docs(rule): rename rules (#627)

* Rename rules The format of the rules description was done in a way that didn't explicitly mention what was the problem, but what was the overall expectation. Considering we use it in the CLI output with associated snippet code in errors, it makes more sense to format it in a way that explain what is the problem. * chore: update snapshots --------- Co-authored-by: gotbadger <p.j.h@hey.com>
Bearer · Feb 21, 2023 · 198eb3a · 198eb3a
1 parent 57f5d02
commit 198eb3a
Show file tree

Hide file tree

Showing 235 changed files with 409 additions and 409 deletions.
diff --git a/...ings/rules/internal/internal/gitleaks.yml → ...es/internal/internal/secret_detection.yml b/...ings/rules/internal/internal/gitleaks.yml → ...es/internal/internal/secret_detection.yml
@@ -5,11 +5,11 @@ severity:
 detailed_context: true
 omit_parent_content: true
 metadata:
-  description: "Do not leak secrets in the codebase."
+  description: "Hard-coded secret detected."
   remediation_message: |
     ## Description
 
-    Hard-coding secrets and keys in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded.
+    Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded.
 
     ## Remediations
 
@@ -20,4 +20,4 @@ metadata:
   dsr_id: "DSR-4"
   cwe_id:
     - 798
-  id: "gitleaks"
+  id: "secret_detection"
diff --git a/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml b/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml
@@ -7,7 +7,7 @@ trigger: presence
 severity:
   default: "warning"
 metadata:
-  description: "Ensure directory listing is not inappropriately exposed."
+  description: "Missing access restriction to directory listing detected."
   remediation_message: |
     ## Description
     Inappropriate exposure of a directory listing could give attackers access to sensitive data or source code, either directly or through exploitation of an exposed file structure.

diff --git a/...dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml b/...dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml
@@ -1,7 +1,7 @@
 warning:
     - rule_dsrid: ""
       rule_display_id: javascript_express_exposed_dir_listing
-      rule_description: Ensure directory listing is not inappropriately exposed.
+      rule_description: Missing access restriction to directory listing detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_exposed_dir_listing
       line_number: 5
       filename: serve_index_in_app_use.js

diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml
@@ -22,7 +22,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Ensure cookies are sent over HTTPS."
+  description: "Missing secure options for cookie detected."
   remediation_message: |
     ## Description
     To make sure cookies don't open your application up to exploits or unauthorized access, don't use default cookie values and make sure to set security options appropriately.

diff --git a/...ules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml b/...ules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-3
       rule_display_id: express_insecure_cookie
-      rule_description: Ensure cookies are sent over HTTPS.
+      rule_description: Missing secure options for cookie detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
       line_number: 9
       filename: http_only.js

diff --git a/...avascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml b/...avascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-3
       rule_display_id: express_insecure_cookie
-      rule_description: Ensure cookies are sent over HTTPS.
+      rule_description: Missing secure options for cookie detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
       line_number: 9
       filename: insecure_cookie.js

diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml
@@ -23,7 +23,7 @@ trigger: presence
 severity:
   default: "low"
 metadata:
-  description: "Ensure proper restriction of XML external entity references."
+  description: "Missing proper restriction of XML external entity references detected."
   remediation_message: |
     ## Description
     Avoid generating XML documents that include XML entities with URIs that resolve to resources that are outside of the current context.

diff --git a/...xpress/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml b/...xpress/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: ""
       rule_display_id: express_insecure_xml_ref
-      rule_description: Ensure proper restriction of XML external entity references.
+      rule_description: Missing proper restriction of XML external entity references detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_xml_ref
       line_number: 4
       filename: lib_xml_with_noent_true.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/exception.yml b/pkg/commands/process/settings/rules/javascript/lang/exception.yml
@@ -34,7 +34,7 @@ severity:
 skip_data_types:
   - Unique Identifier
 metadata:
-  description: "Do not send sensitive data to exceptions."
+  description: "Sensitive data in a exception message detected."
   remediation_message: |
     ## Description
 

diff --git a/...ules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml b/...ules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: promise_reject.js

diff --git a/...ttings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml b/...ttings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: reject.js
@@ -11,7 +11,7 @@ critical:
       parent_content: reject("Error with user " + user)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 14
       filename: reject.js

diff --git a/...ascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml b/...ascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: throw_custom_exception.js

diff --git a/.../rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml b/.../rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: throw_string.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml b/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml
@@ -18,7 +18,7 @@ severity:
   PHI: medium
   PD: high
 metadata:
-  description: "Do not write sensitive data to static files."
+  description: "Sensitive data detected as part of a dynamic file generation."
   remediation_message: |
     ## Description
 

