From 37d581616172236ffe43f36600eb65c6016cc2a7 Mon Sep 17 00:00:00 2001 From: Guillaume Montard Date: Mon, 20 Feb 2023 18:10:53 +0000 Subject: [PATCH 1/2] Rename rules The format of the rules description was done in a way that didn't explicitly mention what was the problem, but what was the overall expectation. Considering we use it in the CLI output with associated snippet code in errors, it makes more sense to format it in a way that explain what is the problem. --- .../internal/{gitleaks.yml => secret_detection.yml} | 6 +++--- .../rules/javascript/express/exposed_dir_listing.yml | 2 +- .../settings/rules/javascript/express/insecure_cookie.yml | 2 +- .../settings/rules/javascript/express/insecure_xml_ref.yml | 2 +- .../process/settings/rules/javascript/lang/exception.yml | 2 +- .../settings/rules/javascript/lang/file_generation.yml | 2 +- .../settings/rules/javascript/lang/http_insecure.yml | 2 +- pkg/commands/process/settings/rules/javascript/lang/jwt.yml | 2 +- .../process/settings/rules/javascript/lang/logger.yml | 2 +- .../process/settings/rules/javascript/lang/session.yml | 2 +- .../settings/rules/javascript/lang/weak_encryption.yml | 2 +- .../settings/rules/javascript/react/google_analytics.yml | 2 +- .../settings/rules/javascript/third_parties/airbrake.yml | 2 +- .../settings/rules/javascript/third_parties/algolia.yml | 2 +- .../settings/rules/javascript/third_parties/bugsnag.yml | 2 +- .../settings/rules/javascript/third_parties/datadog.yml | 2 +- .../rules/javascript/third_parties/datadog_browser.yml | 2 +- .../rules/javascript/third_parties/elasticsearch.yml | 2 +- .../rules/javascript/third_parties/google_analytics.yml | 2 +- .../rules/javascript/third_parties/google_tag_manager.yml | 2 +- .../settings/rules/javascript/third_parties/honeybadger.yml | 2 +- .../settings/rules/javascript/third_parties/new_relic.yml | 2 +- .../rules/javascript/third_parties/open_telemetry.yml | 2 +- .../settings/rules/javascript/third_parties/rollbar.yml | 2 +- .../settings/rules/javascript/third_parties/segment.yml | 2 +- .../settings/rules/javascript/third_parties/sentry.yml | 2 +- pkg/commands/process/settings/rules/ruby/lang/cookies.yml | 2 +- .../rules/ruby/lang/deserialization_of_user_input.yml | 2 +- .../settings/rules/ruby/lang/eval_using_user_input.yml | 2 +- pkg/commands/process/settings/rules/ruby/lang/exception.yml | 2 +- .../process/settings/rules/ruby/lang/file_generation.yml | 2 +- .../process/settings/rules/ruby/lang/http_get_params.yml | 2 +- .../process/settings/rules/ruby/lang/http_insecure.yml | 2 +- .../rules/ruby/lang/http_post_insecure_with_data.yml | 2 +- .../process/settings/rules/ruby/lang/insecure_ftp.yml | 2 +- pkg/commands/process/settings/rules/ruby/lang/jwt.yml | 2 +- pkg/commands/process/settings/rules/ruby/lang/logger.yml | 2 +- .../process/settings/rules/ruby/lang/ssl_verification.yml | 2 +- .../process/settings/rules/ruby/lang/weak_encryption.yml | 2 +- .../settings/rules/ruby/lang/weak_encryption_with_data.yml | 2 +- .../settings/rules/ruby/rails/default_encryption.yml | 2 +- .../settings/rules/ruby/rails/devise_password_length.yml | 2 +- .../settings/rules/ruby/rails/insecure_communication.yml | 2 +- .../process/settings/rules/ruby/rails/insecure_smtp.yml | 2 +- pkg/commands/process/settings/rules/ruby/rails/logger.yml | 2 +- .../process/settings/rules/ruby/rails/password_length.yml | 2 +- pkg/commands/process/settings/rules/ruby/rails/session.yml | 2 +- .../rules/ruby/rails/session_key_using_user_input.yml | 2 +- .../process/settings/rules/ruby/third_parties/airbrake.yml | 2 +- .../process/settings/rules/ruby/third_parties/algolia.yml | 2 +- .../process/settings/rules/ruby/third_parties/bigquery.yml | 2 +- .../process/settings/rules/ruby/third_parties/bugsnag.yml | 2 +- .../settings/rules/ruby/third_parties/clickhouse.yml | 2 +- .../process/settings/rules/ruby/third_parties/datadog.yml | 2 +- .../settings/rules/ruby/third_parties/elasticsearch.yml | 2 +- .../settings/rules/ruby/third_parties/google_analytics.yml | 2 +- .../settings/rules/ruby/third_parties/google_dataflow.yml | 2 +- .../settings/rules/ruby/third_parties/honeybadger.yml | 2 +- .../process/settings/rules/ruby/third_parties/new_relic.yml | 2 +- .../settings/rules/ruby/third_parties/open_telemetry.yml | 2 +- .../process/settings/rules/ruby/third_parties/rollbar.yml | 2 +- .../process/settings/rules/ruby/third_parties/scout_apm.yml | 2 +- .../process/settings/rules/ruby/third_parties/segment.yml | 2 +- .../process/settings/rules/ruby/third_parties/sentry.yml | 2 +- 64 files changed, 66 insertions(+), 66 deletions(-) rename pkg/commands/process/settings/rules/internal/internal/{gitleaks.yml => secret_detection.yml} (57%) diff --git a/pkg/commands/process/settings/rules/internal/internal/gitleaks.yml b/pkg/commands/process/settings/rules/internal/internal/secret_detection.yml similarity index 57% rename from pkg/commands/process/settings/rules/internal/internal/gitleaks.yml rename to pkg/commands/process/settings/rules/internal/internal/secret_detection.yml index ff0992493..7fd5440dc 100644 --- a/pkg/commands/process/settings/rules/internal/internal/gitleaks.yml +++ b/pkg/commands/process/settings/rules/internal/internal/secret_detection.yml @@ -5,11 +5,11 @@ severity: detailed_context: true omit_parent_content: true metadata: - description: "Do not leak secrets in the codebase." + description: "Hard-coded secret detected." remediation_message: | ## Description - Hard-coding secrets and keys in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded. + Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded. ## Remediations @@ -20,4 +20,4 @@ metadata: dsr_id: "DSR-4" cwe_id: - 798 - id: "gitleaks" + id: "secret_detection" diff --git a/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml b/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml index 2e425069e..d023aec27 100644 --- a/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml +++ b/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml @@ -7,7 +7,7 @@ trigger: presence severity: default: "warning" metadata: - description: "Ensure directory listing is not inappropriately exposed." + description: "Missing access restriction to directory listing detected." remediation_message: | ## Description Inappropriate exposure of a directory listing could give attackers access to sensitive data or source code, either directly or through exploitation of an exposed file structure. diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml index 22ce1f4fa..e771e643a 100644 --- a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml +++ b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml @@ -22,7 +22,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Ensure cookies are sent over HTTPS." + description: "Missing secure options for cookie detected." remediation_message: | ## Description To make sure cookies don't open your application up to exploits or unauthorized access, don't use default cookie values and make sure to set security options appropriately. diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml index 62b6579c4..4916f990c 100644 --- a/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml +++ b/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml @@ -23,7 +23,7 @@ trigger: presence severity: default: "low" metadata: - description: "Ensure proper restriction of XML external entity references." + description: "Missing proper restriction of XML external entity references detected." remediation_message: | ## Description Avoid generating XML documents that include XML entities with URIs that resolve to resources that are outside of the current context. diff --git a/pkg/commands/process/settings/rules/javascript/lang/exception.yml b/pkg/commands/process/settings/rules/javascript/lang/exception.yml index b71abad80..58a081eec 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/exception.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/exception.yml @@ -34,7 +34,7 @@ severity: skip_data_types: - Unique Identifier metadata: - description: "Do not send sensitive data to exceptions." + description: "Sensitive data in a exception message detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml b/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml index 53c9b8e39..f260017df 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml @@ -18,7 +18,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not write sensitive data to static files." + description: "Sensitive data detected as part of a dynamic file generation." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml index 9dcaa901d..3c2eae906 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml @@ -35,7 +35,7 @@ trigger: presence severity: default: low metadata: - description: "Only communicate using HTTPS connections." + description: "Connection with an unsecure HTTP communication detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/lang/jwt.yml b/pkg/commands/process/settings/rules/javascript/lang/jwt.yml index 0ea45f75d..e65557e71 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/jwt.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/jwt.yml @@ -16,7 +16,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not store sensitive data in jwt." + description: "Sensitive data in a JWT detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger.yml b/pkg/commands/process/settings/rules/javascript/lang/logger.yml index e436c74d8..b113634b7 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/logger.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/logger.yml @@ -71,7 +71,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to loggers." + description: "Sensitive data in a logger message detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/lang/session.yml b/pkg/commands/process/settings/rules/javascript/lang/session.yml index 4b2c59ed9..39f069237 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/session.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/session.yml @@ -15,7 +15,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not set sensitive data to session." + description: "Sensitive data stored in HTML local storage detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml index 654eb85d8..4bb7e5816 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml @@ -31,7 +31,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not weak encrypt sensitive information" + description: "Weak encryption library usage detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml b/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml index d4be49335..403bb78ce 100644 --- a/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml +++ b/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml @@ -13,7 +13,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data to Google Analytics." + description: "Sensitive data sent to Google Analytics detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml b/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml index 4176fe6b5..fbf616c94 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml @@ -22,7 +22,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Airbrake." + description: "Sensitive data sent to Airbrake detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Airbrake. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/algolia.yml b/pkg/commands/process/settings/rules/javascript/third_parties/algolia.yml index f71343564..1f7d9f715 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/algolia.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/algolia.yml @@ -46,7 +46,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not store sensitive data in Algolia." + description: "Sensitive data sent to Algolia detected." remediation_message: | ## Description Leaking sensitive data to third-party data tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Algolia. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag.yml b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag.yml index fde9f9089..561776b4c 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag.yml @@ -42,7 +42,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Bugsnag." + description: "Sensitive data sent to Bugsnag detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Bugsnag. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/datadog.yml b/pkg/commands/process/settings/rules/javascript/third_parties/datadog.yml index 9c223352c..a7f63ebb4 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/datadog.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/datadog.yml @@ -28,7 +28,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Datadog." + description: "Sensitive data sent to Datadog detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser.yml b/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser.yml index b8105b9f0..42eaaa7b5 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser.yml @@ -13,7 +13,7 @@ trigger: presence severity: default: low metadata: - description: "Do not send sensitive data to Datadog." + description: "Sensitive data sent to Datadog detected." remediation_message: | ## Description Sensitive and private data contained in your pages may be sent to datatdog to identify elements that a user interacted with. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch.yml b/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch.yml index 8b55f0584..993678419 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch.yml @@ -18,7 +18,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data to ElasticSearch." + description: "Sensitive data sent to ElasticSearch detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics.yml b/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics.yml index acf9a9171..0b8df667c 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics.yml @@ -13,7 +13,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data to Google Analytics." + description: "Sensitive data sent to Google Analytic detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager.yml b/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager.yml index 005e81b5f..b08ce7959 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager.yml @@ -18,7 +18,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data to google tag manager." + description: "Sensitive data sent to Google Tag Manager detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger.yml b/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger.yml index a0d93626f..9b72b2410 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger.yml @@ -22,7 +22,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data to Honeybadger." + description: "Sensitive data sent to Honeybadger detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic.yml b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic.yml index 6435d2a3e..453651019 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic.yml @@ -53,7 +53,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data to New Relic." + description: "Sensitive data sent to New Relic detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to New Relic. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry.yml b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry.yml index 69c5eccbd..2620661cb 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry.yml @@ -28,7 +28,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Open Telemetry." + description: "Sensitive data sent to Open Telemetry detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Open Telemetry. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/rollbar.yml b/pkg/commands/process/settings/rules/javascript/third_parties/rollbar.yml index 340bffc6b..eac0eab97 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/rollbar.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/rollbar.yml @@ -24,7 +24,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data to Rollbar." + description: "Sensitive data sent to Rollbar detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/segment.yml b/pkg/commands/process/settings/rules/javascript/third_parties/segment.yml index 983bbbd24..66b93c3d3 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/segment.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/segment.yml @@ -31,7 +31,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Segment." + description: "Sensitive data sent to Segment detected." remediation_message: | ## Description Leaking sensitive data to third-party analytics tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Segment. diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry.yml index 15661ec42..660d2bd11 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry.yml @@ -38,7 +38,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Sentry." + description: "Sensitive data sent to Sentry detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Sentry. diff --git a/pkg/commands/process/settings/rules/ruby/lang/cookies.yml b/pkg/commands/process/settings/rules/ruby/lang/cookies.yml index 72481147d..980da9fcc 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/cookies.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/cookies.yml @@ -32,7 +32,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not store sensitive data in cookies." + description: "Sensitive data stored in a cookie detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input.yml b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input.yml index 6672998ed..290e02a7b 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input.yml @@ -37,7 +37,7 @@ trigger: presence severity: default: high # FIXME metadata: - description: "Do not pass user input to unsafe deserialization methods." + description: "User input detected in an unsafe deserialization method." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input.yml b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input.yml index dbffba404..3b305840e 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input.yml @@ -41,7 +41,7 @@ trigger: presence severity: default: high # FIXME metadata: - description: "Do not generate code using user input." + description: "Potential command injection with user input detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/exception.yml b/pkg/commands/process/settings/rules/ruby/lang/exception.yml index 95850c976..5e24d30ea 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/exception.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/exception.yml @@ -15,7 +15,7 @@ severity: skip_data_types: - Unique Identifier metadata: - description: "Do not send sensitive data to exceptions." + description: "Sensitive data in a exception message detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/file_generation.yml b/pkg/commands/process/settings/rules/ruby/lang/file_generation.yml index a2a9268e4..96d163ae8 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/file_generation.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/file_generation.yml @@ -45,7 +45,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not write sensitive data to static files." + description: "Sensitive data detected as part of a dynamic file generation." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_get_params.yml b/pkg/commands/process/settings/rules/ruby/lang/http_get_params.yml index de7c86af7..e59fc6c8c 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_get_params.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_get_params.yml @@ -33,7 +33,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not send sensitive data as HTTP GET parameters." + description: "Sensitive data communicated through GET parameters detected." remediation_message: | ## Description Sensitive data should never be sent as part of the query string in HTTP GET requests. This rule checks if sensitive data types are sent as GET parameters. diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_insecure.yml b/pkg/commands/process/settings/rules/ruby/lang/http_insecure.yml index d68eca9f4..52e0496d4 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_insecure.