diff --git a/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary b/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary index 12070880e..f162b6194 100644 --- a/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary +++ b/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary @@ -16,7 +16,6 @@ high: - [Datadog docs](https://docs.datadoghq.com) - [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans) documentation_url: "" - severity: low line_number: 3 full_filename: e2e/rules/testdata/data/auxilary/unsecure.js filename: unsecure.js @@ -46,13 +45,6 @@ high: fingerprint: 68427732321c4df53052a341ac8da647_0 old_fingerprint: 4d54a4b735da21fbdcb2d2662977b033_0 code_extract: client.event("user", "logged_in", {}, user); - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 -- diff --git a/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters b/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters index 857558ac2..34fef1d68 100644 --- a/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters +++ b/e2e/rules/.snapshots/TestReferenceFilters-testdata-data-reference_filters @@ -6,7 +6,6 @@ high: title: Test rule reference filters description: Test rule reference filters documentation_url: "" - severity: high line_number: 1 full_filename: e2e/rules/testdata/data/reference_filters/main.rb filename: main.rb @@ -30,12 +29,6 @@ high: fingerprint: df1f6d9ee9f4ee60085d0046163b3701_0 old_fingerprint: 52f7dcd9f1ba09f3a9f8c1ad305c8a89_0 code_extract: x.foo - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 -- diff --git a/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionSchema-testdata-data-ruby_rails_default_encryption_schema_rb b/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionSchema-testdata-data-ruby_rails_default_encryption_schema_rb index 8035897d6..a8b28e8bf 100644 --- a/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionSchema-testdata-data-ruby_rails_default_encryption_schema_rb +++ b/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionSchema-testdata-data-ruby_rails_default_encryption_schema_rb @@ -14,7 +14,6 @@ warning: ## Resources - [Ruby on Rails Active Record encryption](https://guides.rubyonrails.org/active_record_encryption.html) documentation_url: "" - severity: warning line_number: 4 full_filename: e2e/rules/testdata/data/ruby_rails_default_encryption_schema_rb/db/schema.rb filename: db/schema.rb @@ -62,9 +61,6 @@ warning: t.datetime "created_at", null: false t.datetime "updated_at", null: false end - severity: - rule_severity: warning - display_severity: warning -- diff --git a/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionStructure-testdata-data-ruby_rails_default_encryption_structure_sql b/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionStructure-testdata-data-ruby_rails_default_encryption_structure_sql index 545159ba8..705ad2217 100644 --- a/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionStructure-testdata-data-ruby_rails_default_encryption_structure_sql +++ b/e2e/rules/.snapshots/TestRubyRailsDefaultEncryptionStructure-testdata-data-ruby_rails_default_encryption_structure_sql @@ -14,7 +14,6 @@ warning: ## Resources - [Ruby on Rails Active Record encryption](https://guides.rubyonrails.org/active_record_encryption.html) documentation_url: "" - severity: warning line_number: 3 full_filename: e2e/rules/testdata/data/ruby_rails_default_encryption_structure_sql/db/structure.sql filename: db/structure.sql @@ -65,9 +64,6 @@ warning: updated_at timestamp(6) without time zone NOT NULL, email character varying DEFAULT ''::character varying NOT NULL ); - severity: - rule_severity: warning - display_severity: warning -- diff --git a/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer b/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer index 9a223f0ba..d58602319 100644 --- a/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer +++ b/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer @@ -6,7 +6,6 @@ critical: title: Test sanitizer description: Test sanitizer documentation_url: "" - severity: high line_number: 1 full_filename: e2e/rules/testdata/data/sanitizer/sanitizer.rb filename: sanitizer.rb @@ -36,13 +35,6 @@ critical: fingerprint: 6c505050fabde2c4ed17380d19fab254_0 old_fingerprint: d2e829ba86a33c5a52844641617ad8a7_0 