privado icon indicating copy to clipboard operation
privado copied to clipboard

Published 20 hours ago verified publisher icon Privado-Inc

Support for pattern list in rules

Open ojaswa1942 opened this issue 2 years ago • 2 comments

The current rule definition takes in a list of patterns; however, only the first one is tagged as a sink, and the rest of the patterns are ignored. This creates significant confusion, as any user-specified enhancements & patterns may not be detected.

ojaswa1942 avatar Sep 20 '22 10:09 ojaswa1942

Ojaswa, this is a clarifying question. Can you please give an example of what you meant by content rule definition takes a list of patterns and the first one is tagged as a sink ? Is it that when the files are loaded, then the first file found in the directory tree for a specific sink name is picked up? And this might cause user defined sink patterns to be not added to the default patterns?

gnittala avatar Sep 26 '22 01:09 gnittala 

sinks:

  - id: Leakages.Log.Error
    name: Log Error
    patterns:
      - "(?i)(?:org.slf4j.Logger|org.tinylog.Logger|ch.qos.logback|java.util.logging|timber.log.Timber|android.util.Log).*(?:error|severe|fatal|[.]e[:]).*"
      - "(?i)(?:org.apache.logging.log4j).*(?:error|severe|fatal|[.]e[:]).*"
    tags:

@gnittala If we take this rule as example, patterns is array of String, it supports multiple rule, but internally only the first element in this array will be used for detection, rest rules will be ignored. This gets ignored currently - "(?i)(?:org.apache.logging.log4j).*(?:error|severe|fatal|[.]e[:]).*"

khemrajrathore avatar Sep 26 '22 06:09 khemrajrathore

Fixed by https://github.com/Privado-Inc/privado-core/pull/235

khemrajrathore avatar Dec 12 '22 10:12 khemrajrathore