Bearer · gotbadger · Feb 21, 2023 · Feb 20, 2023 · Feb 21, 2023
diff --git a/...ings/rules/internal/internal/gitleaks.yml → ...es/internal/internal/secret_detection.yml b/...ings/rules/internal/internal/gitleaks.yml → ...es/internal/internal/secret_detection.yml
@@ -5,11 +5,11 @@ severity:
 detailed_context: true
 omit_parent_content: true
 metadata:
-  description: "Do not leak secrets in the codebase."
+  description: "Hard-coded secret detected."
   remediation_message: |
     ## Description
 
-    Hard-coding secrets and keys in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded.
+    Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded.
 
     ## Remediations
 
@@ -20,4 +20,4 @@ metadata:
   dsr_id: "DSR-4"
   cwe_id:
     - 798
-  id: "gitleaks"
+  id: "secret_detection"
diff --git a/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml b/pkg/commands/process/settings/rules/javascript/express/exposed_dir_listing.yml
@@ -7,7 +7,7 @@ trigger: presence
 severity:
   default: "warning"
 metadata:
-  description: "Ensure directory listing is not inappropriately exposed."
+  description: "Missing access restriction to directory listing detected."
   remediation_message: |
     ## Description
     Inappropriate exposure of a directory listing could give attackers access to sensitive data or source code, either directly or through exploitation of an exposed file structure.

diff --git a/...dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml b/...dir_listing/.snapshots/TestJavascriptExpressExposedDirListing--serve_index_in_app_use.yml
@@ -1,7 +1,7 @@
 warning:
     - rule_dsrid: ""
       rule_display_id: javascript_express_exposed_dir_listing
-      rule_description: Ensure directory listing is not inappropriately exposed.
+      rule_description: Missing access restriction to directory listing detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_express_exposed_dir_listing
       line_number: 5
       filename: serve_index_in_app_use.js

diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_cookie.yml
@@ -22,7 +22,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Ensure cookies are sent over HTTPS."
+  description: "Missing secure options for cookie detected."
   remediation_message: |
     ## Description
     To make sure cookies don't open your application up to exploits or unauthorized access, don't use default cookie values and make sure to set security options appropriately.

diff --git a/...ules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml b/...ules/javascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--http_only.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-3
       rule_display_id: express_insecure_cookie
-      rule_description: Ensure cookies are sent over HTTPS.
+      rule_description: Missing secure options for cookie detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
       line_number: 9
       filename: http_only.js

diff --git a/...avascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml b/...avascript/express/insecure_cookie/.snapshots/TestExpressSecureCookie--insecure_cookie.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-3
       rule_display_id: express_insecure_cookie
-      rule_description: Ensure cookies are sent over HTTPS.
+      rule_description: Missing secure options for cookie detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_cookie
       line_number: 9
       filename: insecure_cookie.js

diff --git a/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml b/pkg/commands/process/settings/rules/javascript/express/insecure_xml_ref.yml
@@ -23,7 +23,7 @@ trigger: presence
 severity:
   default: "low"
 metadata:
-  description: "Ensure proper restriction of XML external entity references."
+  description: "Missing proper restriction of XML external entity references detected."
   remediation_message: |
     ## Description
     Avoid generating XML documents that include XML entities with URIs that resolve to resources that are outside of the current context.

diff --git a/...xpress/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml b/...xpress/insecure_xml_ref/.snapshots/TestExpressInsecureXmlRef--lib_xml_with_noent_true.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: ""
       rule_display_id: express_insecure_xml_ref
-      rule_description: Ensure proper restriction of XML external entity references.
+      rule_description: Missing proper restriction of XML external entity references detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/express_insecure_xml_ref
       line_number: 4
       filename: lib_xml_with_noent_true.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/exception.yml b/pkg/commands/process/settings/rules/javascript/lang/exception.yml
@@ -34,7 +34,7 @@ severity:
 skip_data_types:
   - Unique Identifier
 metadata:
-  description: "Do not send sensitive data to exceptions."
+  description: "Sensitive data in a exception message detected."
   remediation_message: |
     ## Description
 

diff --git a/...ules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml b/...ules/javascript/lang/exception/.snapshots/TestJavascriptLangException--promise_reject.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: promise_reject.js

