Add refcounted-usage rule (#714)

* Add refcounted-usage rule, also add .mm filetype

* shared_ptr will be another rule

assets/semgrep_rules/client/dangling-pointer-trait.yaml

@@ -36,3 +36,4 @@ rules:
         - "*.h"
         - "*.hh"
         - "*.hcc"
+        - "*.mm"

assets/semgrep_rules/client/refcounted-usage.cpp

@@ -0,0 +1,23 @@
+// ruleid: refcounted-usage
+class MyClass : public base::RefCounted<MyClass> {
+};
+
+// ruleid: refcounted-usage
+class ThreadSafeClass : public base::RefCountedThreadSafe<ThreadSafeClass> {
+};
+
+// ruleid: refcounted-usage
+base::RefCountedData<int> shared_integer(42);
+
+// ok: refcounted-usage
+class RegularClass {
+};
+
+// ruleid: refcounted-usage
+using MyRefCountedType = base::RefCounted<SomeType>;
+
+// ruleid: refcounted-usage
+class NestedRefCounted : public base::RefCountedThreadSafe<NestedRefCounted> {
+    // ruleid: refcounted-usage
+    base::RefCountedData<std::string> nested_data_;
+};

assets/semgrep_rules/client/refcounted-usage.yaml

@@ -0,0 +1,27 @@
+rules:
+  - id: refcounted-usage
+    metadata:
+      author: Artem Chaikin
+      source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/refcounted-usage.yaml
+      assignees: |
+        stoletheminerals
+        thypon
+        cdesouza-chromium
+        bridiver
+    pattern-either:
+      - pattern: base::RefCounted<...>
+      - pattern: base::RefCountedThreadSafe<...>
+      - pattern: base::RefCountedData<...>
+    message: "Reference counting is occasionally useful but is more often a sign that someone isn't thinking carefully about ownership. Use it when ownership is truly shared (for example, multiple tabs sharing the same renderer process), not for when lifetime management is difficult to reason about."
+    languages:
+      - generic
+    paths:
+      include:
+        - "*.c"
+        - "*.cpp"
+        - "*.cc"
+        - "*.h"
+        - "*.hh"
+        - "*.hcc"
+        - "*.mm"
+    severity: WARNING

assets/semgrep_rules/client/unsafejs-in-cpp.yaml

@@ -19,6 +19,7 @@ rules:
         - "*.h"
         - "*.hpp"
         - "*.hh"
+        - "*.mm"
       exclude:
         - test/
         - "*.test.cc"