Update the python rules #1 (#196)

* fix - pwd in passsword

* avoid FPs in age source

* cookies can be called tokens

* payment nonce can be a separate rule/source

* cookie manager is used to save cookies

* return values of getnone & split should be tainted

* added and modified a rule

* Capitalised Equals

* add replace string semantic

* add android shared preferences putstring sink

* rm shared preferences fp

* rm token from cookie online identifier

* Removed log.equals and added new log

* removed IP log rule

IP log rule is not a sink and its already included in sources

* fix method signatures

* nonce is not sensitive

* ageofuser makes more sense

* 0 not required in fullMethodName signature

* rm test package method pattern, add .*

* fix sink rules

* account for _ in identifiers

* add - rule for mapBox

* refactor

* fix - query annotation matches with database query

* add - exclusion rule for WEB-INF application.properties

* update HealthData.HealthInsuranceNumber -> FinancialData.InsuranceNumber

* Update purchase_data.yaml

* Add : new rules - TIN, EIN

* Fix : Case insensitive regex for TIN, EIN, SSN

* Add: more patterns to TaxInfo

* fix - inet4, inet6

* isminor/islegal/isunderage patterns removed

* add systemConfig support in rules

* add api tagger regex to system config

* add : rules for Sqs, Jms, Kafka and rabbit

* Update financial_data.yaml

* sink rule for redis

* imei in device ids

* updated case for medium

* Feat: update doc (#152)

Sync docs/new-gitbook

* Update rule names and domains

* minor typo fix

* update hibernate sink rule

* Add support for amplitude sdk + other fixes

* Add the Google playstore rule

* Add another methods for aws sqs

* Update java.yaml

* Update sink skip list for probable sink

* redis sinks

* redis sinks

* patch: update micrometer rule to avoid util methods

* update : dynamodb rule to match table object query

* add : SQS Consumer

* Update the snowflake rule

* Python improvements 1 (#168)

* Update sink skip list for probable sink

* Update the snowflake rule

---------

Co-authored-by: Dattaprasad Mundada <dattaprasadmundada@Dattaprasads-MacBook-Pro.local>

* Remove builtin function from probable sink

* minor space fix

* add - identifier in api

* Removed rule for whatsapp

* workflow added

* Changed trigger event

* Rule segregation (#174)

* rewrote current rules for aws into individual service

* added sink rule for google-cloud SDK

* rewrote current sink rules for azure

* removed repeated GRPC rule

* added more aws rules

* added remaining aws rules

* remove redundant pattern

* add segment rules

* rewrite amplitude rules

* remove non java rules

* Update the id, name to include rudderstack

* add remaining GCP rules

* update [:] to [.]

* add remaining segment rules

* rewrite rules for Alibaba cloud

* rewrite rules for Adobe cloud

* correct wrong pattern and remove repetitive pattern

* remove repetitive pattern

* Break oracle cloud sink rules into granular services

* Break oracle cloud sink rules into granular services

* removed util, request, response related rules

* Break atlassian sink rules into granular services

* Break hashicorp sink rules into granular services

* correct wrong aws rules and remove repetitive rules

* add domains to rules

* add unique domain to AWS rules

* unique domains for alibaba cloud rules

* fix multipe subdomain for few rules

* fixing rule

* rule fixes: alibaba cloud

* unique domains for google cloud rules

* unique domains for oracle rules

* unique domains for adobe cloud rules

* unique domains for hashicorp rules

* unique domains for atlassian rules

* unique domains for segment rules

* unique domains for amplitude rules

* unique domains, id fix for azure. Resolve clash between bingads and bing

* correct domain

* domains for aliyun and azure

* update domains for aliyun, azure, hashicorp and amplitude

* fix typo for alibaba rules

* rewrite domains for adobe, aws, atlassian, google, oracle, segment

* update alibaba cloud domains

* typo fix

* remove missing pattern rules

* update alibaba cloud domains

* fix oracle domains

* Remove unnecessary trailing /

---------

Co-authored-by: hiaashna <aashna.chourasia@privado.ai>
Co-authored-by: Aashna Chourasia <121782841+hiaashna@users.noreply.github.com>
Co-authored-by: KhemrajSingh Rathore <khemraj.rathore@privado.ai>
Co-authored-by: Datta Mundada <dbmundada333@gmail.com>
Co-authored-by: Dattaprasad Mundada <dattaprasadmundada@Dattaprasads-MacBook-Pro.local>