code_extract: log("abc" + x) - severity: - rule_severity: high - display_severity: critical - sensitive_data_category_weighting: 2 - rule_severity_weighting: 5 - local_data_types: true - final_weighting: 9 - rule: cwe_ids: - "42" @@ -50,7 +42,6 @@ critical: title: Test sanitizer description: Test sanitizer documentation_url: "" - severity: high line_number: 4 full_filename: e2e/rules/testdata/data/sanitizer/sanitizer.rb filename: sanitizer.rb @@ -80,13 +71,6 @@ critical: fingerprint: 6c505050fabde2c4ed17380d19fab254_2 old_fingerprint: d2e829ba86a33c5a52844641617ad8a7_2 code_extract: log("abc" + user.email) - severity: - rule_severity: high - display_severity: critical - sensitive_data_category_weighting: 2 - rule_severity_weighting: 5 - local_data_types: true - final_weighting: 9 -- diff --git a/e2e/rules/.snapshots/TestSecrets-secrets b/e2e/rules/.snapshots/TestSecrets-secrets index e66212526..5337131d4 100644 --- a/e2e/rules/.snapshots/TestSecrets-secrets +++ b/e2e/rules/.snapshots/TestSecrets-secrets @@ -16,7 +16,6 @@ high: ## Resources - [Gitleaks](https://gitleaks.io/) documentation_url: "" - severity: high line_number: 3 full_filename: e2e/rules/testdata/data/secrets/leaked.rb filename: leaked.rb @@ -41,12 +40,6 @@ high: old_fingerprint: 47146043fab58ba5fc86fd0c716b20d8_0 detailed_context: PGP private key code_extract: ' @private_key ||= ''-----BEGIN PGP PRIVATE KEY BLOCK-----asdf-----END PGP PRIVATE KEY BLOCK-----''' - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 -- diff --git a/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby b/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby index 2e564f8b5..b35d0dda1 100644 --- a/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby +++ b/e2e/rules/.snapshots/TestSimpleRuby-testdata-data-simple_ruby @@ -22,7 +22,6 @@ medium: ## Resources - [Configuring Rails Applications - Ruby on Rails Guides](https://guides.rubyonrails.org/configuring.html#config-force-ssl) documentation_url: "" - severity: low line_number: 7 full_filename: e2e/rules/testdata/data/simple_ruby/unsecure.rb filename: unsecure.rb @@ -49,13 +48,6 @@ medium: fingerprint: 52ee98cc601d1c1bd772ff548ee32425_0 old_fingerprint: 28ca51516a8b388cb7065c1f0df8b093_0 code_extract: ' config.force_ssl = false' - severity: - rule_severity: low - display_severity: medium - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: false - final_weighting: 4 -- diff --git a/new/detector/composition/java/.snapshots/TestScope--scope.yml b/new/detector/composition/java/.snapshots/TestScope--scope.yml index f4290f0c8..c67dd3d89 100644 --- a/new/detector/composition/java/.snapshots/TestScope--scope.yml +++ b/new/detector/composition/java/.snapshots/TestScope--scope.yml @@ -6,7 +6,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 1 full_filename: scope.java filename: scope.java @@ -29,12 +28,6 @@ high: snippet: scopeCursor(request.getParameter("oops")) fingerprint: bdbeee20feb34c6881d975716e2fe09f_0 old_fingerprint: bdbeee20feb34c6881d975716e2fe09f_0 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -42,7 +35,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 5 full_filename: scope.java filename: scope.java @@ -65,12 +57,6 @@ high: snippet: scopeNested(request.getParameter("oops")) fingerprint: bdbeee20feb34c6881d975716e2fe09f_1 old_fingerprint: bdbeee20feb34c6881d975716e2fe09f_1 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -78,7 +64,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 6 full_filename: scope.java filename: scope.java @@ -101,12 +86,6 @@ high: snippet: 'scopeNested(x ? request.getParameter("oops") : y)' fingerprint: bdbeee20feb34c6881d975716e2fe09f_2 old_fingerprint: bdbeee20feb34c6881d975716e2fe09f_2 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -114,7 +93,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 7 full_filename: scope.java filename: scope.java @@ -137,12 +115,6 @@ high: snippet: 'scopeNested(request.getParameter("oops") ? x : y)' fingerprint: bdbeee20feb34c6881d975716e2fe09f_3 old_fingerprint: bdbeee20feb34c6881d975716e2fe09f_3 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -150,7 +122,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 9 full_filename: scope.java filename: scope.java @@ -173,12 +144,6 @@ high: snippet: scopeResult(request.getParameter("oops")) fingerprint: bdbeee20feb34c6881d975716e2fe09f_4 old_fingerprint: bdbeee20feb34c6881d975716e2fe09f_4 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -186,7 +151,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 10 full_filename: scope.java filename: scope.java @@ -209,10 +173,4 @@ high: snippet: 'scopeResult(x ? request.getParameter("oops") : y)' fingerprint: bdbeee20feb34c6881d975716e2fe09f_5 old_fingerprint: bdbeee20feb34c6881d975716e2fe09f_5 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 diff --git a/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml b/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml index 24b90a70a..ca8ef073f 100644 --- a/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml +++ b/new/detector/composition/java/.snapshots/flow/TestFlow--different-line.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 2 full_filename: different-line.java filename: different-line.java @@ -34,11 +33,4 @@ high: snippet: logger.error(name) fingerprint: b08f2b317021ef0197dc9286477e251d_0 old_fingerprint: b08f2b317021ef0197dc9286477e251d_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml b/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml index 00996d539..f2079aaa1 100644 --- a/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml +++ b/new/detector/composition/java/.snapshots/flow/TestFlow--same-line.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: same-line.java filename: same-line.java @@ -34,11 +33,4 @@ high: snippet: logger.error(user.name) fingerprint: b000c2a9a82d59a1e826bc709cca9307_0 old_fingerprint: b000c2a9a82d59a1e826bc709cca9307_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml b/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml index 11e35cd4b..53c47a27f 100644 --- a/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml +++ b/new/detector/composition/javascript/.snapshots/TestPatternVariables--main.yml @@ -6,7 +6,6 @@ high: title: Test pattern variable tree sitter node types/fixups description: Test pattern variable tree sitter node types/fixups documentation_url: "" - severity: high line_number: 1 full_filename: main.js filename: main.js @@ -29,12 +28,6 @@ high: snippet: const matchedVariable = 42 fingerprint: 5cac1aedf89257ee57d014d2ccc8d328_0 old_fingerprint: 5cac1aedf89257ee57d014d2ccc8d328_0 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -42,7 +35,6 @@ high: title: Test pattern variable tree sitter node types/fixups description: Test pattern variable tree sitter node types/fixups documentation_url: "" - severity: high line_number: 4 full_filename: main.js filename: main.js @@ -65,10 +57,4 @@ high: snippet: import x from "matched_package" fingerprint: 5cac1aedf89257ee57d014d2ccc8d328_1 old_fingerprint: 5cac1aedf89257ee57d014d2ccc8d328_1 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 diff --git a/new/detector/composition/javascript/.snapshots/TestScope--scope.yml b/new/detector/composition/javascript/.snapshots/TestScope--scope.yml index 7d82045f5..aab0c02a0 100644 --- a/new/detector/composition/javascript/.snapshots/TestScope--scope.yml +++ b/new/detector/composition/javascript/.snapshots/TestScope--scope.yml @@ -6,7 +6,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 1 full_filename: scope.js filename: scope.js @@ -29,12 +28,6 @@ high: snippet: scopeCursor(req.params.oops) fingerprint: 408407aa362e0520faf6b66c3d59bb8c_0 old_fingerprint: 408407aa362e0520faf6b66c3d59bb8c_0 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -42,7 +35,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 5 full_filename: scope.js filename: scope.js @@ -65,12 +57,6 @@ high: snippet: scopeNested(req.params.oops) fingerprint: 408407aa362e0520faf6b66c3d59bb8c_1 old_fingerprint: 408407aa362e0520faf6b66c3d59bb8c_1 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -78,7 +64,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 6 full_filename: scope.js filename: scope.js @@ -101,12 +86,6 @@ high: snippet: 'scopeNested(x ? req.params.oops : y)' fingerprint: 408407aa362e0520faf6b66c3d59bb8c_2 old_fingerprint: 408407aa362e0520faf6b66c3d59bb8c_2 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -114,7 +93,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 7 