy2IpFAyqh7I0BdTc1QTS01KuREJuch1zlF0zzyK6xuZO0ZatNyNGJoAdi+57v+AMBwyGok/A==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-0.30.1.tgz", + "integrity": "sha512-7NEdAQKH+k/yT6tcjrPJi6YdOed8On+qNeXXTWQXdqDKHlG+PWpmKDrD56ud1Q+fRicZ3VC3w5AqtCoXS3g4AQ==", "cpu": [ "arm64" ], @@ -119,9 +119,9 @@ } }, "node_modules/@ast-grep/cli-win32-ia32-msvc": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-0.28.1.tgz", - "integrity": "sha512-BwlTnHQ77VOCk5fBBOxMWzU8+u0aBMT4wtK8GZK1nOGgFVnbZ+EQL5runCzaSVADQ4butIRBO+VA6mUlSE83lw==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-0.30.1.tgz", + "integrity": "sha512-TP4goLFd2Da9MvPGcWv5kUkFByPiq2MctduP36w8jwIYx03QjXQU8AqDjA7Ym03420Q1ReFnOOLUcedOsgNN0g==", "cpu": [ "ia32" ], @@ -135,9 +135,9 @@ } }, "node_modules/@ast-grep/cli-win32-x64-msvc": { - "version": "0.28.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-x64-msvc/-/cli-win32-x64-msvc-0.28.1.tgz", - "integrity": "sha512-36xPIdYTLtkn5mUyFemjkzrn4o8XAzdNCaPA4j6iz+dZeSIDD4ChnsDUrdMd1e94Q4xF21MKURxennEM2fe3LQ==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-x64-msvc/-/cli-win32-x64-msvc-0.30.1.tgz", + "integrity": "sha512-EXXiCAbAXqcFTMj8RGU3ut4oThpgHmdPZ7bJOLtB0or5otkyGrcVYPYElN/GTZjDY+hpxS1gkAtrvRVciOa/WQ==", "cpu": [ "x64" ], diff --git a/package.json b/package.json index 7568aa33..04ea1896 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,6 @@ "author": "", "license": "ISC", "devDependencies": { - "@ast-grep/cli": "^0.28.1" + "@ast-grep/cli": "^0.30.1" } -} +} \ No newline at end of file From 7961ac39af9db951009160b6560986a6e089d1b0 Mon Sep 17 00:00:00 2001 From: ritwikp Date: Fri, 29 Nov 2024 16:35:29 +0530 Subject: [PATCH 2/3] Reverted change of @ast-grep/cli package version --- package-lock.json | 64 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5baf8101..28b69a9a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,13 +9,13 @@ "version": "1.0.0", "license": "ISC", "devDependencies": { - "@ast-grep/cli": "^0.30.1" + "@ast-grep/cli": "^0.28.1" } }, "node_modules/@ast-grep/cli": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli/-/cli-0.30.1.tgz", - "integrity": "sha512-or1izzRdiqMCwM7/XbJhu2GSIwlf5iwjS8lXnCdEEPTPMVbmbsg0u872C2tU1oEsC8gluF6gI4xWUCGt4H1N5w==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli/-/cli-0.28.1.tgz", + "integrity": "sha512-wWUYybgbM4iqODDSLEWfj8BsuHB18WwioQMe4eaybeyAVCGHp3XgAax2yFtbghvbfOjXjOtpd+FuTEI3kkbzFQ==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -29,19 +29,19 @@ "node": ">= 12.0.0" }, "optionalDependencies": { - "@ast-grep/cli-darwin-arm64": "0.30.1", - "@ast-grep/cli-darwin-x64": "0.30.1", - "@ast-grep/cli-linux-arm64-gnu": "0.30.1", - "@ast-grep/cli-linux-x64-gnu": "0.30.1", - "@ast-grep/cli-win32-arm64-msvc": "0.30.1", - "@ast-grep/cli-win32-ia32-msvc": "0.30.1", - "@ast-grep/cli-win32-x64-msvc": "0.30.1" + "@ast-grep/cli-darwin-arm64": "0.28.1", + "@ast-grep/cli-darwin-x64": "0.28.1", + "@ast-grep/cli-linux-arm64-gnu": "0.28.1", + "@ast-grep/cli-linux-x64-gnu": "0.28.1", + "@ast-grep/cli-win32-arm64-msvc": "0.28.1", + "@ast-grep/cli-win32-ia32-msvc": "0.28.1", + "@ast-grep/cli-win32-x64-msvc": "0.28.1" } }, "node_modules/@ast-grep/cli-darwin-arm64": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-arm64/-/cli-darwin-arm64-0.30.1.tgz", - "integrity": "sha512-/ORnqrAnIieWVNmH1SxTLuitGbsImbtFB77feK9oYqCTOFrcCP5W1ldzXBtspm96nynA+X6e1TxGwDwG7Gr1og==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-arm64/-/cli-darwin-arm64-0.28.1.tgz", + "integrity": "sha512-QumziVgEcGo5eWw4J+nxlCj1rEfwSDQp3PCsPp8VN2uWXDS46Wh84Ot7wQ4kXhQDPc8kVlrIa8ZEMT2KfAau4A==", "cpu": [ "arm64" ], @@ -55,9 +55,9 @@ } }, "node_modules/@ast-grep/cli-darwin-x64": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-x64/-/cli-darwin-x64-0.30.1.tgz", - "integrity": "sha512-oTe0nvGqwlI40qC1cGOSEU+tPLWi7KHolwEXWoWOqYwy9JKh9KTNvz7wuA9uKAxe/JEBNEbTPpgLlwN8wHyONg==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-darwin-x64/-/cli-darwin-x64-0.28.1.tgz", + "integrity": "sha512-kzESf9X31j/TZYrpmxLHmowNfHB4mfhVPbgrqw8TdhvaRgb1qFNU2qsx35S10s1T6Z7ixjaoJCAKdqk0CrMsCA==", "cpu": [ "x64" ], @@ -71,9 +71,9 @@ } }, "node_modules/@ast-grep/cli-linux-arm64-gnu": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-0.30.1.tgz", - "integrity": "sha512-v+YhYb7wAs7j8X6m1WemNajy/Uo6+ng8tPBSgWsPzYS4+BHbHaD3+MLMyw5uRY5N0sRDpDLQcMemLEUFyVSDpg==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-0.28.1.tgz", + "integrity": "sha512-PWPTrhhVC5qoRDsgvZwkuHcC2C2vXtsFhMGQYb2Q0AXAcZckp38qCPwjyi1GBCDYpyx3Kydr1lpYCqpbTFL74Q==", "cpu": [ "arm64" ], @@ -87,9 +87,9 @@ } }, "node_modules/@ast-grep/cli-linux-x64-gnu": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-x64-gnu/-/cli-linux-x64-gnu-0.30.1.tgz", - "integrity": "sha512-201roQu7EEi9h3wLFXHhr1j3VHPAnaqYPwJgR8OhKd82IWYSy2Cm245Xdesgav0BDk/3gZ2u/9drBdPaFd27mA==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-linux-x64-gnu/-/cli-linux-x64-gnu-0.28.1.tgz", + "integrity": "sha512-claYczXenZj9BIEogpgp1o75+XNORgPlCivcLN/xVAI/ThHOJlu9rWSbkbHIbCVKRVIzwzOU3dyp/maU1kaCHg==", "cpu": [ "x64" ], @@ -103,9 +103,9 @@ } }, "node_modules/@ast-grep/cli-win32-arm64-msvc": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-0.30.1.tgz", - "integrity": "sha512-7NEdAQKH+k/yT6tcjrPJi6YdOed8On+qNeXXTWQXdqDKHlG+PWpmKDrD56ud1Q+fRicZ3VC3w5AqtCoXS3g4AQ==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-0.28.1.tgz", + "integrity": "sha512-gCsyBC0IeuhjzVy2IpFAyqh7I0BdTc1QTS01KuREJuch1zlF0zzyK6xuZO0ZatNyNGJoAdi+57v+AMBwyGok/A==", "cpu": [ "arm64" ], @@ -119,9 +119,9 @@ } }, "node_modules/@ast-grep/cli-win32-ia32-msvc": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-0.30.1.tgz", - "integrity": "sha512-TP4goLFd2Da9MvPGcWv5kUkFByPiq2MctduP36w8jwIYx03QjXQU8AqDjA7Ym03420Q1ReFnOOLUcedOsgNN0g==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-0.28.1.tgz", + "integrity": "sha512-BwlTnHQ77VOCk5fBBOxMWzU8+u0aBMT4wtK8GZK1nOGgFVnbZ+EQL5runCzaSVADQ4butIRBO+VA6mUlSE83lw==", "cpu": [ "ia32" ], @@ -135,9 +135,9 @@ } }, "node_modules/@ast-grep/cli-win32-x64-msvc": { - "version": "0.30.1", - "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-x64-msvc/-/cli-win32-x64-msvc-0.30.1.tgz", - "integrity": "sha512-EXXiCAbAXqcFTMj8RGU3ut4oThpgHmdPZ7bJOLtB0or5otkyGrcVYPYElN/GTZjDY+hpxS1gkAtrvRVciOa/WQ==", + "version": "0.28.1", + "resolved": "https://registry.npmjs.org/@ast-grep/cli-win32-x64-msvc/-/cli-win32-x64-msvc-0.28.1.tgz", + "integrity": "sha512-36xPIdYTLtkn5mUyFemjkzrn4o8XAzdNCaPA4j6iz+dZeSIDD4ChnsDUrdMd1e94Q4xF21MKURxennEM2fe3LQ==", "cpu": [ "x64" ], diff --git a/package.json b/package.json index 04ea1896..535e2eca 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,6 @@ "author": "", "license": "ISC", "devDependencies": { - "@ast-grep/cli": "^0.30.1" + "@ast-grep/cli": "^0.28.1" } } \ No newline at end of file From f879c4325fc2f5fd3c72ec9eec7811868097c8bd Mon Sep 17 00:00:00 2001 From: ritwikp Date: Sat, 30 Nov 2024 17:12:41 +0530 Subject: [PATCH 3/3] Removing missing-httponly-java rule --- rules/java/security/missing-httponly-java.yml | 83 ------------------- .../missing-httponly-java-snapshot.yml | 33 -------- tests/java/missing-httponly-java-test.yml | 18 ---- 3 files changed, 134 deletions(-) delete mode 100644 rules/java/security/missing-httponly-java.yml delete mode 100644 tests/__snapshots__/missing-httponly-java-snapshot.yml delete mode 100644 tests/java/missing-httponly-java-test.yml diff --git a/rules/java/security/missing-httponly-java.yml b/rules/java/security/missing-httponly-java.yml