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_insecure.yml @@ -45,7 +45,7 @@ trigger: presence severity: default: low metadata: - description: "Only communicate using HTTPS connections." + description: "Connection through an unsecure HTTP communication detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data.yml b/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data.yml index 178d9d2bd..8a8ef92bc 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data.yml @@ -32,7 +32,7 @@ severity: PHI: medium PD: high metadata: - description: "Only send sensitive data through HTTPS connections." + description: "Sensitive data sent through an an unsecure HTTP communication detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp.yml b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp.yml index f33a5eefa..374cc70d6 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp.yml @@ -19,7 +19,7 @@ severity: PII: critical PD: high metadata: - description: "Only communicate using SFTP connections." + description: "Communication with an unsecure FTP server detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/jwt.yml b/pkg/commands/process/settings/rules/ruby/lang/jwt.yml index f45be0032..9f1658bc9 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/jwt.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/jwt.yml @@ -13,7 +13,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not store sensitive data in JWTs." + description: "Sensitive data in a JWT detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/logger.yml b/pkg/commands/process/settings/rules/ruby/lang/logger.yml index a04279968..d62862be7 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/logger.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/logger.yml @@ -23,7 +23,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to loggers." + description: "Sensitive data in a logger message detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/ssl_verification.yml b/pkg/commands/process/settings/rules/ruby/lang/ssl_verification.yml index 82e08318d..3f52bc624 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/ssl_verification.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/ssl_verification.yml @@ -11,7 +11,7 @@ trigger: presence severity: default: low metadata: - description: "Enable SSL Certificate Verification." + description: "Missing SSL certificate verification detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption.yml index 8a71eacc2..0c0291b96 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption.yml @@ -89,7 +89,7 @@ trigger: presence severity: default: low metadata: - description: "Avoid weak encryption libraries." + description: "Weak encryption library usage detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data.yml index 17a76904a..b449e520f 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data.yml @@ -119,7 +119,7 @@ severity: PHI: medium PD: high metadata: - description: "Do not use weak encryption libraries to encrypt sensitive data." + description: "Sensitive data encrypted with a weak encryption library detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/rails/default_encryption.yml b/pkg/commands/process/settings/rules/ruby/rails/default_encryption.yml index bebcff9a2..ba5236597 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/default_encryption.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/default_encryption.yml @@ -19,7 +19,7 @@ trigger: stored_data_types severity: default: warning metadata: - description: "Force application-level encryption when processing sensitive data." + description: "Missing application-level encryption of sensitive data detected." remediation_message: | ## Description Application-level encryption greatly reduces the risk of a data breach or data leak by making data unreadable. This rule checks if sensitive data types found in records are encrypted. diff --git a/pkg/commands/process/settings/rules/ruby/rails/devise_password_length.yml b/pkg/commands/process/settings/rules/ruby/rails/devise_password_length.yml index 2ed62932c..594707ae3 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/devise_password_length.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/devise_password_length.yml @@ -30,7 +30,7 @@ trigger: global severity: default: high metadata: - description: "Enforce stronger password requirements." + description: "Password length (< 8) requirement is too short." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/rails/insecure_communication.yml b/pkg/commands/process/settings/rules/ruby/rails/insecure_communication.yml index 47915791f..eebc5f69d 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/insecure_communication.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/insecure_communication.yml @@ -9,7 +9,7 @@ trigger: presence severity: default: low metadata: - description: "Force all incoming communication through SSL." + description: "Missing force SSL configuration for incoming communication detected." remediation_message: | ## Description When applications process sensitive data, they should default to always use SSL when available. This rule checks if force SSL is enabled at the application level. diff --git a/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp.yml b/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp.yml index 5b2693fb5..f212fbc30 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp.yml @@ -20,7 +20,7 @@ severity: PHI: medium PD: high metadata: - description: "Only communicate with secure SMTP connections." + description: "Communication with an unsecure SMTP connection detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/rails/logger.yml b/pkg/commands/process/settings/rules/ruby/rails/logger.yml index 0ea3c96b7..306cf8c62 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/logger.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/logger.yml @@ -23,7 +23,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Rails loggers." + description: "Sensitive data sent to Rails loggers detected." remediation_message: | ## Description Leaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to rails loggers. diff --git a/pkg/commands/process/settings/rules/ruby/rails/password_length.yml b/pkg/commands/process/settings/rules/ruby/rails/password_length.yml index 9cdb5cd3b..19675e649 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/password_length.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/password_length.yml @@ -37,7 +37,7 @@ trigger: global severity: default: high metadata: - description: "Enforce stronger password requirements." + description: "Password length (< 8) requirement is too short." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/rails/session.yml b/pkg/commands/process/settings/rules/ruby/rails/session.yml index 7ec018386..ddf98002b 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/session.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/session.yml @@ -15,7 +15,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not store sensitive data in session cookies." + description: "Sensitive data stored in a session cookie detected." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input.yml b/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input.yml index 088fa7c8c..9ff243c00 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input.yml @@ -16,7 +16,7 @@ trigger: presence severity: default: high # FIXME metadata: - description: "Do not use user input in a session key." + description: "User input detected in a session key." remediation_message: | ## Description diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake.yml b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake.yml index b3b94cf5e..d3dc5bc98 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake.yml @@ -58,7 +58,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Airbrake." + description: "Sensitive data sent to Airbrake detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Airbrake. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/algolia.yml b/pkg/commands/process/settings/rules/ruby/third_parties/algolia.yml index da380d9f4..74d82da6f 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/algolia.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/algolia.yml @@ -33,7 +33,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not store sensitive data in Algolia." + description: "Sensitive data sent to Algolia detected." remediation_message: | ## Description Leaking sensitive data to third-party data tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Algolia. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery.yml index 510c83ae2..5312a5076 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery.yml @@ -66,7 +66,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not store sensitive data in BigQuery." + description: "Sensitive data sent to BigQuery detected." remediation_message: | ## Description Leaking sensitive data to third-party data tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to BigQuery. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag.yml index 12cd39139..db60b38e9 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag.yml @@ -35,7 +35,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Bugsnag." + description: "Sensitive data sent to Bugsnag detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Bugsnag. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse.yml b/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse.yml index 30eb255c7..49a4ec204 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse.yml @@ -22,7 +22,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not store sensitive data in ClickHouse." + description: "Sensitive data sent to ClickHouse detected." remediation_message: | ## Description Leaking sensitive data to a third-party service is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to ClickHouse. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/datadog.yml b/pkg/commands/process/settings/rules/ruby/third_parties/datadog.yml index a70d5421c..70f26a1d5 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/datadog.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/datadog.yml @@ -38,7 +38,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Datadog." + description: "Sensitive data sent to Datadog detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Datadog. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch.yml b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch.yml index 52ff9b2d1..837123be8 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch.yml @@ -41,7 +41,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not store sensitive data in Elasticsearch." + description: "Sensitive data sent to Elasticsearch detected." remediation_message: | ## Description Leaking sensitive data to third-party data tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Elasticsearch. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics.yml index 5c2ef6f71..8045fa871 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics.yml @@ -29,7 +29,7 @@ severity: skip_data_types: - Unique Identifier metadata: - description: "Do not send sensitive data to Google Analytics." + description: "Sensitive data sent to Google Analytics detected." remediation_message: | ## Description Leaking sensitive data to third-party analytics tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Google Analytics. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow.yml index 7023429f2..1f8c0d712 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow.yml @@ -125,7 +125,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Google Dataflow." + description: "Sensitive data sent to Google Dataflow detected." remediation_message: | ## Description Leaking sensitive data to a third-party service is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Google Dataflow. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger.yml b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger.yml index d61b48d4f..695f5350b 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger.yml @@ -32,7 +32,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Honeybadger." + description: "Sensitive data sent to Honeybadger detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Honeybadger. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic.yml b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic.yml index 181bed10c..59aad94eb 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic.yml @@ -25,7 +25,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to New Relic." + description: "Sensitive data sent to New Relic detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to New Relic. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry.yml b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry.yml index 166b4fba7..e1d2b4a6c 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry.yml @@ -42,7 +42,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Open Telemetry." + description: "Sensitive data sent to Open Telemetry detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Open Telemetry. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar.yml b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar.yml index b02e21c31..25979d4d5 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar.yml @@ -51,7 +51,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Rollbar." + description: "Sensitive data sent to Rollbar detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Rollbar. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm.yml b/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm.yml index 2754b8f1f..ccb24344f 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm.yml @@ -20,7 +20,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Scout APM." + description: "Sensitive data sent to Scout APM detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Scout APM. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/segment.yml b/pkg/commands/process/settings/rules/ruby/third_parties/segment.yml index 13f82b00c..ac7c38372 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/segment.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/segment.yml @@ -29,7 +29,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Segment." + description: "Sensitive data sent to Segment detected.." remediation_message: | ## Description Leaking sensitive data to third-party analytics tools is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Segment. diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry.yml index 00e249406..fc4a89263 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry.yml @@ -133,7 +133,7 @@ severity: skip_data_types: - "Unique Identifier" metadata: - description: "Do not send sensitive data to Sentry." + description: "Sensitive data sent to Sentry detected." remediation_message: | ## Description Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Sentry. From 4c349c15f94e1ca6ab399743ec8cc9eb567d0ec5 Mon Sep 17 00:00:00 2001 From: gotbadger Date: Tue, 21 Feb 2023 12:07:23 +0000 Subject: [PATCH 2/2] chore: update snapshots --- ...osedDirListing--serve_index_in_app_use.yml | 2 +- .../TestExpressSecureCookie--http_only.yml | 2 +- ...stExpressSecureCookie--insecure_cookie.yml | 2 +- ...nsecureXmlRef--lib_xml_with_noent_true.yml | 2 +- ...avascriptLangException--promise_reject.yml | 2 +- .../TestJavascriptLangException--reject.yml | 4 +-- ...tLangException--throw_custom_exception.yml | 2 +- ...tJavascriptLangException--throw_string.yml | 2 +- ...iptLangFileGeneration--file_generation.yml | 6 ++-- ...JavascriptHTTPInsecure--axios_insecure.yml | 2 +- ...JavascriptHTTPInsecure--fetch_insecure.yml | 2 +- ...vascriptHTTPInsecure--request_insecure.yml | 2 +- .../TestJavascriptJWT--unsecure.yml | 2 +- .../TestJavascriptLangLogger--child.yml | 2 +- .../TestJavascriptLangLogger--child_level.yml | 4 +-- .../TestJavascriptLangLogger--console.yml | 2 +- ...estJavascriptLangLogger--datatype_leak.yml | 2 +- .../TestJavascriptLangLogger--log.yml | 2 +- ...estJavascriptLangSession--session_leak.yml | 2 +- .../TestJavascriptWeakEncryption--md5.yml | 4 +-- .../TestJavascriptWeakEncryption--sha1.yml | 4 +-- ...vascriptReactGoogleAnalytics--insecure.yml | 4 +-- ...JavascriptAirbrake--datatype_in_notify.yml | 2 +- ...stJavascriptAlgolia--datatype_in_index.yml | 2 +- ...scriptAlgolia--datatype_in_save_object.yml | 4 +-- ...ascriptBugsnag--datatype_in_breadcrumb.yml | 2 +- ...tJavascriptBugsnag--datatype_in_notify.yml | 2 +- ...JavascriptBugsnag--datatype_in_session.yml | 2 +- ...stJavascriptBugsnag--datatype_in_start.yml | 6 ++-- .../TestJavascriptDataDog--unsecure.yml | 2 +- ...TestJavascriptDataDogBrowser--unsecure.yml | 2 +- .../TestJavascriptElasticSearch--unsecure.yml | 2 +- ...estJavascriptGoogleAnalytics--unsecure.yml | 2 +- .../TestJavascriptGTM--unsecure.yml | 4 +-- .../TestJavascriptHoneybadger--unsecure.yml | 2 +- ...-datatype_in_interaction_set_attribute.yml | 6 ++-- ...riptNewRelic--datatype_in_notice_error.yml | 2 +- ...elic--datatype_in_set_custom_attribute.yml | 2 +- ...wRelic--datatype_in_set_page_view_name.yml | 2 +- ...ptOpenTelemetry--datatype_in_add_event.yml | 2 +- ...elemetry--datatype_in_record_exception.yml | 2 +- ...enTelemetry--datatype_in_set_attribute.yml | 4 +-- ...tOpenTelemetry--datatype_in_set_status.yml | 2 +- ...estJavascriptRollbar--browser_unsecure.yml | 2 +- ...riptSegmentDataflow--datatype_in_alias.yml | 2 +- ...riptSegmentDataflow--datatype_in_group.yml | 2 +- ...tSegmentDataflow--datatype_in_identify.yml | 8 +++--- ...criptSegmentDataflow--datatype_in_page.yml | 2 +- ...riptSegmentDataflow--datatype_in_track.yml | 4 +-- ...PartySentry--javascript_add_breadcrumb.yml | 2 +- ...dPartySentry--javascript_capture_event.yml | 2 +- ...tySentry--javascript_capture_exception.yml | 2 +- ...artySentry--javascript_capture_message.yml | 2 +- ...--javascript_configure_scope_set_extra.yml | 2 +- ...ry--javascript_configure_scope_set_tag.yml | 2 +- ...y--javascript_configure_scope_set_user.yml | 2 +- ...angCookies--datatype_in_signed_cookies.yml | 4 +-- ...LangCookies--datatype_object_in_cookie.yml | 4 +-- ...serializationOfUserInput--unsafe_event.yml | 16 +++++------ ...erializationOfUserInput--unsafe_params.yml | 16 +++++------ ...rializationOfUserInput--unsafe_request.yml | 16 +++++------ ...byLangEvalUsingUserInput--unsafe_event.yml | 18 ++++++------ ...yLangEvalUsingUserInput--unsafe_params.yml | 18 ++++++------ ...LangEvalUsingUserInput--unsafe_request.yml | 18 ++++++------ .../TestRubyLangException--datatype_leak.yml | 4 +-- ...leGeneration--datatype_in_csv_generate.yml | 6 ++-- ...ngFileGeneration--datatype_in_csv_open.yml | 6 ++-- ...gFileGeneration--datatype_in_file_open.yml | 4 +-- ...FileGeneration--datatype_in_io_sysopen.yml | 2 +- ...gHttpGetParams--datatype_in_param_hash.yml | 2 +- ...yLangHttpGetParams--datatype_in_params.yml | 4 +-- ...TestRubyLangHttpInsecure--insecure_get.yml | 2 +- ...estRubyLangHttpInsecure--insecure_post.yml | 2 +- ...byLangHttpInsecure--insecure_post_form.yml | 2 +- ...tRubyLangHttpInsecure--uri_encode_form.yml | 2 +- ...Data--insecure_post_form_with_datatype.yml | 4 +-- ...eWithData--insecure_post_with_datatype.yml | 4 +-- .../TestRubyLangInsecureFtp--ftp_new.yml | 2 +- .../TestRubyLangInsecureFtp--ftp_open.yml | 2 +- ...angInsecureFtp--ftp_open_with_datatype.yml | 2 +- .../TestRubyLangJwt--datatype_in_jwt.yml | 2 +- ...estRubyLangJwt--datatype_object_in_jwt.yml | 2 +- ...yLangJwt--datatypes_with_encrypted_jwt.yml | 6 ++-- .../TestRubyLangLogger--datatype_leak.yml | 2 +- ...SslVerification--verification_disabled.yml | 4 +-- .../TestRubyLangWeakEncryption--blowfish.yml | 2 +- ...TestRubyLangWeakEncryption--digest_md5.yml | 2 +- ...estRubyLangWeakEncryption--digest_sha1.yml | 2 +- ...estRubyLangWeakEncryption--openssl_dsa.yml | 4 +-- ...estRubyLangWeakEncryption--openssl_rsa.yml | 6 ++-- ...estRubyLangWeakEncryption--rc4_encrypt.yml | 4 +-- ...gWeakEncryptionWithData--blowfish_data.yml | 12 ++++---- ...LangWeakEncryptionWithData--digest_md5.yml | 4 +-- ...angWeakEncryptionWithData--digest_sha1.yml | 4 +-- ...akEncryptionWithData--openssl_dsa_data.yml | 8 +++--- ...akEncryptionWithData--openssl_rsa_data.yml | 12 ++++---- ...byLangWeakEncryptionWithData--rc4_data.yml | 8 +++--- ...encryption_missing-schema_rb-db-schema.yml | 4 +-- ...ion_missing-structure_sql-db-structure.yml | 4 +-- ...ilsInsecureCommunication--no_datatypes.yml | 2 +- ...ilsInsecureCommunication--ssl_disabled.yml | 2 +- ...TestRubyRailsInsecureSmtp--verify_none.yml | 2 +- ...RailsInsecureSmtp--verify_none_ssl_var.yml | 2 +- .../TestRubyRailsLogger--datatype_leak.yml | 2 +- ...ailsPasswordLength--password_too_short.yml | 2 +- ...tRubyRailsSession--datatype_in_session.yml | 2 +- ...yRailsSessionKeyUsingUserInput--unsafe.yml | 6 ++-- ...iesAirbrake--datatype_in_custom_notice.yml | 2 +- ...e--datatype_in_extended_notify_methods.yml | 28 +++++++++---------- ...iesAirbrake--datatype_in_merge_context.yml | 2 +- ...irdPartiesAirbrake--datatype_in_notify.yml | 6 ++-- ...tiesAirbrake--datatype_in_rescue_block.yml | 2 +- ...artiesAlgolia--datatype_in_save_object.yml | 4 +-- ...irdPartiesBigQuery--datatype_in_insert.yml | 2 +- ...tiesBigQuery--datatype_in_insert_async.yml | 2 +- ...tiesBigQuery--datatype_in_table_insert.yml | 2 +- ...gQuery--datatype_in_table_insert_async.yml | 2 +- ...estRubyThirdPartiesBugsnag--breadcrumb.yml | 2 +- ...ubyThirdPartiesBugsnag--bugsnag_notify.yml | 2 +- ...iesClickHouse--datatype_in_insert_rows.yml | 4 +-- ...yThirdPartiesDatadog--datatype_in_tags.yml | 12 ++++---- ...PartiesElasticsearch--datatype_in_bulk.yml | 2 +- ...artiesElasticsearch--datatype_in_index.yml | 2 +- ...rtiesElasticsearch--datatype_in_update.yml | 2 +- ...iesGoogleAnalytics--datatype_in_cohort.yml | 2 +- ...nalytics--datatype_in_custom_dimension.yml | 2 +- ...oogleAnalytics--datatype_in_event_data.yml | 2 +- ...nalytics--datatype_in_transaction_data.yml | 2 +- ...gleAnalytics--datatype_in_user_classes.yml | 4 +-- ...tiesGoogleDataflow--datatype_in_config.yml | 4 +-- ...oogleDataflow--datatype_in_job_message.yml | 2 +- ...esGoogleDataflow--datatype_in_metadata.yml | 6 ++-- ...ogleDataflow--datatype_in_params_entry.yml | 2 +- ...flow--datatype_in_snapshot_job_request.yml | 2 +- ...eDataflow--datatype_in_snapshot_setter.yml | 2 +- ...taflow--datatype_in_structured_message.yml | 2 +- ...