Understanding Sinks

Sinks are the destinations where personal data is being sent in the code. They are further categorized into storages, leakages, third parties, and internal apis. These top-level categories are aligned with the usages of the data. The top-level categories are further divided into sub-categories. For example, Storages are divided into MongoDB, MySQL, PSQL, etc. At the lowest level, rules are stored as per the programming languages. There will be a file for every language. The rules which are applicable to all the programming languages are stored in the default.yaml file.

Example

sinks:

  - id: Storages.AmazonS3.Read
    name: Amazon S3(Read)
    domains:
      - aws.amazon.com
    patterns: 
      - "(i?).*(?:AmazonS3ClientBuilder|S3Client[.]builder|AmazonS3EncryptionClient|software.amazon.awssdk.services.s3).*(?:get|list|head|select).*"
    tags:

  - id: Storages.AmazonS3.Write
    name: Amazon S3(Write)
    domains:
      - aws.amazon.com
    patterns: 
      - "(i?).*(?:AmazonS3ClientBuilder|S3Client[.]builder|AmazonS3EncryptionClient|software.amazon.awssdk.services.s3).*(?:abortMultipartUpload|completeMultipartUpload|copy|create|delete|put|uploadPart).*"
    tags:

Organization

Sinks are present in rules/sinks directory and are organized as follows,