Fixes small issues with owasp library

daveshanley · Jul 13, 2023 · 49dc9b7 · 49dc9b7
1 parent a6ee8fa
commit 49dc9b7
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/functions/owasp/check_security.go b/functions/owasp/check_security.go
@@ -73,7 +73,7 @@ func checkSecurityRule(operation *yaml.Node, valueOfSecurityGlobalNode *yaml.Nod
 	if valueOfSecurityNode == nil {
 		return []model.RuleFunctionResult{
 			{
-				Message:   fmt.Sprintf("security' was not defined: for path %q in method %q.", pathPrefix, method),
+				Message:   fmt.Sprintf("'security' was not defined: for path %q in method %q.", pathPrefix, method),
 				StartNode: operation,
 				EndNode:   operation,
 				Path:      fmt.Sprintf("$.paths.%s.%s", pathPrefix, method),

diff --git a/functions/owasp/header_definition.go b/functions/owasp/header_definition.go
@@ -69,7 +69,7 @@ func (cd HeaderDefinition) getResult(responseCode int, node *yaml.Node, context
 			numberOfHeaders++
 			if !(len(node.Content) > i+1) || !cd.validateNode(node.Content[i+1], headersSets) {
 				results = append(results, model.RuleFunctionResult{
-					Message:   message{responseCode: responseCode}.String(),
+					Message:   message{responseCode: responseCode, headersSets: headersSets}.String(),
 					StartNode: headersNode,
 					EndNode:   utils.FindLastChildNodeWithLevel(headersNode, 0),
 					Path:      fmt.Sprintf("$.paths.responses.%d.headers", responseCode),

diff --git a/motor/rule_tests/owasp_tests/protection_global_unsafe_strict_test.go b/motor/rule_tests/owasp_tests/protection_global_unsafe_strict_test.go
@@ -1,6 +1,7 @@
 package tests
 
 import (
+	"log"
 	"testing"
 
 	"github.com/daveshanley/vacuum/model"
@@ -88,6 +89,7 @@ components:
 			Spec:    []byte(yml),
 		}
 		results := motor.ApplyRulesToRuleSet(rse)
+		log.Println(results.Results)
 		assert.Len(t, results.Results, 2)
 	})
 }