@@ -20,8 +20,10 @@ | |||
package org.sonar.server.security; | |||
import com.google.common.base.Splitter; | |||
import com.google.common.collect.ImmutableList; | |||
import com.google.common.collect.ImmutableMap; | |||
import com.google.common.collect.ImmutableSet; | |||
import com.google.common.collect.Ordering; | |||
import java.util.Collection; | |||
import java.util.HashSet; | |||
import java.util.List; | |||
@@ -74,6 +76,9 @@ public class SecurityStandardHelper { | |||
.put("insecure-conf", ImmutableSet.of("102", "489")) | |||
.put("file-manipulation", ImmutableSet.of("97", "73")) | |||
.build(); | |||
public static final String SONARSOURCE_OTHER_CWES_CATEGORY = "others"; | |||
public static final Ordering<String> SONARSOURCE_CATEGORY_ORDERING = Ordering.explicit( | |||
ImmutableList.<String>builder().addAll(SONARSOURCE_CWE_MAPPING.keySet()).add(SONARSOURCE_OTHER_CWES_CATEGORY).build()); | |||
private static final Splitter SECURITY_STANDARDS_SPLITTER = Splitter.on(',').trimResults().omitEmptyStrings(); | |||
@@ -94,19 +99,19 @@ public class SecurityStandardHelper { | |||
} | |||
public static List<String> getSonarSourceSecurityCategories(Collection<String> cwe) { | |||
return SONARSOURCE_CWE_MAPPING | |||
List<String> result = SONARSOURCE_CWE_MAPPING | |||
.keySet() | |||
.stream() | |||
.filter(k -> cwe.stream().anyMatch(SONARSOURCE_CWE_MAPPING.get(k)::contains)) | |||
.collect(toList()); | |||
return result.isEmpty() ? singletonList(SONARSOURCE_OTHER_CWES_CATEGORY) : result; | |||
} | |||
public static List<String> getOwaspTop10(Collection<String> securityStandards) { | |||
List<String> result = securityStandards.stream() | |||
return securityStandards.stream() | |||
.filter(s -> s.startsWith(OWASP_TOP10_PREFIX)) | |||
.map(s -> s.substring(OWASP_TOP10_PREFIX.length())) | |||
.collect(toList()); | |||
return result.isEmpty() ? singletonList(UNKNOWN_STANDARD) : result; | |||
} | |||
public static List<String> getCwe(Collection<String> securityStandards) { |
@@ -58,6 +58,7 @@ import static org.sonar.db.component.ComponentTesting.newFileDto; | |||
import static org.sonar.server.issue.IssueDocTesting.newDoc; | |||
import static org.sonar.server.issue.index.IssueIndexDefinition.TYPE_ISSUE; | |||
import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_POROUS_DEFENSES; | |||
import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_OTHER_CWES_CATEGORY; | |||
import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; | |||
import static org.sonar.server.permission.index.IndexAuthorizationConstants.TYPE_AUTHORIZATION; | |||
@@ -136,8 +137,9 @@ public class IssueIndexerTest { | |||
// functional date | |||
assertThat(doc.updateDate()).isEqualToIgnoringMillis(new Date(issue.getIssueUpdateTime())); | |||
assertThat(doc.getCwe()).containsExactlyInAnyOrder(UNKNOWN_STANDARD); | |||
assertThat(doc.getOwaspTop10()).containsExactlyInAnyOrder(UNKNOWN_STANDARD); | |||
assertThat(doc.getOwaspTop10()).isEmpty(); | |||
assertThat(doc.getSansTop25()).isEmpty(); | |||
assertThat(doc.getSonarSourceSecurityCategories()).containsExactlyInAnyOrder(SONARSOURCE_OTHER_CWES_CATEGORY); | |||
} | |||
@Test |
@@ -157,7 +157,7 @@ import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_INSEC | |||
import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_POROUS_DEFENSES; | |||
import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_RISKY_RESOURCE; | |||
import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_CWE_MAPPING; | |||
import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; | |||
import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_OTHER_CWES_CATEGORY; | |||
import static org.sonar.server.view.index.ViewIndexDefinition.TYPE_VIEW; | |||
import static org.sonarqube.ws.client.issue.IssuesWsParameters.DEPRECATED_PARAM_AUTHORS; | |||
import static org.sonarqube.ws.client.issue.IssuesWsParameters.FACET_MODE_EFFORT; | |||
@@ -880,15 +880,15 @@ public class IssueIndex { | |||
public List<SecurityStandardCategoryStatistics> getSonarSourceReport(String projectUuid, boolean isViewOrApp, boolean includeCwe) { | |||
SearchRequestBuilder request = prepareNonClosedVulnerabilitiesAndHotspotSearch(projectUuid, isViewOrApp); | |||
SONARSOURCE_CWE_MAPPING.keySet() | |||
.forEach( | |||
sonarsourceCategory -> request.addAggregation(createAggregation(FIELD_ISSUE_SONARSOURCE_SECURITY, sonarsourceCategory, includeCwe, Optional.of(SONARSOURCE_CWE_MAPPING)))); | |||
Stream.concat(SONARSOURCE_CWE_MAPPING.keySet().stream(), Stream.of(SONARSOURCE_OTHER_CWES_CATEGORY)) | |||
.forEach(sonarsourceCategory -> request.addAggregation( | |||