deleted file mode 100644 index b7d2ff64..00000000 --- a/rules/java/security/missing-httponly-java.yml +++ /dev/null @@ -1,83 +0,0 @@ -id: missing-httponly-java -language: java -severity: warning -message: >- - Detected a cookie where the `HttpOnly` flag is either missing or - disabled. The `HttpOnly` cookie flag instructs the browser to forbid - client-side JavaScript to read the cookie. If JavaScript interaction is - required, you can ignore this finding. However, set the `HttpOnly` flag to - true` in all other cases. -note: >- - [CWE-1004]: Sensitive Cookie Without 'HttpOnly' Flag - [OWASP A05:2021]: Security Misconfiguration - [REFERENCES] - - https://owasp.org/Top10/A05_2021-Security_Misconfiguration -utils: - match_without_httponly: - kind: argument_list - has: - kind: object_creation_expression - inside: - stopBy: end - kind: method_invocation - - match_cc2_cookie: - kind: local_variable_declaration - precedes: - kind: expression_statement - has: - kind: method_invocation - has: - kind: method_invocation - has: - kind: argument_list - has: - kind: string_literal - match_nettycookie: - kind: local_variable_declaration - all: - - has: - stopBy: end - kind: variable_declarator - has: - kind: object_creation_expression - all: - - has: - stopBy: end - kind: argument_list - has: - stopBy: end - kind: string_literal - precedes: - stopBy: end - kind: string_literal - - not: - precedes: - stopBy: end - kind: identifier - regex: "http" - - not: - precedes: - stopBy: neighbor - kind: expression_statement - has: - stopBy: end - kind: method_invocation - has: - stopBy: end - kind: argument_list - match_cookie_last: - kind: argument_list - has: - kind: method_invocation - has: - kind: argument_list - has: - kind: string_literal - -rule: - any: - - matches: match_cc2_cookie - - matches: match_without_httponly - - matches: match_nettycookie - - matches: match_cookie_last diff --git a/tests/__snapshots__/missing-httponly-java-snapshot.yml b/tests/__snapshots__/missing-httponly-java-snapshot.yml deleted file mode 100644 index 95f6dfab..00000000 --- a/tests/__snapshots__/missing-httponly-java-snapshot.yml +++ /dev/null @@ -1,33 +0,0 @@ -id: missing-httponly-java -snapshots: - ? | - SimpleCookie s = new SimpleCookie("foo", "bar"); - ( new NettyCookie( "foo", "bar" ) ) - Cookie cc2 = Cookie.of("zzz", "ddd"); - Cookie z = new NettyCookie("foo", "bar"); - (Cookie.of("zzz", "ddd")) - : labels: - - source: SimpleCookie s = new SimpleCookie("foo", "bar"); - style: primary - start: 0 - end: 48 - - source: '"foo"' - style: secondary - start: 34 - end: 39 - - source: '"foo"' - style: secondary - start: 34 - end: 39 - - source: ("foo", "bar") - style: secondary - start: 33 - end: 47 - - source: new SimpleCookie("foo", "bar") - style: secondary - start: 17 - end: 47 - - source: s = new SimpleCookie("foo", "bar") - style: secondary - start: 13 - end: 47 diff --git a/tests/java/missing-httponly-java-test.yml b/tests/java/missing-httponly-java-test.yml deleted file mode 100644 index bc138b5f..00000000 --- a/tests/java/missing-httponly-java-test.yml +++ /dev/null @@ -1,18 +0,0 @@ -id: missing-httponly-java -valid: - - | - Cookie c1 = getCookieSomewhere(); - return HttpResponse.ok().cookie(Cookie.of("foo", "bar").httpOnly(true)); - Cookie cookie = request.getCookies().findCookie( "foobar" ) - Cookie ccc = Cookie.of("zzz", "ddd"); - ccc.httpOnly(true).secure(true); - Cookie c = new NettyCookie("foo", "bar"); - c.httpOnly(true); - NettyCookie r = new NettyCookie("foo", "bar").httpOnly(true); -invalid: - - | - SimpleCookie s = new SimpleCookie("foo", "bar"); - ( new NettyCookie( "foo", "bar" ) ) - Cookie cc2 = Cookie.of("zzz", "ddd"); - Cookie z = new NettyCookie("foo", "bar"); - (Cookie.of("zzz", "ddd"))