From 3ec6a549d65af0e8df162091170abdda6dcbd765 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Fri, 18 Aug 2023 10:23:40 +0200 Subject: [PATCH] fixup: update severity default to avoid empty values --- .../.snapshots/TestAuxilary-testdata-data-auxilary | 2 +- ...tReferenceFilters-testdata-data-reference_filters | 2 +- .../.snapshots/TestSanitizer-testdata-data-sanitizer | 4 ++-- e2e/rules/.snapshots/TestSecrets-secrets | 2 +- .../TestSimpleRuby-testdata-data-simple_ruby | 2 +- .../composition/java/.snapshots/TestScope--scope.yml | 12 ++++++------ .../.snapshots/flow/TestFlow--different-line.yml | 6 +++--- .../java/.snapshots/flow/TestFlow--same-line.yml | 6 +++--- .../.snapshots/TestPatternVariables--main.yml | 4 ++-- .../javascript/.snapshots/TestScope--scope.yml | 12 ++++++------ .../flow/TestFlow--assigment-expression.yml | 6 +++--- .../flow/TestFlow--variable-declarator.yml | 6 +++--- .../.snapshots/import/TestImport--import.yml | 10 +++++----- .../TestObjectDeconstructing--deconstructing.yml | 6 +++--- .../TestObjectDeconstructing--multiple_objects.yml | 6 +++--- .../.snapshots/string/TestString--concatanation.yml | 6 +++--- .../.snapshots/string/TestString--simple.yml | 6 +++--- .../.snapshots/string/TestString--single-quotes.yml | 6 +++--- .../TestString--template-variable-reconciliation.yml | 6 +++--- .../.snapshots/string/TestString--template.yml | 6 +++--- .../ruby/.snapshots/TestPatternVariables--main.yml | 6 +++--- .../composition/ruby/.snapshots/TestRuby--call.yml | 6 +++--- .../TestRuby--object-variable-reconciliation.yml | 6 +++--- .../composition/ruby/.snapshots/TestScope--scope.yml | 12 ++++++------ pkg/commands/process/settings/settings.go | 10 ++++++++++ pkg/report/output/privacy/privacy.go | 2 +- .../output/security/.snapshots/TestCalculateSeverity | 10 +++++----- pkg/report/output/security/.snapshots/TestGetOutput | 8 ++++---- .../.snapshots/TestTestGetOutputWithSeverity | 6 +++--- pkg/report/output/security/security.go | 8 ++++---- 30 files changed, 100 insertions(+), 90 deletions(-) diff --git a/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary b/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary index 8ab70f232..12070880e 100644 --- a/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary +++ b/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary @@ -51,7 +51,7 @@ high: display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters b/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters index 563e29d72..857558ac2 100644 --- a/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters +++ b/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters @@ -34,7 +34,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer b/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer index e50f130c0..9a223f0ba 100644 --- a/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer +++ b/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer @@ -41,7 +41,7 @@ critical: display_severity: critical sensitive_data_category_weighting: 2 rule_severity_weighting: 5 - trigger_weighting: true + local_data_types: true final_weighting: 9 - rule: cwe_ids: @@ -85,7 +85,7 @@ critical: display_severity: critical sensitive_data_category_weighting: 2 rule_severity_weighting: 5 - trigger_weighting: true + local_data_types: true final_weighting: 9 diff --git a/e2e/rules/.snapshots/TestSecrets-secrets b/e2e/rules/.snapshots/TestSecrets-secrets index dda5b13cd..e66212526 100644 --- a/e2e/rules/.snapshots/TestSecrets-secrets +++ b/e2e/rules/.snapshots/TestSecrets-secrets @@ -45,7 +45,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby b/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby index 635d7d442..2e564f8b5 100644 --- a/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby +++ b/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby @@ -54,7 +54,7 @@ medium: display_severity: medium sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: false + local_data_types: false final_weighting: 4 diff --git a/new/detector/composition/java/.snapshots/TestScope--scope.yml b/new/detector/composition/java/.snapshots/TestScope--scope.yml index b6e902063..f4290f0c8 100644 --- a/new/detector/composition/java/.snapshots/TestScope--scope.yml +++ b/new/detector/composition/java/.snapshots/TestScope--scope.yml @@ -33,7 +33,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -69,7 +69,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -105,7 +105,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -141,7 +141,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -177,7 +177,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -213,6 +213,6 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml b/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml index 1b4c05d72..24b90a70a 100644 --- a/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml +++ b/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 2 full_filename: different-line.java filename: different-line.java @@ -35,10 +35,10 @@ high: fingerprint: b08f2b317021ef0197dc9286477e251d_0 old_fingerprint: b08f2b317021ef0197dc9286477e251d_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml b/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml index 3a7edc39e..00996d539 100644 --- a/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml +++ b/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: same-line.java filename: same-line.java @@ -35,10 +35,10 @@ high: fingerprint: b000c2a9a82d59a1e826bc709cca9307_0 old_fingerprint: b000c2a9a82d59a1e826bc709cca9307_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml b/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml index 57cadd1c0..11e35cd4b 100644 --- a/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml +++ b/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml @@ -33,7 +33,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -69,6 +69,6 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/new/detector/composition/javascript/.snapshots/TestScope--scope.yml b/new/detector/composition/javascript/.snapshots/TestScope--scope.yml index 3dae26144..7d82045f5 100644 --- a/new/detector/composition/javascript/.snapshots/TestScope--scope.yml +++ b/new/detector/composition/javascript/.snapshots/TestScope--scope.yml @@ -33,7 +33,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -69,7 +69,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -105,7 +105,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -141,7 +141,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -177,7 +177,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -213,6 +213,6 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml b/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml index 2803fcf94..434fdf418 100644 --- a/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml +++ b/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: assigment-expression.js filename: assigment-expression.js @@ -35,10 +35,10 @@ high: fingerprint: 3c919e47299fa396f901d19edaad859c_0 old_fingerprint: 3c919e47299fa396f901d19edaad859c_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml b/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml index fc26c3b6d..f55891228 100644 --- a/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml +++ b/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: variable-declarator.js filename: variable-declarator.js @@ -35,10 +35,10 @@ high: fingerprint: 5d86ec557137111caf0eca9a7d304c91_0 old_fingerprint: 5d86ec557137111caf0eca9a7d304c91_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml b/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml index 55f70ffb2..cad6d28d9 100644 --- a/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml +++ b/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml @@ -33,7 +33,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -69,7 +69,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -105,7 +105,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -141,7 +141,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -177,6 +177,6 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml index fd2c2cded..b058223ae 100644 --- a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml +++ b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml @@ -5,7 +5,7 @@ low: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: deconstructing.js filename: deconstructing.js @@ -29,9 +29,9 @@ low: fingerprint: 391f0431340399f3f30398341feeb70a_0 old_fingerprint: 391f0431340399f3f30398341feeb70a_0 severity: - rule_severity: "" + rule_severity: low display_severity: low rule_severity_weighting: 2 - trigger_weighting: false + local_data_types: false final_weighting: 2 diff --git a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml index aa8bc7b8b..ae31c9004 