Merge pull request #477 from DataDog/s.obregoso/improve_npm-exfiltrat…

…e-sensitive-data Fix os usage case in npm-exfiltrate-sensitive-data
DataDog · Oct 28, 2024 · ac05ae9 · ac05ae9
2 parents 8bb9532 + f56b403
commit ac05ae9
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml b/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml
@@ -10,6 +10,19 @@ rules:
           - patterns:              
             - pattern-either:
               - pattern: process.env
+
+          - patterns:  
+            - pattern-either: # after defining fs
+                - pattern-inside: |
+                    $OS = require('os')
+                    ...
+            - pattern-either: 
+                # match use of ootb functions
+                - pattern: $OS. ... .homedir()
+                - pattern: $OS. ... .hostname()
+                - pattern: $OS. ... .userInfo()
+
+
           - patterns:  
             - pattern-either: # after defining fs
                 - pattern-inside: |
@@ -31,11 +44,6 @@ rules:
                     import $FS from 'fs/promises'
                     ...
             - pattern-either: 
-                # match use of ootb functions
-                - pattern: $FS. ... .homedir()
-                - pattern: $FS. ... .hostname()
-                - pattern: $FS. ... .userInfo()
-
                 # match access to sensitive files
                 - patterns:
                     - pattern-either:

diff --git a/tests/analyzer/sourcecode/npm-exfiltrate-sensitive-data.js b/tests/analyzer/sourcecode/npm-exfiltrate-sensitive-data.js
@@ -82,7 +82,7 @@ function f(){
 }
 
 function f(){
-    os = require('fs');
+    os = require('os');
     https = require('https');
     const td = {
         c: __dirname,
@@ -112,4 +112,4 @@ function f(){
             //process.stdout.write(d);
         });
     });
-}
+}