chore: remove dynamic severity entirely (#1504)

* chore: remove dynamic severity entirely

* fix: update snapshots

e2e/.snapshots/TestCache

@@ -1,4 +1,4 @@
-critical:
+high:
     - rule:
         cwe_ids:
             - "42"

e2e/flags/.snapshots/TestReportFlagsShouldFail-format-jsonv2

@@ -1,4 +1,4 @@
-{"source":"Bearer","version":"dev","findings":[{"cwe_ids":["42"],"id":"test_ruby_logger","title":"Ruby logger","description":"Ruby logger","documentation_url":"","line_number":1,"full_filename":"e2e/flags/testdata/simple/main.rb","filename":"main.rb","data_type":{"category_uuid":"cef587dd-76db-430b-9e18-7b031e1a193b","name":"Email Address"},"category_groups":["PII","Personal Data"],"source":{"start":1,"end":1,"column":{"start":26,"end":36}},"sink":{"start":1,"end":1,"column":{"start":1,"end":37},"content":"logger.info(\"user info\", user.email)"},"parent_line_number":1,"snippet":"logger.info(\"user info\", user.email)","fingerprint":"fa5e03644738e4c17cbbd04a580506b1_0","old_fingerprint":"8240e1537878783bac845d1163c80555_0","code_extract":"logger.info(\"user info\", user.email)","severity":"critical"}]}
+{"source":"Bearer","version":"dev","findings":[{"cwe_ids":["42"],"id":"test_ruby_logger","title":"Ruby logger","description":"Ruby logger","documentation_url":"","line_number":1,"full_filename":"e2e/flags/testdata/simple/main.rb","filename":"main.rb","data_type":{"category_uuid":"cef587dd-76db-430b-9e18-7b031e1a193b","name":"Email Address"},"category_groups":["PII","Personal Data"],"source":{"start":1,"end":1,"column":{"start":26,"end":36}},"sink":{"start":1,"end":1,"column":{"start":1,"end":37},"content":"logger.info(\"user info\", user.email)"},"parent_line_number":1,"snippet":"logger.info(\"user info\", user.email)","fingerprint":"fa5e03644738e4c17cbbd04a580506b1_0","old_fingerprint":"8240e1537878783bac845d1163c80555_0","code_extract":"logger.info(\"user info\", user.email)","severity":"high"}]}
 
 --
 Analyzing codebase

e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids:
             - "201"

e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer

@@ -1,4 +1,4 @@
-critical:
+high:
     - rule:
         cwe_ids:
             - "42"

internal/languages/golang/.snapshots/flow/TestFlow--different-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: rule_logger_test

internal/languages/golang/.snapshots/flow/TestFlow--same-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: rule_logger_test

internal/languages/java/.snapshots/flow/TestFlow--different-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: java_rule_logger_test

internal/languages/java/.snapshots/flow/TestFlow--same-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: java_rule_logger_test

internal/languages/javascript/.snapshots/flow/TestFlow--assigment-expression.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: javascript_test_datatype_rule

internal/languages/javascript/.snapshots/flow/TestFlow--variable-declarator.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: javascript_test_datatype_rule

internal/languages/javascript/.snapshots/string/TestString--concatanation.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: javascript_insecure_url_test

internal/languages/javascript/.snapshots/string/TestString--simple.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: javascript_insecure_url_test

internal/languages/javascript/.snapshots/string/TestString--single-quotes.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: javascript_insecure_url_test

internal/languages/javascript/.snapshots/string/TestString--template-variable-reconciliation.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: javascript_insecure_url_test

internal/languages/javascript/.snapshots/string/TestString--template.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: javascript_insecure_url_test

internal/languages/php/.snapshots/flow/TestFlow--different-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: php_rule_logger_test

internal/languages/php/.snapshots/flow/TestFlow--same-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: php_rule_logger_test

internal/languages/python/.snapshots/flow/TestFlow--different-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: rule_logger_test

