From 66cf6d3bc1edf686c4284930eb69935c5f3e6780 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Tue, 5 Mar 2024 11:10:51 -0800 Subject: [PATCH] Add security-severity property to sarif rules In order for GitHub to render a High, Medium, Low for results it requires the security-severity to be set. This also means each rule needs a default level specific to it to be set. Before it was defaulting to warning, but now will default to the minimum possible value of level in results. Signed-off-by: Eric Brown --- precli/core/level.py | 20 +++++++++++++++++++ precli/renderers/json.py | 7 +++++-- precli/rules/go/stdlib/crypto_weak_cipher.py | 3 ++- precli/rules/go/stdlib/crypto_weak_hash.py | 4 ++-- .../rules/python/stdlib/hashlib_weak_hash.py | 5 ++--- .../rules/python/stdlib/hmac_timing_attack.py | 3 ++- precli/rules/python/stdlib/hmac_weak_hash.py | 4 ++-- precli/rules/python/stdlib/http_url_secret.py | 3 ++- .../rules/python/stdlib/imaplib_cleartext.py | 3 ++- .../rules/python/stdlib/nntplib_cleartext.py | 3 ++- .../rules/python/stdlib/poplib_cleartext.py | 3 ++- .../rules/python/stdlib/smtplib_cleartext.py | 3 ++- .../python/stdlib/ssl_insecure_tls_version.py | 5 ++--- .../python/stdlib/telnetlib_cleartext.py | 3 ++- .../go/stdlib/test_crypto_weak_cipher.py | 2 +- .../rules/go/stdlib/test_crypto_weak_hash.py | 2 +- .../python/stdlib/test_hashlib_weak_hash.py | 2 +- .../python/stdlib/test_hmac_timing_attack.py | 2 +- .../python/stdlib/test_hmac_weak_hash.py | 2 +- .../python/stdlib/test_http_url_secret.py | 2 +- .../python/stdlib/test_imaplib_cleartext.py | 2 +- .../python/stdlib/test_nntplib_cleartext.py | 2 +- .../python/stdlib/test_poplib_cleartext.py | 2 +- .../python/stdlib/test_smtplib_cleartext.py | 2 +- .../stdlib/test_ssl_context_tls_version.py | 2 +- ..._ssl_get_server_certificate_tls_version.py | 2 +- .../test_ssl_wrap_socket_tls_version.py | 2 +- .../python/stdlib/test_telnetlib_cleartext.py | 2 +- 28 files changed, 63 insertions(+), 34 deletions(-) diff --git a/precli/core/level.py b/precli/core/level.py index 029600f8..f194637a 100644 --- a/precli/core/level.py +++ b/precli/core/level.py @@ -23,3 +23,23 @@ class Level(str, enum.Enum): WARNING = "warning" NOTE = "note" NONE = "none" + + def to_severity(self) -> float: + """ + Returns a security severity value. + + Code scanning translates numerical scores as follows: + over 9.0 is critical, 7.0 to 8.9 is high, 4.0 to 6.9 is medium and + 3.9 or less is low. + + :return: severity as float + :rtype: float + """ + if self.value == self.ERROR: + return 8.0 + elif self.value == self.WARNING: + return 5.0 + elif self.value == self.NOTE: + return 3.0 + else: + return 0.0 diff --git a/precli/renderers/json.py b/precli/renderers/json.py index 918820d1..dae7ba12 100644 --- a/precli/renderers/json.py +++ b/precli/renderers/json.py @@ -13,6 +13,7 @@ SCHEMA_URI = "https://json.schemastore.org/sarif-2.1.0.json" +SCHEMA_VER = "2.1.0" TS_FORMAT = "%Y-%m-%dT%H:%M:%SZ" @@ -72,6 +73,9 @@ def create_rule_array(self, run: Run): "security", f"external/cwe/cwe-{rule.cwe.cwe_id}", ], + "security-severity": ( + rule.default_config.level.to_severity() + ), }, ) rules.append(reporting_descriptor) @@ -91,14 +95,13 @@ def create_tool_component(self, run: Run): short_description=sarif_om.MultiformatMessageString( text=run.tool.short_description ), - version=run.tool.version, rules=self.create_rule_array(run), ) def render(self, run: Run): log = sarif_om.SarifLog( schema_uri=SCHEMA_URI, - version="2.1.0", + version=SCHEMA_URI, runs=[ sarif_om.Run( tool=sarif_om.Tool(driver=self.create_tool_component(run)), diff --git a/precli/rules/go/stdlib/crypto_weak_cipher.py b/precli/rules/go/stdlib/crypto_weak_cipher.py index aaa73ab0..80575681 100644 --- a/precli/rules/go/stdlib/crypto_weak_cipher.py +++ b/precli/rules/go/stdlib/crypto_weak_cipher.py @@ -126,6 +126,7 @@ .. versionadded:: 0.2.1 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -143,6 +144,7 @@ def __init__(self, id: str): "known vulnerabilities and weaknesses.", targets=("call"), wildcards={}, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -163,7 +165,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.function_node), - level=Level.ERROR, message=self.message.format(call.name), fixes=fixes, ) diff --git a/precli/rules/go/stdlib/crypto_weak_hash.py b/precli/rules/go/stdlib/crypto_weak_hash.py index 5b8eb71f..497d14ab 100644 --- a/precli/rules/go/stdlib/crypto_weak_hash.py +++ b/precli/rules/go/stdlib/crypto_weak_hash.py @@ -76,6 +76,7 @@ .. versionadded:: 0.2.1 