100644 --- a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml +++ b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml @@ -5,7 +5,7 @@ low: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: multiple_objects.js filename: multiple_objects.js @@ -29,9 +29,9 @@ low: fingerprint: 83d173c5a31e8a9fc4b42968d18f584f_0 old_fingerprint: 83d173c5a31e8a9fc4b42968d18f584f_0 severity: - rule_severity: "" + rule_severity: low display_severity: low rule_severity_weighting: 2 - trigger_weighting: false + local_data_types: false final_weighting: 2 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml b/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml index ae4cc6550..9c07765ac 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: concatanation.js filename: concatanation.js @@ -35,10 +35,10 @@ high: fingerprint: 272ebbd3e69ab1032f6fb14b69a79ae8_0 old_fingerprint: 272ebbd3e69ab1032f6fb14b69a79ae8_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml b/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml index 41536ff6b..b4e4450d8 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: simple.js filename: simple.js @@ -35,10 +35,10 @@ high: fingerprint: 971b852ae8266c6d2b25437584017e2c_0 old_fingerprint: 971b852ae8266c6d2b25437584017e2c_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml b/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml index 2396ad709..cce863df5 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 2 full_filename: single-quotes.js filename: single-quotes.js @@ -35,10 +35,10 @@ high: fingerprint: d85fed5722eb11c71ff861517e929da1_0 old_fingerprint: d85fed5722eb11c71ff861517e929da1_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml b/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml index bab647061..b0e8fb66c 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 3 full_filename: template-variable-reconciliation.js filename: template-variable-reconciliation.js @@ -35,10 +35,10 @@ high: fingerprint: bbac16a148474689a2cb1b5e2d40ada2_0 old_fingerprint: bbac16a148474689a2cb1b5e2d40ada2_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--template.yml b/new/detector/composition/javascript/.snapshots/string/TestString--template.yml index f8ad66ce4..50768c26b 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--template.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--template.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: template.js filename: template.js @@ -35,10 +35,10 @@ high: fingerprint: 5f1137c9ab0489aed97dddee99bff779_0 old_fingerprint: 5f1137c9ab0489aed97dddee99bff779_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml b/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml index 9282335ae..3deb1f165 100644 --- a/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml +++ b/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml @@ -33,7 +33,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -73,7 +73,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -115,6 +115,6 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/new/detector/composition/ruby/.snapshots/TestRuby--call.yml b/new/detector/composition/ruby/.snapshots/TestRuby--call.yml index 7c8d3ecaf..9fefb0a3e 100644 --- a/new/detector/composition/ruby/.snapshots/TestRuby--call.yml +++ b/new/detector/composition/ruby/.snapshots/TestRuby--call.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: call.rb filename: call.rb @@ -35,10 +35,10 @@ high: fingerprint: e61c5d04fc38732e3374bc499d4daec1_0 old_fingerprint: e61c5d04fc38732e3374bc499d4daec1_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml b/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml index 102e78a8d..177b43219 100644 --- a/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml +++ b/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - severity: "" + severity: low line_number: 1 full_filename: object-variable-reconciliation.rb filename: object-variable-reconciliation.rb @@ -35,10 +35,10 @@ high: fingerprint: 50cde2c647d72172d49858483ecb0b57_0 old_fingerprint: 50cde2c647d72172d49858483ecb0b57_0 severity: - rule_severity: "" + rule_severity: low display_severity: high sensitive_data_category_weighting: 2 rule_severity_weighting: 2 - trigger_weighting: true + local_data_types: true final_weighting: 6 diff --git a/new/detector/composition/ruby/.snapshots/TestScope--scope.yml b/new/detector/composition/ruby/.snapshots/TestScope--scope.yml