internal/languages/python/.snapshots/flow/TestFlow--same-line.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: rule_logger_test

internal/languages/ruby/.snapshots/TestRuby--call.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: logger_test_rule

internal/languages/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml

@@ -1,4 +1,4 @@
-high:
+low:
     - rule:
         cwe_ids: []
         id: logger_test_rule

internal/report/output/privacy/.snapshots/TestAddReportData

@@ -5,7 +5,7 @@
       DataType: (string) (len=13) "Email Address",
       DetectionCount: (int) 1,
       CriticalRiskFindingCount: (int) 0,
-      HighRiskFindingCount: (int) 1,
+      HighRiskFindingCount: (int) 0,
       MediumRiskFindingCount: (int) 0,
       LowRiskFindingCount: (int) 0,
       RulesPassedCount: (int) 0
@@ -29,7 +29,7 @@
         (string) (len=13) "Email Address"
       },
       CriticalRiskFindingCount: (int) 0,
-      HighRiskFindingCount: (int) 1,
+      HighRiskFindingCount: (int) 0,
       MediumRiskFindingCount: (int) 0,
       LowRiskFindingCount: (int) 0,
       RulesPassedCount: (int) 0

internal/report/output/privacy/.snapshots/TestBuildCsvString

@@ -1,8 +1,8 @@
 
 Subject,Data Types,Detection Count,Critical Risk Finding,High Risk Finding,Medium Risk Finding,Low Risk Finding,Rules Passed
-User,Email Address,1,0,1,0,0,0
+User,Email Address,1,0,0,0,0,0
 Unknown,Country,1,0,0,0,0,1
 
 Third Party,Subject,Data Types,Critical Risk Finding,High Risk Finding,Medium Risk Finding,Low Risk Finding,Rules Passed
-Sentry,User,"Email Address",0,1,0,0,0
+Sentry,User,"Email Address",0,0,0,0,0
 

internal/report/output/security/.snapshots/TestAddReportData

@@ -53,16 +53,12 @@
       RawCodeExtract: ([]file.Line) {
       },
       SeverityMeta: (types.SeverityMeta) {
-        RuleSeverity: (string) (len=3) "low",
-        SensitiveDataCategories: ([]string) (len=3) {
-          (string) (len=3) "PII",
-          (string) (len=13) "Personal Data",
-          (string) (len=25) "Personal Data (Sensitive)"
-        },
-        HasLocalDataTypes: (*bool)(true),
-        SensitiveDataCategoryWeighting: (int) 3,
-        RuleSeverityWeighting: (int) 2,
-        FinalWeighting: (int) 8,
+        RuleSeverity: (string) (len=8) "critical",
+        SensitiveDataCategories: ([]string) <nil>,
+        HasLocalDataTypes: (*bool)(<nil>),
+        SensitiveDataCategoryWeighting: (int) 0,
+        RuleSeverityWeighting: (int) 0,
+        FinalWeighting: (int) 0,
         DisplaySeverity: (string) (len=8) "critical"
       }
     }

internal/report/output/security/.snapshots/TestAddReportDataWithSeverity

@@ -53,16 +53,12 @@
       RawCodeExtract: ([]file.Line) {
       },
       SeverityMeta: (types.SeverityMeta) {
-        RuleSeverity: (string) (len=3) "low",
-        SensitiveDataCategories: ([]string) (len=3) {
-          (string) (len=3) "PII",
-          (string) (len=13) "Personal Data",
-          (string) (len=25) "Personal Data (Sensitive)"
-        },
-        HasLocalDataTypes: (*bool)(true),
-        SensitiveDataCategoryWeighting: (int) 3,
-        RuleSeverityWeighting: (int) 2,
-        FinalWeighting: (int) 8,
+        RuleSeverity: (string) (len=8) "critical",
+        SensitiveDataCategories: ([]string) <nil>,
+        HasLocalDataTypes: (*bool)(<nil>),
+        SensitiveDataCategoryWeighting: (int) 0,
+        RuleSeverityWeighting: (int) 0,
+        FinalWeighting: (int) 0,
         DisplaySeverity: (string) (len=8) "critical"
       }
     }

internal/report/output/security/security.go

@@ -472,60 +472,9 @@ func CalculateSeverity(groups []string, severity string, hasLocalDataTypes bool)
 		}
 	}
 