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -93,6 +94,7 @@ def __init__(self, id: str): "expectations.", targets=("call"), wildcards={}, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -111,7 +113,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.function_node), - level=Level.ERROR, message=self.message.format(call.name_qualified), fixes=fixes, ) @@ -128,7 +129,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.function_node), - level=Level.ERROR, message=self.message.format(call.name_qualified), fixes=fixes, ) diff --git a/precli/rules/python/stdlib/hashlib_weak_hash.py b/precli/rules/python/stdlib/hashlib_weak_hash.py index 98d50b86..8b6dfbbf 100644 --- a/precli/rules/python/stdlib/hashlib_weak_hash.py +++ b/precli/rules/python/stdlib/hashlib_weak_hash.py @@ -89,6 +89,7 @@ """ # noqa: E501 from precli.core.argument import Argument +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -117,6 +118,7 @@ def __init__(self, id: str): "sha1", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -144,7 +146,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.function_node), - level=Level.ERROR, message=self.message.format(call.name_qualified), ) elif call.name_qualified in ["hashlib.pbkdf2_hmac"]: @@ -163,7 +164,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.function_node), - level=Level.ERROR, message=self.message.format(hash_name), ) elif call.name_qualified in ["hashlib.new"]: @@ -181,6 +181,5 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.function_node), - level=Level.ERROR, message=self.message.format(name), ) diff --git a/precli/rules/python/stdlib/hmac_timing_attack.py b/precli/rules/python/stdlib/hmac_timing_attack.py index f49ba4dd..50767c42 100644 --- a/precli/rules/python/stdlib/hmac_timing_attack.py +++ b/precli/rules/python/stdlib/hmac_timing_attack.py @@ -82,6 +82,7 @@ .. versionadded:: 0.1.4 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -116,6 +117,7 @@ def __init__(self, id: str): "HMAC.hexdigest", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -139,7 +141,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=comparison.operator_node), - level=Level.ERROR, message=self.message.format(comparison.operator), fixes=fixes, ) diff --git a/precli/rules/python/stdlib/hmac_weak_hash.py b/precli/rules/python/stdlib/hmac_weak_hash.py index e8b31d6a..33a5cdde 100644 --- a/precli/rules/python/stdlib/hmac_weak_hash.py +++ b/precli/rules/python/stdlib/hmac_weak_hash.py @@ -78,6 +78,7 @@ .. versionadded:: 0.1.0 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -110,6 +111,7 @@ def __init__(self, id: str): "digest", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -128,7 +130,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=argument.node), - level=Level.ERROR, message=self.message.format(digestmod), ) elif call.name_qualified in ["hmac.digest"]: @@ -144,6 +145,5 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=argument.node), - level=Level.ERROR, message=self.message.format(digest), ) diff --git a/precli/rules/python/stdlib/http_url_secret.py b/precli/rules/python/stdlib/http_url_secret.py index 83586ea7..729de41b 100644 --- a/precli/rules/python/stdlib/http_url_secret.py +++ b/precli/rules/python/stdlib/http_url_secret.py @@ -64,6 +64,7 @@ from urllib.parse import parse_qs from urllib.parse import urlsplit +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -88,6 +89,7 @@ def __init__(self, id: str): "HTTPSConnection", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -109,5 +111,4 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=argument.node), - level=Level.ERROR, ) diff --git a/precli/rules/python/stdlib/imaplib_cleartext.py b/precli/rules/python/stdlib/imaplib_cleartext.py index 94e9b400..02ffd524 100644 --- a/precli/rules/python/stdlib/imaplib_cleartext.py +++ b/precli/rules/python/stdlib/imaplib_cleartext.py @@ -73,6 +73,7 @@ .. versionadded:: 0.1.9 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -94,6 +95,7 @@ def __init__(self, id: str): "IMAP4", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -121,7 +123,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.identifier_node), - level=Level.ERROR, message=f"The '{call.name_qualified}' function will " f"transmit authentication information such as a user, " "password in cleartext.", diff --git a/precli/rules/python/stdlib/nntplib_cleartext.py b/precli/rules/python/stdlib/nntplib_cleartext.py index f015e02a..9cfa648f 100644 --- a/precli/rules/python/stdlib/nntplib_cleartext.py +++ b/precli/rules/python/stdlib/nntplib_cleartext.py @@ -57,6 +57,7 @@ .. versionadded:: 0.1.9 