java:feature - Add Rule for CVE-2022-21724 (#1033)

This Commit refer the issue #995 Signed-off-by: Wilian Gabriel <wilian.silva@zup.com.br> (cherry picked from commit 5efcc7a)
ZupIT · Apr 4, 2022 · ea40e9e · ea40e9e
1 parent a36656b
commit ea40e9e
Show file tree

Hide file tree

Showing 5 changed files with 392 additions and 1 deletion.
diff --git a/internal/services/engines/java/rule_manager.go b/internal/services/engines/java/rule_manager.go
@@ -187,6 +187,7 @@ func Rules() []engine.Rule {
 		NewLDAPDeserializationNotDisabled(),
 		NewDatabasesPasswordNotProtected(),
 		NewVulnerableRemoteCodeInjectionApacheLog4j(),
+		NewUncheckedClassInstatiation(),
 	}
 	return append(java, jvm.Rules()...)
 }
diff --git a/internal/services/engines/java/rules.go b/internal/services/engines/java/rules.go
@@ -2614,3 +2614,23 @@ func NewVulnerableRemoteCodeInjectionApacheLog4j() *text.Rule {
 		},
 	}
 }
+
+func NewUncheckedClassInstatiation() *text.Rule {
+	return &text.Rule{
+		Metadata: engine.Metadata{
+			ID:          "HS-JAVA-151",
+			Name:        "Unchecked Class Instantiation when providing Plugin Classes",
+			Description: `CVE-2022-21724 pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. The first impacted version is REL9.4.1208 (it introduced socketFactory connection property) until 42.3.1. Please update to fixed versions ^42.2.25 or ^42.3.2. For more information checkout the CVE-2022-21724 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724) advisory.`,
+			Severity:    severities.High.ToString(),
+			Confidence:  confidence.Low.ToString(),
+		},
+		Type: text.OrMatch,
+		Expressions: []*regexp.Regexp{
+			regexp.MustCompile(`compile.*group:.*org\.postgresql.*name:.*postgresql.*version:.*(('|")(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*)))('|"))`),
+			regexp.MustCompile(`compile.*postgresql.*(:postgresql:\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*)))).*('|")`),
+			regexp.MustCompile(`<groupId>\s*org\.postgresql\s*</groupId>\s*<artifactId>.*\s*postgresql.*\s*</artifactId>\s*(<version>\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*))))\s*</version>`),
+			regexp.MustCompile(`<dependency.*org.*org\.postgresql.*name.*postgresql.*rev\s*=\s*['|"]\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*)))\s*['|"]\s*/>`),
+			regexp.MustCompile(`<(postgre|postgres|postgresql)\.version>\s*(([1-3]?[0-9]?)\..*\..*|(4[0-2]\.(([0-2]\.(([0-9])|([0-1][0-9].*)|(2[0-4])))|(3\.[0-1]).*))).*</(postgre|postgres|postgresql)\.version>`),
+		},
+	}
+}
diff --git a/internal/services/engines/java/rules_test.go b/internal/services/engines/java/rules_test.go
@@ -643,6 +643,86 @@ func TestRulesVulnerableCode(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      SampleMavenVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<groupId>org.postgresql</groupId>",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+						Line:     10,
+						Column:   12,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample2GradleVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.2", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "compile group: 'org.postgresql', name: 'postgresql', version: '42.3.0'",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.2", ".test")),
+						Line:     15,
+						Column:   4,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample3GradleVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.3", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "compile 'org.postgresql:postgresql:40.1.1'",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.3", ".test")),
+						Line:     22,
+						Column:   4,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample4IvyVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.4", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<dependency org=\"org.postgresql\" name=\"postgresql\" rev=\"42.2.2\" />",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.4", ".test")),
+						Line:     14,
+						Column:   4,
+					},
+				},
+			},
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample5MavenVulnerableHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.5", ".test")),
+			Findings: []engine.Finding{
+				{
+					CodeSample: "<postgresql.version>42.3.1</postgresql.version>",
+					SourceLocation: engine.Location{
+						Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151.5", ".test")),
+						Line:     16,
+						Column:   8,
+					},
+				},
+			},
+		},
 	}
 
 	testutil.TestVulnerableCode(t, testcases)
@@ -897,6 +977,36 @@ func TestRulesSafeCode(t *testing.T) {
 			Src:      Sample5MavenSafeHSJAVA150,
 			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")),
 		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      SampleMavenSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample2GradleSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample3GradleSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample4IvySafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
+		{
+			Name:     "HS-JAVA-151",
+			Rule:     NewUncheckedClassInstatiation(),
+			Src:      Sample5MavenSafeHSJAVA151,
+			Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-151", ".test")),
+		},
 	}
 	testutil.TestSafeCode(t, testcases)
 }