fix(java): split insecure cookie rule

Bearer · Feb 6, 2024 · 1293763 · 1293763
1 parent abe3c1c
commit 1293763
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 89 deletions.
diff --git a/rules/java/lang/cookie_with_http_only_false.yml b/rules/java/lang/cookie_with_http_only_false.yml
@@ -0,0 +1,39 @@
+imports:
+  - java_shared_lang_instance
+patterns:
+  - pattern: $<COOKIE>.setHttpOnly($<FALSE>)
+    filters:
+      - variable: COOKIE
+        detection: java_shared_lang_instance
+        scope: cursor
+        filters:
+          - variable: JAVA_SHARED_LANG_INSTANCE_TYPE
+            regex: \A(javax\.servlet\.http\.)?Cookie\z
+      - variable: "FALSE"
+        detection: java_lang_cookie_with_http_only_false_false
+        scope: cursor
+auxiliary:
+  - id: java_lang_cookie_with_http_only_false_false
+    patterns:
+      - "false;"
+languages:
+  - java
+metadata:
+  description: "Missing secure options for cookie detected."
+  remediation_message: |
+    ## Description
+
+    To make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.
+
+    ## Remediations
+
+    ✅ Set `HttpOnly` to `true` to protect the cookie value from being accessed by client side JavaScript
+
+    ```java
+    cookie.setHttpOnly(true);
+    ```
+  cwe_id:
+    - 1004
+  id: java_lang_cookie_with_http_only_false
+  documentation_url: https://docs.bearer.com/reference/rules/java_lang_cookie_with_http_only_false
+  cloud_code_suggestions: true
diff --git a/rules/java/lang/insecure_cookie.yml b/rules/java/lang/insecure_cookie.yml
@@ -1,17 +1,6 @@
 imports:
   - java_shared_lang_instance
 patterns:
-  - pattern: $<COOKIE>.setHttpOnly($<FALSE>)
-    filters:
-      - variable: COOKIE
-        detection: java_shared_lang_instance
-        scope: cursor
-        filters:
-          - variable: JAVA_SHARED_LANG_INSTANCE_TYPE
-            regex: \A(javax\.servlet\.http\.)?Cookie\z
-      - variable: "FALSE"
-        detection: java_lang_insecure_cookie_false
-        scope: cursor
   - pattern: $<COOKIE>.setSecure($<FALSE>)
     filters:
       - variable: COOKIE
@@ -39,11 +28,9 @@ metadata:
     ## Remediations
 
     ✅ Set `Secure` to `true` to force cookies to only be sent over HTTPS
-    ✅ Set `HttpOnly` to `true` to protect the cookie value from being accessed by client side JavaScript
 
     ```java
     cookie.setSecure(true);
-    cookie.setHttpOnly(true);
     ```
   cwe_id:
     - 614

diff --git a/tests/java/lang/cookie_with_http_only_false/test.js b/tests/java/lang/cookie_with_http_only_false/test.js
@@ -0,0 +1,18 @@
+const {
+  createNewInvoker,
+  getEnvironment,
+} = require("../../../helper.js")
+const { ruleId, ruleFile, testBase } = getEnvironment(__dirname)
+
+describe(ruleId, () => {
+  const invoke = createNewInvoker(ruleId, ruleFile, testBase)
+
+  test("cookie_with_http_only_false", () => {
+    const testCase = "main.java"
+
+    const results = invoke(testCase)
+
+    expect(results.Missing).toEqual([])
+    expect(results.Extra).toEqual([])
+  })
+})
diff --git a/tests/java/lang/cookie_with_http_only_false/testdata/main.java b/tests/java/lang/cookie_with_http_only_false/testdata/main.java
@@ -0,0 +1,29 @@
+import javax.servlet.http.Cookie;
+
+public class Foo
+{
+  public void cookie()
+  {
+    Cookie c1 = new Cookie("c1", "foo");
+    // bearer:expected java_lang_cookie_with_http_only_false
+    c1.setHttpOnly(false);
+
+    boolean f = false;
+    javax.servlet.http.Cookie c2 = new javax.servlet.http.Cookie("c2", "bar");
+    // bearer:expected java_lang_cookie_with_http_only_false
+    c2.setHttpOnly(f);
+  }
+}
+
+public class Bar
+{
+  public void cookie()
+  {
+    Cookie c1 = new Cookie("c1", "foo");
+    c1.setSecure(true);
+    c1.setHttpOnly(true);
+
+    Cookie c2 = new Cookie("c2", "bar");
+  }
+}
+
diff --git a/tests/java/lang/insecure_cookie/__snapshots__/test.js.snap b/tests/java/lang/insecure_cookie/__snapshots__/test.js.snap
@@ -9,7 +9,7 @@ exports[`java_lang_insecure_cookie bad 1`] = `
       ],
       "id": "java_lang_insecure_cookie",
       "title": "Missing secure options for cookie detected.",
-      "description": "## Description\\n\\nTo make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.\\n\\n## Remediations\\n\\n✅ Set \`Secure\` to \`true\` to force cookies to only be sent over HTTPS\\n✅ Set \`HttpOnly\` to \`true\` to protect the cookie value from being accessed by client side JavaScript\\n\\n\`\`\`java\\ncookie.setSecure(true);\\ncookie.setHttpOnly(true);\\n\`\`\`\\n",
+      "description": "## Description\\n\\nTo make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.\\n\\n## Remediations\\n\\n✅ Set \`Secure\` to \`true\` to force cookies to only be sent over HTTPS\\n\\n\`\`\`java\\ncookie.setSecure(true);\\n\`\`\`\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/java_lang_insecure_cookie",
       "line_number": 8,
       "full_filename": "/tmp/bearer-scan/bad.java",
@@ -43,7 +43,7 @@ exports[`java_lang_insecure_cookie bad 1`] = `
       ],
       "id": "java_lang_insecure_cookie",
       "title": "Missing secure options for cookie detected.",
-      "description": "## Description\\n\\nTo make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.\\n\\n## Remediations\\n\\n✅ Set \`Secure\` to \`true\` to force cookies to only be sent over HTTPS\\n✅ Set \`HttpOnly\` to \`true\` to protect the cookie value from being accessed by client side JavaScript\\n\\n\`\`\`java\\ncookie.setSecure(true);\\ncookie.setHttpOnly(true);\\n\`\`\`\\n",
+      "description": "## Description\\n\\nTo make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.\\n\\n## Remediations\\n\\n✅ Set \`Secure\` to \`true\` to force cookies to only be sent over HTTPS\\n\\n\`\`\`java\\ncookie.setSecure(true);\\n\`\`\`\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/java_lang_insecure_cookie",
       "line_number": 12,
       "full_filename": "/tmp/bearer-scan/bad.java",
@@ -75,79 +75,6 @@ exports[`java_lang_insecure_cookie bad 1`] = `
 }"
 `;
 