* trigger code build

* trigger

* Removed GitHub token dependency

* Fixed PR link

* patch: remove duplicate aws rules

* add - make underscore optional

* patch: update aws constrcuts from amazon to amazon aws

* Log.debug used to  matched with ->  `org.apache.logging.log4j.Logger.info:`

* Segregate services for Python SDKs (#193)

* Separate out the AWS services based over aws_cdk

* Separate out the Google cloud services based over google.cloud

* Separate out the Microsoft azure services based over azure.*

* Separate out the Alibaba cloud  services based over aliyun.*

* Separate out the Adobe cloud services based over adobe.*

* Separate out the Hashicorp + Atalassian cloud services

---------

Co-authored-by: Pandurang Patil <pandurang.patil@gmail.com>
Co-authored-by: Dattaprasad Mundada <dattaprasadmundada@Dattaprasads-MacBook-Pro.local>

* Update the python rules #1

---------

Co-authored-by: Khemraj Rathore <khemraj.rathore@privado.ai>
Co-authored-by: Pandurang Patil <pandurang.patil@gmail.com>
Co-authored-by: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com>
Co-authored-by: hiaashna <aashna.chourasia@privado.ai>
Co-authored-by: Aashna Chourasia <121782841+hiaashna@users.noreply.github.com>
Co-authored-by: hiteshmahajan <hitesh.mahajan@privado.ai>
Co-authored-by: Ojaswa Sharma <ojaswa1942@gmail.com>
Co-authored-by: Hitesh Mahajan <hiteshvm1998@gmail.com>
Co-authored-by: Abhinav <abhinav.raj@privado.ai>
Co-authored-by: hiteshbedre <32206192+hiteshbedre@users.noreply.github.com>
Co-authored-by: prashant-privado <80044360+prashant-privado@users.noreply.github.com>
Co-authored-by: Dattaprasad Mundada <dattaprasadmundada@Dattaprasads-MacBook-Pro.local>
Co-authored-by: Ankit Kumar <ankit.kumar@privado.ai>
Co-authored-by: Abhinav Raj <35561852+abhstabs@users.noreply.github.com>

.github/workflows/comparison-result.yml

@@ -0,0 +1,78 @@
+name: Monitoring Stability and Comparing Results for privado 
+
+# Triggers when a pull_request or a push action is configured on master branch
+on:
+  pull_request_target:
+
+jobs:
+  setup_and_scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install JDK-18
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '18'
+
+      - name: Export Java Home Path
+        run: export PATH=$JAVA_HOME/bin:$PATH
+
+      - name: Install sbt
+        run: mkdir -p ~/bin && curl -Ls https://raw.githubusercontent.com/dwijnand/sbt-extras/master/sbt > ~/bin/sbt && chmod 0755 ~/bin/sbt
+      - name: Install Python 3.10
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Clone standalone-monitoring-stability/main
+        uses: actions/checkout@v3
+        with:
+          repository: Privado-Inc/standalone-monitoring-stability
+          path: ./temp/standalone-monitoring-stability
+          ref: main 
+
+      - name: Run the script for ${{github.head_ref}} and ${{github.base_ref}}
+        run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./run.py -rbb ${{github.base_ref}} -rbh ${{github.head_ref}} -guf -urc
+
+      - name: Run aws-export
+        run: cd ./temp/standalone-monitoring-stability/ && python3 aws-export.py ${{github.event.number}}
+
+      - name: Move results to a folder
+        run: cd ./temp/standalone-monitoring-stability/ && mkdir results && mv output-${{github.event.number}}.xlsx ./results/output-${{github.event.number}}.xlsx && mv ./temp/result-${{github.event.number}}.zip ./results/result-${{github.event.number}}.zip && mv slack_summary.txt ./results/slack_summary.txt
+
+      - name: Upload output and result for next job
+        uses: actions/upload-artifact@master
+        with:
+          name: results
+          path: /home/runner/work/privado/privado/temp/standalone-monitoring-stability/results
+
+  send-result:
+    needs: setup_and_scan
+    runs-on: ubuntu-latest
+    steps: 
+      - uses: actions/checkout@v3
+
+      - name: Download result folder
+        uses: actions/download-artifact@master
+        with:
+          name: results
+          path: ./results
+
+      - name: Zip the results
+        run: zip result-${{github.event.number}}.zip -r ./results
+
+      - name: Set summary variable
+        run: |
+          echo "MESSAGE<<EOF" >> $GITHUB_ENV
+          echo "$(cat ./results/slack_summary.txt)" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+      - name: Post results to slack
+        uses: MeilCli/slack-upload-file@v3
+        with:
+          slack_token: ${{ secrets.SLACK_TOKEN }}
+          channel_id: ${{ secrets.SLACK_CHANNEL_ID }}
+          file_path: "/home/runner/work/privado/privado/result-${{github.event.number}}.zip"
+          initial_comment: "Comparison Results generated on ${{github.event.repository.name}} by PR ${{github.event.number}} from branch ${{github.head_ref}} to ${{github.base_ref}} \nPR link https://github.com/Privado-Inc/privado/pull/${{github.event.number}} \nSummary Report:\n ${{ env.MESSAGE }}"
+          file_type: "zip"

