From c4e5b7e7e2c6ff266bd11bd976c2b852c0ddf685 Mon Sep 17 00:00:00 2001 From: elsapet Date: Tue, 6 Dec 2022 11:09:47 +0200 Subject: [PATCH] fix: pluralize category groups --- .../flags/.snapshots/TestInitCommand-init | 18 +++++++++--------- .../.snapshots/TestReportFlags-report-policies | 2 +- .../TestPolicies-http_get_parameters | 4 ++-- ...-insecure_communication_with_sensitive_data | 2 +- ...stPolicies-insecure_ftp_with_sensitive_data | 2 +- ...tPolicies-insecure_smtp_with_sensitive_data | 4 ++-- .../.snapshots/TestPolicies-logger_leaking | 2 +- .../policies/application_level_encryption.rego | 2 +- .../settings/policies/http_get_parameters.rego | 2 +- .../policies/insecure_communication.rego | 2 +- .../settings/policies/insecure_ftp.rego | 2 +- .../settings/policies/insecure_smtp.rego | 2 +- .../process/settings/policies/leakage.rego | 2 +- .../ssl_certificate_verification_disabled.rego | 2 +- pkg/report/output/policies/policies.go | 8 ++++---- 15 files changed, 28 insertions(+), 28 deletions(-) diff --git a/integration/flags/.snapshots/TestInitCommand-init b/integration/flags/.snapshots/TestInitCommand-init index 4080e3cc4..ddf26f478 100644 --- a/integration/flags/.snapshots/TestInitCommand-init +++ b/integration/flags/.snapshots/TestInitCommand-init @@ -380,7 +380,7 @@ scan: not location.encrypted item := { - "category_group": data.bearer.common.groups_for_datatype(datatype), + "category_groups": data.bearer.common.groups_for_datatype(datatype), "severity": data.bearer.common.severity_of_datatype(datatype), "filename": location.filename, "line_number": location.line_number, @@ -457,7 +457,7 @@ scan: location = data_type.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": data.bearer.common.severity_of_datatype(data_type), "filename": location.filename, "line_number": location.line_number, @@ -535,7 +535,7 @@ scan: location = detector.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "filename": location.filename, "line_number": location.line_number, @@ -613,7 +613,7 @@ scan: location = detector.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "filename": location.filename, "line_number": location.line_number, @@ -691,7 +691,7 @@ scan: location = detector.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "line_number": location.line_number, "parent_line_number": location.parent.line_number, @@ -767,7 +767,7 @@ scan: location = data_type.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": data.bearer.common.severity_of_datatype(data_type), "filename": location.filename, "line_number": location.line_number, @@ -844,7 +844,7 @@ scan: location = data_type.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": data.bearer.common.severity_of_datatype(data_type), "filename": location.filename, "line_number": location.line_number, @@ -921,7 +921,7 @@ scan: location = data_type.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": data.bearer.common.severity_of_datatype(data_type), "filename": location.filename, "line_number": location.line_number, @@ -999,7 +999,7 @@ scan: location = detector.locations[_] item = { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "filename": location.filename, "line_number": location.line_number, diff --git a/integration/flags/.snapshots/TestReportFlags-report-policies b/integration/flags/.snapshots/TestReportFlags-report-policies index 4585448cd..56d051011 100644 --- a/integration/flags/.snapshots/TestReportFlags-report-policies +++ b/integration/flags/.snapshots/TestReportFlags-report-policies @@ -3,7 +3,7 @@ high: policy_description: Logger leaks detected line_number: 1 filename: testdata/policies/users.rb - category_group: + category_groups: - PII parent_line_number: 1 parent_content: logger.info(user.address) diff --git a/integration/policies/.snapshots/TestPolicies-http_get_parameters b/integration/policies/.snapshots/TestPolicies-http_get_parameters index 9d221f7d5..c9212d7f2 100644 --- a/integration/policies/.snapshots/TestPolicies-http_get_parameters +++ b/integration/policies/.snapshots/TestPolicies-http_get_parameters @@ -3,7 +3,7 @@ critical: policy_description: Sending data as HTTP GET parameters line_number: 1 filename: testdata/ruby/http_get_parameters.rb - category_group: + category_groups: - PII - Sensitive data parent_line_number: 1 @@ -13,7 +13,7 @@ high: policy_description: Sending data as HTTP GET parameters line_number: 4 filename: testdata/ruby/http_get_parameters.rb - category_group: + category_groups: - PII parent_line_number: 5 parent_content: URI.encode_www_form(user) diff --git a/integration/policies/.snapshots/TestPolicies-insecure_communication_with_sensitive_data