--datatype_in_structured_message_param.yml | 2 +- ...low--datatype_in_template_job_creation.yml | 2 +- ...eDataflow--fail_with_different_version.yml | 2 +- ...iesHoneybadger--honeybadger_breadcrumb.yml | 2 +- ...artiesHoneybadger--honeybadger_context.yml | 4 +-- ...artiesHoneybadger--honeybadger_methods.yml | 2 +- ...PartiesHoneybadger--honeybadger_notify.yml | 12 ++++---- ...lic--datatype_in_add_custom_attributes.yml | 4 +-- ...lic--datatype_in_add_custom_parameters.yml | 4 +-- ...tiesNewRelic--datatype_in_notice_error.yml | 4 +-- ...elemetry--datatype_in_record_exception.yml | 4 +-- ...Telemetry--datatype_in_span_attributes.yml | 4 +-- ...sOpenTelemetry--datatype_in_span_event.yml | 4 +-- ...elemetry--datatypes_in_span_init_block.yml | 8 +++--- ...irdPartiesRollbar--datatype_in_context.yml | 2 +- ...byThirdPartiesRollbar--datatype_in_log.yml | 6 ++-- ...PartiesRollbar--datatype_in_log_helper.yml | 16 +++++------ ...ThirdPartiesRollbar--datatype_in_scope.yml | 6 ++-- ...hirdPartiesRollbar--datatype_in_scoped.yml | 2 +- ...yThirdPartiesScoutAPM--datatype_in_add.yml | 2 +- ...dPartiesScoutAPM--datatype_in_add_user.yml | 2 +- ...irdPartiesSegment--datatype_as_user_id.yml | 2 +- ...sSegment--datatype_in_nested_attribute.yml | 2 +- ...dPartiesSentry--datatype_in_breadcrumb.yml | 2 +- ...iesSentry--datatype_in_capture_message.yml | 8 +++--- ...byThirdPartiesSentry--datatype_in_init.yml | 2 +- ...PartiesSentry--datatype_in_set_context.yml | 6 ++-- ...rdPartiesSentry--datatype_in_set_extra.yml | 4 +-- ...dPartiesSentry--datatype_in_set_extras.yml | 6 ++-- ...hirdPartiesSentry--datatype_in_set_tag.yml | 4 +-- ...irdPartiesSentry--datatype_in_set_tags.yml | 6 ++-- ...irdPartiesSentry--datatype_in_set_user.yml | 6 ++-- .../summary/.snapshots/TestBuildReportString | 8 +++--- .../output/summary/.snapshots/TestGetOutput | 4 +-- .../.snapshots/TestTestGetOutputWithSeverity | 2 +- 171 files changed, 343 insertions(+), 343 deletions(-) diff --git a/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml b/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml index 2e091072f..05a04a364 100644 --- a/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml +++ b/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml @@ -1,7 +1,7 @@ warning: - rule_dsrid: "" rule_display_id: javascript_express_exposed_dir_listing - rule_description: Ensure directory listing is not inappropriately exposed. + rule_description: Missing access restriction to directory listing detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_exposed_dir_listing line_number: 5 filename: serve_index_in_app_use.js diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml index b5d722896..8dd80f630 100644 --- a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml +++ b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-3 rule_display_id: express_insecure_cookie - rule_description: Ensure cookies are sent over HTTPS. + rule_description: Missing secure options for cookie detected. rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie line_number: 9 filename: http_only.js diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml index 84d9b92d7..67284829d 100644 --- a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml +++ b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-3 rule_display_id: express_insecure_cookie - rule_description: Ensure cookies are sent over HTTPS. + rule_description: Missing secure options for cookie detected. rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie line_number: 9 filename: insecure_cookie.js diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml index 58e67664f..d3fdc4e06 100644 --- a/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml +++ b/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: "" rule_display_id: express_insecure_xml_ref - rule_description: Ensure proper restriction of XML external entity references. + rule_description: Missing proper restriction of XML external entity references detected. rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_xml_ref line_number: 4 filename: lib_xml_with_noent_true.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml index e7b3294f6..c12c4e0d1 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception line_number: 5 filename: promise_reject.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml index 718b11ea3..87fa70ce3 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception line_number: 5 filename: reject.js @@ -11,7 +11,7 @@ critical: parent_content: reject("Error with user " + user) - rule_dsrid: DSR-5 rule_display_id: javascript_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception line_number: 14 filename: reject.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml index d6eb9cd3e..88b965031 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception line_number: 5 filename: throw_custom_exception.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml index d59b48757..5222ef778 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception line_number: 5 filename: throw_string.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml b/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml index b58ce439b..2f16787e7 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-4 rule_display_id: javascript_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation line_number: 8 filename: file_generation.js @@ -15,7 +15,7 @@ critical: }) - rule_dsrid: DSR-4 rule_display_id: javascript_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation line_number: 11 filename: file_generation.js @@ -29,7 +29,7 @@ critical: }) - rule_dsrid: DSR-4 rule_display_id: javascript_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation line_number: 12 filename: file_generation.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml index bcbf95592..4dd4597cc 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-5 rule_display_id: javascript_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection with an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure line_number: 2 filename: axios_insecure.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml index cedda793d..6ecf92b92 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-5 rule_display_id: javascript_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection with an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure line_number: 3 filename: fetch_insecure.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml index 6610390e9..1d8a53e81 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-5 rule_display_id: javascript_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection with an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure line_number: 5 filename: request_insecure.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml b/pkg/commands/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml index d6cfd812d..36b52d178 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-5 rule_display_id: javascript_jwt - rule_description: Do not store sensitive data in jwt. + rule_description: Sensitive data in a JWT detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_jwt line_number: 2 filename: unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml index 7b6c0e37a..08c734345 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_logger - rule_description: Do not send sensitive data to loggers. + rule_description: Sensitive data in a logger message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger line_number: 3 filename: child.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml index 713e20a18..70bcdba5e 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_logger - rule_description: Do not send sensitive data to loggers. + rule_description: Sensitive data in a logger message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger line_number: 3 filename: child_level.js @@ -11,7 +11,7 @@ critical: parent_content: logger.child(ctx) - rule_dsrid: DSR-5 rule_display_id: javascript_lang_logger - rule_description: Do not send sensitive data to loggers. + rule_description: Sensitive data in a logger message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger line_number: 7 filename: child_level.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml index 682a9d471..03f8b48d6 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_logger - rule_description: Do not send sensitive data to loggers. + rule_description: Sensitive data in a logger message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger line_number: 1 filename: console.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml index 0ac11189f..bbbb9ab60 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_logger - rule_description: Do not send sensitive data to loggers. + rule_description: Sensitive data in a logger message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger line_number: 1 filename: datatype_leak.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml index c724cbda5..7e483fe05 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_lang_logger - rule_description: Do not send sensitive data to loggers. + rule_description: Sensitive data in a logger message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger line_number: 1 filename: log.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml b/pkg/commands/process/settings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml index c1077e5c1..5d81943b0 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_session - rule_description: Do not set sensitive data to session. + rule_description: Sensitive data stored in HTML local storage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_session line_number: 1 filename: session_leak.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml index e91773fce..b78b2a157 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_weak_encryption - rule_description: Do not weak encrypt sensitive information + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption line_number: 4 filename: md5.js @@ -11,7 +11,7 @@ critical: parent_content: crypto.createHmac("md5", key).update(user.password) - rule_dsrid: DSR-5 rule_display_id: javascript_weak_encryption - rule_description: Do not weak encrypt sensitive information + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption line_number: 5 filename: md5.js diff --git a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml index fe8a05b3c..fa4d021ed 100644 --- a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml +++ b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: javascript_weak_encryption - rule_description: Do not weak encrypt sensitive information + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption line_number: 4 filename: sha1.js @@ -11,7 +11,7 @@ critical: parent_content: crypto.createHmac("sha1", key).update(user.password) - rule_dsrid: DSR-5 rule_display_id: javascript_weak_encryption - rule_description: Do not weak encrypt sensitive information + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption line_number: 5 filename: sha1.js diff --git a/pkg/commands/process/settings/rules/javascript/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml b/pkg/commands/process/settings/rules/javascript/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml index 827621365..e6c0667f1 100644 --- a/pkg/commands/process/settings/rules/javascript/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml +++ b/pkg/commands/process/settings/rules/javascript/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_react_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_react_google_analytics line_number: 1 filename: insecure.js @@ -16,7 +16,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_react_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_react_google_analytics line_number: 5 filename: insecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml b/pkg/commands/process/settings/rules/javascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml index b78685d2b..332e5371c 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_airbrake line_number: 18 filename: datatype_in_notify.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_index.yml b/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_index.yml index 4363c58df..6c98999b4 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_index.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_index.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: javascript_third_parties_algolia - rule_description: Do not store sensitive data in Algolia. + rule_description: Sensitive data sent to Algolia detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_algolia line_number: 4 filename: datatype_in_index.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_save_object.yml b/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_save_object.yml index 4d8ff7d4b..41751fb10 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_save_object.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/algolia/.snapshots/TestJavascriptAlgolia--datatype_in_save_object.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: javascript_third_parties_algolia - rule_description: Do not store sensitive data in Algolia. + rule_description: Sensitive data sent to Algolia detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_algolia line_number: 7 filename: datatype_in_save_object.js @@ -14,7 +14,7 @@ critical: .saveObject(userObj, { autoGenerateObjectIDIfNotExist: true }) - rule_dsrid: DSR-6 rule_display_id: javascript_third_parties_algolia - rule_description: Do not store sensitive data in Algolia. + rule_description: Sensitive data sent to Algolia detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_algolia line_number: 12 filename: datatype_in_save_object.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_breadcrumb.yml b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_breadcrumb.yml index 9642fc665..fa3b15e5e 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_breadcrumb.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_breadcrumb.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_bugsnag - rule_description: Do not send sensitive data to Bugsnag. + rule_description: Sensitive data sent to Bugsnag detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_bugsnag line_number: 1 filename: datatype_in_breadcrumb.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_notify.yml b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_notify.yml index fcf2dc874..c8df7531a 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_notify.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_notify.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_bugsnag - rule_description: Do not send sensitive data to Bugsnag. + rule_description: Sensitive data sent to Bugsnag detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_bugsnag line_number: 5 filename: datatype_in_notify.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_session.yml b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_session.yml index c31744c38..708082168 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_session.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_session.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_bugsnag - rule_description: Do not send sensitive data to Bugsnag. + rule_description: Sensitive data sent to Bugsnag detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_bugsnag line_number: 4 filename: datatype_in_session.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_start.yml b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_start.yml index f2018a6c7..f41562b88 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_start.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/bugsnag/.snapshots/TestJavascriptBugsnag--datatype_in_start.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_bugsnag - rule_description: Do not send sensitive data to Bugsnag. + rule_description: Sensitive data sent to Bugsnag detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_bugsnag line_number: 3 filename: datatype_in_start.js @@ -22,7 +22,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_bugsnag - rule_description: Do not send sensitive data to Bugsnag. + rule_description: Sensitive data sent to Bugsnag detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_bugsnag line_number: 5 filename: datatype_in_start.js @@ -43,7 +43,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_bugsnag - rule_description: Do not send sensitive data to Bugsnag. + rule_description: Sensitive data sent to Bugsnag detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_bugsnag line_number: 9 filename: datatype_in_start.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/datadog/.snapshots/TestJavascriptDataDog--unsecure.yml b/pkg/commands/process/settings/rules/javascript/third_parties/datadog/.snapshots/TestJavascriptDataDog--unsecure.yml index 7e5b064e2..a78e0468c 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/datadog/.snapshots/TestJavascriptDataDog--unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/datadog/.snapshots/TestJavascriptDataDog--unsecure.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_datadog - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_datadog line_number: 3 filename: unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser/.snapshots/TestJavascriptDataDogBrowser--unsecure.yml b/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser/.snapshots/TestJavascriptDataDogBrowser--unsecure.yml index dccbabec4..2f6e2057c 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser/.snapshots/TestJavascriptDataDogBrowser--unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/datadog_browser/.snapshots/TestJavascriptDataDogBrowser--unsecure.