full_filename: scope.js filename: scope.js @@ -137,12 +115,6 @@ high: snippet: 'scopeNested(req.params.oops ? x : y)' fingerprint: 408407aa362e0520faf6b66c3d59bb8c_3 old_fingerprint: 408407aa362e0520faf6b66c3d59bb8c_3 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -150,7 +122,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 9 full_filename: scope.js filename: scope.js @@ -173,12 +144,6 @@ high: snippet: scopeResult(req.params.oops) fingerprint: 408407aa362e0520faf6b66c3d59bb8c_4 old_fingerprint: 408407aa362e0520faf6b66c3d59bb8c_4 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -186,7 +151,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 10 full_filename: scope.js filename: scope.js @@ -209,10 +173,4 @@ high: snippet: 'scopeResult(x ? req.params.oops : y)' fingerprint: 408407aa362e0520faf6b66c3d59bb8c_5 old_fingerprint: 408407aa362e0520faf6b66c3d59bb8c_5 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 diff --git a/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml b/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml index 434fdf418..aeb104e95 100644 --- a/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml +++ b/new/detector/composition/javascript/.snapshots/flow/TestFlow--assigment-expression.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: assigment-expression.js filename: assigment-expression.js @@ -34,11 +33,4 @@ high: snippet: console.log(user) fingerprint: 3c919e47299fa396f901d19edaad859c_0 old_fingerprint: 3c919e47299fa396f901d19edaad859c_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml b/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml index f55891228..a33388a12 100644 --- a/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml +++ b/new/detector/composition/javascript/.snapshots/flow/TestFlow--variable-declarator.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: variable-declarator.js filename: variable-declarator.js @@ -34,11 +33,4 @@ high: snippet: console.log(user) fingerprint: 5d86ec557137111caf0eca9a7d304c91_0 old_fingerprint: 5d86ec557137111caf0eca9a7d304c91_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml b/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml index cad6d28d9..acdaa689b 100644 --- a/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml +++ b/new/detector/composition/javascript/.snapshots/import/TestImport--import.yml @@ -6,7 +6,6 @@ high: title: Test imports description: Test imports documentation_url: "" - severity: high line_number: 4 full_filename: import.js filename: import.js @@ -29,12 +28,6 @@ high: snippet: lib.f() fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_0 old_fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_0 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -42,7 +35,6 @@ high: title: Test imports description: Test imports documentation_url: "" - severity: high line_number: 5 full_filename: import.js filename: import.js @@ -65,12 +57,6 @@ high: snippet: f() fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_1 old_fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_1 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -78,7 +64,6 @@ high: title: Test imports description: Test imports documentation_url: "" - severity: high line_number: 6 full_filename: import.js filename: import.js @@ -101,12 +86,6 @@ high: snippet: x() fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_2 old_fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_2 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -114,7 +93,6 @@ high: title: Test imports description: Test imports documentation_url: "" - severity: high line_number: 9 full_filename: import.js filename: import.js @@ -137,12 +115,6 @@ high: snippet: y.f() fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_3 old_fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_3 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -150,7 +122,6 @@ high: title: Test imports description: Test imports documentation_url: "" - severity: high line_number: 11 full_filename: import.js filename: import.js @@ -173,10 +144,4 @@ high: snippet: f() fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_4 old_fingerprint: 23ce8eb29bdfc7d63841656df3d9ae27_4 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 diff --git