b/integration/policies/.snapshots/TestPolicies-insecure_communication_with_sensitive_data index e5d415707..aa9463e85 100644 --- a/integration/policies/.snapshots/TestPolicies-insecure_communication_with_sensitive_data +++ b/integration/policies/.snapshots/TestPolicies-insecure_communication_with_sensitive_data @@ -3,7 +3,7 @@ medium: policy_description: Insecure communication in an application processing sensitive data line_number: 8 filename: testdata/ruby/insecure_communication/with_sensitive_data.rb - category_group: + category_groups: - PII - Sensitive data parent_line_number: 1 diff --git a/integration/policies/.snapshots/TestPolicies-insecure_ftp_with_sensitive_data b/integration/policies/.snapshots/TestPolicies-insecure_ftp_with_sensitive_data index 0562823b6..a5debb345 100644 --- a/integration/policies/.snapshots/TestPolicies-insecure_ftp_with_sensitive_data +++ b/integration/policies/.snapshots/TestPolicies-insecure_ftp_with_sensitive_data @@ -3,7 +3,7 @@ medium: policy_description: Communication with insecure FTP in an application processing sensitive data line_number: 10 filename: testdata/ruby/insecure_ftp/with_sensitive_data.rb - category_group: + category_groups: - PII - Sensitive data parent_line_number: 10 diff --git a/integration/policies/.snapshots/TestPolicies-insecure_smtp_with_sensitive_data b/integration/policies/.snapshots/TestPolicies-insecure_smtp_with_sensitive_data index 05dada214..511b54103 100644 --- a/integration/policies/.snapshots/TestPolicies-insecure_smtp_with_sensitive_data +++ b/integration/policies/.snapshots/TestPolicies-insecure_smtp_with_sensitive_data @@ -2,7 +2,7 @@ medium: - policy_name: Insecure SMTP policy_description: Communication with insecure SMTP in an application processing sensitive data line_number: 8 - category_group: + category_groups: - PII - Sensitive data parent_line_number: 1 @@ -41,7 +41,7 @@ medium: - policy_name: Insecure SMTP policy_description: Communication with insecure SMTP in an application processing sensitive data line_number: 14 - category_group: + category_groups: - PII - Sensitive data parent_line_number: 1 diff --git a/integration/policies/.snapshots/TestPolicies-logger_leaking b/integration/policies/.snapshots/TestPolicies-logger_leaking index b76bc24d8..9ab5f21b0 100644 --- a/integration/policies/.snapshots/TestPolicies-logger_leaking +++ b/integration/policies/.snapshots/TestPolicies-logger_leaking @@ -3,7 +3,7 @@ high: policy_description: Logger leaks detected line_number: 1 filename: testdata/ruby/logger_leaking.rb - category_group: + category_groups: - PII parent_line_number: 1 parent_content: logger.info(user.address) diff --git a/pkg/commands/process/settings/policies/application_level_encryption.rego b/pkg/commands/process/settings/policies/application_level_encryption.rego index 7136180ce..960485227 100644 --- a/pkg/commands/process/settings/policies/application_level_encryption.rego +++ b/pkg/commands/process/settings/policies/application_level_encryption.rego @@ -13,7 +13,7 @@ policy_breach contains item if { not location.encrypted item := { - "category_group": data.bearer.common.groups_for_datatype(datatype), + "category_groups": data.bearer.common.groups_for_datatype(datatype), "severity": data.bearer.common.severity_of_datatype(datatype), "filename": location.filename, "line_number": location.line_number, diff --git a/pkg/commands/process/settings/policies/http_get_parameters.rego b/pkg/commands/process/settings/policies/http_get_parameters.rego index 936df84d8..24c26c2bf 100644 --- a/pkg/commands/process/settings/policies/http_get_parameters.rego +++ b/pkg/commands/process/settings/policies/http_get_parameters.rego @@ -12,7 +12,7 @@ policy_breach contains item if { location = data_type.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": data.bearer.common.severity_of_datatype(data_type), "filename": location.filename, "line_number": location.line_number, diff --git a/pkg/commands/process/settings/policies/insecure_communication.rego b/pkg/commands/process/settings/policies/insecure_communication.rego index 5d9b9fe25..6af29004b 100644 --- a/pkg/commands/process/settings/policies/insecure_communication.rego +++ b/pkg/commands/process/settings/policies/insecure_communication.rego @@ -13,7 +13,7 @@ policy_breach contains item if { location = detector.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "filename": location.filename, "line_number": location.line_number, diff --git a/pkg/commands/process/settings/policies/insecure_ftp.rego b/pkg/commands/process/settings/policies/insecure_ftp.rego index 02a17fb0d..2946c5f82 100644 --- a/pkg/commands/process/settings/policies/insecure_ftp.rego +++ b/pkg/commands/process/settings/policies/insecure_ftp.rego @@ -13,7 +13,7 @@ policy_breach[item] { location = detector.