README.md

@@ -7,7 +7,8 @@ Privado is an open-source static code analysis tool to discover data flows in th
 <img src="https://user-images.githubusercontent.com/80044360/186333819-779bfff5-d7a2-4bba-88e9-0ca866e1ee81.gif" width="600px">
 
 # Supported languages
-Currently, only Java is supported, but JS/TS support is arriving soon! We're also working on modifying the architecture to make it easier to accept community contributions to language support.
+We support Java in GA and Python in alpha. Our Enterprise offering covers all programming languages, and we're working on adding support for more languages to OSS. Support for JS/TS is coming soon!
+
 
 # Quick Start
 
@@ -48,7 +49,7 @@ To visualize the results and generate reports, you can create a free account at
 3. Data Governance Engineers
 4. Security Engineers
 5. Mobile App Developers
-6. Developers
+6. Developers 
 
 # How does it help?
 Privado lets Engineers ask contextual questions about the usage of sensitive data at scale.  
@@ -87,7 +88,7 @@ Apart from getting a comprehensive outlook of your data practices for Privacy Au
 
 Our free cloud platform can be used to generate RoPA reports for one or more synced repositories.
 
-## Data Safety Report
+## Data Safety Report 
 A Data Safety Report is a privacy form needed to publish any Android app on the Play Store. Most of the time, filling out a report means developers asking around the team to find what data they're collecting, spending hours reading SDK docs to see where information gets shared and navigating the complex Playstore form. With our scan, we pre-fill data types that are collected and shared, and our wizard guides you through generating the report.
 
 # Contribute

config/exclusions/java.yaml

@@ -3,6 +3,11 @@ exclusions:
     name: Exclude test source code
     patterns:
       - "(.*/src/test/.*)|/Test[A-Z]|Test[.]"
+
+  - id: Exclusions.Invalid.Properties
+    name: Exclude invalid properties file
+    patterns:
+      - ".*/WEB-INF/.*properties"
 
   - id: Exclusions.Empty
     name: Exclude file which cannot be read

config/semantics/java.yaml

@@ -5,9 +5,9 @@
 
 semantics:
   - signature: "android.text.TextUtils.isEmpty:boolean(java.lang.String)"
-  
+
   - signature: "android.text.TextUtils.isEmpty:<unresolvedSignature>(1)"
-  
+
   - signature: "org.apache.http.HttpResponse.getStatusLine:org.apache.http.StatusLine()"
     flow: "0->0"
 
@@ -20,6 +20,18 @@ semantics:
 