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_datadog_browser - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_datadog_browser line_number: 2 filename: unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch/.snapshots/TestJavascriptElasticSearch--unsecure.yml b/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch/.snapshots/TestJavascriptElasticSearch--unsecure.yml index 593edeac9..a8e427d2f 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch/.snapshots/TestJavascriptElasticSearch--unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/elasticsearch/.snapshots/TestJavascriptElasticSearch--unsecure.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_elasticsearch - rule_description: Do not send sensitive data to ElasticSearch. + rule_description: Sensitive data sent to ElasticSearch detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_elasticsearch line_number: 1 filename: unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics/.snapshots/TestJavascriptGoogleAnalytics--unsecure.yml b/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics/.snapshots/TestJavascriptGoogleAnalytics--unsecure.yml index ca238d0d1..615ae8853 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics/.snapshots/TestJavascriptGoogleAnalytics--unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/google_analytics/.snapshots/TestJavascriptGoogleAnalytics--unsecure.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-1 rule_display_id: javascript_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_google_analytics line_number: 3 filename: unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager/.snapshots/TestJavascriptGTM--unsecure.yml b/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager/.snapshots/TestJavascriptGTM--unsecure.yml index 1a9ca08d4..2edf0091f 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager/.snapshots/TestJavascriptGTM--unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/google_tag_manager/.snapshots/TestJavascriptGTM--unsecure.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_google_tag_manager - rule_description: Do not send sensitive data to google tag manager. + rule_description: Sensitive data sent to Google Tag Manager detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_google_tag_manager line_number: 1 filename: unsecure.js @@ -14,7 +14,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_google_tag_manager - rule_description: Do not send sensitive data to google tag manager. + rule_description: Sensitive data sent to Google Tag Manager detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_google_tag_manager line_number: 4 filename: unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger/.snapshots/TestJavascriptHoneybadger--unsecure.yml b/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger/.snapshots/TestJavascriptHoneybadger--unsecure.yml index 62582ab1c..34bd169ff 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger/.snapshots/TestJavascriptHoneybadger--unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/honeybadger/.snapshots/TestJavascriptHoneybadger--unsecure.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-1 rule_display_id: javascript_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_honeybadger line_number: 3 filename: unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_interaction_set_attribute.yml b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_interaction_set_attribute.yml index e57f6b8c3..325a1dc30 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_interaction_set_attribute.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_interaction_set_attribute.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_new_relic line_number: 6 filename: datatype_in_interaction_set_attribute.js @@ -13,7 +13,7 @@ critical: .setAttribute("username", user.first_name) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_new_relic line_number: 7 filename: datatype_in_interaction_set_attribute.js @@ -26,7 +26,7 @@ critical: .setAttribute("postal-code", user.post_code) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_new_relic line_number: 13 filename: datatype_in_interaction_set_attribute.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_notice_error.yml b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_notice_error.yml index 1124dafef..6772c5d9c 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_notice_error.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_notice_error.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_new_relic line_number: 7 filename: datatype_in_notice_error.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_custom_attribute.yml b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_custom_attribute.yml index f71400023..8192c1aed 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_custom_attribute.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_custom_attribute.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_new_relic line_number: 3 filename: datatype_in_set_custom_attribute.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_page_view_name.yml b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_page_view_name.yml index 10fc1daa2..5200aa19a 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_page_view_name.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/new_relic/.snapshots/TestJavascriptNewRelic--datatype_in_set_page_view_name.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_new_relic line_number: 3 filename: datatype_in_set_page_view_name.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_add_event.yml b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_add_event.yml index 64ae4bd13..144e4dd86 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_add_event.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_add_event.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_open_telemetry line_number: 5 filename: datatype_in_add_event.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_record_exception.yml b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_record_exception.yml index 09faef8cc..85521e51e 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_record_exception.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_record_exception.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_open_telemetry line_number: 9 filename: datatype_in_record_exception.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_attribute.yml b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_attribute.yml index d7788a227..6b07a756d 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_attribute.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_attribute.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_open_telemetry line_number: 6 filename: datatype_in_set_attribute.js @@ -11,7 +11,7 @@ critical: parent_content: span.setAttribute("current-user", currentUser.emailAddress) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_open_telemetry line_number: 11 filename: datatype_in_set_attribute.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_status.yml b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_status.yml index 8ba73cfaf..635884913 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_status.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/open_telemetry/.snapshots/TestJavascriptOpenTelemetry--datatype_in_set_status.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_open_telemetry line_number: 9 filename: datatype_in_set_status.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/rollbar/.snapshots/TestJavascriptRollbar--browser_unsecure.yml b/pkg/commands/process/settings/rules/javascript/third_parties/rollbar/.snapshots/TestJavascriptRollbar--browser_unsecure.yml index 4410974ed..95f5d8949 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/rollbar/.snapshots/TestJavascriptRollbar--browser_unsecure.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/rollbar/.snapshots/TestJavascriptRollbar--browser_unsecure.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_rollbar line_number: 1 filename: browser_unsecure.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_alias.yml b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_alias.yml index b0e48e50a..8e46dd168 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_alias.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_alias.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 8 filename: datatype_in_alias.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_group.yml b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_group.yml index d6b56c4bb..bb86d9098 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_group.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_group.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 8 filename: datatype_in_group.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_identify.yml b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_identify.yml index da12cca84..b84cec377 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_identify.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_identify.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 8 filename: datatype_in_identify.js @@ -20,7 +20,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 9 filename: datatype_in_identify.js @@ -39,7 +39,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 11 filename: datatype_in_identify.js @@ -58,7 +58,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 18 filename: datatype_in_identify.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_page.yml b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_page.yml index dfcdbcb75..a45ac0111 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_page.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_page.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 10 filename: datatype_in_page.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_track.yml b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_track.yml index 82f0abbd9..dc46284a5 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_track.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/segment/.snapshots/TestJavascriptSegmentDataflow--datatype_in_track.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 8 filename: datatype_in_track.js @@ -17,7 +17,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_segment line_number: 17 filename: datatype_in_track.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_add_breadcrumb.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_add_breadcrumb.yml index e90965fb5..d3f41fc0a 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_add_breadcrumb.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_add_breadcrumb.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_sentry line_number: 2 filename: javascript_add_breadcrumb.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_event.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_event.yml index b4deb523f..dd4d59e53 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_event.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_event.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_sentry line_number: 2 filename: javascript_capture_event.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_exception.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_exception.yml index 79078817c..759520b4f 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_exception.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_exception.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_sentry line_number: 2 filename: javascript_capture_exception.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_message.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_message.yml index c509e034f..9e45f8426 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_message.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_capture_message.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_sentry line_number: 1 filename: javascript_capture_message.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_extra.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_extra.yml index 7f885b75e..89b0490d1 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_extra.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_extra.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_sentry line_number: 2 filename: javascript_configure_scope_set_extra.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_tag.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_tag.yml index ef0b6bd41..6b3558b6d 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_tag.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_tag.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_sentry line_number: 2 filename: javascript_configure_scope_set_tag.js diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_user.yml b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_user.yml index ea91cf19f..142beb4d3 100644 --- a/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_user.yml +++ b/pkg/commands/process/settings/rules/javascript/third_parties/sentry/.snapshots/TestJavascriptThirdPartySentry--javascript_configure_scope_set_user.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: javascript_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_sentry line_number: 2 filename: javascript_configure_scope_set_user.js diff --git a/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_in_signed_cookies.yml b/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_in_signed_cookies.yml index e309b380f..b14dbc4ab 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_in_signed_cookies.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_in_signed_cookies.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-3 rule_display_id: ruby_lang_cookies - rule_description: Do not store sensitive data in cookies. + rule_description: Sensitive data stored in a cookie detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_cookies line_number: 1 filename: datatype_in_signed_cookies.rb @@ -11,7 +11,7 @@ critical: parent_content: cookies.signed[:info] = user.email - rule_dsrid: DSR-3 rule_display_id: ruby_lang_cookies - rule_description: Do not store sensitive data in cookies. + rule_description: Sensitive data stored in a cookie detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_cookies line_number: 2 filename: datatype_in_signed_cookies.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_object_in_cookie.yml b/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_object_in_cookie.yml index 53bd07321..2816e3420 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_object_in_cookie.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/cookies/.snapshots/TestRubyLangCookies--datatype_object_in_cookie.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-3 rule_display_id: ruby_lang_cookies - rule_description: Do not store sensitive data in cookies. + rule_description: Sensitive data stored in a cookie detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_cookies line_number: 2 filename: datatype_object_in_cookie.rb @@ -11,7 +11,7 @@ critical: parent_content: 'cookies[:login] = { value: user.to_json, expires: 1.hour, secure: true }' - rule_dsrid: DSR-3 rule_display_id: ruby_lang_cookies - rule_description: Do not store sensitive data in cookies. + rule_description: Sensitive data stored in a cookie detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_cookies line_number: 3 filename: datatype_object_in_cookie.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_event.yml b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_event.yml index dc6194e41..b93787ab0 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_event.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_event.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 2 filename: unsafe_event.rb @@ -9,7 +9,7 @@ high: parent_content: YAML.load(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 4 filename: unsafe_event.rb @@ -17,7 +17,7 @@ high: parent_content: Psych.load(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 6 filename: unsafe_event.rb @@ -25,7 +25,7 @@ high: parent_content: Syck.load(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 8 filename: unsafe_event.rb @@ -33,7 +33,7 @@ high: parent_content: JSON.load(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 10 filename: unsafe_event.rb @@ -41,7 +41,7 @@ high: parent_content: Oj.load(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 11 filename: unsafe_event.rb @@ -51,7 +51,7 @@ high: end - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 14 filename: unsafe_event.rb @@ -59,7 +59,7 @@ high: parent_content: Marshal.load(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 15 filename: unsafe_event.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_params.yml b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_params.yml index b58e78800..e25b89468 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_params.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_params.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 1 filename: unsafe_params.rb @@ -9,7 +9,7 @@ high: parent_content: YAML.load(params[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 3 filename: unsafe_params.rb @@ -17,7 +17,7 @@ high: parent_content: Psych.load(params[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 5 filename: unsafe_params.rb @@ -25,7 +25,7 @@ high: parent_content: Syck.load(params[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 7 filename: unsafe_params.rb @@ -33,7 +33,7 @@ high: parent_content: JSON.load(params[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 9 filename: unsafe_params.rb @@ -43,7 +43,7 @@ high: end - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 11 filename: unsafe_params.rb @@ -51,7 +51,7 @@ high: parent_content: Oj.object_load(params[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 13 filename: unsafe_params.rb @@ -59,7 +59,7 @@ high: parent_content: Marshal.load(params[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 14 filename: unsafe_params.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_request.yml b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_request.yml index 0123fab64..f148fba71 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_request.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/deserialization_of_user_input/.snapshots/TestRubyLangDeserializationOfUserInput--unsafe_request.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 1 filename: unsafe_request.rb @@ -9,7 +9,7 @@ high: parent_content: YAML.load(request.env[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 3 filename: unsafe_request.rb @@ -17,7 +17,7 @@ high: parent_content: Psych.load(request.env[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 5 filename: unsafe_request.rb @@ -25,7 +25,7 @@ high: parent_content: Syck.load(request.env[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 7 filename: unsafe_request.rb @@ -33,7 +33,7 @@ high: parent_content: JSON.load(request.env[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 9 filename: unsafe_request.rb @@ -41,7 +41,7 @@ high: parent_content: Oj.load(request.env[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 10 filename: unsafe_request.rb @@ -51,7 +51,7 @@ high: end - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 13 filename: unsafe_request.rb @@ -59,7 +59,7 @@ high: parent_content: Marshal.load(request.env[:oops]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_deserialization_of_user_input - rule_description: Do not pass user input to unsafe deserialization methods. + rule_description: User input detected in an unsafe deserialization method. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_deserialization_of_user_input line_number: 14 filename: unsafe_request.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_event.yml b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_event.yml index 049fdc7f0..a47b6481b 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_event.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_event.