Skip to content

Commit

Permalink
feat(summary): condense rule list and show CWE (#647)
Browse files Browse the repository at this point in the history 
* feat(summary): condense rule list and show CWE

* chore: remove DSR id

* fix: typo

* chore: update snapshots
  • Loading branch information
@gotbadger
gotbadger authored Feb 23, 2023
1 parent fa8c122 commit 7e28dbe
Show file tree
Hide file tree
Showing 277 changed files with 2,856 additions and 1,938 deletions.
5 changes: 2 additions & 3 deletions battle_tests/metrics_scan/metrics_scan.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ type ScanReport struct {

type PolicyScanReport struct {
// PolicyName string `json:"policy_name" yaml:"policy_name"`
PolicyDsrid string `json:"rule_dsrid" yaml:"rule_dsrid"`
PolicyDisplayId string `json:"rule_display_id" yaml:"rule_display_id"`
CWEIDs []string `json:"rule_cwe_ids" yaml:"rule_cwe_ids"`
PolicyDisplayId string `json:"rule_display_id" yaml:"rule_display_id"`
// PolicyDescription string `json:"policy_description" yaml:"policy_description"`
LineNumber int `json:"line_number,omitempty" yaml:"line_number,omitempty"`
Filename string `json:"filename,omitempty" yaml:"filename,omitempty"`
Expand Down Expand Up @@ -113,7 +113,6 @@ func ScanRepository(repositoryUrl string, language string, reportingChan chan *M
metrics.NumberOfLineOfCode = float64(reportData.NumberOfLines)
metrics.DataTypes = reportData.DataTypes


