Glide library detection rule

assets/semgrep_rules/client/glide-library.java

@@ -0,0 +1,28 @@
+// ruleid: glide-library
+import com.bumptech.glide.load.DataSource;
+
+if (mBraveNewsController != null) {
+            mBraveNewsController.getImageData(adImageUrl, imageData -> {
+                if (imageData != null) {
+                    Bitmap decodedByte =
+                            BitmapFactory.decodeByteArray(imageData, 0, imageData.length);
+                    // ruleid: glide-library
+                    Glide.with(mActivity)
+                            .asBitmap()
+                            .load(decodedByte)
+                            .fitCenter()
+                            .priority(Priority.IMMEDIATE)
+                            .diskCacheStrategy(DiskCacheStrategy.ALL)
+                            .into(new CustomTarget<Bitmap>() {
+                                @Override
+                                public void onResourceReady(@NonNull Bitmap resource,
+                                        @Nullable Transition<? super Bitmap> transition) {
+                                    imageView.setImageBitmap(resource);
+                                }
+                                @Override
+                                public void onLoadCleared(@Nullable Drawable placeholder) {}
+                            });
+                    imageView.setClipToOutline(true);
+        }
+    });
+}

assets/semgrep_rules/client/glide-library.yml

@@ -0,0 +1,17 @@
+rules:
+  - id: glide-library
+    metadata:
+      author: Artem Chaikin
+      references:
+        - https://github.com/brave/reviews/issues/1391
+      source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/glide-library.yaml
+      assignees: |
+        stoletheminerals
+        bridiver
+    message: "The Glide image loading library is not yet approved, new usages should not be implemented until the security team has given their approval."
+    languages: [java]
+    severity: WARNING
+    patterns:
+      - pattern-either:
+          - pattern: "import com.bumptech.glide"
+          - pattern: "Glide.with(...)"