Skip to content

Commit

Permalink
Semgrep Parser: Add new severities (#10936)
Browse files Browse the repository at this point in the history
  • Loading branch information
Maffooch authored Sep 20, 2024
1 parent 072a185 commit 09500ce
Show file tree
Hide file tree
Showing 3 changed files with 108 additions and 4 deletions.
11 changes: 7 additions & 4 deletions dojo/tools/semgrep/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,13 +130,16 @@ def get_findings(self, filename, test):
return list(dupes.values())

def convert_severity(self, val):
if "CRITICAL" == val.upper():
upper_value = val.upper()
if upper_value == "CRITICAL":
return "Critical"
elif "WARNING" == val.upper():
elif upper_value in ["WARNING", "MEDIUM"]:
return "Medium"
elif "ERROR" == val.upper() or "HIGH" == val.upper():
elif upper_value in ["ERROR", "HIGH"]:
return "High"
elif "INFO" == val.upper():
elif upper_value == "LOW":
return "Low"
elif upper_value == "INFO":
return "Info"
else:
msg = f"Unknown value for severity: {val}"
Expand Down
95 changes: 95 additions & 0 deletions unittests/scans/semgrep/high-medium-low-severities.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{
"errors": [],
"interfile_languages_used": [],
"paths": {
"scanned": []
},
"results": [
{
"check_id": "rules.sast.dev.generic.internal.detect-cdn-usage-react-express",
"end": {
"col": 89,
"line": 48,
"offset": 1772
},
"extra": {
"engine_kind": "OSS",
"fingerprint": "d30b51e68d2d56fb34e5a87920208e0f18b71dbec62b2ad91d1b55e566c5796c64b1e161d7fd3c0f65834756474c0617c29b7c5bd76b76f14f2d3fc537a664b9_0",
"is_ignored": false,
"lines": "<script src=\"https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js\"></script>",
"message": "Potential CDN usage detected. Consider removing or replacing CDN references to comply with GDPR and also avoid supply chain risk",
"metadata": {
"category": "security",
"technology": "cdn"
},
"metavars": {},
"severity": "LOW",
"validation_state": "NO_VALIDATOR"
},
"path": "/Users/user.example/git/company/full-codebase/company/lead-magnet/src/templates/base.html.twig",
"start": {
"col": 1,
"line": 48,
"offset": 1684
}
},
{
"check_id": "rules.sast.dev.generic.internal.detect-cdn-usage-react-express",
"end": {
"col": 206,
"line": 49,
"offset": 1978
},
"extra": {
"engine_kind": "OSS",
"fingerprint": "d30b51e68d2d56fb34e5a87920208e0f18b71dbec62b2ad91d1b55e566c5796c64b1e161d7fd3c0f65834756474c0617c29b7c5bd76b76f14f2d3fc537a664b9_1",
"is_ignored": false,
"lines": "<script src=\"https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js\" integrity=\"sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1\" crossorigin=\"anonymous\"></script>",
"message": "Potential CDN usage detected. Consider removing or replacing CDN references to comply with GDPR and also avoid supply chain risk",
"metadata": {
"category": "security",
"technology": "cdn"
},
"metavars": {},
"severity": "LOW",
"validation_state": "NO_VALIDATOR"
},
"path": "/Users/user.example/git/company/full-codebase/company/lead-magnet/src/templates/base.html.twig",
"start": {
"col": 1,
"line": 49,
"offset": 1773
}
},
{
"check_id": "rules.sast.dev.generic.internal.detect-cdn-usage-react-express",
"end": {
"col": 203,
"line": 50,
"offset": 2181
},
"extra": {
"engine_kind": "OSS",
"fingerprint": "d30b51e68d2d56fb34e5a87920208e0f18b71dbec62b2ad91d1b55e566c5796c64b1e161d7fd3c0f65834756474c0617c29b7c5bd76b76f14f2d3fc537a664b9_2",
"is_ignored": false,
"lines": "<script src=\"https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js\" integrity=\"sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM\" crossorigin=\"anonymous\"></script>{% block javascripts %}{% endblock %}",
"message": "Potential CDN usage detected. Consider removing or replacing CDN references to comply with GDPR and also avoid supply chain risk",
"metadata": {
"category": "security",
"technology": "cdn"
},
"metavars": {},
"severity": "LOW",
"validation_state": "NO_VALIDATOR"
},
"path": "/Users/user.example/git/company/full-codebase/company/lead-magnet/src/templates/base.html.twig",
"start": {
"col": 1,
"line": 50,
"offset": 1979
}
}
],
"skipped_rules": [],
"version": "1.84.1"
}
6 changes: 6 additions & 0 deletions unittests/tools/test_semgrep_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,12 @@ def test_parse_issue_8435(self):
findings = parser.get_findings(testfile, Test())
self.assertEqual(1, len(findings))

def test_parse_low_medium_high_severity(self):
with open("unittests/scans/semgrep/high-medium-low-severities.json", encoding="utf-8") as testfile:
parser = SemgrepParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(3, len(findings))

def test_parse_sca_deployments_vulns(self):
with open("unittests/scans/semgrep/sca-deployments-vulns.json", encoding="utf-8") as testfile:
parser = SemgrepParser()
Expand Down

0 comments on commit 09500ce

Please sign in to comment.