diff --git a/...ttings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml b/...ttings/rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--reject.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: reject.js
@@ -11,7 +11,7 @@ critical:
       parent_content: reject("Error with user " + user)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 14
       filename: reject.js

diff --git a/...ascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml b/...ascript/lang/exception/.snapshots/TestJavascriptLangException--throw_custom_exception.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: throw_custom_exception.js

diff --git a/.../rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml b/.../rules/javascript/lang/exception/.snapshots/TestJavascriptLangException--throw_string.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_exception
-      rule_description: Do not send sensitive data to exceptions.
+      rule_description: Sensitive data in a exception message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_exception
       line_number: 5
       filename: throw_string.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml b/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml
@@ -18,7 +18,7 @@ severity:
   PHI: medium
   PD: high
 metadata:
-  description: "Do not write sensitive data to static files."
+  description: "Sensitive data detected as part of a dynamic file generation."
   remediation_message: |
     ## Description
 

diff --git a/...ipt/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml b/...ipt/lang/file_generation/.snapshots/TestJavascriptLangFileGeneration--file_generation.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-4
       rule_display_id: javascript_lang_file_generation
-      rule_description: Do not write sensitive data to static files.
+      rule_description: Sensitive data detected as part of a dynamic file generation.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation
       line_number: 8
       filename: file_generation.js
@@ -15,7 +15,7 @@ critical:
         })
     - rule_dsrid: DSR-4
       rule_display_id: javascript_lang_file_generation
-      rule_description: Do not write sensitive data to static files.
+      rule_description: Sensitive data detected as part of a dynamic file generation.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation
       line_number: 11
       filename: file_generation.js
@@ -29,7 +29,7 @@ critical:
         })
     - rule_dsrid: DSR-4
       rule_display_id: javascript_lang_file_generation
-      rule_description: Do not write sensitive data to static files.
+      rule_description: Sensitive data detected as part of a dynamic file generation.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_file_generation
       line_number: 12
       filename: file_generation.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml b/pkg/commands/process/settings/rules/javascript/lang/http_insecure.yml
@@ -35,7 +35,7 @@ trigger: presence
 severity:
   default: low
 metadata:
-  description: "Only communicate using HTTPS connections."
+  description: "Connection with an unsecure HTTP communication detected."
   remediation_message: |
     ## Description
 

diff --git a/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml b/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--axios_insecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_http_insecure
-      rule_description: Only communicate using HTTPS connections.
+      rule_description: Connection with an unsecure HTTP communication detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure
       line_number: 2
       filename: axios_insecure.js

diff --git a/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml b/...s/javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--fetch_insecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_http_insecure
-      rule_description: Only communicate using HTTPS connections.
+      rule_description: Connection with an unsecure HTTP communication detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure
       line_number: 3
       filename: fetch_insecure.js

diff --git a/...javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml b/...javascript/lang/http_insecure/.snapshots/TestJavascriptHTTPInsecure--request_insecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_http_insecure
-      rule_description: Only communicate using HTTPS connections.
+      rule_description: Connection with an unsecure HTTP communication detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_http_insecure
       line_number: 5
       filename: request_insecure.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/jwt.yml b/pkg/commands/process/settings/rules/javascript/lang/jwt.yml
@@ -16,7 +16,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not store sensitive data in jwt."
+  description: "Sensitive data in a JWT detected."
   remediation_message: |
     ## Description
 

diff --git a/...nds/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml b/...nds/process/settings/rules/javascript/lang/jwt/.snapshots/TestJavascriptJWT--unsecure.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_jwt
-      rule_description: Do not store sensitive data in jwt.
+      rule_description: Sensitive data in a JWT detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_jwt
       line_number: 2
       filename: unsecure.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/logger.yml b/pkg/commands/process/settings/rules/javascript/lang/logger.yml
@@ -71,7 +71,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not send sensitive data to loggers."
+  description: "Sensitive data in a logger message detected."
   remediation_message: |
     ## Description
 

diff --git a/...cess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml b/...cess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child.yml
@@ -1,7 +1,7 @@
 low:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 3
       filename: child.js

diff --git a/...ettings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml b/...ettings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--child_level.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 3
       filename: child_level.js
@@ -11,7 +11,7 @@ critical:
       parent_content: logger.child(ctx)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 7
       filename: child_level.js