createAggregation(FIELD_ISSUE_SONARSOURCE_SECURITY, sonarsourceCategory, includeCwe, Optional.of(SONARSOURCE_CWE_MAPPING)))); | |||
return processSecurityReportSearchResults(request, includeCwe); | |||
} | |||
public List<SecurityStandardCategoryStatistics> getOwaspTop10Report(String projectUuid, boolean isViewOrApp, boolean includeCwe) { | |||
SearchRequestBuilder request = prepareNonClosedVulnerabilitiesAndHotspotSearch(projectUuid, isViewOrApp); | |||
Stream.concat(IntStream.rangeClosed(1, 10).mapToObj(i -> "a" + i), Stream.of(UNKNOWN_STANDARD)) | |||
IntStream.rangeClosed(1, 10).mapToObj(i -> "a" + i) | |||
.forEach(owaspCategory -> request.addAggregation(createAggregation(FIELD_ISSUE_OWASP_TOP_10, owaspCategory, includeCwe, Optional.empty()))); | |||
return processSecurityReportSearchResults(request, includeCwe); | |||
} |
@@ -88,6 +88,7 @@ import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_INSEC | |||
import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_POROUS_DEFENSES; | |||
import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_RISKY_RESOURCE; | |||
import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_CWE_MAPPING; | |||
import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_OTHER_CWES_CATEGORY; | |||
import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; | |||
import static org.sonar.server.ws.KeyExamples.KEY_BRANCH_EXAMPLE_001; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
@@ -260,9 +261,9 @@ public class SearchAction implements IssuesWsAction, Startable { | |||
.setPossibleValues((Object[]) RuleType.values()) | |||
.setExampleValue(format("%s,%s", RuleType.CODE_SMELL, RuleType.BUG)); | |||
action.createParam(PARAM_OWASP_TOP_10) | |||
.setDescription("Comma-separated list of OWASP Top 10 lowercase categories. Use '" + UNKNOWN_STANDARD + "' to select issues not associated to any OWASP Top 10 category.") | |||
.setDescription("Comma-separated list of OWASP Top 10 lowercase categories.") | |||
.setSince("7.3") | |||
.setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10", UNKNOWN_STANDARD); | |||
.setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10"); | |||
action.createParam(PARAM_SANS_TOP_25) | |||
.setDescription("Comma-separated list of SANS Top 25 categories.") | |||
.setSince("7.3") | |||
@@ -271,9 +272,10 @@ public class SearchAction implements IssuesWsAction, Startable { | |||
.setDescription("Comma-separated list of CWE identifiers. Use '" + UNKNOWN_STANDARD + "' to select issues not associated to any CWE.") | |||
.setExampleValue("12,125," + UNKNOWN_STANDARD); | |||
action.createParam(PARAM_SONARSOURCE_SECURITY) | |||
.setDescription("Comma-separated list of SonarSource security categories.") | |||
.setDescription("Comma-separated list of SonarSource security categories. Use '" + SONARSOURCE_OTHER_CWES_CATEGORY + "' to select issues not associated" + | |||
" with any category") | |||
.setSince("7.8") | |||
.setPossibleValues(SONARSOURCE_CWE_MAPPING.keySet()); | |||
.setPossibleValues(ImmutableList.builder().addAll(SONARSOURCE_CWE_MAPPING.keySet()).add(SONARSOURCE_OTHER_CWES_CATEGORY).build()); | |||
action.createParam(DEPRECATED_PARAM_AUTHORS) | |||
.setDeprecatedSince("7.7") | |||
.setDescription("This parameter is deprecated, please use '%s' instead", PARAM_AUTHOR) |
@@ -19,6 +19,7 @@ | |||
*/ | |||
package org.sonar.server.rule.ws; | |||
import com.google.common.collect.ImmutableList; | |||
import java.util.List; | |||
import java.util.Map; | |||
import java.util.Objects; | |||
@@ -35,7 +36,6 @@ import org.sonar.db.DbSession; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.rule.RuleDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.security.SecurityStandardHelper; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.qualityprofile.ActiveRuleInheritance; | |||
import org.sonar.server.rule.index.RuleIndexDefinition; | |||
@@ -50,8 +50,6 @@ import static org.sonar.core.util.stream.MoreCollectors.toSet; | |||
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex; | |||
import static org.sonar.db.organization.OrganizationDto.Subscription.PAID; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; | |||
import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_CWE_MAPPING; | |||
import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; | |||
import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_ACTIVATION; | |||
import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_ACTIVE_SEVERITIES; | |||
import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_AVAILABLE_SINCE; | |||
@@ -73,6 +71,10 @@ import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_STATUSES; | |||
import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_TAGS; | |||
