If there's no operation level security, check the global security for…

… nullable items
daveshanley · Jan 30, 2024 · 527aec2 · 527aec2
1 parent 48454e6
commit 527aec2
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/functions/owasp/check_security.go b/functions/owasp/check_security.go
@@ -132,6 +132,25 @@ func (cd CheckSecurity) RunRule(nodes []*yaml.Node, context model.RuleFunctionCo
 						}
 					}
 				}
+
+				if !nullable && opValue.Security == nil && len(globalSecurity) >= 1 {
+					for i := range globalSecurity {
+						if globalSecurity[i].Value.Requirements == nil || globalSecurity[i].Value.Requirements.Len() <= 0 {
+							securityNode := globalSecurity[i].Value.GoLow().Requirements.ValueNode
+							result := model.RuleFunctionResult{
+								Message: vacuumUtils.SuppliedOrDefault(context.Rule.Message,
+									fmt.Sprintf("`security` has null elements for path `%s` in method `%s`", path, opType)),
+								StartNode: securityNode,
+								EndNode:   securityNode,
+								Path:      globalSecurity[i].GenerateJSONPath(),
+								Rule:      context.Rule,
+							}
+							pathItem.AddRuleFunctionResult(base.ConvertRuleResult(&result))
+							results = append(results, result)
+							continue
+						}
+					}
+				}
 			}
 		}
 	}