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -78,6 +79,7 @@ def __init__(self, id: str): "NNTP", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -101,7 +103,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.identifier_node), - level=Level.ERROR, message=f"The '{call.name_qualified}' function will " f"transmit authentication information such as a user, " "password in cleartext.", diff --git a/precli/rules/python/stdlib/poplib_cleartext.py b/precli/rules/python/stdlib/poplib_cleartext.py index 946ee5d6..f6f872f2 100644 --- a/precli/rules/python/stdlib/poplib_cleartext.py +++ b/precli/rules/python/stdlib/poplib_cleartext.py @@ -69,6 +69,7 @@ .. versionadded:: 0.1.9 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -90,6 +91,7 @@ def __init__(self, id: str): "POP3", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -118,7 +120,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.identifier_node), - level=Level.ERROR, message=f"The '{call.name_qualified}' function will " f"transmit authentication information such as a user, " "password in cleartext.", diff --git a/precli/rules/python/stdlib/smtplib_cleartext.py b/precli/rules/python/stdlib/smtplib_cleartext.py index 78f7d384..5c92d16b 100644 --- a/precli/rules/python/stdlib/smtplib_cleartext.py +++ b/precli/rules/python/stdlib/smtplib_cleartext.py @@ -102,6 +102,7 @@ def prompt(prompt): .. versionadded:: 0.1.9 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -123,6 +124,7 @@ def __init__(self, id: str): "SMTP", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -149,7 +151,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.identifier_node), - level=Level.ERROR, message=f"The '{call.name_qualified}' function will " f"transmit authentication information such as a user, " "password in cleartext.", diff --git a/precli/rules/python/stdlib/ssl_insecure_tls_version.py b/precli/rules/python/stdlib/ssl_insecure_tls_version.py index 146f138e..a8fb451e 100644 --- a/precli/rules/python/stdlib/ssl_insecure_tls_version.py +++ b/precli/rules/python/stdlib/ssl_insecure_tls_version.py @@ -77,6 +77,7 @@ """ # noqa: E501 from precli.core.argument import Argument +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -100,6 +101,7 @@ def __init__(self, id: str): cwe_id=326, message="The '{0}' protocol has insufficient encryption strength.", targets=("call"), + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -129,7 +131,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=argument.identifier_node), - level=Level.ERROR, message=self.message.format(version), fixes=fixes, ) @@ -169,7 +170,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=argument.identifier_node), - level=Level.ERROR, message=self.message.format(version), fixes=fixes, ) @@ -196,7 +196,6 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=argument.identifier_node), - level=Level.ERROR, message=self.message.format(protocol), fixes=fixes, ) diff --git a/precli/rules/python/stdlib/telnetlib_cleartext.py b/precli/rules/python/stdlib/telnetlib_cleartext.py index b0daed07..39877ef1 100644 --- a/precli/rules/python/stdlib/telnetlib_cleartext.py +++ b/precli/rules/python/stdlib/telnetlib_cleartext.py @@ -113,6 +113,7 @@ .. versionadded:: 0.1.0 """ # noqa: E501 +from precli.core.config import Config from precli.core.level import Level from precli.core.location import Location from precli.core.result import Result @@ -134,6 +135,7 @@ def __init__(self, id: str): "Telnet", ] }, + config=Config(level=Level.ERROR), ) def analyze(self, context: dict, **kwargs: dict) -> Result: @@ -143,6 +145,5 @@ def analyze(self, context: dict, **kwargs: dict) -> Result: return Result( rule_id=self.id, location=Location(node=call.function_node), - level=Level.ERROR, message=self.message.format(call.name_qualified), ) diff --git a/tests/unit/rules/go/stdlib/test_crypto_weak_cipher.py b/tests/unit/rules/go/stdlib/test_crypto_weak_cipher.py index cbb4406c..3cc8bb53 100644 --- a/tests/unit/rules/go/stdlib/test_crypto_weak_cipher.py +++ b/tests/unit/rules/go/stdlib/test_crypto_weak_cipher.py @@ -33,7 +33,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("327", rule.cwe.cwe_id) diff --git a/tests/unit/rules/go/stdlib/test_crypto_weak_hash.py b/tests/unit/rules/go/stdlib/test_crypto_weak_hash.py index 7db12eda..95afa350 100644 --- a/tests/unit/rules/go/stdlib/test_crypto_weak_hash.py +++ b/tests/unit/rules/go/stdlib/test_crypto_weak_hash.