-exports[`java_lang_insecure_cookie bad_http_only 1`] = `
-"{
-  "low": [
-    {
-      "cwe_ids": [
-        "614"
-      ],
-      "id": "java_lang_insecure_cookie",
-      "title": "Missing secure options for cookie detected.",
-      "description": "## Description\\n\\nTo make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.\\n\\n## Remediations\\n\\n✅ Set \`Secure\` to \`true\` to force cookies to only be sent over HTTPS\\n✅ Set \`HttpOnly\` to \`true\` to protect the cookie value from being accessed by client side JavaScript\\n\\n\`\`\`java\\ncookie.setSecure(true);\\ncookie.setHttpOnly(true);\\n\`\`\`\\n",
-      "documentation_url": "https://docs.bearer.com/reference/rules/java_lang_insecure_cookie",
-      "line_number": 8,
-      "full_filename": "/tmp/bearer-scan/bad_http_only.java",
-      "filename": ".",
-      "source": {
-        "start": 8,
-        "end": 8,
-        "column": {
-          "start": 5,
-          "end": 26
-        }
-      },
-      "sink": {
-        "start": 8,
-        "end": 8,
-        "column": {
-          "start": 5,
-          "end": 26
-        },
-        "content": "c1.setHttpOnly(false)"
-      },
-      "parent_line_number": 8,
-      "snippet": "c1.setHttpOnly(false)",
-      "fingerprint": "ebb3bb66f61c10a70c9710467ac46faf_0",
-      "old_fingerprint": "88305cb77e1bf754fea5b271b438084e_0",
-      "code_extract": "    c1.setHttpOnly(false);"
-    },
-    {
-      "cwe_ids": [
-        "614"
-      ],
-      "id": "java_lang_insecure_cookie",
-      "title": "Missing secure options for cookie detected.",
-      "description": "## Description\\n\\nTo make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.\\n\\n## Remediations\\n\\n✅ Set \`Secure\` to \`true\` to force cookies to only be sent over HTTPS\\n✅ Set \`HttpOnly\` to \`true\` to protect the cookie value from being accessed by client side JavaScript\\n\\n\`\`\`java\\ncookie.setSecure(true);\\ncookie.setHttpOnly(true);\\n\`\`\`\\n",
-      "documentation_url": "https://docs.bearer.com/reference/rules/java_lang_insecure_cookie",
-      "line_number": 12,
-      "full_filename": "/tmp/bearer-scan/bad_http_only.java",
-      "filename": ".",
-      "source": {
-        "start": 12,
-        "end": 12,
-        "column": {
-          "start": 5,
-          "end": 22
-        }
-      },
-      "sink": {
-        "start": 12,
-        "end": 12,
-        "column": {
-          "start": 5,
-          "end": 22
-        },
-        "content": "c2.setHttpOnly(f)"
-      },
-      "parent_line_number": 12,
-      "snippet": "c2.setHttpOnly(f)",
-      "fingerprint": "ebb3bb66f61c10a70c9710467ac46faf_1",
-      "old_fingerprint": "88305cb77e1bf754fea5b271b438084e_1",
-      "code_extract": "    c2.setHttpOnly(f);"
-    }
-  ]
-}"
-`;
+exports[`java_lang_insecure_cookie bad_http_only 1`] = `"{}"`;
 
 exports[`java_lang_insecure_cookie ok 1`] = `"{}"`;