// Run summary
policiesOutput, _, err := scanner.Start("summary")
if err != nil {
Expand Down
10 changes: 6 additions & 4 deletions e2e/rules/.snapshots/TestAuxilary-unsecure
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
critical:
- rule_dsrid: DSR-1
rule_display_id: javascript_third_parties_datadog_test
rule_description: Do not send sensitive data to Datadog.
rule_documentation_url: ""
- rule:
cwe_ids:
- "201"
id: javascript_third_parties_datadog_test
description: Do not send sensitive data to Datadog.
documentation_url: ""
line_number: 3
filename: e2e/rules/testdata/data/auxilary/unsecure.js
category_groups:
Expand Down
10 changes: 6 additions & 4 deletions e2e/rules/.snapshots/TestSimpleRuby-unsecure
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
low:
- rule_dsrid: DSR-2
rule_display_id: ruby_rails_insecure_communication_test
rule_description: Force all incoming communication through SSL.
rule_documentation_url: ""
- rule:
cwe_ids:
- "319"
id: ruby_rails_insecure_communication_test
description: Force all incoming communication through SSL.
documentation_url: ""
line_number: 7
filename: e2e/rules/testdata/data/simple_ruby/unsecure.rb
category_groups:
Expand Down
1 change: 0 additions & 1 deletion e2e/rules/testdata/rules/auxilary.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ metadata:
## Resources
- [Datadog docs](https://docs.datadoghq.com)
- [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans)
dsr_id: DSR-1
cwe_id:
- 201
associated_recipe: Datadog
Expand Down
1 change: 0 additions & 1 deletion e2e/rules/testdata/rules/simple_ruby.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ metadata:
## Resources
- [Configuring Rails Applications - Ruby on Rails Guides](https://guides.rubyonrails.org/configuring.html#config-force-ssl)
dsr_id: DSR-2
cwe_id:
- 319
id: ruby_rails_insecure_communication_test
2 changes: 1 addition & 1 deletion pkg/commands/process/settings/rules.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ func buildRules(definitions map[string]RuleDefinition, enabledRules map[string]s
Detectors: definition.Detectors,
Processors: definition.Processors,
AutoEncrytPrefix: definition.AutoEncrytPrefix,
DSRID: definition.Metadata.DSRID,
CWEIDs: definition.Metadata.CWEIDs,
Languages: definition.Languages,
ParamParenting: definition.ParamParenting,
Patterns: definition.Patterns,
Expand Down
1 change: 0 additions & 1 deletion pkg/commands/process/settings/rules/internal/internal/secret_detection.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ metadata:
## Resources
- [Gitleaks](https://gitleaks.io/)
dsr_id: "DSR-4"
cwe_id:
- 798
id: "secret_detection"
10 changes: 6 additions & 4 deletions ...cross_site_scripting/.snapshots/TestJavascriptExpressCrossSiteScripting--res_send_xss.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
low:
- rule_dsrid: ""
rule_display_id: javascript_express_cross_site_scripting
rule_description: Cross-site scripting (XSS) vulnerability detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_cross_site_scripting
- rule:
cwe_ids:
- "79"
id: javascript_express_cross_site_scripting
description: Cross-site scripting (XSS) vulnerability detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_cross_site_scripting
line_number: 5
filename: res_send_xss.js
parent_line_number: 5
Expand Down
10 changes: 6 additions & 4 deletions ...ross_site_scripting/.snapshots/TestJavascriptExpressCrossSiteScripting--res_write_xss.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
low:
- rule_dsrid: ""
rule_display_id: javascript_express_cross_site_scripting
rule_description: Cross-site scripting (XSS) vulnerability detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_cross_site_scripting
- rule:
cwe_ids:
- "79"
id: javascript_express_cross_site_scripting
description: Cross-site scripting (XSS) vulnerability detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_cross_site_scripting
line_number: 6
filename: res_write_xss.js
parent_line_number: 6
Expand Down
10 changes: 6 additions & 4 deletions ...dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
warning:
- rule_dsrid: ""
rule_display_id: javascript_express_exposed_dir_listing
rule_description: Missing access restriction to directory listing detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_exposed_dir_listing
- rule:
cwe_ids:
- "548"
id: javascript_express_exposed_dir_listing
description: Missing access restriction to directory listing detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_exposed_dir_listing
line_number: 5
filename: serve_index_in_app_use.js
parent_line_number: 5
Expand Down
1 change: 0 additions & 1 deletion pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ metadata:
## Resources
- [Express Security Best Practices](https://expressjs.com/en/advanced/best-practice-security.html#use-cookies-securely)
dsr_id: "DSR-3"
cwe_id:
- 1004
- 614
Expand Down
11 changes: 7 additions & 4 deletions ...ules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
low:
- rule_dsrid: DSR-3
rule_display_id: express_insecure_cookie
rule_description: Missing secure options for cookie detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
- rule:
cwe_ids:
- "1004"
- "614"
id: express_insecure_cookie
description: Missing secure options for cookie detected.
documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
line_number: 9
filename: http_only.js
parent_line_number: 9
Expand Down
11 changes: 7 additions & 4 deletions ...avascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
low:
- rule_dsrid: DSR-3
rule_display_id: express_insecure_cookie
rule_description: Missing secure options for cookie detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
- rule:
cwe_ids:
- "1004"
- "614"
id: express_insecure_cookie
description: Missing secure options for cookie detected.
documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
line_number: 9
filename: insecure_cookie.js
parent_line_number: 9
Expand Down
10 changes: 6 additions & 4 deletions ...ution/.snapshots/TestJavascriptExpressInsecureRefResolution--render_external_resource.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
low:
- rule_dsrid: ""
rule_display_id: javascript_express_external_resource
rule_description: Avoid rendering resources resolved from external names or references.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_external_resource
- rule:
cwe_ids:
- "706"
id: javascript_express_external_resource
description: Avoid rendering resources resolved from external names or references.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_external_resource
line_number: 5
filename: render_external_resource.js
parent_line_number: 5
Expand Down
10 changes: 6 additions & 4 deletions ...tion/.snapshots/TestJavascriptExpressInsecureRefResolution--require_external_resource.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
low:
- rule_dsrid: ""
rule_display_id: javascript_express_external_resource
rule_description: Avoid rendering resources resolved from external names or references.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_external_resource
- rule:
cwe_ids:
- "706"
id: javascript_express_external_resource
description: Avoid rendering resources resolved from external names or references.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_external_resource
line_number: 6
filename: require_external_resource.js
parent_line_number: 6
Expand Down
40 changes: 24 additions & 16 deletions ...ipt/express/open_redirect/.snapshots/TestJavascriptExpressOpenRedirect--open_redirect.yml