index d58ac7bd9..cc5a56d27 100644 --- a/new/detector/composition/ruby/.snapshots/TestScope--scope.yml +++ b/new/detector/composition/ruby/.snapshots/TestScope--scope.yml @@ -33,7 +33,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -69,7 +69,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -105,7 +105,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -141,7 +141,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -177,7 +177,7 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 - rule: cwe_ids: @@ -213,6 +213,6 @@ high: rule_severity: high display_severity: high rule_severity_weighting: 5 - trigger_weighting: false + local_data_types: false final_weighting: 5 diff --git a/pkg/commands/process/settings/settings.go b/pkg/commands/process/settings/settings.go index 1e6745922..f2f42e163 100644 --- a/pkg/commands/process/settings/settings.go +++ b/pkg/commands/process/settings/settings.go @@ -13,6 +13,8 @@ import ( "github.com/bearer/bearer/pkg/util/ignore" "github.com/bearer/bearer/pkg/util/output" "github.com/bearer/bearer/pkg/util/rego" + + globaltypes "github.com/bearer/bearer/pkg/types" ) var ( @@ -253,6 +255,14 @@ func (rule *Rule) PolicyType() bool { return rule.Type == "risk" } +func (rule *Rule) GetSeverity() string { + if rule.Severity == "" { + return globaltypes.LevelLow + } + + return rule.Severity +} + func (rule *Rule) Language() string { if rule.Languages == nil { return "secret" diff --git a/pkg/report/output/privacy/privacy.go b/pkg/report/output/privacy/privacy.go index 930e5036c..fd1bd44bb 100644 --- a/pkg/report/output/privacy/privacy.go +++ b/pkg/report/output/privacy/privacy.go @@ -203,7 +203,7 @@ func GetOutput(dataflow *types.DataFlow, config settings.Config) (*types.Output[ } for _, ruleOutputFailure := range ruleOutput["local_rule_failure"] { - ruleSeverity := security.CalculateSeverity(ruleOutputFailure.CategoryGroups, rule.Severity, true) + ruleSeverity := security.CalculateSeverity(ruleOutputFailure.CategoryGroups, rule.GetSeverity(), true) key := buildKey(ruleOutputFailure.DataSubject, ruleOutputFailure.DataType) subjectRuleFailure, ok := subjectRuleFailures[key] diff --git a/pkg/report/output/security/.snapshots/TestCalculateSeverity b/pkg/report/output/security/.snapshots/TestCalculateSeverity index 5310fae2c..5d8093293 100644 --- a/pkg/report/output/security/.snapshots/TestCalculateSeverity +++ b/pkg/report/output/security/.snapshots/TestCalculateSeverity @@ -4,7 +4,7 @@ DisplaySeverity: (string) (len=8) "critical", SensitiveDataCategoryWeighting: (int) 3, RuleSeverityWeighting: (int) 2, - TriggerWeighting: (*bool)(true), + HasLocalDataTypes: (*bool)(true), FinalWeighting: (int) 8 }, (security.SeverityWeighting) { @@ -12,7 +12,7 @@ DisplaySeverity: (string) (len=4) "high", SensitiveDataCategoryWeighting: (int) 3, RuleSeverityWeighting: (int) 2, - TriggerWeighting: (*bool)(false), + HasLocalDataTypes: (*bool)(false), FinalWeighting: (int) 5 }, (security.SeverityWeighting) { @@ -20,7 +20,7 @@ DisplaySeverity: (string) (len=6) "medium", SensitiveDataCategoryWeighting: (int) 2, RuleSeverityWeighting: (int) 2, - TriggerWeighting: (*bool)(false), + HasLocalDataTypes: (*bool)(false), FinalWeighting: (int) 4 }, (security.SeverityWeighting) { @@ -28,7 +28,7 @@ DisplaySeverity: (string) (len=7) "warning", SensitiveDataCategoryWeighting: (int) 0, RuleSeverityWeighting: (int) 0, - TriggerWeighting: (*bool)(), + HasLocalDataTypes: (*bool)(), FinalWeighting: (int) 0 }, (security.SeverityWeighting) { @@ -36,7 +36,7 @@ DisplaySeverity: (string) (len=7) "warning", SensitiveDataCategoryWeighting: (int) 0, RuleSeverityWeighting: (int) 0, - TriggerWeighting: (*bool)(), + HasLocalDataTypes: (*bool)(), FinalWeighting: (int) 0 } } diff --git a/pkg/report/output/security/.snapshots/TestGetOutput b/pkg/report/output/security/.snapshots/TestGetOutput index 95f079958..783c51db3 100644 --- a/pkg/report/output/security/.snapshots/TestGetOutput +++ b/pkg/report/output/security/.snapshots/TestGetOutput @@ -10,7 +10,7 @@ Title: (string) (len=46) "Sensitive data sent to Rails loggers detected.", Description: (string) (len=608) "## Description\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to rails loggers.