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 2 filename: unsafe_event.rb @@ -9,7 +9,7 @@ high: parent_content: RubyVM::InstructionSequence.compile(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 4 filename: unsafe_event.rb @@ -17,7 +17,7 @@ high: parent_content: a.eval(event["oops"], "test") - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 6 filename: unsafe_event.rb @@ -25,7 +25,7 @@ high: parent_content: a.instance_eval(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 8 filename: unsafe_event.rb @@ -33,7 +33,7 @@ high: parent_content: a.class_eval(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 10 filename: unsafe_event.rb @@ -41,7 +41,7 @@ high: parent_content: a.module_eval(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 12 filename: unsafe_event.rb @@ -49,7 +49,7 @@ high: parent_content: eval(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 14 filename: unsafe_event.rb @@ -57,7 +57,7 @@ high: parent_content: instance_eval(event["oops"], "test") - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 16 filename: unsafe_event.rb @@ -65,7 +65,7 @@ high: parent_content: class_eval(event["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 18 filename: unsafe_event.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_params.yml b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_params.yml index ac076679c..f3292ab67 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_params.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_params.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 1 filename: unsafe_params.rb @@ -9,7 +9,7 @@ high: parent_content: RubyVM::InstructionSequence.compile(params["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 3 filename: unsafe_params.rb @@ -17,7 +17,7 @@ high: parent_content: a.eval(params["oops"], "test") - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 5 filename: unsafe_params.rb @@ -25,7 +25,7 @@ high: parent_content: a.instance_eval(params["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 7 filename: unsafe_params.rb @@ -33,7 +33,7 @@ high: parent_content: a.class_eval(params["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 9 filename: unsafe_params.rb @@ -41,7 +41,7 @@ high: parent_content: a.module_eval(params["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 11 filename: unsafe_params.rb @@ -49,7 +49,7 @@ high: parent_content: eval(params["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 13 filename: unsafe_params.rb @@ -57,7 +57,7 @@ high: parent_content: instance_eval(params["oops"], "test") - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 15 filename: unsafe_params.rb @@ -65,7 +65,7 @@ high: parent_content: class_eval(params["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 17 filename: unsafe_params.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_request.yml b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_request.yml index e364b7e59..2bc169181 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_request.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/eval_using_user_input/.snapshots/TestRubyLangEvalUsingUserInput--unsafe_request.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 1 filename: unsafe_request.rb @@ -9,7 +9,7 @@ high: parent_content: RubyVM::InstructionSequence.compile(request.env["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 3 filename: unsafe_request.rb @@ -17,7 +17,7 @@ high: parent_content: a.eval(request.env["oops"], "test") - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 5 filename: unsafe_request.rb @@ -25,7 +25,7 @@ high: parent_content: a.instance_eval(request.env["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 7 filename: unsafe_request.rb @@ -33,7 +33,7 @@ high: parent_content: a.class_eval(request.env["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 9 filename: unsafe_request.rb @@ -41,7 +41,7 @@ high: parent_content: a.module_eval(request.env["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 11 filename: unsafe_request.rb @@ -49,7 +49,7 @@ high: parent_content: eval(request.env["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 13 filename: unsafe_request.rb @@ -57,7 +57,7 @@ high: parent_content: instance_eval(request.env["oops"], "test") - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 15 filename: unsafe_request.rb @@ -65,7 +65,7 @@ high: parent_content: class_eval(request.env["oops"]) - rule_dsrid: DSR-? rule_display_id: ruby_lang_eval_using_user_input - rule_description: Do not generate code using user input. + rule_description: Potential command injection with user input detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_eval_using_user_input line_number: 17 filename: unsafe_request.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/exception/.snapshots/TestRubyLangException--datatype_leak.yml b/pkg/commands/process/settings/rules/ruby/lang/exception/.snapshots/TestRubyLangException--datatype_leak.yml index d4da9bea0..c97f3610c 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/exception/.snapshots/TestRubyLangException--datatype_leak.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/exception/.snapshots/TestRubyLangException--datatype_leak.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: ruby_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_exception line_number: 1 filename: datatype_leak.rb @@ -11,7 +11,7 @@ critical: parent_content: raise CustomException.new(user.email) - rule_dsrid: DSR-5 rule_display_id: ruby_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_exception line_number: 2 filename: datatype_leak.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_generate.yml b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_generate.yml index ac8be6d4b..96ef947fa 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_generate.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_generate.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 5 filename: datatype_in_csv_generate.rb @@ -16,7 +16,7 @@ critical: ] - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 6 filename: datatype_in_csv_generate.rb @@ -31,7 +31,7 @@ critical: ] - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 7 filename: datatype_in_csv_generate.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_open.yml b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_open.yml index 08f2534a3..940d0c037 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_open.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_csv_open.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 5 filename: datatype_in_csv_open.rb @@ -16,7 +16,7 @@ critical: ] - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 6 filename: datatype_in_csv_open.rb @@ -31,7 +31,7 @@ critical: ] - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 7 filename: datatype_in_csv_open.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_file_open.yml b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_file_open.yml index 6a924daf2..768d742bc 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_file_open.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_file_open.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 1 filename: datatype_in_file_open.rb @@ -11,7 +11,7 @@ critical: parent_content: 'f.write "#{Time.now} - User #{user.email} logged in\n"' - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 5 filename: datatype_in_file_open.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_io_sysopen.yml b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_io_sysopen.yml index 13b68a97d..113e700fc 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_io_sysopen.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/file_generation/.snapshots/TestRubyLangFileGeneration--datatype_in_io_sysopen.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-4 rule_display_id: ruby_lang_file_generation - rule_description: Do not write sensitive data to static files. + rule_description: Sensitive data detected as part of a dynamic file generation. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_file_generation line_number: 3 filename: datatype_in_io_sysopen.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_param_hash.yml b/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_param_hash.yml index 81de0a243..6d4f5aac9 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_param_hash.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_param_hash.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_get_params - rule_description: Do not send sensitive data as HTTP GET parameters. + rule_description: Sensitive data communicated through GET parameters detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_get_params line_number: 1 filename: datatype_in_param_hash.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_params.yml b/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_params.yml index 46e3dbc2f..74b104831 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_params.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_get_params/.snapshots/TestRubyLangHttpGetParams--datatype_in_params.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_get_params - rule_description: Do not send sensitive data as HTTP GET parameters. + rule_description: Sensitive data communicated through GET parameters detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_get_params line_number: 1 filename: datatype_in_params.rb @@ -12,7 +12,7 @@ critical: parent_content: URI("https://my.api.com/users/search?ethnic_origin=#{user.ethnic_origin}") - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_get_params - rule_description: Do not send sensitive data as HTTP GET parameters. + rule_description: Sensitive data communicated through GET parameters detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_get_params line_number: 3 filename: datatype_in_params.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_get.yml b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_get.yml index 02e42c904..07b065ccf 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_get.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_get.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection through an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_insecure line_number: 1 filename: insecure_get.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post.yml b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post.yml index 7bf696157..2b702eae9 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection through an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_insecure line_number: 1 filename: insecure_post.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post_form.yml b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post_form.yml index fc906ea40..6d346666f 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post_form.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--insecure_post_form.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection through an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_insecure line_number: 1 filename: insecure_post_form.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--uri_encode_form.yml b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--uri_encode_form.yml index 436e56766..81460b183 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--uri_encode_form.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_insecure/.snapshots/TestRubyLangHttpInsecure--uri_encode_form.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection through an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_insecure line_number: 1 filename: uri_encode_form.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_form_with_datatype.yml b/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_form_with_datatype.yml index 2b40e57d0..b01fead7b 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_form_with_datatype.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_form_with_datatype.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_post_insecure_with_data - rule_description: Only send sensitive data through HTTPS connections. + rule_description: Sensitive data sent through an an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_post_insecure_with_data line_number: 1 filename: insecure_post_form_with_datatype.rb @@ -12,7 +12,7 @@ critical: low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection through an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_insecure line_number: 1 filename: insecure_post_form_with_datatype.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_with_datatype.yml b/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_with_datatype.yml index 899c86938..b738bc9ef 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_with_datatype.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/http_post_insecure_with_data/.snapshots/TestRubyLangHttpPostInsecureWithData--insecure_post_with_datatype.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_post_insecure_with_data - rule_description: Only send sensitive data through HTTPS connections. + rule_description: Sensitive data sent through an an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_post_insecure_with_data line_number: 1 filename: insecure_post_with_datatype.rb @@ -12,7 +12,7 @@ critical: low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_http_insecure - rule_description: Only communicate using HTTPS connections. + rule_description: Connection through an unsecure HTTP communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_http_insecure line_number: 1 filename: insecure_post_with_datatype.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_new.yml b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_new.yml index 59419a1fe..68e7d838a 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_new.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_new.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_insecure_ftp - rule_description: Only communicate using SFTP connections. + rule_description: Communication with an unsecure FTP server detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_insecure_ftp line_number: 8 filename: ftp_new.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open.yml b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open.yml index b6eaf7d70..55081bc60 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_insecure_ftp - rule_description: Only communicate using SFTP connections. + rule_description: Communication with an unsecure FTP server detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_insecure_ftp line_number: 3 filename: ftp_open.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open_with_datatype.yml b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open_with_datatype.yml index ab14be52f..bf36b6238 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open_with_datatype.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/insecure_ftp/.snapshots/TestRubyLangInsecureFtp--ftp_open_with_datatype.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_insecure_ftp - rule_description: Only communicate using SFTP connections. + rule_description: Communication with an unsecure FTP server detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_insecure_ftp line_number: 3 filename: ftp_open_with_datatype.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_in_jwt.yml b/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_in_jwt.yml index 4dccc2efd..9e5f6d6aa 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_in_jwt.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_in_jwt.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-3 rule_display_id: ruby_lang_jwt - rule_description: Do not store sensitive data in JWTs. + rule_description: Sensitive data in a JWT detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_jwt line_number: 1 filename: datatype_in_jwt.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_object_in_jwt.yml b/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_object_in_jwt.yml index 08084e53a..9bd4855aa 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_object_in_jwt.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatype_object_in_jwt.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-3 rule_display_id: ruby_lang_jwt - rule_description: Do not store sensitive data in JWTs. + rule_description: Sensitive data in a JWT detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_jwt line_number: 3 filename: datatype_object_in_jwt.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatypes_with_encrypted_jwt.yml b/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatypes_with_encrypted_jwt.yml index 5ae5366b9..3de5ed203 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatypes_with_encrypted_jwt.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/jwt/.snapshots/TestRubyLangJwt--datatypes_with_encrypted_jwt.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-3 rule_display_id: ruby_lang_jwt - rule_description: Do not store sensitive data in JWTs. + rule_description: Sensitive data in a JWT detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_jwt line_number: 2 filename: datatypes_with_encrypted_jwt.rb @@ -11,7 +11,7 @@ critical: parent_content: 'JWT.encode({ user: current_user.email }, private_key, ''HS256'', {})' - rule_dsrid: DSR-3 rule_display_id: ruby_lang_jwt - rule_description: Do not store sensitive data in JWTs. + rule_description: Sensitive data in a JWT detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_jwt line_number: 4 filename: datatypes_with_encrypted_jwt.rb @@ -21,7 +21,7 @@ critical: parent_content: 'JWT.encode({ user: current_user.email }, ENV["SECRET_KEY"])' - rule_dsrid: DSR-3 rule_display_id: ruby_lang_jwt - rule_description: Do not store sensitive data in JWTs. + rule_description: Sensitive data in a JWT detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_jwt line_number: 6 filename: datatypes_with_encrypted_jwt.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/logger/.snapshots/TestRubyLangLogger--datatype_leak.yml b/pkg/commands/process/settings/rules/ruby/lang/logger/.snapshots/TestRubyLangLogger--datatype_leak.yml index 8d679d9c7..10a16b543 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/logger/.snapshots/TestRubyLangLogger--datatype_leak.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/logger/.snapshots/TestRubyLangLogger--datatype_leak.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: ruby_lang_logger - rule_description: Do not send sensitive data to loggers. + rule_description: Sensitive data in a logger message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_logger line_number: 1 filename: datatype_leak.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/ssl_verification/.snapshots/TestRubyLangSslVerification--verification_disabled.yml b/pkg/commands/process/settings/rules/ruby/lang/ssl_verification/.snapshots/TestRubyLangSslVerification--verification_disabled.yml index d90b1f657..90b28af8b 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/ssl_verification/.snapshots/TestRubyLangSslVerification--verification_disabled.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/ssl_verification/.snapshots/TestRubyLangSslVerification--verification_disabled.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_lang_ssl_verification - rule_description: Enable SSL Certificate Verification. + rule_description: Missing SSL certificate verification detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_ssl_verification line_number: 1 filename: verification_disabled.rb @@ -9,7 +9,7 @@ low: parent_content: http.verify_mode = OpenSSL::SSL::VERIFY_NONE - rule_dsrid: DSR-2 rule_display_id: ruby_lang_ssl_verification - rule_description: Enable SSL Certificate Verification. + rule_description: Missing SSL certificate verification detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_ssl_verification line_number: 4 filename: verification_disabled.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--blowfish.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--blowfish.yml index 80b160391..6c9fa1deb 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--blowfish.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--blowfish.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 2 filename: blowfish.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_md5.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_md5.yml index 5bab7c255..ee3f52243 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_md5.