import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_TEMPLATE_KEY; | |||
import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_TYPES; | |||
import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_CWE_MAPPING; | |||
import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_CWE_MAPPING; | |||
import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_OTHER_CWES_CATEGORY; | |||
import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; | |||
import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; | |||
@ServerSide | |||
@@ -143,10 +145,9 @@ public class RuleWsSupport { | |||
.setExampleValue("12,125," + UNKNOWN_STANDARD); | |||
action.createParam(PARAM_OWASP_TOP_10) | |||
.setDescription("Comma-separated list of OWASP Top 10 lowercase categories. Use '" + UNKNOWN_STANDARD + "' to select rules not associated to any OWASP " + | |||
"Top 10 category.") | |||
.setDescription("Comma-separated list of OWASP Top 10 lowercase categories.") | |||
.setSince("7.3") | |||
.setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10", UNKNOWN_STANDARD); | |||
.setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10"); | |||
action.createParam(PARAM_SANS_TOP_25) | |||
.setDescription("Comma-separated list of SANS Top 25 categories.") | |||
@@ -155,9 +156,11 @@ public class RuleWsSupport { | |||
action | |||
.createParam(PARAM_SONARSOURCE_SECURITY) | |||
.setDescription("Comma-separated list of SonarSource report categories.") | |||
.setPossibleValues(SecurityStandardHelper.SONARSOURCE_CWE_MAPPING.keySet()) | |||
.setExampleValue("sql-injection,command-injection"); | |||
.setDescription("Comma-separated list of SonarSource security categories. Use '" + SONARSOURCE_OTHER_CWES_CATEGORY + "' to select rules not associated" + | |||
" with any category") | |||
.setSince("7.8") | |||
.setPossibleValues(ImmutableList.builder().addAll(SONARSOURCE_CWE_MAPPING.keySet()).add(SONARSOURCE_OTHER_CWES_CATEGORY).build()) | |||
.setExampleValue("sql-injection,command-injection,others"); | |||
action | |||
.createParam(PARAM_LANGUAGES) |
@@ -218,8 +218,7 @@ public class IssueIndexSecurityReportsTest { | |||
tuple("a7", 0L, OptionalInt.empty(), 0L, 0L, 0L), | |||
tuple("a8", 0L, OptionalInt.empty(), 0L, 0L, 1L /* reviewedHotspot */), | |||
tuple("a9", 0L, OptionalInt.empty(), 0L, 0L, 0L), | |||
tuple("a10", 0L, OptionalInt.empty(), 0L, 0L, 0L), | |||
tuple("unknown", 1L /* notowaspvul */, OptionalInt.of(4) /* CRITICAL = D */, 1L /* notowasphotspot */, 0L, 0L)); | |||
tuple("a10", 0L, OptionalInt.empty(), 0L, 0L, 0L)); | |||
return owaspTop10Report; | |||
} | |||
@@ -1,114 +0,0 @@ | |||
{ | |||
"categories": [ | |||
{ | |||
"category": "a1", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "a2", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "a3", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "a4", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a5", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a6", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a7", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a8", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a9", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a10", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "unknown", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 2 | |||
} | |||
] | |||
} |
@@ -1,115 +0,0 @@ | |||
{ | |||
"categories": [ | |||
{ | |||
"category": "a1", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "a2", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 1, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "a3", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "a4", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a5", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a6", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a7", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a8", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a9", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "a10", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "unknown", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 2 | |||
} | |||
] | |||
} |
@@ -1,46 +0,0 @@ | |||
{ | |||
"categories": [ | |||
{ | |||
"category": "porous-defenses", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "risky-resource", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "insecure-interaction", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [ | |||
{ | |||
"cwe": "89", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 0, | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
} | |||
], | |||
"activeRules": 2, | |||
"totalRules": 2 | |||
} | |||
] | |||
