Merge pull request #112 from Privado-Inc/dev

Dev

config/semantics/java.yaml

@@ -5,11 +5,21 @@
 
 semantics:
   - signature: "android.text.TextUtils.isEmpty:boolean(java.lang.String)"
-    flow: "1->-1"
+
+  - signature: "android.text.TextUtils.isEmpty:<unresolvedSignature>(1)"
 
   - signature: "org.apache.http.HttpResponse.getStatusLine:org.apache.http.StatusLine()"
     flow: "0->0"
 
+  - signature: "org.apache.http.HttpResponse.getStatusLine:<unresolvedSignature>(0)"
+    flow: "0->0"
+
   - signature: "org.apache.http.StatusLine.getStatusCode:boolean()"
 
-
+  - signature: "org.apache.http.StatusLine.getStatusCode:<unresolvedSignature>(0)"
+
+  - signature: "javax.persistence.Query.setParameter:<unresolvedSignature>(2)"
+    flow: "1->0 2->0"
+
+  - signature: "javax.persistence.EntityManager.find:<unresolvedSignature>(2)"
+    flow: "0->-1 1->-1 2->-1"

rules/sinks/leakages/logs/java.yaml

@@ -15,7 +15,7 @@ sinks:
   - id: Leakages.Log.Debug
     name: Log Debug
     patterns:
-      - "(?i)(?:org.slf4j.Logger|org.apache.logging.log4j|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(debug|log|[.](d|v)[:]).*"
+      - "(?i)(?:org.slf4j.Logger|org.apache.logging.log4j|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(debug|log|trace|[.](d|v|t)[:]).*"
     tags:
 
   - id: Leakages.Log.Info

rules/sinks/third_parties/sdk/sendgrid/java.yaml

@@ -9,5 +9,5 @@ sinks:
     domains:
       - "sendgrid.com"
     patterns:
-      - "(?i)(clj-sendgrid|com[.]flozano[.]sendgrid|com[.]sendgrid[.]labs|com[.]sendgrid).*"
+      - "(?i)(clj-sendgrid|com[.]flozano[.]sendgrid|com[.]sendgrid[.]labs|com[.]sendgrid).*(?<!getbody|getStatusCode):.*"
     tags:

rules/sources/contact_data.yaml

@@ -5,7 +5,7 @@ sources:
     isSensitive: False
     sensitivity: medium
     patterns:
-      - "(?i)(.*(?<!(ip|mac|email|server|logical|physical|port|public|private)[-_]?)address)|(?:home|house|billing|mailing|shipping|contact|delivery|office|person|policyholder|insurer|claimant)[^\\s/(;)#|,=!>]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line"
+      - "(?i)(.*(?<!(ip|mac|email|server|logical|physical|port|public|private|inet|cc|bcc|to|data|internet|host|remote)[-_]?)address)|(?:home|house|billing|mailing|shipping|contact|delivery|office|person|policyholder|insurer|claimant)[^\\s/(;)#|,=!>]{0,10}(?:address|addr)|(?:pin|zip|postal|metro)[-_\\[<'. ]{0,2}code|(?:delivery|pickup)[^\\s/(;)#|,=!>]{0,10}(?:location|position)|house[^\\s/(;)#|,=!>]{0,2}(?:number|no)|address[-_.]{0,2}line]"
     tags:
       law: GDPR
 

rules/sources/financial_data.yaml

@@ -36,7 +36,7 @@ sources:
     isSensitive: False
     sensitivity: high
     patterns:
-      - "(?i).*(virtual[^\\s/(;)#|,=!>]{0,5}payment[^\\s/(;)#|,=!>]{0,5}address|virtual[^\\s/(;)#|,=!>]{0,5}payment|upi[-_\\[<'.]{0,2}id)|(merchant|payee|payment|retailer|dealer|seller|vendor)[-_]{0,1}vpa|vpa[-_]{0,1}id"
+      - "(?i).*(virtual[^\\s/(;)#|,=!>]{0,5}payment[^\\s/(;)#|,=!>]{0,5}address|virtual[^\\s/(;)#|,=!>]{0,5}payment|upi[-_<'.]{0,2}id)|(merchant|payee|payment|retailer|dealer|seller|vendor)[-_]{0,1}vpa|vpa[-_]{0,1}id"
     tags:
       law: GDPR
 

rules/sources/personal_identification.yaml

@@ -15,7 +15,7 @@ sources:
     isSensitive: False
     sensitivity: low
     patterns:
-      - "(?i).*(?:first|given|full)[^\\s/(;)#|,=!>]{0,5}name"
+      - "(?i).*((?:first|given)[^\\s/(;)#|,=!>]{0,5}|full)name"
     tags:
       law: GDPR