a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml index b058223ae..e5a0aa890 100644 --- a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml +++ b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--deconstructing.yml @@ -5,7 +5,6 @@ low: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: deconstructing.js filename: deconstructing.js @@ -28,10 +27,4 @@ low: snippet: user fingerprint: 391f0431340399f3f30398341feeb70a_0 old_fingerprint: 391f0431340399f3f30398341feeb70a_0 - severity: - rule_severity: low - display_severity: low - rule_severity_weighting: 2 - local_data_types: false - final_weighting: 2 diff --git a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml index ae31c9004..922d7ead5 100644 --- a/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml +++ b/new/detector/composition/javascript/.snapshots/object-deconstructing/TestObjectDeconstructing--multiple_objects.yml @@ -5,7 +5,6 @@ low: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: multiple_objects.js filename: multiple_objects.js @@ -28,10 +27,4 @@ low: snippet: user fingerprint: 83d173c5a31e8a9fc4b42968d18f584f_0 old_fingerprint: 83d173c5a31e8a9fc4b42968d18f584f_0 - severity: - rule_severity: low - display_severity: low - rule_severity_weighting: 2 - local_data_types: false - final_weighting: 2 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml b/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml index 9c07765ac..06db2751d 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--concatanation.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: concatanation.js filename: concatanation.js @@ -34,11 +33,4 @@ high: snippet: console.log("ht" + "tp://", user.name) fingerprint: 272ebbd3e69ab1032f6fb14b69a79ae8_0 old_fingerprint: 272ebbd3e69ab1032f6fb14b69a79ae8_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml b/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml index b4e4450d8..8a8f09e16 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--simple.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: simple.js filename: simple.js @@ -34,11 +33,4 @@ high: snippet: console.log("http://", user.name) fingerprint: 971b852ae8266c6d2b25437584017e2c_0 old_fingerprint: 971b852ae8266c6d2b25437584017e2c_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml b/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml index cce863df5..9ba916e22 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--single-quotes.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 2 full_filename: single-quotes.js filename: single-quotes.js @@ -34,11 +33,4 @@ high: snippet: console.log('http://', user.name) fingerprint: d85fed5722eb11c71ff861517e929da1_0 old_fingerprint: d85fed5722eb11c71ff861517e929da1_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml b/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml index b0e8fb66c..ae5e28445 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 3 full_filename: template-variable-reconciliation.js filename: template-variable-reconciliation.js @@ -34,11 +33,4 @@ high: snippet: console.log(`h${path}${config.domain}`, user.name) fingerprint: bbac16a148474689a2cb1b5e2d40ada2_0 old_fingerprint: bbac16a148474689a2cb1b5e2d40ada2_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/javascript/.snapshots/string/TestString--template.yml b/new/detector/composition/javascript/.snapshots/string/TestString--template.yml index 50768c26b..a220e73b5 100644 --- a/new/detector/composition/javascript/.snapshots/string/TestString--template.yml +++ b/new/detector/composition/javascript/.snapshots/string/TestString--template.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: template.js filename: template.js @@ -34,11 +33,4 @@ high: snippet: console.log(`http://${config.domain}`, user.name) fingerprint: 5f1137c9ab0489aed97dddee99bff779_0 old_fingerprint: 5f1137c9ab0489aed97dddee99bff779_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml b/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml index 3deb1f165..d030036ba 100644 --- a/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml +++ b/new/detector/composition/ruby/.snapshots/TestPatternVariables--main.yml @@ -6,7 +6,6 @@ high: title: Test pattern variable tree sitter node types/fixups description: Test pattern variable tree sitter