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("328", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_hashlib_weak_hash.py b/tests/unit/rules/python/stdlib/test_hashlib_weak_hash.py index c2295b97..d214effa 100644 --- a/tests/unit/rules/python/stdlib/test_hashlib_weak_hash.py +++ b/tests/unit/rules/python/stdlib/test_hashlib_weak_hash.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("328", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_hmac_timing_attack.py b/tests/unit/rules/python/stdlib/test_hmac_timing_attack.py index 8c316f7d..d5eec2cc 100644 --- a/tests/unit/rules/python/stdlib/test_hmac_timing_attack.py +++ b/tests/unit/rules/python/stdlib/test_hmac_timing_attack.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("208", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_hmac_weak_hash.py b/tests/unit/rules/python/stdlib/test_hmac_weak_hash.py index 68b0b251..4bced4cb 100644 --- a/tests/unit/rules/python/stdlib/test_hmac_weak_hash.py +++ b/tests/unit/rules/python/stdlib/test_hmac_weak_hash.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("328", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_http_url_secret.py b/tests/unit/rules/python/stdlib/test_http_url_secret.py index 5dad29fb..cc0d547b 100644 --- a/tests/unit/rules/python/stdlib/test_http_url_secret.py +++ b/tests/unit/rules/python/stdlib/test_http_url_secret.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("598", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_imaplib_cleartext.py b/tests/unit/rules/python/stdlib/test_imaplib_cleartext.py index 911c24a7..6551cc1d 100644 --- a/tests/unit/rules/python/stdlib/test_imaplib_cleartext.py +++ b/tests/unit/rules/python/stdlib/test_imaplib_cleartext.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("319", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_nntplib_cleartext.py b/tests/unit/rules/python/stdlib/test_nntplib_cleartext.py index 3ce91085..084d5154 100644 --- a/tests/unit/rules/python/stdlib/test_nntplib_cleartext.py +++ b/tests/unit/rules/python/stdlib/test_nntplib_cleartext.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("319", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_poplib_cleartext.py b/tests/unit/rules/python/stdlib/test_poplib_cleartext.py index 9f07ac9b..32e33dc8 100644 --- a/tests/unit/rules/python/stdlib/test_poplib_cleartext.py +++ b/tests/unit/rules/python/stdlib/test_poplib_cleartext.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("319", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_smtplib_cleartext.py b/tests/unit/rules/python/stdlib/test_smtplib_cleartext.py index b3b9364a..a56315d8 100644 --- a/tests/unit/rules/python/stdlib/test_smtplib_cleartext.py +++ b/tests/unit/rules/python/stdlib/test_smtplib_cleartext.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("319", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_ssl_context_tls_version.py b/tests/unit/rules/python/stdlib/test_ssl_context_tls_version.py index cc4ffcb0..cb3b4cae 100644 --- a/tests/unit/rules/python/stdlib/test_ssl_context_tls_version.py +++ b/tests/unit/rules/python/stdlib/test_ssl_context_tls_version.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("326", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_ssl_get_server_certificate_tls_version.py b/tests/unit/rules/python/stdlib/test_ssl_get_server_certificate_tls_version.py index d6180608..6929161a 100644 --- a/tests/unit/rules/python/stdlib/test_ssl_get_server_certificate_tls_version.py +++ b/tests/unit/rules/python/stdlib/test_ssl_get_server_certificate_tls_version.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("326", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_ssl_wrap_socket_tls_version.py b/tests/unit/rules/python/stdlib/test_ssl_wrap_socket_tls_version.py index a860a654..1ba6ddcb 100644 --- a/tests/unit/rules/python/stdlib/test_ssl_wrap_socket_tls_version.py +++ b/tests/unit/rules/python/stdlib/test_ssl_wrap_socket_tls_version.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("326", rule.cwe.cwe_id) diff --git a/tests/unit/rules/python/stdlib/test_telnetlib_cleartext.py b/tests/unit/rules/python/stdlib/test_telnetlib_cleartext.py index fedfcaa8..231c6c6f 100644 --- a/tests/unit/rules/python/stdlib/test_telnetlib_cleartext.py +++ b/tests/unit/rules/python/stdlib/test_telnetlib_cleartext.py @@ -31,7 +31,7 @@ def test_rule_meta(self): f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url ) self.assertEqual(True, rule.default_config.enabled) - self.assertEqual(Level.WARNING, rule.default_config.level) + self.assertEqual(Level.ERROR, rule.default_config.level) self.assertEqual(-1.0, rule.default_config.rank) self.assertEqual("319", rule.cwe.cwe_id)