feat(go): add honeybadger rule (#345)

Bearer · Mar 20, 2024 · 2d0e3d1 · 2d0e3d1
1 parent 239ad5c
commit 2d0e3d1
Show file tree

Hide file tree

Showing 4 changed files with 143 additions and 1 deletion.
diff --git a/rules/go/shared/lang/instance.yml b/rules/go/shared/lang/instance.yml
@@ -2,7 +2,7 @@ type: shared
 languages:
   - go
 patterns:
-  - $<PACKAGE>.$<TYPE> {}
+  - $<PACKAGE>.$<TYPE>{}
   - func ($<...>$<!>$<_> $<PACKAGE>.$<TYPE>$<...>)$<...>{}
   - func ($<...>$<!>$<_> *$<PACKAGE>.$<TYPE>$<...>)$<...>{}
   - func $<_>($<...>$<!>$<_> $<PACKAGE>.$<TYPE>$<...>)$<...>{}

diff --git a/rules/go/third_parties/honeybadger.yml b/rules/go/third_parties/honeybadger.yml
@@ -0,0 +1,90 @@
+imports:
+  - go_shared_lang_datatype
+  - go_shared_lang_instance
+patterns:
+  - pattern: $<PACKAGE>.$<_>($<...>$<DATA_TYPE>$<...>)
+    filters:
+      - variable: PACKAGE
+        detection: go_third_parties_honeybadger_package
+        scope: cursor
+      - variable: DATA_TYPE
+        detection: go_shared_lang_datatype
+        scope: result
+  - pattern: $<NOTICE>.$<_> = $<DATA_TYPE>
+    filters:
+      - variable: NOTICE
+        detection: go_third_parties_honeybadger_notice
+        scope: cursor
+      - variable: DATA_TYPE
+        detection: go_shared_lang_datatype
+        scope: result
+  - pattern: $<CONTEXT>[$<_>] = $<DATA_TYPE>
+    filters:
+      - variable: CONTEXT
+        detection: go_third_parties_honeybadger_context
+        scope: cursor
+      - variable: DATA_TYPE
+        detection: go_shared_lang_datatype
+        scope: result
+auxiliary:
+  - id: go_third_parties_honeybadger_context
+    patterns:
+      - pattern: $<NOTICE>.Context
+        filters:
+          - variable: NOTICE
+            detection: go_third_parties_honeybadger_notice
+            scope: cursor
+      - pattern: $<CONTEXT>
+        filters:
+          - variable: CONTEXT
+            detection: go_shared_lang_instance
+            scope: cursor
+            filters:
+              - variable: PACKAGE
+                detection: go_third_parties_honeybadger_package
+                scope: cursor
+              - variable: TYPE
+                values:
+                  - Context
+  - id: go_third_parties_honeybadger_notice
+    patterns:
+      - pattern: $<NOTICE>
+        filters:
+          - variable: NOTICE
+            detection: go_shared_lang_instance
+            scope: cursor
+            filters:
+              - variable: PACKAGE
+                detection: go_third_parties_honeybadger_package
+                scope: cursor
+              - variable: TYPE
+                values:
+                  - Notice
+  - id: go_third_parties_honeybadger_package
+    patterns:
+      - import $<!>"github.com/honeybadger-io/honeybadger-go"
+      - import ($<!>"github.com/honeybadger-io/honeybadger-go")
+languages:
+  - go
+skip_data_types:
+  - "Unique Identifier"
+metadata:
+  description: "Leakage of sensitive data to Honeybadger"
+  remediation_message: |
+    ## Description
+    Leaking sensitive data to third-party loggers is a common cause of data
+    leaks and can lead to data breaches. This rule looks for instances of
+    sensitive data sent to Honeybadger.
+
+    ## Remediations
+
+    When logging errors or events, ensure all sensitive data is removed.
+
+    ## Resources
+    - [Honeybadger Docs](https://docs.honeybadger.io/lib/go/)
+  cwe_id:
+    - 201
+  associated_recipe: Honeybadger
+  id: go_third_parties_honeybadger
+  documentation_url: https://docs.bearer.com/reference/rules/go_third_parties_honeybadger
+severity: high
diff --git a/tests/go/third_parties/honeybadger/test.js b/tests/go/third_parties/honeybadger/test.js
@@ -0,0 +1,20 @@
+const {
+  createNewInvoker,
+  getEnvironment,
+} = require("../../../helper.js")
+const { ruleId, ruleFile, testBase } = getEnvironment(__dirname)
+
+describe(ruleId, () => {
+  const invoke = createNewInvoker(ruleId, ruleFile, testBase)
+
+  test("honeybadger", () => {
+    const testCase = "main.go"
+
+    const results = invoke(testCase)
+
+    expect(results).toEqual({
+      Missing: [],
+      Extra: []
+    })
+  })
+})
diff --git a/tests/go/third_parties/honeybadger/testdata/main.go b/tests/go/third_parties/honeybadger/testdata/main.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"github.com/honeybadger-io/honeybadger-go"
+)
+
+func main() {
+	// bearer:expected go_third_parties_honeybadger
+	honeybadger.Notify(err, honeybadger.Context{"user_id": user.email})
+	honeybadger.Notify(err, honeybadger.Context{"user_id": user.id})
+
+	// bearer:expected go_third_parties_honeybadger
+	honeybadger.Notify(err, honeybadger.Fingerprint{user.email})
+	honeybadger.Notify(err, honeybadger.Fingerprint{user.id})
+
+	// bearer:expected go_third_parties_honeybadger
+	honeybadger.SetContext(honeybadger.Context{"user_id": user.email})
+	honeybadger.SetContext(honeybadger.Context{"user_id": user.id})
+
+	context := honeybadger.Context{}
+	// bearer:expected go_third_parties_honeybadger
+	context["user"] = user.email
+	context["user"] = user.id
+
+	honeybadger.BeforeNotify(func(notice *honeybadger.Notice) error {
+		// bearer:expected go_third_parties_honeybadger
+		notice.Context["user"] = user.email
+		notice.Context["user"] = user.id
+
+		return nil
+	})
+}