} |
@@ -1,205 +0,0 @@ | |||
{ | |||
"categories": [ | |||
{ | |||
"category": "ldap-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "object-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "ssrf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "insecure-conf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "xxe", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "auth", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "xpath-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "weak-cryptography", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "dos", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "open-redirect", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "log-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "csrf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "sql-injection", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 1, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "file-manipulation", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "expression-lang-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "rce", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "xss", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "path-traversal-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "command-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "http-response-splitting", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
} | |||
] | |||
} |
@@ -1,174 +0,0 @@ | |||
{ | |||
"categories": [ | |||
{ | |||
"category": "ldap-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "object-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "ssrf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "insecure-conf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "xxe", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "auth", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "xpath-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "weak-cryptography", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "dos", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "open-redirect", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "log-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "csrf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "sql-injection", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 1, | |||
"distribution": [ | |||
{ | |||
"cwe": "89", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 1 | |||
} | |||
] | |||
}, | |||
{ | |||
"category": "file-manipulation", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "expression-lang-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "rce", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "xss", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "path-traversal-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "command-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
}, | |||
{ | |||
"category": "http-response-splitting", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [] | |||
} | |||
] | |||
} |
@@ -1,216 +0,0 @@ | |||
{ | |||
"categories": [ | |||
{ | |||
"category": "ldap-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "object-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "ssrf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "insecure-conf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "xxe", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "auth", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "xpath-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "weak-cryptography", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "dos", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "open-redirect", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "log-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "csrf", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "sql-injection", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 1, | |||
"distribution": [ | |||
{ | |||
"cwe": "89", | |||
"vulnerabilities": 1, | |||
"vulnerabilityRating": 3, | |||
"inReviewSecurityHotspots": 1, | |||
"toReviewSecurityHotspots": 1, | |||
"reviewedSecurityHotspots": 1, | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
} | |||
], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "file-manipulation", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "expression-lang-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "rce", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "xss", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
}, | |||
{ | |||
"category": "path-traversal-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "command-injection", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 1, | |||