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_md5.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: digest_md5.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_sha1.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_sha1.yml index b57729e0c..ac535f685 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_sha1.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--digest_sha1.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: digest_sha1.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_dsa.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_dsa.yml index 7bc4bfd10..078da2e45 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_dsa.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_dsa.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 3 filename: openssl_dsa.rb @@ -9,7 +9,7 @@ low: parent_content: dsa_encrypt.export(cipher, "hello world") - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 5 filename: openssl_dsa.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_rsa.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_rsa.yml index 7c6f586dc..58fadc231 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_rsa.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--openssl_rsa.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: openssl_rsa.rb @@ -9,7 +9,7 @@ low: parent_content: OpenSSL::PKey::RSA.new(File.read('rsa.pem')).private_encrypt("test") - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 5 filename: openssl_rsa.rb @@ -17,7 +17,7 @@ low: parent_content: rsa_encrypt.export(cipher, "hello world") - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 7 filename: openssl_rsa.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--rc4_encrypt.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--rc4_encrypt.yml index 8e063e203..d07ecea34 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--rc4_encrypt.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption/.snapshots/TestRubyLangWeakEncryption--rc4_encrypt.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: rc4_encrypt.rb @@ -9,7 +9,7 @@ low: parent_content: RC4.new("insecure").encrypt("hello world") - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 4 filename: rc4_encrypt.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--blowfish_data.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--blowfish_data.yml index c050ceb52..742d67bbb 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--blowfish_data.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--blowfish_data.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 2 filename: blowfish_data.rb @@ -14,7 +14,7 @@ critical: } - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 6 filename: blowfish_data.rb @@ -27,7 +27,7 @@ critical: end - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 9 filename: blowfish_data.rb @@ -38,7 +38,7 @@ critical: low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: blowfish_data.rb @@ -51,7 +51,7 @@ low: } - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 5 filename: blowfish_data.rb @@ -64,7 +64,7 @@ low: end - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 9 filename: blowfish_data.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_md5.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_md5.yml index d38ac3d5a..036775c85 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_md5.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_md5.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 1 filename: digest_md5.rb @@ -12,7 +12,7 @@ critical: low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: digest_md5.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_sha1.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_sha1.yml index a1b1b2e1b..2e1af8ff0 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_sha1.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--digest_sha1.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 1 filename: digest_sha1.rb @@ -12,7 +12,7 @@ critical: low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: digest_sha1.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_dsa_data.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_dsa_data.yml index a51da8cf4..dfb6f8aff 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_dsa_data.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_dsa_data.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 3 filename: openssl_dsa_data.rb @@ -11,7 +11,7 @@ critical: parent_content: dsa_encrypt.export(cipher, user.email) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 5 filename: openssl_dsa_data.rb @@ -22,7 +22,7 @@ critical: low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 3 filename: openssl_dsa_data.rb @@ -32,7 +32,7 @@ low: parent_content: dsa_encrypt.export(cipher, user.email) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 5 filename: openssl_dsa_data.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_rsa_data.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_rsa_data.yml index 3f1de7eaf..403bd8024 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_rsa_data.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--openssl_rsa_data.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 1 filename: openssl_rsa_data.rb @@ -11,7 +11,7 @@ critical: parent_content: OpenSSL::PKey::RSA.new(File.read('rsa.pem')).private_encrypt(user.password) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 5 filename: openssl_rsa_data.rb @@ -21,7 +21,7 @@ critical: parent_content: rsa_encrypt.export(cipher, user.password) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 7 filename: openssl_rsa_data.rb @@ -32,7 +32,7 @@ critical: low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: openssl_rsa_data.rb @@ -42,7 +42,7 @@ low: parent_content: OpenSSL::PKey::RSA.new(File.read('rsa.pem')).private_encrypt(user.password) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 5 filename: openssl_rsa_data.rb @@ -52,7 +52,7 @@ low: parent_content: rsa_encrypt.export(cipher, user.password) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 7 filename: openssl_rsa_data.rb diff --git a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--rc4_data.yml b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--rc4_data.yml index 0f0b21b8b..64a698e8f 100644 --- a/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--rc4_data.yml +++ b/pkg/commands/process/settings/rules/ruby/lang/weak_encryption_with_data/.snapshots/TestRubyLangWeakEncryptionWithData--rc4_data.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 1 filename: rc4_data.rb @@ -11,7 +11,7 @@ critical: parent_content: RC4.new("insecure").encrypt(user.password) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption_with_data - rule_description: Do not use weak encryption libraries to encrypt sensitive data. + rule_description: Sensitive data encrypted with a weak encryption library detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption_with_data line_number: 4 filename: rc4_data.rb @@ -22,7 +22,7 @@ critical: low: - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 1 filename: rc4_data.rb @@ -32,7 +32,7 @@ low: parent_content: RC4.new("insecure").encrypt(user.password) - rule_dsrid: DSR-7 rule_display_id: ruby_lang_weak_encryption - rule_description: Avoid weak encryption libraries. + rule_description: Weak encryption library usage detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_weak_encryption line_number: 4 filename: rc4_data.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-schema_rb-db-schema.yml b/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-schema_rb-db-schema.yml index 504e821cb..05ee6b222 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-schema_rb-db-schema.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-schema_rb-db-schema.yml @@ -1,7 +1,7 @@ warning: - rule_dsrid: DSR-10 rule_display_id: ruby_rails_default_encryption - rule_description: Force application-level encryption when processing sensitive data. + rule_description: Missing application-level encryption of sensitive data detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_default_encryption line_number: 3 filename: application_level_encryption_missing/schema_rb/db/schema.rb @@ -18,7 +18,7 @@ warning: end - rule_dsrid: DSR-10 rule_display_id: ruby_rails_default_encryption - rule_description: Force application-level encryption when processing sensitive data. + rule_description: Missing application-level encryption of sensitive data detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_default_encryption line_number: 4 filename: application_level_encryption_missing/schema_rb/db/schema.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-structure_sql-db-structure.yml b/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-structure_sql-db-structure.yml index 0342a3d83..12d37a8e7 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-structure_sql-db-structure.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/default_encryption/.snapshots/TestRubyRailsDefaultEncryption--application_level_encryption_missing-structure_sql-db-structure.yml @@ -1,7 +1,7 @@ warning: - rule_dsrid: DSR-10 rule_display_id: ruby_rails_default_encryption - rule_description: Force application-level encryption when processing sensitive data. + rule_description: Missing application-level encryption of sensitive data detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_default_encryption line_number: 3 filename: application_level_encryption_missing/structure_sql/db/structure.sql @@ -19,7 +19,7 @@ warning: ) - rule_dsrid: DSR-10 rule_display_id: ruby_rails_default_encryption - rule_description: Force application-level encryption when processing sensitive data. + rule_description: Missing application-level encryption of sensitive data detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_default_encryption line_number: 7 filename: application_level_encryption_missing/structure_sql/db/structure.sql diff --git a/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--no_datatypes.yml b/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--no_datatypes.yml index 876ca8c66..f7d173d0d 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--no_datatypes.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--no_datatypes.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_rails_insecure_communication - rule_description: Force all incoming communication through SSL. + rule_description: Missing force SSL configuration for incoming communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_insecure_communication line_number: 2 filename: no_datatypes.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--ssl_disabled.yml b/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--ssl_disabled.yml index a49875f78..e99568679 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--ssl_disabled.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/insecure_communication/.snapshots/TestRubyRailsInsecureCommunication--ssl_disabled.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_rails_insecure_communication - rule_description: Force all incoming communication through SSL. + rule_description: Missing force SSL configuration for incoming communication detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_insecure_communication line_number: 7 filename: ssl_disabled.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none.yml b/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none.yml index d33e0f2e1..5d49e911e 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-2 rule_display_id: ruby_rails_insecure_smtp - rule_description: Only communicate with secure SMTP connections. + rule_description: Communication with an unsecure SMTP connection detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_insecure_smtp line_number: 8 filename: verify_none.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none_ssl_var.yml b/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none_ssl_var.yml index 0de1b12d7..03a9576d7 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none_ssl_var.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/insecure_smtp/.snapshots/TestRubyRailsInsecureSmtp--verify_none_ssl_var.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-2 rule_display_id: ruby_rails_insecure_smtp - rule_description: Only communicate with secure SMTP connections. + rule_description: Communication with an unsecure SMTP connection detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_insecure_smtp line_number: 3 filename: verify_none_ssl_var.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/logger/.snapshots/TestRubyRailsLogger--datatype_leak.yml b/pkg/commands/process/settings/rules/ruby/rails/logger/.snapshots/TestRubyRailsLogger--datatype_leak.yml index 1a56cc20a..ea46ad93f 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/logger/.snapshots/TestRubyRailsLogger--datatype_leak.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/logger/.snapshots/TestRubyRailsLogger--datatype_leak.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: ruby_rails_logger - rule_description: Do not send sensitive data to Rails loggers. + rule_description: Sensitive data sent to Rails loggers detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_logger line_number: 1 filename: datatype_leak.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/password_length/.snapshots/TestRubyRailsPasswordLength--password_too_short.yml b/pkg/commands/process/settings/rules/ruby/rails/password_length/.snapshots/TestRubyRailsPasswordLength--password_too_short.yml index 2063efff1..1841ec821 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/password_length/.snapshots/TestRubyRailsPasswordLength--password_too_short.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/password_length/.snapshots/TestRubyRailsPasswordLength--password_too_short.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-8 rule_display_id: ruby_rails_password_length - rule_description: Enforce stronger password requirements. + rule_description: Password length (< 8) requirement is too short. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_password_length line_number: 3 filename: password_too_short.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/session/.snapshots/TestRubyRailsSession--datatype_in_session.yml b/pkg/commands/process/settings/rules/ruby/rails/session/.snapshots/TestRubyRailsSession--datatype_in_session.yml index 6fbaf2535..370f3b7ca 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/session/.snapshots/TestRubyRailsSession--datatype_in_session.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/session/.snapshots/TestRubyRailsSession--datatype_in_session.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-3 rule_display_id: ruby_rails_session - rule_description: Do not store sensitive data in session cookies. + rule_description: Sensitive data stored in a session cookie detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_session line_number: 1 filename: datatype_in_session.rb diff --git a/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input/.snapshots/TestRubyRailsSessionKeyUsingUserInput--unsafe.yml b/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input/.snapshots/TestRubyRailsSessionKeyUsingUserInput--unsafe.yml index a1db98253..db54c5c62 100644 --- a/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input/.snapshots/TestRubyRailsSessionKeyUsingUserInput--unsafe.yml +++ b/pkg/commands/process/settings/rules/ruby/rails/session_key_using_user_input/.snapshots/TestRubyRailsSessionKeyUsingUserInput--unsafe.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-? rule_display_id: ruby_rails_session_key_using_user_input - rule_description: Do not use user input in a session key. + rule_description: User input detected in a session key. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_session_key_using_user_input line_number: 1 filename: unsafe.rb @@ -9,7 +9,7 @@ high: parent_content: session[params[:key]] - rule_dsrid: DSR-? rule_display_id: ruby_rails_session_key_using_user_input - rule_description: Do not use user input in a session key. + rule_description: User input detected in a session key. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_session_key_using_user_input line_number: 3 filename: unsafe.rb @@ -17,7 +17,7 @@ high: parent_content: session[request.env[:key]] - rule_dsrid: DSR-? rule_display_id: ruby_rails_session_key_using_user_input - rule_description: Do not use user input in a session key. + rule_description: User input detected in a session key. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_rails_session_key_using_user_input line_number: 5 filename: unsafe.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_custom_notice.yml b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_custom_notice.yml index 5065e0820..f083fa4f5 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_custom_notice.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_custom_notice.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 5 filename: datatype_in_custom_notice.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_extended_notify_methods.yml b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_extended_notify_methods.yml index 40dae7d47..697bfa3b2 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_extended_notify_methods.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_extended_notify_methods.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 3 filename: datatype_in_extended_notify_methods.rb @@ -17,7 +17,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 9 filename: datatype_in_extended_notify_methods.rb @@ -33,7 +33,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 17 filename: datatype_in_extended_notify_methods.rb @@ -49,7 +49,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 23 filename: datatype_in_extended_notify_methods.rb @@ -65,7 +65,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 31 filename: datatype_in_extended_notify_methods.rb @@ -80,7 +80,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 36 filename: datatype_in_extended_notify_methods.rb @@ -95,7 +95,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 43 filename: datatype_in_extended_notify_methods.rb @@ -111,7 +111,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 49 filename: datatype_in_extended_notify_methods.rb @@ -127,7 +127,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 57 filename: datatype_in_extended_notify_methods.rb @@ -144,7 +144,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 64 filename: datatype_in_extended_notify_methods.rb @@ -161,7 +161,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 73 filename: datatype_in_extended_notify_methods.rb @@ -177,7 +177,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 79 filename: datatype_in_extended_notify_methods.rb @@ -193,7 +193,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 101 filename: datatype_in_extended_notify_methods.rb @@ -209,7 +209,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 107 filename: datatype_in_extended_notify_methods.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_merge_context.yml b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_merge_context.yml index 8d1f8a734..f6571ed69 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_merge_context.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_merge_context.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 1 filename: datatype_in_merge_context.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_notify.yml b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_notify.yml index 8e42d13c0..7a964ac52 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_notify.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_notify.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 1 filename: datatype_in_notify.rb @@ -11,7 +11,7 @@ critical: parent_content: Airbrake.notify(user.first_name) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 4 filename: datatype_in_notify.rb @@ -24,7 +24,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 8 filename: datatype_in_notify.