-	if !hasLocalDataTypes {
-		return types.SeverityMeta{
-			RuleSeverity:    severity,
-			DisplaySeverity: severity,
-		}
-	}
-
-	// highest sensitive data category
-	sensitiveDataCategoryWeighting := 0
-	if slices.Contains(groups, "PHI") {
-		sensitiveDataCategoryWeighting = 3
-	} else if slices.Contains(groups, "Personal Data (Sensitive)") {
-		sensitiveDataCategoryWeighting = 3
-	} else if slices.Contains(groups, "Personal Data") {
-		sensitiveDataCategoryWeighting = 2
-	} else if slices.Contains(groups, "PII") {
-		sensitiveDataCategoryWeighting = 1
-	}
-
-	var ruleSeverityWeighting int
-	switch severity {
-	case globaltypes.LevelCritical:
-		ruleSeverityWeighting = 8
-	case globaltypes.LevelHigh:
-		ruleSeverityWeighting = 5
-	case globaltypes.LevelMedium:
-		ruleSeverityWeighting = 3
-	default:
-		ruleSeverityWeighting = 2 // low weighting as default
-	}
-
-	triggerWeighting := 2
-
-	var displaySeverity string
-	finalWeighting := ruleSeverityWeighting + (sensitiveDataCategoryWeighting * triggerWeighting)
-	switch {
-	case finalWeighting >= 8:
-		displaySeverity = globaltypes.LevelCritical
-	case finalWeighting >= 5:
-		displaySeverity = globaltypes.LevelHigh
-	case finalWeighting >= 3:
-		displaySeverity = globaltypes.LevelMedium
-	default:
-		displaySeverity = globaltypes.LevelLow
-	}
-
 	return types.SeverityMeta{
-		RuleSeverity:                   severity,
-		SensitiveDataCategories:        groups,
-		HasLocalDataTypes:              &hasLocalDataTypes,
-		RuleSeverityWeighting:          ruleSeverityWeighting,
-		SensitiveDataCategoryWeighting: sensitiveDataCategoryWeighting,
-		FinalWeighting:                 finalWeighting,
-		DisplaySeverity:                displaySeverity,
+		RuleSeverity:    severity,
+		DisplaySeverity: severity,
 	}
 }
 

internal/report/output/security/security_test.go

@@ -19,7 +19,6 @@ import (
 
 	dataflowtypes "github.com/bearer/bearer/internal/report/output/dataflow/types"
 	"github.com/bearer/bearer/internal/report/output/security"
-	securitytypes "github.com/bearer/bearer/internal/report/output/security/types"
 	"github.com/bearer/bearer/internal/report/output/testhelper"
 	outputtypes "github.com/bearer/bearer/internal/report/output/types"
 )
@@ -201,18 +200,6 @@ func TestAddReportDataWithFailOnSeverity(t *testing.T) {
 	}
 }
 
-func TestCalculateSeverity(t *testing.T) {
-	res := []securitytypes.SeverityMeta{
-		security.CalculateSeverity([]string{"PHI", "Personal Data"}, "low", true),
-		security.CalculateSeverity([]string{"Personal Data (Sensitive)"}, "low", false),
-		security.CalculateSeverity([]string{"Personal Data"}, "low", false),
-		security.CalculateSeverity([]string{"Personal Data"}, "warning", false),
-		security.CalculateSeverity([]string{}, "warning", false),
-	}
-
-	cupaloy.SnapshotT(t, res)
-}
-
 func TestFingerprintIsStableWithBaseBranchFindings(t *testing.T) {
 	config, err := generateConfig(flagtypes.ReportOptions{Report: "security"})
 	if err != nil {