diff --git a/...ss/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml b/...ss/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--console.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 1
       filename: console.js

diff --git a/...tings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml b/...tings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--datatype_leak.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 1
       filename: datatype_leak.js

diff --git a/...rocess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml b/...rocess/settings/rules/javascript/lang/logger/.snapshots/TestJavascriptLangLogger--log.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_lang_logger
-      rule_description: Do not send sensitive data to loggers.
+      rule_description: Sensitive data in a logger message detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_logger
       line_number: 1
       filename: log.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/session.yml b/pkg/commands/process/settings/rules/javascript/lang/session.yml
@@ -15,7 +15,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not set sensitive data to session."
+  description: "Sensitive data stored in HTML local storage detected."
   remediation_message: |
     ## Description
 

diff --git a/...ings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml b/...ings/rules/javascript/lang/session/.snapshots/TestJavascriptLangSession--session_leak.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_session
-      rule_description: Do not set sensitive data to session.
+      rule_description: Sensitive data stored in HTML local storage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_session
       line_number: 1
       filename: session_leak.js

diff --git a/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml b/pkg/commands/process/settings/rules/javascript/lang/weak_encryption.yml
@@ -31,7 +31,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not weak encrypt sensitive information"
+  description: "Weak encryption library usage detected."
   remediation_message: |
     ## Description
 

diff --git a/...gs/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml b/...gs/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--md5.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 4
       filename: md5.js
@@ -11,7 +11,7 @@ critical:
       parent_content: crypto.createHmac("md5", key).update(user.password)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 5
       filename: md5.js

diff --git a/...s/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml b/...s/rules/javascript/lang/weak_encryption/.snapshots/TestJavascriptWeakEncryption--sha1.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 4
       filename: sha1.js
@@ -11,7 +11,7 @@ critical:
       parent_content: crypto.createHmac("sha1", key).update(user.password)
     - rule_dsrid: DSR-5
       rule_display_id: javascript_weak_encryption
-      rule_description: Do not weak encrypt sensitive information
+      rule_description: Weak encryption library usage detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_weak_encryption
       line_number: 5
       filename: sha1.js

diff --git a/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml b/pkg/commands/process/settings/rules/javascript/react/google_analytics.yml
@@ -13,7 +13,7 @@ severity:
   PHI: medium
   PD: high
 metadata:
-  description: "Do not send sensitive data to Google Analytics."
+  description: "Sensitive data sent to Google Analytics detected."
   remediation_message: |
     ## Description
 

diff --git a/...script/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml b/...script/react/google_analytics/.snapshots/TestJavascriptReactGoogleAnalytics--insecure.yml
@@ -1,7 +1,7 @@
 critical:
     - rule_dsrid: DSR-1
       rule_display_id: javascript_react_google_analytics
-      rule_description: Do not send sensitive data to Google Analytics.
+      rule_description: Sensitive data sent to Google Analytics detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_react_google_analytics
       line_number: 1
       filename: insecure.js
@@ -16,7 +16,7 @@ critical:
         })
     - rule_dsrid: DSR-1
       rule_display_id: javascript_react_google_analytics
-      rule_description: Do not send sensitive data to Google Analytics.
+      rule_description: Sensitive data sent to Google Analytics detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_react_google_analytics
       line_number: 5
       filename: insecure.js

diff --git a/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml b/pkg/commands/process/settings/rules/javascript/third_parties/airbrake.yml
@@ -22,7 +22,7 @@ severity:
 skip_data_types:
   - "Unique Identifier"
 metadata:
-  description: "Do not send sensitive data to Airbrake."
+  description: "Sensitive data sent to Airbrake detected."
   remediation_message: |
     ## Description
     Leaking sensitive data to third-party loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Airbrake.

diff --git a/...vascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml b/...vascript/third_parties/airbrake/.snapshots/TestJavascriptAirbrake--datatype_in_notify.yml
@@ -1,7 +1,7 @@
 high:
     - rule_dsrid: DSR-1
       rule_display_id: javascript_third_parties_airbrake
-      rule_description: Do not send sensitive data to Airbrake.
+      rule_description: Sensitive data sent to Airbrake detected.
       rule_documentation_url: https://docs.bearer.com/reference/rules/javascript_third_parties_airbrake
       line_number: 18
       filename: datatype_in_notify.js