\n\n## Remediations\n❌ Avoid using sensitive data in logger messages:\n\n```ruby\nRails.logger.info('User is: #{user.email}')\n```\n\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\n\n```ruby\nRails.logger.info('User is: #{user.uuid}')\n```\n\n## Resources\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n", DocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger", - Severity: (string) "" + Severity: (string) (len=3) "low" }), LineNumber: (int) 1, FullFilename: (string) "", @@ -52,11 +52,11 @@ DetailedContext: (string) "", CodeExtract: (string) "", SeverityWeighting: (security.SeverityWeighting) { - RuleSeverity: (string) "", + RuleSeverity: (string) (len=3) "low", DisplaySeverity: (string) (len=8) "critical", SensitiveDataCategoryWeighting: (int) 3, RuleSeverityWeighting: (int) 2, - TriggerWeighting: (*bool)(true), + HasLocalDataTypes: (*bool)(true), FinalWeighting: (int) 8 }, RawCodeExtract: ([]file.Line) { @@ -115,7 +115,7 @@ DisplaySeverity: (string) (len=4) "high", SensitiveDataCategoryWeighting: (int) 2, RuleSeverityWeighting: (int) 3, - TriggerWeighting: (*bool)(false), + HasLocalDataTypes: (*bool)(false), FinalWeighting: (int) 5 }, RawCodeExtract: ([]file.Line) { diff --git a/pkg/report/output/security/.snapshots/TestTestGetOutputWithSeverity b/pkg/report/output/security/.snapshots/TestTestGetOutputWithSeverity index c5a342b70..10514a80c 100644 --- a/pkg/report/output/security/.snapshots/TestTestGetOutputWithSeverity +++ b/pkg/report/output/security/.snapshots/TestTestGetOutputWithSeverity @@ -10,7 +10,7 @@ Title: (string) (len=46) "Sensitive data sent to Rails loggers detected.", Description: (string) (len=608) "## Description\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to rails loggers.\n\n## Remediations\n❌ Avoid using sensitive data in logger messages:\n\n```ruby\nRails.logger.info('User is: #{user.email}')\n```\n\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\n\n```ruby\nRails.logger.info('User is: #{user.uuid}')\n```\n\n## Resources\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n", DocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger", - Severity: (string) "" + Severity: (string) (len=3) "low" }), LineNumber: (int) 1, FullFilename: (string) "", @@ -52,11 +52,11 @@ DetailedContext: (string) "", CodeExtract: (string) "", SeverityWeighting: (security.SeverityWeighting) { - RuleSeverity: (string) "", + RuleSeverity: (string) (len=3) "low", DisplaySeverity: (string) (len=8) "critical", SensitiveDataCategoryWeighting: (int) 3, RuleSeverityWeighting: (int) 2, - TriggerWeighting: (*bool)(true), + HasLocalDataTypes: (*bool)(true), FinalWeighting: (int) 8 }, RawCodeExtract: ([]file.Line) { diff --git a/pkg/report/output/security/security.go b/pkg/report/output/security/security.go index b41535cd2..8218be198 100644 --- a/pkg/report/output/security/security.go +++ b/pkg/report/output/security/security.go @@ -63,7 +63,7 @@ type SeverityWeighting struct { DisplaySeverity string `json:"display_severity" yaml:"display_severity"` SensitiveDataCategoryWeighting int `json:"sensitive_data_category_weighting,omitempty" yaml:"sensitive_data_category_weighting,omitempty"` RuleSeverityWeighting int `json:"rule_severity_weighting,omitempty" yaml:"rule_severity_weighting,omitempty"` - TriggerWeighting *bool `json:"trigger_weighting,omitempty" yaml:"trigger_weighting,omitempty"` + HasLocalDataTypes *bool `json:"local_data_types,omitempty" yaml:"local_data_types,omitempty"` FinalWeighting int `json:"final_weighting,omitempty" yaml:"final_weighting,omitempty"` } @@ -248,7 +248,7 @@ func evaluateRules( } ruleSummary := &Rule{ - Severity: rule.Severity, + Severity: rule.GetSeverity(), Title: rule.Description, Description: rule.RemediationMessage, Id: rule.Id, @@ -306,7 +306,7 @@ func evaluateRules( OldFingerprint: oldFingerprint, } - severityWeighting := CalculateSeverity(result.CategoryGroups, rule.Severity, output.IsLocal != nil && *output.IsLocal) + severityWeighting := CalculateSeverity(result.CategoryGroups, rule.GetSeverity(), output.IsLocal != nil && *output.IsLocal) severity := severityWeighting.DisplaySeverity if config.Report.Severity[severity] { @@ -478,7 +478,7 @@ func CalculateSeverity(groups []string, severity string, hasLocalDataTypes bool) RuleSeverity: severity, SensitiveDataCategoryWeighting: sensitiveDataCategoryWeighting, RuleSeverityWeighting: ruleSeverityWeighting, - TriggerWeighting: &hasLocalDataTypes, + HasLocalDataTypes: &hasLocalDataTypes, FinalWeighting: finalWeighting, DisplaySeverity: displaySeverity, }