Bearer · cfabianski · Oct 19, 2023 · Oct 18, 2023
diff --git a/tests/go/lang/logger/__snapshots__/test.js.snap b/tests/go/lang/logger/__snapshots__/test.js.snap
@@ -12,7 +12,7 @@ exports[`go_lang_logger bad 1`] = `
       "title": "Sensitive data in a logger message detected.",
       "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger",
-      "line_number": 20,
+      "line_number": 27,
       "full_filename": "/tmp/bearer-scan/bad.go",
       "filename": ".",
       "data_type": {
@@ -24,27 +24,27 @@ exports[`go_lang_logger bad 1`] = `
         "Personal Data"
       ],
       "source": {
-        "start": 20,
-        "end": 20,
+        "start": 24,
+        "end": 24,
         "column": {
-          "start": 3,
-          "end": 7
+          "start": 10,
+          "end": 19
         }
       },
       "sink": {
-        "start": 29,
-        "end": 29,
+        "start": 27,
+        "end": 27,
         "column": {
           "start": 2,
           "end": 23
         },
-        "content": "log.Error().Msg(user)"
+        "content": "log.Error().Msg(name)"
       },
-      "parent_line_number": 29,
-      "snippet": "log.Error().Msg(user)",
+      "parent_line_number": 27,
+      "snippet": "log.Error().Msg(name)",
       "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_0",
       "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_0",
-      "code_extract": "\\tlog.Error().Msg(user)  // expect detection"
+      "code_extract": "\\tlog.Error().Msg(name)  // expect detection"
     },
     {
       "cwe_ids": [
@@ -55,39 +55,39 @@ exports[`go_lang_logger bad 1`] = `
       "title": "Sensitive data in a logger message detected.",
       "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger",
-      "line_number": 21,
+      "line_number": 28,
       "full_filename": "/tmp/bearer-scan/bad.go",
       "filename": ".",
       "data_type": {
-        "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde",
-        "name": "Gender"
+        "category_uuid": "14124881-6b92-4fc5-8005-ea7c1c09592e",
+        "name": "Fullname"
       },
       "category_groups": [
         "PII",
         "Personal Data"
       ],
       "source": {
-        "start": 21,
-        "end": 21,
+        "start": 25,
+        "end": 25,
         "column": {
-          "start": 3,
-          "end": 9
+          "start": 14,
+          "end": 27
         }
       },
       "sink": {
-        "start": 29,
-        "end": 29,
+        "start": 28,
+        "end": 28,
         "column": {
           "start": 2,
-          "end": 23
+          "end": 24
         },
-        "content": "log.Error().Msg(user)"
+        "content": "log.Error().Msg(other)"
       },
-      "parent_line_number": 29,
-      "snippet": "log.Error().Msg(user)",
+      "parent_line_number": 28,
+      "snippet": "log.Error().Msg(other)",
       "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_1",
       "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_1",
-      "code_extract": "\\tlog.Error().Msg(user)  // expect detection"
+      "code_extract": "\\tlog.Error().Msg(other) // expect detection"
     },
     {
       "cwe_ids": [
@@ -98,7 +98,7 @@ exports[`go_lang_logger bad 1`] = `
       "title": "Sensitive data in a logger message detected.",
       "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger",
-      "line_number": 24,
+      "line_number": 29,
       "full_filename": "/tmp/bearer-scan/bad.go",
       "filename": ".",
       "data_type": {
@@ -110,70 +110,27 @@ exports[`go_lang_logger bad 1`] = `
         "Personal Data"
       ],
       "source": {
-        "start": 24,
-        "end": 24,
+        "start": 20,
+        "end": 20,
         "column": {
-          "start": 10,
-          "end": 19
+          "start": 3,
+          "end": 7
         }
       },
       "sink": {
-        "start": 27,
-        "end": 27,
+        "start": 29,
+        "end": 29,
         "column": {
           "start": 2,
           "end": 23
         },
-        "content": "log.Error().Msg(name)"
+        "content": "log.Error().Msg(user)"
       },
-      "parent_line_number": 27,
-      "snippet": "log.Error().Msg(name)",
+      "parent_line_number": 29,
+      "snippet": "log.Error().Msg(user)",
       "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_2",
       "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_2",
-      "code_extract": "\\tlog.Error().Msg(name)  // expect detection"
-    },
-    {
-      "cwe_ids": [
-        "209",
-        "532"
-      ],
-      "id": "go_lang_logger",
-      "title": "Sensitive data in a logger message detected.",
-      "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n",
-      "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger",
-      "line_number": 25,
-      "full_filename": "/tmp/bearer-scan/bad.go",
-      "filename": ".",
-      "data_type": {
-        "category_uuid": "14124881-6b92-4fc5-8005-ea7c1c09592e",
-        "name": "Fullname"
-      },
-      "category_groups": [
-        "PII",
-        "Personal Data"
-      ],
-      "source": {
-        "start": 25,
-        "end": 25,
-        "column": {
-          "start": 14,
-          "end": 27
-        }
-      },
-      "sink": {
-        "start": 28,
-        "end": 28,
-        "column": {
-          "start": 2,
-          "end": 24
-        },
-        "content": "log.Error().Msg(other)"
-      },
-      "parent_line_number": 28,
-      "snippet": "log.Error().Msg(other)",
-      "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_3",
-      "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_3",
-      "code_extract": "\\tlog.Error().Msg(other) // expect detection"
+      "code_extract": "\\tlog.Error().Msg(user)  // expect detection"
     }
   ]
 }"