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_rescue_block.yml b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_rescue_block.yml index 50f4cd209..ca760279e 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_rescue_block.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/airbrake/.snapshots/TestRubyThirdPartiesAirbrake--datatype_in_rescue_block.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_airbrake - rule_description: Do not send sensitive data to Airbrake. + rule_description: Sensitive data sent to Airbrake detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_airbrake line_number: 4 filename: datatype_in_rescue_block.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/algolia/.snapshots/TestRubyThirdPartiesAlgolia--datatype_in_save_object.yml b/pkg/commands/process/settings/rules/ruby/third_parties/algolia/.snapshots/TestRubyThirdPartiesAlgolia--datatype_in_save_object.yml index c7be63cc1..d6b46c232 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/algolia/.snapshots/TestRubyThirdPartiesAlgolia--datatype_in_save_object.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/algolia/.snapshots/TestRubyThirdPartiesAlgolia--datatype_in_save_object.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_algolia - rule_description: Do not store sensitive data in Algolia. + rule_description: Sensitive data sent to Algolia detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_algolia line_number: 4 filename: datatype_in_save_object.rb @@ -11,7 +11,7 @@ critical: parent_content: 'index.save_object({ email: user.email }, { auto_generate_object_id_if_not_exist: true })' - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_algolia - rule_description: Do not store sensitive data in Algolia. + rule_description: Sensitive data sent to Algolia detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_algolia line_number: 6 filename: datatype_in_save_object.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert.yml index 191059f23..ea305eaa3 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_bigquery - rule_description: Do not store sensitive data in BigQuery. + rule_description: Sensitive data sent to BigQuery detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_bigquery line_number: 4 filename: datatype_in_insert.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert_async.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert_async.yml index a4f734c4a..131e7175d 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert_async.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_insert_async.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_bigquery - rule_description: Do not store sensitive data in BigQuery. + rule_description: Sensitive data sent to BigQuery detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_bigquery line_number: 8 filename: datatype_in_insert_async.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert.yml index cf6d22428..52e7e12cd 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_bigquery - rule_description: Do not store sensitive data in BigQuery. + rule_description: Sensitive data sent to BigQuery detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_bigquery line_number: 5 filename: datatype_in_table_insert.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert_async.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert_async.yml index c770ed8c8..75fda8b02 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert_async.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bigquery/.snapshots/TestRubyThirdPartiesBigQuery--datatype_in_table_insert_async.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_bigquery - rule_description: Do not store sensitive data in BigQuery. + rule_description: Sensitive data sent to BigQuery detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_bigquery line_number: 9 filename: datatype_in_table_insert_async.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--breadcrumb.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--breadcrumb.yml index c3ef96523..d54f52b70 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--breadcrumb.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--breadcrumb.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_bugsnag - rule_description: Do not send sensitive data to Bugsnag. + rule_description: Sensitive data sent to Bugsnag detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_bugsnag line_number: 2 filename: breadcrumb.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--bugsnag_notify.yml b/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--bugsnag_notify.yml index 6df25a4e3..ab2caa093 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--bugsnag_notify.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/bugsnag/.snapshots/TestRubyThirdPartiesBugsnag--bugsnag_notify.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-5 rule_display_id: ruby_lang_exception - rule_description: Do not send sensitive data to exceptions. + rule_description: Sensitive data in a exception message detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_lang_exception line_number: 2 filename: bugsnag_notify.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse/.snapshots/TestRubyThirdPartiesClickHouse--datatype_in_insert_rows.yml b/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse/.snapshots/TestRubyThirdPartiesClickHouse--datatype_in_insert_rows.yml index df5ad59a1..96711c219 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse/.snapshots/TestRubyThirdPartiesClickHouse--datatype_in_insert_rows.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/clickhouse/.snapshots/TestRubyThirdPartiesClickHouse--datatype_in_insert_rows.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_clickhouse - rule_description: Do not store sensitive data in ClickHouse. + rule_description: Sensitive data sent to ClickHouse detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_clickhouse line_number: 6 filename: datatype_in_insert_rows.rb @@ -17,7 +17,7 @@ critical: ] - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_clickhouse - rule_description: Do not store sensitive data in ClickHouse. + rule_description: Sensitive data sent to ClickHouse detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_clickhouse line_number: 7 filename: datatype_in_insert_rows.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/datadog/.snapshots/TestRubyThirdPartiesDatadog--datatype_in_tags.yml b/pkg/commands/process/settings/rules/ruby/third_parties/datadog/.snapshots/TestRubyThirdPartiesDatadog--datatype_in_tags.yml index a67f9a290..689c3ccbc 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/datadog/.snapshots/TestRubyThirdPartiesDatadog--datatype_in_tags.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/datadog/.snapshots/TestRubyThirdPartiesDatadog--datatype_in_tags.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_datadog - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_datadog line_number: 2 filename: datatype_in_tags.rb @@ -11,7 +11,7 @@ critical: parent_content: c.tags = user - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_datadog - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_datadog line_number: 7 filename: datatype_in_tags.rb @@ -21,7 +21,7 @@ critical: parent_content: span.set_tag('user.email', user.email) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_datadog - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_datadog line_number: 9 filename: datatype_in_tags.rb @@ -31,7 +31,7 @@ critical: parent_content: Datadog::Tracing.active_span&.set_tag('customer.id', user.email) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_datadog - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_datadog line_number: 10 filename: datatype_in_tags.rb @@ -41,7 +41,7 @@ critical: parent_content: Datadog::Tracing.active_span.set_tag('customer.id', user.email) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_datadog - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_datadog line_number: 12 filename: datatype_in_tags.rb @@ -54,7 +54,7 @@ critical: end - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_datadog - rule_description: Do not send sensitive data to Datadog. + rule_description: Sensitive data sent to Datadog detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_datadog line_number: 17 filename: datatype_in_tags.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_bulk.yml b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_bulk.yml index e04ff202e..a5157d6f3 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_bulk.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_bulk.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_elasticsearch - rule_description: Do not store sensitive data in Elasticsearch. + rule_description: Sensitive data sent to Elasticsearch detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_elasticsearch line_number: 3 filename: datatype_in_bulk.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_index.yml b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_index.yml index 58ffdd24b..91c60f148 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_index.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_index.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_elasticsearch - rule_description: Do not store sensitive data in Elasticsearch. + rule_description: Sensitive data sent to Elasticsearch detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_elasticsearch line_number: 3 filename: datatype_in_index.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_update.yml b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_update.yml index 5b3b355e5..6a44d742f 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_update.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/elasticsearch/.snapshots/TestRubyThirdPartiesElasticsearch--datatype_in_update.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-6 rule_display_id: ruby_third_parties_elasticsearch - rule_description: Do not store sensitive data in Elasticsearch. + rule_description: Sensitive data sent to Elasticsearch detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_elasticsearch line_number: 1 filename: datatype_in_update.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_cohort.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_cohort.yml index e0a053e60..047c70b7e 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_cohort.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_cohort.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_analytics line_number: 1 filename: datatype_in_cohort.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_custom_dimension.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_custom_dimension.yml index 782bcee26..ce27df9da 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_custom_dimension.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_custom_dimension.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_analytics line_number: 2 filename: datatype_in_custom_dimension.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_event_data.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_event_data.yml index add222217..815083cf5 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_event_data.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_event_data.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_analytics line_number: 2 filename: datatype_in_event_data.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_transaction_data.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_transaction_data.yml index 3780fa8a1..fdfd9e8fc 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_transaction_data.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_transaction_data.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_analytics line_number: 1 filename: datatype_in_transaction_data.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_user_classes.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_user_classes.yml index 0c4a1334b..171257b0f 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_user_classes.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_analytics/.snapshots/TestRubyThirdPartiesGoogleAnalytics--datatype_in_user_classes.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_analytics line_number: 1 filename: datatype_in_user_classes.rb @@ -12,7 +12,7 @@ critical: parent_content: 'Google::Apis::AnalyticsreportingV4::User.new(user_id: user.email)' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_analytics - rule_description: Do not send sensitive data to Google Analytics. + rule_description: Sensitive data sent to Google Analytics detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_analytics line_number: 4 filename: datatype_in_user_classes.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_config.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_config.yml index a35f20a23..050609353 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_config.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_config.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 8 filename: datatype_in_config.rb @@ -11,7 +11,7 @@ critical: parent_content: 'config.metadata = { current_user_id: current_user.email }' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 14 filename: datatype_in_config.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_job_message.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_job_message.yml index 49eadbfbb..98bf57c32 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_job_message.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_job_message.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 2 filename: datatype_in_job_message.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_metadata.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_metadata.yml index bf1e9a672..44d9d4ef7 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_metadata.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_metadata.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 2 filename: datatype_in_metadata.rb @@ -11,7 +11,7 @@ high: parent_content: 'custom_metadata.value = "ip: #{customer.ip_address}"' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 5 filename: datatype_in_metadata.rb @@ -21,7 +21,7 @@ high: parent_content: 'template_metadata.description ="ip: #{customer.ip_address}"' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 6 filename: datatype_in_metadata.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_params_entry.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_params_entry.yml index 9269d95aa..bf0db146b 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_params_entry.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_params_entry.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 2 filename: datatype_in_params_entry.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_job_request.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_job_request.yml index 28d1f16de..e36849d05 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_job_request.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_job_request.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 2 filename: datatype_in_snapshot_job_request.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_setter.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_setter.yml index 06e9ca87f..5e8a22991 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_setter.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_snapshot_setter.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 9 filename: datatype_in_snapshot_setter.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message.yml index ebdac6d43..d270104d4 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 4 filename: datatype_in_structured_message.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message_param.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message_param.yml index e9c478477..065d61002 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message_param.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_structured_message_param.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 2 filename: datatype_in_structured_message_param.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_template_job_creation.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_template_job_creation.yml index 1450af077..4c35a897f 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_template_job_creation.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--datatype_in_template_job_creation.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 5 filename: datatype_in_template_job_creation.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--fail_with_different_version.yml b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--fail_with_different_version.yml index e934c9a78..df18f2d2e 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--fail_with_different_version.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/.snapshots/TestRubyThirdPartiesGoogleDataflow--fail_with_different_version.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_google_dataflow - rule_description: Do not send sensitive data to Google Dataflow. + rule_description: Sensitive data sent to Google Dataflow detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_google_dataflow line_number: 5 filename: fail_with_different_version.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_breadcrumb.yml b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_breadcrumb.yml index 5039308af..b239560d2 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_breadcrumb.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_breadcrumb.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 1 filename: honeybadger_breadcrumb.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_context.yml b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_context.yml index 360f7ce12..52763400a 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_context.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_context.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 1 filename: honeybadger_context.rb @@ -14,7 +14,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 8 filename: honeybadger_context.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_methods.yml b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_methods.yml index 828ae557a..c2bcaff4d 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_methods.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_methods.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 3 filename: honeybadger_methods.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_notify.yml b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_notify.yml index 9c27bb455..b4720bc4a 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_notify.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/honeybadger/.snapshots/TestRubyThirdPartiesHoneybadger--honeybadger_notify.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 2 filename: honeybadger_notify.rb @@ -19,7 +19,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 9 filename: honeybadger_notify.rb @@ -37,7 +37,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 13 filename: honeybadger_notify.rb @@ -55,7 +55,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 14 filename: honeybadger_notify.rb @@ -73,7 +73,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 22 filename: honeybadger_notify.rb @@ -91,7 +91,7 @@ critical: ) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_honeybadger - rule_description: Do not send sensitive data to Honeybadger. + rule_description: Sensitive data sent to Honeybadger detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_honeybadger line_number: 29 filename: honeybadger_notify.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_attributes.yml b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_attributes.yml index d5506b381..1cc93c76a 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_attributes.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_attributes.