node types/fixups documentation_url: "" - severity: high line_number: 1 full_filename: main.rb filename: main.rb @@ -29,12 +28,6 @@ high: snippet: matched_variable = 42 fingerprint: 514e95a40b868d7341016d3fa344513d_0 old_fingerprint: 514e95a40b868d7341016d3fa344513d_0 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -42,7 +35,6 @@ high: title: Test pattern variable tree sitter node types/fixups description: Test pattern variable tree sitter node types/fixups documentation_url: "" - severity: high line_number: 4 full_filename: main.rb filename: main.rb @@ -69,12 +61,6 @@ high: end fingerprint: 514e95a40b868d7341016d3fa344513d_1 old_fingerprint: 514e95a40b868d7341016d3fa344513d_1 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -82,7 +68,6 @@ high: title: Test pattern variable tree sitter node types/fixups description: Test pattern variable tree sitter node types/fixups documentation_url: "" - severity: high line_number: 7 full_filename: main.rb filename: main.rb @@ -111,10 +96,4 @@ high: end fingerprint: 514e95a40b868d7341016d3fa344513d_2 old_fingerprint: 514e95a40b868d7341016d3fa344513d_2 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 diff --git a/new/detector/composition/ruby/.snapshots/TestRuby--call.yml b/new/detector/composition/ruby/.snapshots/TestRuby--call.yml index 9fefb0a3e..a3514d474 100644 --- a/new/detector/composition/ruby/.snapshots/TestRuby--call.yml +++ b/new/detector/composition/ruby/.snapshots/TestRuby--call.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: call.rb filename: call.rb @@ -34,11 +33,4 @@ high: snippet: logger.info(user.name) fingerprint: e61c5d04fc38732e3374bc499d4daec1_0 old_fingerprint: e61c5d04fc38732e3374bc499d4daec1_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml b/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml index 177b43219..38b3095b3 100644 --- a/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml +++ b/new/detector/composition/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml @@ -5,7 +5,6 @@ high: title: "" description: "" documentation_url: "" - severity: low line_number: 1 full_filename: object-variable-reconciliation.rb filename: object-variable-reconciliation.rb @@ -34,11 +33,4 @@ high: snippet: logger.info(user) fingerprint: 50cde2c647d72172d49858483ecb0b57_0 old_fingerprint: 50cde2c647d72172d49858483ecb0b57_0 - severity: - rule_severity: low - display_severity: high - sensitive_data_category_weighting: 2 - rule_severity_weighting: 2 - local_data_types: true - final_weighting: 6 diff --git a/new/detector/composition/ruby/.snapshots/TestScope--scope.yml b/new/detector/composition/ruby/.snapshots/TestScope--scope.yml index cc5a56d27..5d50a3446 100644 --- a/new/detector/composition/ruby/.snapshots/TestScope--scope.yml +++ b/new/detector/composition/ruby/.snapshots/TestScope--scope.yml @@ -6,7 +6,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 1 full_filename: scope.rb filename: scope.rb @@ -29,12 +28,6 @@ high: snippet: scope_cursor(params[:oops]) fingerprint: 23e17866f80f43957a84e824da9ce255_0 old_fingerprint: 23e17866f80f43957a84e824da9ce255_0 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -42,7 +35,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 5 full_filename: scope.rb filename: scope.rb @@ -65,12 +57,6 @@ high: snippet: scope_nested(params[:oops]) fingerprint: 23e17866f80f43957a84e824da9ce255_1 old_fingerprint: 23e17866f80f43957a84e824da9ce255_1 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -78,7 +64,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 6 full_filename: scope.rb filename: scope.rb @@ -101,12 +86,6 @@ high: snippet: 'scope_nested(x ? params[:oops] : y)' fingerprint: 23e17866f80f43957a84e824da9ce255_2 old_fingerprint: 23e17866f80f43957a84e824da9ce255_2 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -114,7 +93,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 7 full_filename: scope.rb filename: scope.rb @@ -137,12 +115,6 @@ high: snippet: 'scope_nested(params[:oops] ? x : y)' fingerprint: 23e17866f80f43957a84e824da9ce255_3 old_fingerprint: 23e17866f80f43957a84e824da9ce255_3 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -150,7 +122,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 9 full_filename: scope.rb filename: scope.rb @@ -173,12 +144,6 @@ high: snippet: scope_result(params[:oops]) fingerprint: 23e17866f80f43957a84e824da9ce255_4 old_fingerprint: 23e17866f80f43957a84e824da9ce255_4 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 - rule: cwe_ids: - "42" @@ -186,7 +151,6 @@ high: title: Test detection filter scopes description: Test detection filter scopes documentation_url: "" - severity: high line_number: 10 full_filename: scope.rb filename: scope.rb @@ -209,10 +173,4 @@ high: snippet: 'scope_result(x ? params[:oops] : y)' fingerprint: 23e17866f80f43957a84e824da9ce255_5 old_fingerprint: 23e17866f80f43957a84e824da9ce255_5 - severity: - rule_severity: high - display_severity: high - rule_severity_weighting: 5 - local_data_types: false - final_weighting: 5 diff --git a/pkg/report/output/security/.snapshots/TestAddReportData b/pkg/report/output/security/.snapshots/TestAddReportData index 5f2a1bd20..8ebf84013 100644 --- a/pkg/report/output/security/.snapshots/TestAddReportData +++ b/pkg/report/output/security/.snapshots/TestAddReportData @@ -9,8 +9,7 @@ Id: (string) (len=17) "ruby_rails_logger", Title: (string) (len=46) "Sensitive data sent to Rails loggers detected.", Description: (string) (len=608) "## Description\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to rails loggers.\n\n## Remediations\n❌ Avoid using sensitive data in logger messages:\n\n```ruby\nRails.logger.info('User is: #{user.email}')\n```\n\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\n\n```ruby\nRails.logger.info('User is: #{user.uuid}')\n```\n\n## Resources\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n", - DocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger", - Severity: (string) (len=3) "low" + DocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger" }), LineNumber: (int) 1, FullFilename: (string) "", @@ -51,17 +50,16 @@ OldFingerprint: (string) (len=34) "80ce0185374c0975a9b2a71e9d11a4f0_0", DetailedContext: (string) "", CodeExtract: (string) "", - SeverityWeighting: (security.SeverityWeighting) { + RawCodeExtract: ([]file.Line) { + }, + SeverityWeighting: (types.SeverityWeighting) { RuleSeverity: (string) (len=3) "low", DisplaySeverity: (string) (len=8) "critical", SensitiveDataCategoryWeighting: (int) 3, RuleSeverityWeighting: (int) 2, HasLocalDataTypes: (*bool)(true), FinalWeighting: (int) 8 - }, - RawCodeExtract: ([]file.Line) { - }, - SomeExtraField: (string) "" + } } }, (string) (len=4) "high": ([]types.Finding) (len=1) { @@ -73,8 +71,7 @@ Id: (string) (len=26) "ruby_lang_ssl_verification", Title: (string) (len=46) "Missing SSL certificate verification detected.", Description: (string) (len=728) "## Description\n\nApplications processing sensitive data should use valid SSL certificates. This rule checks if SSL verification is enabled.\n\n## Remediations\n\n❌ By default Ruby check for SSL certificate verification but this can be bypassed when setting Open SSL verification mode to `VERIFY_NONE`:\n\n```clojure\nrequire \"net/https\"\nrequire \"uri\"\n\nuri = URI.parse(\"https://ssl-site.com/\")\nhttp = Net::HTTP.new(uri.host, uri.port)\nhttp.use_ssl = true\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n```\n\n✅ To ensure that SSL verification always happens, make sure to use the following mode:\n\n```bash\nhttp.verify_mode = OpenSSL::SSL::VERIFY_PEER\n```\n\n## Resources\n- [Ruby OpenSSL module](https://ruby.github.io/openssl/OpenSSL.html)\n", - DocumentationUrl: (string) (len=66) "https://docs.bearer.com/reference/rules/ruby_lang_ssl_verification", - Severity: (string) (len=6) "medium" + DocumentationUrl: (string) (len=66) "https://docs.bearer.com/reference/rules/ruby_lang_ssl_verification" }), LineNumber: (int) 2, FullFilename: (string) "", @@ -111,17 +108,16 @@ OldFingerprint: (string) (len=34) "dcc50aebb6a6da7f0a8cb06e071f2af2_0", DetailedContext: (string) "", CodeExtract: (string) "", - SeverityWeighting: (security.SeverityWeighting) { + RawCodeExtract: ([]file.Line) { + }, + SeverityWeighting: (types.SeverityWeighting) { RuleSeverity: (string) (len=6) "medium", DisplaySeverity: (string) (len=4) "high", SensitiveDataCategoryWeighting: (int) 2, RuleSeverityWeighting: (int) 3, HasLocalDataTypes: (*bool)(false), FinalWeighting: (int) 5 - }, - RawCodeExtract: ([]file.Line) { - }, - SomeExtraField: (string) "" + } } } } diff --git a/pkg/report/output/security/.snapshots/TestAddReportDataWithSeverity b/pkg/report/output/security/.snapshots/TestAddReportDataWithSeverity index dd1e24955..30ae237b7 100644 --- a/pkg/report/output/security/.snapshots/TestAddReportDataWithSeverity +++ b/pkg/report/output/security/.snapshots/TestAddReportDataWithSeverity @@ -9,8 +9,7 @@ Id: (string) (len=17) "ruby_rails_logger", Title: (string) (len=46) "Sensitive data sent to Rails loggers detected.", Description: (string) (len=608) "## Description\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to rails loggers.