Add security rules for detecting plaintext HTTP links and unencrypted sockets

rules/html/security/plaintext-http-link-html.yml

@@ -0,0 +1,80 @@
+id: plaintext-http-link-html
+language: html
+severity: warning
+message: >-
+  "This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible."
+note: >-
+  [CWE-319] Authentication Bypass by Primary Weakness
+  [REFERENCES]
+      -  https://cwe.mitre.org/data/definitions/319.html
+ast-grep-essentials: true
+
+rule:
+  not:
+    has:
+      stopBy: end
+      kind: ERROR
+  any:
+    - kind: element
+      not:
+        has:
+          kind: erroneous_end_tag
+      has:
+        nthChild: 1
+        kind: start_tag
+        all:
+          - has:
+              nthChild: 1
+              kind: tag_name
+              regex: ^a$
+          - has:
+                kind: attribute
+                not:
+                  has:
+                    stopBy: end
+                    kind: ERROR
+                all:
+                  - has:
+                      stopBy: end
+                      kind: attribute_name
+                      regex: ^href$
+                  - has:
+                      stopBy: end
+                      kind: attribute_value
+                      regex: ^([Hh][Tt][Tt][Pp]://)
+    - kind: start_tag
+      all:
+        - any:
+            - all:
+                - has:
+                    nthChild: 1
+                    kind: tag_name
+                    regex: ^a$
+                - inside:
+                    kind: element
+                    has:
+                      kind: erroneous_end_tag   
+            - all:
+                - inside:
+                    kind: element
+                    has:
+                      kind: erroneous_end_tag  
+                      has:
+                        kind: erroneous_end_tag_name
+                        regex: ^a$                                         
+        - has:
+              kind: attribute
+              not:
+                has:
+                  stopBy: end
+                  kind: ERROR
+              all:
+                - has:
+                    stopBy: end
+                    kind: attribute_name
+                    regex: ^href$
+                - has:
+                    stopBy: end
+                    kind: attribute_value
+                    regex: ^([Hh][Tt][Tt][Pp]://)
+

rules/java/security/unencrypted-socket-java.yml

@@ -0,0 +1,23 @@
+id: unencrypted-socket-java
+language: java
+severity: info
+message: >-
+  "Detected use of a Java socket that is not encrypted. As a result, the
+      traffic could be read by an attacker intercepting the network traffic. Use
+      an SSLSocket created by 'SSLSocketFactory' or 'SSLServerSocketFactory'
+      instead."
+note: >-
+  [CWE-319] Cleartext Transmission of Sensitive Information
+  [REFERENCES]
+      - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
+ast-grep-essentials: true
+
+rule:
+  any:
+    - pattern: new ServerSocket($$$)
+    - pattern: new Socket($$$)
+  not:
+    has:
+      stopBy: end
+      kind: ERROR
+

tests/__snapshots__/plaintext-http-link-html-snapshot.yml

@@ -0,0 +1,191 @@
+id: plaintext-http-link-html
+snapshots:
+  ? |
+    <a class="foo" href="http://astgrep.dev">Astgrep</a>
+  : labels:
+    - source: <a class="foo" href="http://astgrep.dev">Astgrep</a>
+      style: primary
+      start: 0
+      end: 52
+    - source: a
+      style: secondary
+      start: 1
+      end: 2
+    - source: href
+      style: secondary
+      start: 15
+      end: 19
+    - source: http://astgrep.dev
+      style: secondary
+      start: 21
+      end: 39
+    - source: href="http://astgrep.dev"
+      style: secondary
+      start: 15
+      end: 40
+    - source: <a class="foo" href="http://astgrep.dev">
+      style: secondary
+      start: 0
+      end: 41
+  ? |
+    <a class='foo' href='http://astgrep.dev'>Astgrep</a>
+  : labels:
+    - source: <a class='foo' href='http://astgrep.dev'>Astgrep</a>
+      style: primary
+      start: 0
+      end: 52
+    - source: a
+      style: secondary
+      start: 1
+      end: 2
+    - source: href
+      style: secondary
+      start: 15
+      end: 19
+    - source: http://astgrep.dev
+      style: secondary
+      start: 21
+      end: 39
+    - source: href='http://astgrep.dev'
+      style: secondary
+      start: 15
+      end: 40
+    - source: <a class='foo' href='http://astgrep.dev'>
+      style: secondary
+      start: 0
+      end: 41
+  ? |
+    <a class=foo href=http://astgrep.dev>Astgrep</a>
+  : labels:
+    - source: <a class=foo href=http://astgrep.dev>Astgrep</a>
+      style: primary
+      start: 0
+      end: 48
+    - source: a
+      style: secondary
+      start: 1
+      end: 2
+    - source: href
+      style: secondary
+      start: 13
+      end: 17
+    - source: http://astgrep.dev
+      style: secondary
+      start: 18
+      end: 36
+    - source: href=http://astgrep.dev
+      style: secondary
+      start: 13
+      end: 36
+    - source: <a class=foo href=http://astgrep.dev>
+      style: secondary
+      start: 0
+      end: 37
+  ? |
+    <a href="HTTP://ASTGREP.DEV">Astgrep</a>
+  : labels:
+    - source: <a href="HTTP://ASTGREP.DEV">Astgrep</a>
+      style: primary
+      start: 0
+      end: 40
+    - source: a
+      style: secondary
+      start: 1
+      end: 2
+    - source: href
+      style: secondary
+      start: 3
+      end: 7
+    - source: HTTP://ASTGREP.DEV
+      style: secondary
+      start: 9
+      end: 27
+    - source: href="HTTP://ASTGREP.DEV"
+      style: secondary
+      start: 3
+      end: 28
+    - source: <a href="HTTP://ASTGREP.DEV">
+      style: secondary
+      start: 0
+      end: 29
+  ? |
+    <a href="http://astgrep.dev">Astgrep</a>
+  : labels:
+    - source: <a href="http://astgrep.dev">Astgrep</a>
+      style: primary
+      start: 0
+      end: 40
+    - source: a
+      style: secondary
+      start: 1
+      end: 2
+    - source: href
+      style: secondary
+      start: 3
+      end: 7
+    - source: http://astgrep.dev
+      style: secondary
+      start: 9
+      end: 27
+    - source: href="http://astgrep.dev"
+      style: secondary
+      start: 3
+      end: 28
+    - source: <a href="http://astgrep.dev">
+      style: secondary
+      start: 0
+      end: 29
+  ? |
+    <a href='http://astgrep.dev'>Astgrep</a>
+  : labels:
+    - source: <a href='http://astgrep.dev'>Astgrep</a>
+      style: primary
+      start: 0
+      end: 40
+    - source: a
+      style: secondary
+      start: 1
+      end: 2
+    - source: href
+      style: secondary
+      start: 3
+      end: 7
+    - source: http://astgrep.dev
+      style: secondary
+      start: 9
+      end: 27
+    - source: href='http://astgrep.dev'
+      style: secondary
+      start: 3
+      end: 28
+    - source: <a href='http://astgrep.dev'>
+      style: secondary
+      start: 0
+      end: 29
+  ? |
+    <a href=http://astgrep.dev>Astgrep</a>
+  : labels:
+    - source: <a href=http://astgrep.dev>Astgrep</a>
+      style: primary
+      start: 0
+      end: 38
+    - source: a
+      style: secondary
+      start: 1
+      end: 2
+    - source: href
+      style: secondary
+      start: 3
+      end: 7
+    - source: http://astgrep.dev
+      style: secondary
+      start: 8
+      end: 26
+    - source: href=http://astgrep.dev
+      style: secondary
+      start: 3
+      end: 26
+    - source: <a href=http://astgrep.dev>
+      style: secondary
+      start: 0
+      end: 27