diff --git a/...ipt/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml b/...ipt/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-4
       rule_display_id: javascript_lang_file_generation
-      rule_description: Do not write sensitive data to static files.
+      rule_description: Sensitive data detected as part of a dynamic file generation.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation
       line_number: 8
       filename: file_generation.js
@@ -15,7 +15,7 @@ critical:
         })
     - rule_dsrid: DSR-4
       rule_display_id: javascript_lang_file_generation
-      rule_description: Do not write sensitive data to static files.
+      rule_description: Sensitive data detected as part of a dynamic file generation.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation
       line_number: 11
       filename: file_generation.js
@@ -29,7 +29,7 @@ critical:
         })
     - rule_dsrid: DSR-4
       rule_display_id: javascript_lang_file_generation
-      rule_description: Do not write sensitive data to static files.
+      rule_description: Sensitive data detected as part of a dynamic file generation.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation
       line_number: 12
       filename: file_generation.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml
@@ -35,7 +35,7 @@ trigger: presence
 severity:
   default: low
 metadata:
-  description: "Only communicate using HTTPS connections."
+  description: "Connection with an unsecure HTTP communication detected."
   remediation_message: |
     ## Description
 

diff --git a/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml b/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_http_insecure
-      rule_description: Only communicate using HTTPS connections.
+      rule_description: Connection with an unsecure HTTP communication detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure
       line_number: 2
       filename: axios_insecure.js

diff --git a/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml b/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_http_insecure
-      rule_description: Only communicate using HTTPS connections.
+      rule_description: Connection with an unsecure HTTP communication detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure
       line_number: 3
       filename: fetch_insecure.js

diff --git a/...javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml b/...javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_http_insecure
-      rule_description: Only communicate using HTTPS connections.
+      rule_description: Connection with an unsecure HTTP communication detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure
       line_number: 5
       filename: request_insecure.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/jwt.yml b/pkg/commands/process/settings/rules/javascript/lang/jwt.yml
@@ -16,7 +16,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not store sensitive data in jwt."
+  description: "Sensitive data in a JWT detected."
   remediation_message: |
     ## Description
 

diff --git a/...nds/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml b/...nds/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_jwt
-      rule_description: Do not store sensitive data in jwt.
+      rule_description: Sensitive data in a JWT detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_jwt
       line_number: 2
       filename: unsecure.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger.yml b/pkg/commands/process/settings/rules/javascript/lang/logger.yml
@@ -71,7 +71,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not send sensitive data to loggers."
+  description: "Sensitive data in a logger message detected."
   remediation_message: |
     ## Description
 

diff --git a/...cess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml b/...cess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 3
       filename: child.js

diff --git a/...ettings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml b/...ettings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 3
       filename: child_level.js
@@ -11,7 +11,7 @@ critical:
       parent_content: logger.child(ctx)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 7
       filename: child_level.js

diff --git a/...ss/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml b/...ss/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 1
       filename: console.js

diff --git a/...tings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml b/...tings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 1
       filename: datatype_leak.js

diff --git a/...rocess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml b/...rocess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 1
       filename: log.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/session.yml b/pkg/commands/process/settings/rules/javascript/lang/session.yml
@@ -15,7 +15,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not set sensitive data to session."
+  description: "Sensitive data stored in HTML local storage detected."
   remediation_message: |
     ## Description
 

diff --git a/...ings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml b/...ings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_session
-      rule_description: Do not set sensitive data to session.
+      rule_description: Sensitive data stored in HTML local storage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_session
       line_number: 1
       filename: session_leak.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml
@@ -31,7 +31,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not weak encrypt sensitive information"
+  description: "Weak encryption library usage detected."
   remediation_message: |
     ## Description
 

diff --git a/...gs/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml b/...gs/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 4
       filename: md5.js
@@ -11,7 +11,7 @@ critical:
       parent_content: crypto.createHmac("md5", key).update(user.password)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 5
       filename: md5.js

diff --git a/...s/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml b/...s/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 4
       filename: sha1.js
@@ -11,7 +11,7 @@ critical:
       parent_content: crypto.createHmac("sha1", key).update(user.password)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 5
       filename: sha1.js

diff --git a/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml b/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml
@@ -13,7 +13,7 @@ severity:
   PHI: medium
   PD: high
 metadata:
-  description: "Do not send sensitive data to Google Analytics."
+  description: "Sensitive data sent to Google Analytics detected."
   remediation_message: |
     ## Description
 

diff --git a/...script/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml b/...script/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-1
       rule_display_id: javascript_react_google_analytics
-      rule_description: Do not send sensitive data to Google Analytics.
+      rule_description: Sensitive data sent to Google Analytics detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_react_google_analytics
       line_number: 1
       filename: insecure.js
@@ -16,7 +16,7 @@ critical:
         })
     - rule_dsrid: DSR-1
       rule_display_id: javascript_react_google_analytics
-      rule_description: Do not send sensitive data to Google Analytics.
+      rule_description: Sensitive data sent to Google Analytics detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_react_google_analytics
       line_number: 5
       filename: insecure.js

diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml b/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml
@@ -22,7 +22,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not send sensitive data to Airbrake."
+  description: "Sensitive data sent to Airbrake detected."
   remediation_message: |
     ## Description
     Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Airbrake.

diff --git a/...vascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml b/...vascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml
@@ -1,7 +1,7 @@
 high:
     - rule_dsrid: DSR-1
       rule_display_id: javascript_third_parties_airbrake
-      rule_description: Do not send sensitive data to Airbrake.
+      rule_description: Sensitive data sent to Airbrake detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_airbrake
       line_number: 18
       filename: datatype_in_notify.js