diff --git a/tests/go/lang/weak_hash_md5/__snapshots__/test.js.snap b/tests/go/lang/weak_hash_md5/__snapshots__/test.js.snap
@@ -55,7 +55,7 @@ exports[`go_lang_weak_hash_md5 bad 1`] = `
       "title": "Weak hashing library (MD5) detected.",
       "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`go\\nmd5.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_hash_md5",
-      "line_number": 18,
+      "line_number": 19,
       "full_filename": "/tmp/bearer-scan/bad.go",
       "filename": ".",
       "data_type": {

diff --git a/tests/go/lang/weak_hash_sha1/__snapshots__/test.js.snap b/tests/go/lang/weak_hash_sha1/__snapshots__/test.js.snap
@@ -55,7 +55,7 @@ exports[`go_lang_weak_hash_sha1 bad 1`] = `
       "title": "Weak hashing library (SHA1) detected.",
       "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`go\\nsha1.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_hash_sha1",
-      "line_number": 17,
+      "line_number": 18,
       "full_filename": "/tmp/bearer-scan/bad.go",
       "filename": ".",
       "data_type": {

diff --git a/tests/go/lang/weak_password_encryption_md5/__snapshots__/test.js.snap b/tests/go/lang/weak_password_encryption_md5/__snapshots__/test.js.snap
@@ -55,7 +55,7 @@ exports[`go_lang_weak_password_encryption_md5 bad 1`] = `
       "title": "Weak password encryption algorithm (MD5) used for password detected.",
       "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Do not use encryption for passwords, wherever possible:\\n\\n\`\`\`go\\nmd5.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_md5",
-      "line_number": 16,
+      "line_number": 17,
       "full_filename": "/tmp/bearer-scan/bad.go",
       "filename": ".",
       "data_type": {

diff --git a/tests/go/lang/weak_password_encryption_sha1/__snapshots__/test.js.snap b/tests/go/lang/weak_password_encryption_sha1/__snapshots__/test.js.snap
@@ -55,7 +55,7 @@ exports[`go_lang_weak_password_encryption_sha1 bad 1`] = `
       "title": "Weak password encryption algorithm (SHA1) used for password detected.",
       "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Do not use encryption for passwords, wherever possible:\\n\\n\`\`\`go\\nsha1.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_sha1",
-      "line_number": 16,
+      "line_number": 17,
       "full_filename": "/tmp/bearer-scan/bad.go",
       "filename": ".",
       "data_type": {

diff --git a/tests/javascript/lang/exception/__snapshots__/test.js.snap b/tests/javascript/lang/exception/__snapshots__/test.js.snap
@@ -60,7 +60,7 @@ exports[`javascript_lang_exception reject 1`] = `
       "title": "Sensitive data in a exception message detected.",
       "description": "## Description\\n\\nLeaking sensitive data to an exception is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to exceptions.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in exception messages:\\n\\n\`\`\`javascript\\nthrow new CustomError(\`Error with \${user.email}\`)\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`javascript\\nthrow new CustomError(\`Error with \${user.uuid}\`)\\n\`\`\`\\n<!--\\n## Resources\\nComing soon.\\n-->\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/javascript_lang_exception",
-      "line_number": 5,
+      "line_number": 7,
       "full_filename": "/tmp/bearer-scan/reject.js",
       "filename": ".",
       "data_type": {
@@ -102,7 +102,7 @@ exports[`javascript_lang_exception reject 1`] = `
       "title": "Sensitive data in a exception message detected.",
       "description": "## Description\\n\\nLeaking sensitive data to an exception is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to exceptions.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in exception messages:\\n\\n\`\`\`javascript\\nthrow new CustomError(\`Error with \${user.email}\`)\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`javascript\\nthrow new CustomError(\`Error with \${user.uuid}\`)\\n\`\`\`\\n<!--\\n## Resources\\nComing soon.\\n-->\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/javascript_lang_exception",
-      "line_number": 14,
+      "line_number": 16,
       "full_filename": "/tmp/bearer-scan/reject.js",
       "filename": ".",
       "data_type": {