   - signature: "javax.persistence.Query.setParameter:<unresolvedSignature>(2)"
     flow: "1->0 2->0"
-  
+
   - signature: "javax.persistence.EntityManager.find:<unresolvedSignature>(2)"
-    flow: "0->-1 1->-1 2->-1"
+    flow: "0->-1 1->-1 2->-1"
+
+  - signature: "com.braintreepayments.api.models.PaymentMethodNonce.getNonce:<unresolvedSignature>(0)"
+    flow: "0->-1"
+
+  - signature: "com.braintreepayments.api.models.PaymentMethodNonce.getNonce:java.lang.String()"
+    flow: "0->-1"
+
+  - signature: "java.lang.String.split:java.lang.String[](java.lang.String)"
+    flow: "0->-1 1->-1"
+
+  - signature: "java.lang.String.replace:java.lang.String(java.lang.CharSequence,java.lang.CharSequence)"
+    flow: "0->-1 1->-1 2->-1"

config/sinkSkipList/python.yaml

@@ -3,8 +3,11 @@ sinkSkipList:
     name: Skip Third Party Sinks
     patterns:
       - "(dict|list|str|tuple|int)\\.__.*"
-      - "(django.*\\.py).*"
-      - "(?i)(builtins|json|re|copy|argparse|datetime|time|decimal|collections|asyncio|subprocess|pytest|logging|traceback|sys|os|oss2|unittest|base64|dateutil|importlib|socket|urllib3|urllib|io|uuid|gzip|math|bson|random)\\.py.*"
+      - "(django.*\\.py|selenium).*"
+      - "\\/.*[.]py.*"
+      - "__builtin\\..*"
+      - "(cls|ModelClass|assoc|result)\\..*"
+      - "(?i)(builtins|stringio|operator|ast|jwt|cookielib|hashlib|urlparse|hmac|six|glob|json|html2text|yaml|re|copy|argparse|datetime|time|decimal|collections|asyncio|subprocess|pytest|logging|traceback|sys|os|oss2|unittest|base64|dateutil|importlib|socket|urllib3|urllib|io|uuid|gzip|math|bson|random|xmltodict|shutil|tempfile)\\.py.*"
 
   - id: SinkSkipList.BuiltInLib
     name: Skip built in language libraries

config/systemConfig/java.yaml

@@ -0,0 +1,12 @@
+systemConfig:
+  - key: apiHttpLibraries
+    value: ^(?i)(org.apache.http|okhttp|org.glassfish.jersey|com.mashape.unirest|java.net.http|java.net.URL|org.springframework.(web|core.io)|groovyx.net.http|org.asynchttpclient|kong.unirest.java|org.concordion.cubano.driver.http|javax.net.ssl).*
+
+  - key: ignoredSinks
+    value: (?i).*(?<=map|list|jsonobject|json|array|arrays|jsonnode|objectmapper|objectnode).*(put:|get:).*
+
+  - key: apiSinks
+    value: (?i)(?:url|client|openConnection|request|execute|newCall|load|host|access|fetch|get|getInputStream|getApod|getForObject|getForEntity|list|set|put|post|proceed|trace|patch|Path|send|sendAsync|remove|delete|write|read|assignment|provider|exchange|postForEntity)
+
+  - key: apiIdentifier
+    value: (?i).*((hook|base|authorize|provider|endpoint|installation)(s){0,1}(_){0,1}url|(slack|web)(_){0,1}hook|(rest|api)(_){0,1}endpoint).*

config/systemConfig/python.yaml

@@ -0,0 +1,9 @@
+systemConfig:
+  - key: apiHttpLibraries
+    value: (?i)(request|aiohttp|treq|grequests|urllib|http|uplink|httoop|flask_restful|tornado.httpclient|pycurl|bs4|.*(HttpClient)).*
+
+  - key: apiSinks
+    value: (?i).*(?:url(?!(open|encode))|client|get|set|post|put|patch|delete|head|options|request|feed|trigger|init|find|send|receive|redirect|fetch|execute|response|pool|client|http|load|list|trace|remove|write|provider|host|access|info_read|select|perform).*
+
+  - key: apiIdentifier
+    value: (?i).*((hook|base|authorize|provider|endpoint|installation|cloud|host)(s){0,1}_url|(slack|web)_hook|(rest|api|host|cloud)_endpoint).*