"totalRules": 1 | |||
}, | |||
{ | |||
"category": "http-response-splitting", | |||
"vulnerabilities": 0, | |||
"inReviewSecurityHotspots": 0, | |||
"toReviewSecurityHotspots": 0, | |||
"reviewedSecurityHotspots": 0, | |||
"distribution": [], | |||
"activeRules": 0, | |||
"totalRules": 0 | |||
} | |||
] | |||
} |
@@ -160,25 +160,25 @@ it('should toggle sub-facets', () => { | |||
it('should display correct selection', () => { | |||
const wrapper = shallowRender({ | |||
open: true, | |||
owaspTop10: ['a1', 'a3', 'unknown'], | |||
owaspTop10: ['a1', 'a3'], | |||
sansTop25: ['risky-resource', 'foo'], | |||
cwe: ['42', '1111', 'unknown'], | |||
sonarsourceSecurity: ['sql-injection'] | |||
sonarsourceSecurity: ['sql-injection', 'others'] | |||
}); | |||
checkValues('standards', [ | |||
'SONAR SQL Injection', | |||
'Others', | |||
'OWASP A1 - a1 title', | |||
'OWASP A3', | |||
'Not OWAPS', | |||
'SANS Risky Resource Management', | |||
'SANS foo', | |||
'CWE-42 - cwe-42 title', | |||
'CWE-1111', | |||
'Unknown CWE' | |||
]); | |||
checkValues('owaspTop10', ['A1 - a1 title', 'A3', 'Not OWAPS']); | |||
checkValues('owaspTop10', ['A1 - a1 title', 'A3']); | |||
checkValues('sansTop25', ['Risky Resource Management', 'foo']); | |||
checkValues('sonarsourceSecurity', ['SQL Injection']); | |||
checkValues('sonarsourceSecurity', ['SQL Injection', 'Others']); | |||
function checkValues(property: string, values: string[]) { | |||
expect( | |||
@@ -219,10 +219,13 @@ function shallowRender(props: Partial<StandardFacet['props']> = {}) { | |||
); | |||
wrapper.setState({ | |||
standards: { | |||
owaspTop10: { a1: { title: 'a1 title' }, unknown: { title: 'Not OWAPS' } }, | |||
owaspTop10: { a1: { title: 'a1 title' } }, | |||
sansTop25: { 'risky-resource': { title: 'Risky Resource Management' } }, | |||
cwe: { 42: { title: 'cwe-42 title' }, unknown: { title: 'Unknown CWE' } }, | |||
sonarsourceSecurity: { 'sql-injection': { title: 'SQL Injection' } } | |||
sonarsourceSecurity: { | |||
'sql-injection': { title: 'SQL Injection' }, | |||
others: { title: 'Others' } | |||
} | |||
} | |||
}); | |||
return wrapper; |
@@ -53,9 +53,6 @@ describe('renderOwaspTop10Category', () => { | |||
owaspTop10: { | |||
a1: { | |||
title: 'Injection' | |||
}, | |||
unknown: { | |||
title: 'Not OWASP' | |||
} | |||
}, | |||
sansTop25: {}, | |||
@@ -66,8 +63,6 @@ describe('renderOwaspTop10Category', () => { | |||
expect(renderOwaspTop10Category(standards, 'a1', true)).toEqual('OWASP A1 - Injection'); | |||
expect(renderOwaspTop10Category(standards, 'a2')).toEqual('A2'); | |||
expect(renderOwaspTop10Category(standards, 'a2', true)).toEqual('OWASP A2'); | |||
expect(renderOwaspTop10Category(standards, 'unknown')).toEqual('Not OWASP'); | |||
expect(renderOwaspTop10Category(standards, 'unknown', true)).toEqual('Not OWASP'); | |||
}); | |||
}); | |||
@@ -115,8 +110,6 @@ describe('renderSonarSourceSecurityCategory', () => { | |||
expect(renderSonarSourceSecurityCategory(standards, 'xss', true)).toEqual( | |||
'SONAR Cross-Site Scripting (XSS)' | |||
); | |||
expect(renderSonarSourceSecurityCategory(standards, 'unknown')).toEqual('unknown'); | |||
expect(renderSonarSourceSecurityCategory(standards, 'unknown', true)).toEqual('SONAR unknown'); | |||
expect(renderSonarSourceSecurityCategory(standards, 'others')).toEqual('Others'); | |||
expect(renderSonarSourceSecurityCategory(standards, 'others', true)).toEqual('Others'); | |||
}); |
@@ -40,8 +40,6 @@ export function renderOwaspTop10Category( | |||
const record = standards.owaspTop10[category]; | |||
if (!record) { | |||
return addPrefix(category.toUpperCase(), 'OWASP', withPrefix); | |||
} else if (category === 'unknown') { | |||
return record.title; | |||
} else { | |||
return addPrefix(`${category.toUpperCase()} - ${record.title}`, 'OWASP', withPrefix); | |||
} | |||
@@ -62,10 +60,12 @@ export function renderSonarSourceSecurityCategory( | |||
withPrefix = false | |||
): string { | |||
const record = standards.sonarsourceSecurity[category]; | |||
if (category === 'others') { | |||
if (!record) { | |||
return addPrefix(category.toUpperCase(), 'SONAR', withPrefix); | |||
} else if (category === 'others') { | |||
return record.title; | |||
} else { | |||
return addPrefix(record ? record.title : category, 'SONAR', withPrefix); | |||
return addPrefix(record.title, 'SONAR', withPrefix); | |||
} | |||
} | |||
@@ -49,9 +49,6 @@ | |||
"title": "Insufficient Logging & Monitoring", | |||
"description": | |||
"Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring." | |||
}, | |||
"unknown": { | |||
"title": "Not OWASP" | |||
} | |||
}, | |||
"sansTop25": { |