\n\n## Remediations\n❌ Avoid using sensitive data in logger messages:\n\n```ruby\nRails.logger.info('User is: #{user.email}')\n```\n\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\n\n```ruby\nRails.logger.info('User is: #{user.uuid}')\n```\n\n## Resources\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n", - DocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger", - Severity: (string) (len=3) "low" + DocumentationUrl: (string) (len=57) "https://docs.bearer.com/reference/rules/ruby_rails_logger" }), LineNumber: (int) 1, FullFilename: (string) "", @@ -51,17 +50,16 @@ OldFingerprint: (string) (len=34) "80ce0185374c0975a9b2a71e9d11a4f0_0", DetailedContext: (string) "", CodeExtract: (string) "", - SeverityWeighting: (security.SeverityWeighting) { + RawCodeExtract: ([]file.Line) { + }, + SeverityWeighting: (types.SeverityWeighting) { RuleSeverity: (string) (len=3) "low", DisplaySeverity: (string) (len=8) "critical", SensitiveDataCategoryWeighting: (int) 3, RuleSeverityWeighting: (int) 2, HasLocalDataTypes: (*bool)(true), FinalWeighting: (int) 8 - }, - RawCodeExtract: ([]file.Line) { - }, - SomeExtraField: (string) "" + } } } } diff --git a/pkg/report/output/security/.snapshots/TestCalculateSeverity b/pkg/report/output/security/.snapshots/TestCalculateSeverity index 5d8093293..8da66ca33 100644 --- a/pkg/report/output/security/.snapshots/TestCalculateSeverity +++ b/pkg/report/output/security/.snapshots/TestCalculateSeverity @@ -1,5 +1,5 @@ -([]security.SeverityWeighting) (len=5) { - (security.SeverityWeighting) { +([]types.SeverityWeighting) (len=5) { + (types.SeverityWeighting) { RuleSeverity: (string) (len=3) "low", DisplaySeverity: (string) (len=8) "critical", SensitiveDataCategoryWeighting: (int) 3, @@ -7,7 +7,7 @@ HasLocalDataTypes: (*bool)(true), FinalWeighting: (int) 8 }, - (security.SeverityWeighting) { + (types.SeverityWeighting) { RuleSeverity: (string) (len=3) "low", DisplaySeverity: (string) (len=4) "high", SensitiveDataCategoryWeighting: (int) 3, @@ -15,7 +15,7 @@ HasLocalDataTypes: (*bool)(false), FinalWeighting: (int) 5 }, - (security.SeverityWeighting) { + (types.SeverityWeighting) { RuleSeverity: (string) (len=3) "low", DisplaySeverity: (string) (len=6) "medium", SensitiveDataCategoryWeighting: (int) 2, @@ -23,7 +23,7 @@ HasLocalDataTypes: (*bool)(false), FinalWeighting: (int) 4 }, - (security.SeverityWeighting) { + (types.SeverityWeighting) { RuleSeverity: (string) (len=7) "warning", DisplaySeverity: (string) (len=7) "warning", SensitiveDataCategoryWeighting: (int) 0, @@ -31,7 +31,7 @@ HasLocalDataTypes: (*bool)(), FinalWeighting: (int) 0 }, - (security.SeverityWeighting) { + (types.SeverityWeighting) { RuleSeverity: (string) (len=7) "warning", DisplaySeverity: (string) (len=7) "warning", SensitiveDataCategoryWeighting: (int) 0, diff --git a/pkg/report/output/security/security.go b/pkg/report/output/security/security.go index ddfbc1900..0ea779124 100644 --- a/pkg/report/output/security/security.go +++ b/pkg/report/output/security/security.go @@ -171,7 +171,6 @@ func evaluateRules( } ruleSummary := &types.Rule{ - Severity: rule.GetSeverity(), Title: rule.Description, Description: rule.RemediationMessage, Id: rule.Id, diff --git a/pkg/report/output/security/types/types.go b/pkg/report/output/security/types/types.go index 151fe7503..9b892554c 100644 --- a/pkg/report/output/security/types/types.go +++ b/pkg/report/output/security/types/types.go @@ -33,7 +33,6 @@ type DataType struct { } type Rule struct { - Severity string `json:"severity" yaml:"severity"` CWEIDs []string `json:"cwe_ids" yaml:"cwe_ids"` Id string `json:"id" yaml:"id"` Title string `json:"title" yaml:"title"`