tests/__snapshots__/return-c-str-cpp-snapshot.yml

@@ -27,3 +27,12 @@ snapshots:
       style: primary
       start: 28
       end: 57
+  ? |
+    char *return_namespace_directly() {
+      return std::string("foo").c_str();
+    }
+  : labels:
+    - source: return std::string("foo").c_str();
+      style: primary
+      start: 38
+      end: 72

tests/__snapshots__/unencrypted-socket-java-snapshot.yml

@@ -0,0 +1,58 @@
+id: unencrypted-socket-java
+snapshots:
+  ? |
+    ServerSocket ssoc = new ServerSocket(1234);
+  : labels:
+    - source: new ServerSocket(1234)
+      style: primary
+      start: 20
+      end: 42
+  ? |
+    ServerSocket ssoc1 = new ServerSocket();
+  : labels:
+    - source: new ServerSocket()
+      style: primary
+      start: 21
+      end: 39
+  ? |
+    ServerSocket ssoc2 = new ServerSocket(1234, 10);
+  : labels:
+    - source: new ServerSocket(1234, 10)
+      style: primary
+      start: 21
+      end: 47
+  ? |
+    ServerSocket ssoc3 = new ServerSocket(1234, 10, InetAddress.getByAddress(address));
+  : labels:
+    - source: new ServerSocket(1234, 10, InetAddress.getByAddress(address))
+      style: primary
+      start: 21
+      end: 82
+  ? |
+    Socket soc = new Socket("www.google.com", 80);
+  : labels:
+    - source: new Socket("www.google.com", 80)
+      style: primary
+      start: 13
+      end: 45
+  ? |
+    Socket soc1 = new Socket("www.google.com", 80, true);
+  : labels:
+    - source: new Socket("www.google.com", 80, true)
+      style: primary
+      start: 14
+      end: 52
+  ? |
+    Socket soc2 = new Socket("www.google.com", 80, InetAddress.getByAddress(address), 13337);
+  : labels:
+    - source: new Socket("www.google.com", 80, InetAddress.getByAddress(address), 13337)
+      style: primary
+      start: 14
+      end: 88
+  ? |
+    Socket soc3 = new Socket(InetAddress.getByAddress(remoteAddress), 80);
+  : labels:
+    - source: new Socket(InetAddress.getByAddress(remoteAddress), 80)
+      style: primary
+      start: 14
+      end: 69

tests/html/plaintext-http-link-html-test.yml

@@ -0,0 +1,23 @@
+id: plaintext-http-link-html
+valid:
+  - |
+    <a href="https://astgrep.dev">Astgrep</a>
+  - |
+    <a href="https://astgrep.dev/http://">Astgrep</a>
+  - |
+    <a href="javascript:alert(1)">Astgrep</a>
+invalid:
+  - |
+    <a href="http://astgrep.dev">Astgrep</a>
+  - |    
+    <a href='http://astgrep.dev'>Astgrep</a>
+  - |    
+    <a href=http://astgrep.dev>Astgrep</a>
+  - |    
+    <a class="foo" href="http://astgrep.dev">Astgrep</a>
+  - |    
+    <a class='foo' href='http://astgrep.dev'>Astgrep</a>
+  - |    
+    <a class=foo href=http://astgrep.dev>Astgrep</a>
+  - |    
+    <a href="HTTP://ASTGREP.DEV">Astgrep</a>