java:feature - Add Rule for CVE-2022-21724

This Commit refer the issue #995 Signed-off-by: Wilian Gabriel <wilian.silva@zup.com.br>
ZupIT · Mar 15, 2022 · 2977e3c · 2977e3c
1 parent f4d13a6
commit 2977e3c
Show file tree

Hide file tree

Showing 6 changed files with 395 additions and 1 deletion.
diff --git a/internal/services/engines/java/rule_manager.go b/internal/services/engines/java/rule_manager.go
@@ -187,6 +187,7 @@ func Rules() []engine.Rule {
 		NewLDAPDeserializationNotDisabled(),
 		NewDatabasesPasswordNotProtected(),
 		NewVulnerableRemoteCodeInjectionApacheLog4j(),
+		NewUncheckedClassInstatiation(),
 	}
 	return append(java, jvm.Rules()...)
 }
diff --git a/internal/services/engines/java/rules.go b/internal/services/engines/java/rules.go
@@ -2614,3 +2614,23 @@ func NewVulnerableRemoteCodeInjectionApacheLog4j() *text.Rule {
 		},
 	}
 }
+
+func NewUncheckedClassInstatiation() *text.Rule {
+	return &text.Rule{
+		Metadata: engine.Metadata{
+			ID:          "HS-JAVA-151",
+			Name:        "Unchecked Class Instantiation when providing Plugin Classes",
+			Description: `CVE-2022-21724 pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. The first impacted version is REL9.4.1208 (it introduced socketFactory connection property) until 42.3.1. Please update to fixed versions ^42.2.25 or ^42.3.2. For more information checkout the CVE-2022-21724 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724) advisory.`,
+			Severity:    severities.High.ToString(),
+			Confidence:  confidence.Low.ToString(),
+		},
+		Type: text.OrMatch,
+		Expressions: []*regexp.Regexp{
+			regexp.MustCompile(`compile.*group:.*org\.postgresql.*name:.*postgresql.*version:.*(('|")(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*)))('|"))`),
+			regexp.MustCompile(`compile.*postgresql.*(:postgresql:\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*)))).*('|")`),
+			regexp.MustCompile(`<groupId>\s*org\.postgresql\s*</groupId>\s*<artifactId>.*\s*postgresql.*\s*</artifactId>\s*(<version>\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*))))\s*</version>`),
+			regexp.MustCompile(`<dependency.*org.*org\.postgresql.*name.*postgresql.*rev\s*=\s*['|"]\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*)))\s*['|"]\s*/>`),
+			regexp.MustCompile(`<(postgre|postgres|postgresql)\.version>\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*))).*</(postgre|postgres|postgresql)\.version>`),
+		},
+	}
+}
diff --git a/internal/services/engines/java/rules_test.go b/internal/services/engines/java/rules_test.go
@@ -643,6 +643,86 @@ func TestRulesVulnerableCode(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      SampleMavenVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<groupId>org.postgresql</groupId>",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+						Line:     10,
+						Column:   12,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample2GradleVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.2", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "compile group: 'org.postgresql', name: 'postgresql', version: '42.3.0'",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.2", ".test")),
+						Line:     15,
+						Column:   4,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample3GradleVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.3", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "compile 'org.postgresql:postgresql:40.1.1'",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.3", ".test")),
+						Line:     22,
+						Column:   4,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample4IvyVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.4", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<dependency org=\"org.postgresql\" name=\"postgresql\" rev=\"42.2.2\" />",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.4", ".test")),
+						Line:     14,
+						Column:   4,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample5MavenVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.5", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<postgresql.version>42.3.1</postgresql.version>",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.5", ".test")),
+						Line:     16,
+						Column:   8,
+					},
+				},
+			},
+		},
 	}
 
 	testutil.TestVulnerableCode(t, testcases)
@@ -897,6 +977,36 @@ func TestRulesSafeCode(t *testing.T) {
 			Src:      Sample5MavenSafeHSJAVA150,
 			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")),
 		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      SampleMavenSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample2GradleSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample3GradleSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample4IvySafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample5MavenSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
 	}
 	testutil.TestSafeCode(t, testcases)
 }