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,40 @@
low:
- rule_dsrid: ""
rule_display_id: javascript_express_open_redirect
rule_description: Open redirect detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
- rule:
cwe_ids:
- "601"
id: javascript_express_open_redirect
description: Open redirect detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
line_number: 2
filename: open_redirect.js
parent_line_number: 2
parent_content: res.redirect(req.params.url)
- rule_dsrid: ""
rule_display_id: javascript_express_open_redirect
rule_description: Open redirect detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
- rule:
cwe_ids:
- "601"
id: javascript_express_open_redirect
description: Open redirect detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
line_number: 3
filename: open_redirect.js
parent_line_number: 3
parent_content: res.redirect(req.query.url + "/bar")
- rule_dsrid: ""
rule_display_id: javascript_express_open_redirect
rule_description: Open redirect detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
- rule:
cwe_ids:
- "601"
id: javascript_express_open_redirect
description: Open redirect detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
line_number: 4
filename: open_redirect.js
parent_line_number: 4
parent_content: res.redirect("https://" + req.params.url + "/bar")
- rule_dsrid: ""
rule_display_id: javascript_express_open_redirect
rule_description: Open redirect detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
- rule:
cwe_ids:
- "601"
id: javascript_express_open_redirect
description: Open redirect detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_open_redirect
line_number: 5
filename: open_redirect.js
parent_line_number: 5
Expand Down
20 changes: 12 additions & 8 deletions ...traversal/.snapshots/TestJavascriptExpressPathTraversal--path_traversal_vulnerability.yml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
warning:
- rule_dsrid: ""
rule_display_id: javascript_express_path_traversal
rule_description: Possible path traversal vulnerability detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_path_traversal
- rule:
cwe_ids:
- "22"
id: javascript_express_path_traversal
description: Possible path traversal vulnerability detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_path_traversal
line_number: 5
filename: path_traversal_vulnerability.js
parent_line_number: 5
parent_content: path.join("/public/" + req.query.path)
- rule_dsrid: ""
rule_display_id: javascript_express_path_traversal
rule_description: Possible path traversal vulnerability detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_path_traversal
- rule:
cwe_ids:
- "22"
id: javascript_express_path_traversal
description: Possible path traversal vulnerability detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_path_traversal
line_number: 6
filename: path_traversal_vulnerability.js
parent_line_number: 6
Expand Down
10 changes: 6 additions & 4 deletions ...orgery/.snapshots/TestJavascriptExpressServerSideRequestForgery--axios_ssrf_injection.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
medium:
- rule_dsrid: ""
rule_display_id: javascript_express_server_side_request_forgery
rule_description: Risk of server-side request forgery detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
- rule:
cwe_ids:
- "918"
id: javascript_express_server_side_request_forgery
description: Risk of server-side request forgery detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
line_number: 7
filename: axios_ssrf_injection.js
parent_line_number: 7
Expand Down
10 changes: 6 additions & 4 deletions ...y/.snapshots/TestJavascriptExpressServerSideRequestForgery--node_fetch_ssrf_injection.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
medium:
- rule_dsrid: ""
rule_display_id: javascript_express_server_side_request_forgery
rule_description: Risk of server-side request forgery detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
- rule:
cwe_ids:
- "918"
id: javascript_express_server_side_request_forgery
description: Risk of server-side request forgery detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
line_number: 7
filename: node_fetch_ssrf_injection.js
parent_line_number: 7
Expand Down
20 changes: 12 additions & 8 deletions ...ry/.snapshots/TestJavascriptExpressServerSideRequestForgery--puppeteer_ssrf_injection.yml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
medium:
- rule_dsrid: ""
rule_display_id: javascript_express_server_side_request_forgery
rule_description: Risk of server-side request forgery detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
- rule:
cwe_ids:
- "918"
id: javascript_express_server_side_request_forgery
description: Risk of server-side request forgery detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
line_number: 11
filename: puppeteer_ssrf_injection.js
parent_line_number: 11
parent_content: page.setContent(content)
- rule_dsrid: ""
rule_display_id: javascript_express_server_side_request_forgery
rule_description: Risk of server-side request forgery detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
- rule:
cwe_ids:
- "918"
id: javascript_express_server_side_request_forgery
description: Risk of server-side request forgery detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_server_side_request_forgery
line_number: 12
filename: puppeteer_ssrf_injection.js
parent_line_number: 12
Expand Down
10 changes: 6 additions & 4 deletions ...s/sql_injection/.snapshots/TestJavascriptExpressSqlInjection--sequelize_sql_injection.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
low:
- rule_dsrid: ""
rule_display_id: javascript_express_sql_injection
rule_description: SQL injection vulnerability detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_sql_injection
- rule:
cwe_ids:
- "89"
id: javascript_express_sql_injection
description: SQL injection vulnerability detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_sql_injection
line_number: 6
filename: sequelize_sql_injection.js
parent_line_number: 6
Expand Down
10 changes: 6 additions & 4 deletions ...deserialization/.snapshots/TestJavascriptExpressUnsafeDeserialization--node_serialize.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
warning:
- rule_dsrid: ""
rule_display_id: javascript_express_unsafe_deserialization
rule_description: Deserialization of untrusted data detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_unsafe_deserialization
- rule:
cwe_ids:
- "502"
id: javascript_express_unsafe_deserialization
description: Deserialization of untrusted data detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_unsafe_deserialization
line_number: 5
filename: node_serialize.js
parent_line_number: 5
Expand Down
10 changes: 6 additions & 4 deletions ...eserialization/.snapshots/TestJavascriptExpressUnsafeDeserialization--serialize_error.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
warning:
- rule_dsrid: ""
rule_display_id: javascript_express_unsafe_deserialization
rule_description: Deserialization of untrusted data detected.
rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_unsafe_deserialization
- rule:
cwe_ids:
- "502"
id: javascript_express_unsafe_deserialization
description: Deserialization of untrusted data detected.
documentation_url: https://docs.bearer.com/reference/rules/javascript_express_unsafe_deserialization
line_number: 4
filename: serialize_error.js
parent_line_number: 4
Expand Down
Loading

0 comments on commit 7e28dbe

Please sign in to comment.