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_new_relic line_number: 1 filename: datatype_in_add_custom_attributes.rb @@ -11,7 +11,7 @@ critical: parent_content: NewRelic::Agent.add_custom_attributes(user) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_new_relic line_number: 3 filename: datatype_in_add_custom_attributes.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_parameters.yml b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_parameters.yml index 0881e80a5..49ee0f1f0 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_parameters.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_add_custom_parameters.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_new_relic line_number: 1 filename: datatype_in_add_custom_parameters.rb @@ -11,7 +11,7 @@ critical: parent_content: NewRelic::Agent.add_custom_parameters(user) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_new_relic line_number: 3 filename: datatype_in_add_custom_parameters.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_notice_error.yml b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_notice_error.yml index cbd2d28c3..7bd929633 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_notice_error.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/new_relic/.snapshots/TestRubyThirdPartiesNewRelic--datatype_in_notice_error.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_new_relic line_number: 1 filename: datatype_in_notice_error.rb @@ -11,7 +11,7 @@ critical: parent_content: 'NewRelic::Agent.notice_error(exception, { custom_params: user })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_new_relic - rule_description: Do not send sensitive data to New Relic. + rule_description: Sensitive data sent to New Relic detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_new_relic line_number: 3 filename: datatype_in_notice_error.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_record_exception.yml b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_record_exception.yml index 474f21523..d7b8e3fe2 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_record_exception.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_record_exception.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 7 filename: datatype_in_record_exception.rb @@ -12,7 +12,7 @@ critical: parent_content: 'current_span.status = OpenTelemetry::Trace::Status.error("error for user #{current_user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 17 filename: datatype_in_record_exception.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_attributes.yml b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_attributes.yml index ccb403e43..881b7eb45 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_attributes.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_attributes.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 7 filename: datatype_in_span_attributes.rb @@ -15,7 +15,7 @@ critical: }) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 13 filename: datatype_in_span_attributes.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_event.yml b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_event.yml index 788a8288e..62691ff34 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_event.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatype_in_span_event.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 2 filename: datatype_in_span_event.rb @@ -11,7 +11,7 @@ critical: parent_content: 'span.add_event("Schedule job for user: #{current_user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 4 filename: datatype_in_span_event.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatypes_in_span_init_block.yml b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatypes_in_span_init_block.yml index 7b82065ee..aab98c5fd 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatypes_in_span_init_block.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/open_telemetry/.snapshots/TestRubyThirdPartiesOpenTelemetry--datatypes_in_span_init_block.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 2 filename: datatypes_in_span_init_block.rb @@ -14,7 +14,7 @@ critical: end - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 6 filename: datatypes_in_span_init_block.rb @@ -27,7 +27,7 @@ critical: end - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 7 filename: datatypes_in_span_init_block.rb @@ -37,7 +37,7 @@ critical: parent_content: span.add_attributes(user.email) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_open_telemetry - rule_description: Do not send sensitive data to Open Telemetry. + rule_description: Sensitive data sent to Open Telemetry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_open_telemetry line_number: 11 filename: datatypes_in_span_init_block.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_context.yml b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_context.yml index fc1cb07d5..310176ebe 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_context.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_context.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 1 filename: datatype_in_context.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log.yml b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log.yml index a14cd0cea..dba786077 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 1 filename: datatype_in_log.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Rollbar.log("error", "oops #{user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 2 filename: datatype_in_log.rb @@ -21,7 +21,7 @@ critical: parent_content: 'Rollbar.log("error", "oops", user: { email: "someone@example.com" })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 3 filename: datatype_in_log.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log_helper.yml b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log_helper.yml index 10ddbd2f0..0e1c7c928 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log_helper.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_log_helper.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 1 filename: datatype_in_log_helper.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Rollbar.critical("oops #{user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 2 filename: datatype_in_log_helper.rb @@ -21,7 +21,7 @@ critical: parent_content: 'Rollbar.critical(e, "oops #{user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 3 filename: datatype_in_log_helper.rb @@ -31,7 +31,7 @@ critical: parent_content: 'Rollbar.critical(e, user: { email: "someone@example.com" })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 4 filename: datatype_in_log_helper.rb @@ -41,7 +41,7 @@ critical: parent_content: 'Rollbar.critical(e, { user: { first_name: "someone" } })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 6 filename: datatype_in_log_helper.rb @@ -51,7 +51,7 @@ critical: parent_content: 'Rollbar.error("oops #{user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 8 filename: datatype_in_log_helper.rb @@ -61,7 +61,7 @@ critical: parent_content: 'Rollbar.debug("oops #{user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 10 filename: datatype_in_log_helper.rb @@ -71,7 +71,7 @@ critical: parent_content: 'Rollbar.info("oops #{user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 12 filename: datatype_in_log_helper.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scope.yml b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scope.yml index 8cb8682fc..7aa5f0137 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scope.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scope.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 1 filename: datatype_in_scope.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Rollbar.scope!({ user: { email: "someone@example.com" }})' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 3 filename: datatype_in_scope.rb @@ -21,7 +21,7 @@ critical: parent_content: Rollbar.scope(user) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 7 filename: datatype_in_scope.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scoped.yml b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scoped.yml index 82c8fd599..9a075b6e5 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scoped.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/rollbar/.snapshots/TestRubyThirdPartiesRollbar--datatype_in_scoped.yml @@ -1,7 +1,7 @@ low: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_rollbar - rule_description: Do not send sensitive data to Rollbar. + rule_description: Sensitive data sent to Rollbar detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_rollbar line_number: 1 filename: datatype_in_scoped.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add.yml b/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add.yml index c9c764ef8..8caece7af 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_scout_apm - rule_description: Do not send sensitive data to Scout APM. + rule_description: Sensitive data sent to Scout APM detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_scout_apm line_number: 1 filename: datatype_in_add.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add_user.yml b/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add_user.yml index ecff5c08d..67ef57208 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add_user.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/scout_apm/.snapshots/TestRubyThirdPartiesScoutAPM--datatype_in_add_user.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_scout_apm - rule_description: Do not send sensitive data to Scout APM. + rule_description: Sensitive data sent to Scout APM detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_scout_apm line_number: 1 filename: datatype_in_add_user.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_as_user_id.yml b/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_as_user_id.yml index c9bb0c862..37e07661b 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_as_user_id.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_as_user_id.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected.. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_segment line_number: 2 filename: datatype_as_user_id.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_in_nested_attribute.yml b/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_in_nested_attribute.yml index ef645e314..47e185eae 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_in_nested_attribute.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/segment/.snapshots/TestRubyThirdPartiesSegment--datatype_in_nested_attribute.yml @@ -1,7 +1,7 @@ high: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_segment - rule_description: Do not send sensitive data to Segment. + rule_description: Sensitive data sent to Segment detected.. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_segment line_number: 2 filename: datatype_in_nested_attribute.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_breadcrumb.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_breadcrumb.yml index cb8cff62a..58272c8e5 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_breadcrumb.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_breadcrumb.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 3 filename: datatype_in_breadcrumb.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_capture_message.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_capture_message.yml index 9b5e8377b..0fe8c99df 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_capture_message.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_capture_message.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 1 filename: datatype_in_capture_message.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Sentry.capture_message("test: #{user.email}")' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 2 filename: datatype_in_capture_message.rb @@ -21,7 +21,7 @@ critical: parent_content: 'Sentry.capture_message("test", extra: { email: user.email })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 3 filename: datatype_in_capture_message.rb @@ -31,7 +31,7 @@ critical: parent_content: 'Sentry.capture_message("test", tags: { email: user.email })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 4 filename: datatype_in_capture_message.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_init.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_init.yml index c27ec006c..532b1a8e3 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_init.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_init.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 3 filename: datatype_in_init.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_context.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_context.yml index c1975189b..8f23f4bcd 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_context.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_context.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 1 filename: datatype_in_set_context.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Sentry.set_context(''email'', { email: user.email })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 4 filename: datatype_in_set_context.rb @@ -21,7 +21,7 @@ critical: parent_content: 'scope.set_context(''email'', { email: user.email })' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 8 filename: datatype_in_set_context.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extra.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extra.yml index bed54568f..396f93d62 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extra.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extra.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 2 filename: datatype_in_set_extra.rb @@ -11,7 +11,7 @@ critical: parent_content: scope.set_extra(:email, user.email) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 6 filename: datatype_in_set_extra.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extras.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extras.yml index 2d164592e..b97231178 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extras.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_extras.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 1 filename: datatype_in_set_extras.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Sentry.set_extras(email: user.email)' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 4 filename: datatype_in_set_extras.rb @@ -21,7 +21,7 @@ critical: parent_content: 'scope.set_extras(email: user.email)' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 8 filename: datatype_in_set_extras.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tag.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tag.yml index 209fd80e2..74f83569c 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tag.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tag.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 2 filename: datatype_in_set_tag.rb @@ -11,7 +11,7 @@ critical: parent_content: scope.set_tag(:email, user.email) - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 6 filename: datatype_in_set_tag.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tags.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tags.yml index 2baff2ee1..cac7e4bbb 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tags.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_tags.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 1 filename: datatype_in_set_tags.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Sentry.set_tags(email: user.email)' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 4 filename: datatype_in_set_tags.rb @@ -21,7 +21,7 @@ critical: parent_content: 'scope.set_tags(email: user.email)' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 8 filename: datatype_in_set_tags.rb diff --git a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_user.yml b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_user.yml index a7ad569db..79295155b 100644 --- a/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_user.yml +++ b/pkg/commands/process/settings/rules/ruby/third_parties/sentry/.snapshots/TestRubyThirdPartiesSentry--datatype_in_set_user.yml @@ -1,7 +1,7 @@ critical: - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 3 filename: datatype_in_set_user.rb @@ -11,7 +11,7 @@ critical: parent_content: 'Sentry.set_user(email: user.email)' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 6 filename: datatype_in_set_user.rb @@ -21,7 +21,7 @@ critical: parent_content: 'scope.set_user(email: user.email)' - rule_dsrid: DSR-1 rule_display_id: ruby_third_parties_sentry - rule_description: Do not send sensitive data to Sentry. + rule_description: Sensitive data sent to Sentry detected. rule_documentation_url: https://docs.bearer.com/reference/rules/ruby_third_parties_sentry line_number: 10 filename: datatype_in_set_user.rb diff --git a/pkg/report/output/summary/.snapshots/TestBuildReportString b/pkg/report/output/summary/.snapshots/TestBuildReportString index 99982b323..dfd72b023 100644 --- a/pkg/report/output/summary/.snapshots/TestBuildReportString +++ b/pkg/report/output/summary/.snapshots/TestBuildReportString @@ -5,12 +5,12 @@ Summary Report ===================================== Checks: -- Do not send sensitive data to Rails loggers. (ruby_rails_logger) [DSR-5] -- Enable SSL Certificate Verification. (ruby_lang_ssl_verification) [DSR-2] - Its a test! (custom_test_rule) +- Missing SSL certificate verification detected. (ruby_lang_ssl_verification) [DSR-2] +- Sensitive data sent to Rails loggers detected. (ruby_rails_logger) [DSR-5] -CRITICAL: Do not send sensitive data to Rails loggers. [DSR-5] +CRITICAL: Sensitive data sent to Rails loggers detected. [DSR-5] https://docs.bearer.com/reference/rules/ruby_rails_logger To skip this rule, use the flag --skip-rule=ruby_rails_logger @@ -18,7 +18,7 @@ File: pkg/datatype_leak.rb:1 -LOW: Enable SSL Certificate Verification. [DSR-2] +LOW: Missing SSL certificate verification detected. [DSR-2] https://docs.bearer.com/reference/rules/ruby_lang_ssl_verification To skip this rule, use the flag --skip-rule=ruby_lang_ssl_verification diff --git a/pkg/report/output/summary/.snapshots/TestGetOutput b/pkg/report/output/summary/.snapshots/TestGetOutput index 882294880..ff5b3c26d 100644 --- a/pkg/report/output/summary/.snapshots/TestGetOutput +++ b/pkg/report/output/summary/.snapshots/TestGetOutput @@ -3,7 +3,7 @@ (summary.Result) { RuleDSRID: (string) (len=5) "DSR-5", RuleDisplayId: (string) (len=17) "ruby_rails_logger", - RuleDescription: (string) (len=44) "Do not send sensitive data to Rails loggers.", + RuleDescription: (string) (len=46) "Sensitive data sent to Rails loggers detected.", RuleDocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger", LineNumber: (int) 1, Filename: (string) (len=20) "pkg/datatype_leak.rb", @@ -20,7 +20,7 @@ (summary.Result) { RuleDSRID: (string) (len=5) "DSR-2", RuleDisplayId: (string) (len=26) "ruby_lang_ssl_verification", - RuleDescription: (string) (len=36) "Enable SSL Certificate Verification.", + RuleDescription: (string) (len=46) "Missing SSL certificate verification detected.", RuleDocumentationUrl: (string) (len=66) "https://docs.bearer.com/reference/rules/ruby_lang_ssl_verification", LineNumber: (int) 2, Filename: (string) (len=21) "config/application.rb", diff --git a/pkg/report/output/summary/.snapshots/TestTestGetOutputWithSeverity b/pkg/report/output/summary/.snapshots/TestTestGetOutputWithSeverity index 73a391cb1..5fcd109e8 100644 --- a/pkg/report/output/summary/.snapshots/TestTestGetOutputWithSeverity +++ b/pkg/report/output/summary/.snapshots/TestTestGetOutputWithSeverity @@ -3,7 +3,7 @@ (summary.Result) { RuleDSRID: (string) (len=5) "DSR-5", RuleDisplayId: (string) (len=17) "ruby_rails_logger", - RuleDescription: (string) (len=44) "Do not send sensitive data to Rails loggers.", + RuleDescription: (string) (len=46) "Sensitive data sent to Rails loggers detected.", RuleDocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger", LineNumber: (int) 1, Filename: (string) (len=20) "pkg/datatype_leak.rb",