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "filename": location.filename, "line_number": location.line_number, diff --git a/pkg/commands/process/settings/policies/insecure_smtp.rego b/pkg/commands/process/settings/policies/insecure_smtp.rego index 296149b6d..cc60dad5e 100644 --- a/pkg/commands/process/settings/policies/insecure_smtp.rego +++ b/pkg/commands/process/settings/policies/insecure_smtp.rego @@ -13,7 +13,7 @@ policy_breach contains item if { location = detector.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "line_number": location.line_number, "parent_line_number": location.parent.line_number, diff --git a/pkg/commands/process/settings/policies/leakage.rego b/pkg/commands/process/settings/policies/leakage.rego index f0faf9f3c..80921084f 100644 --- a/pkg/commands/process/settings/policies/leakage.rego +++ b/pkg/commands/process/settings/policies/leakage.rego @@ -12,7 +12,7 @@ policy_breach contains item if { location = data_type.locations[_] item := { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": data.bearer.common.severity_of_datatype(data_type), "filename": location.filename, "line_number": location.line_number, diff --git a/pkg/commands/process/settings/policies/ssl_certificate_verification_disabled.rego b/pkg/commands/process/settings/policies/ssl_certificate_verification_disabled.rego index 55cbe0ff9..37f7078c9 100644 --- a/pkg/commands/process/settings/policies/ssl_certificate_verification_disabled.rego +++ b/pkg/commands/process/settings/policies/ssl_certificate_verification_disabled.rego @@ -13,7 +13,7 @@ policy_breach contains item if { location = detector.locations[_] item = { - "category_group": data.bearer.common.groups_for_datatype(data_type), + "category_groups": data.bearer.common.groups_for_datatype(data_type), "severity": "medium", "filename": location.filename, "line_number": location.line_number, diff --git a/pkg/report/output/policies/policies.go b/pkg/report/output/policies/policies.go index d8b5dc1dc..636191772 100644 --- a/pkg/report/output/policies/policies.go +++ b/pkg/report/output/policies/policies.go @@ -33,7 +33,7 @@ type PolicyOutput struct { ParentContent string `json:"parent_content,omitempty" yaml:"parent_content,omitempty"` LineNumber int `json:"line_number,omitempty" yaml:"line_number,omitempty"` Filename string `json:"filename,omitempty" yaml:"filename,omitempty"` - CategoryGroup []string `json:"category_group,omitempty" yaml:"category_group,omitempty"` + CategoryGroups []string `json:"category_groups,omitempty" yaml:"category_groups,omitempty"` Severity string `json:"severity,omitempty" yaml:"severity,omitempty"` } @@ -42,7 +42,7 @@ type PolicyResult struct { PolicyDescription string `json:"policy_description" yaml:"policy_description"` LineNumber int `json:"line_number,omitempty" yaml:"line_number,omitempty"` Filename string `json:"filename,omitempty" yaml:"filename,omitempty"` - CategoryGroup []string `json:"category_group,omitempty" yaml:"category_group,omitempty"` + CategoryGroups []string `json:"category_groups,omitempty" yaml:"category_groups,omitempty"` ParentLineNumber int `json:"parent_line_number,omitempty" yaml:"parent_line_number,omitempty"` ParentContent string `json:"parent_content,omitempty" yaml:"parent_content,omitempty"` } @@ -82,7 +82,7 @@ func GetOutput(dataflow *dataflow.DataFlow, config settings.Config) (map[string] PolicyDescription: policy.Description, Filename: policyOutput.Filename, LineNumber: policyOutput.LineNumber, - CategoryGroup: policyOutput.CategoryGroup, + CategoryGroups: policyOutput.CategoryGroups, ParentLineNumber: policyOutput.ParentLineNumber, ParentContent: policyOutput.ParentContent, } @@ -196,7 +196,7 @@ func writeSummaryToString( func writePolicyBreachToString(reportStr *strings.Builder, policyBreach PolicyResult, policySeverity string) { reportStr.WriteString("\n\n") reportStr.WriteString(formatSeverity(policySeverity)) - reportStr.WriteString(policyBreach.PolicyName + " policy breach with " + strings.Join(policyBreach.CategoryGroup, ", ") + "\n") + reportStr.WriteString(policyBreach.PolicyName + " policy breach with " + strings.Join(policyBreach.CategoryGroups, ", ") + "\n") reportStr.WriteString(color.HiBlackString(policyBreach.PolicyDescription + "\n")) reportStr.WriteString("\n") reportStr.WriteString(color.HiBlueString("File: " + underline(policyBreach.Filename+":"+fmt.Sprint(policyBreach.LineNumber)) + "\n"))