diff --git a/tests/javascript/lang/file_generation/__snapshots__/test.js.snap b/tests/javascript/lang/file_generation/__snapshots__/test.js.snap
@@ -11,91 +11,7 @@ exports[`javascript_lang_file_generation file_generation 1`] = `
       "title": "Sensitive data detected as part of a dynamic file generation.",
       "description": "## Description\\n\\nIt is not uncommon to generate logs, backups, or data exports to static file formats. This rule checks if code exists to write sensitive data to static files.\\n\\n## Remediations\\n\\nAvoid writing sensitive data to logs, backups, or exports whenever possible. Instead obfuscate and/or filter the data to exclude sensitive information.\\n\\n<!--\\n## Resources\\nComing soon.\\n-->\\n",
       "documentation_url": "https://docs.bearer.com/reference/rules/javascript_lang_file_generation",
-      "line_number": 7,
-      "full_filename": "/tmp/bearer-scan/file_generation.js",
-      "filename": ".",
-      "data_type": {
-        "category_uuid": "14124881-6b92-4fc5-8005-ea7c1c09592e",
-        "name": "Firstname"
-      },
-      "category_groups": [
-        "PII",
-        "Personal Data"
-      ],
-      "source": {
-        "start": 7,
-        "end": 7,
-        "column": {
-          "start": 35,
-          "end": 49
-        }
-      },
-      "sink": {
-        "start": 15,
-        "end": 18,
-        "column": {
-          "start": 1,
-          "end": 3
-        },
-        "content": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})"
-      },
-      "parent_line_number": 15,
-      "snippet": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})",
-      "fingerprint": "7162a96ee591e4689c1fa24bfcc02fd5_0",
-      "old_fingerprint": "e07392ef7687a29685f9b9f7fd673469_0",
-      "code_extract": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})"
-    },
-    {
-      "cwe_ids": [
-        "313"
-      ],
-      "id": "javascript_lang_file_generation",
-      "title": "Sensitive data detected as part of a dynamic file generation.",
-      "description": "## Description\\n\\nIt is not uncommon to generate logs, backups, or data exports to static file formats. This rule checks if code exists to write sensitive data to static files.\\n\\n## Remediations\\n\\nAvoid writing sensitive data to logs, backups, or exports whenever possible. Instead obfuscate and/or filter the data to exclude sensitive information.\\n\\n<!--\\n## Resources\\nComing soon.\\n-->\\n",
-      "documentation_url": "https://docs.bearer.com/reference/rules/javascript_lang_file_generation",
-      "line_number": 9,
-      "full_filename": "/tmp/bearer-scan/file_generation.js",
-      "filename": ".",
-      "data_type": {
-        "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b",
-        "name": "Email Address"
-      },
-      "category_groups": [
-        "PII",
-        "Personal Data"
-      ],
-      "source": {
-        "start": 9,
-        "end": 9,
-        "column": {
-          "start": 10,
-          "end": 20
-        }
-      },
-      "sink": {
-        "start": 15,
-        "end": 18,
-        "column": {
-          "start": 1,
-          "end": 3
-        },
-        "content": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})"
-      },
-      "parent_line_number": 15,
-      "snippet": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})",
-      "fingerprint": "7162a96ee591e4689c1fa24bfcc02fd5_2",
-      "old_fingerprint": "e07392ef7687a29685f9b9f7fd673469_2",
-      "code_extract": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})"
-    },
-    {
-      "cwe_ids": [
-        "313"
-      ],
-      "id": "javascript_lang_file_generation",
-      "title": "Sensitive data detected as part of a dynamic file generation.",
-      "description": "## Description\\n\\nIt is not uncommon to generate logs, backups, or data exports to static file formats. This rule checks if code exists to write sensitive data to static files.\\n\\n## Remediations\\n\\nAvoid writing sensitive data to logs, backups, or exports whenever possible. Instead obfuscate and/or filter the data to exclude sensitive information.\\n\\n<!--\\n## Resources\\nComing soon.\\n-->\\n",
-      "documentation_url": "https://docs.bearer.com/reference/rules/javascript_lang_file_generation",
-      "line_number": 10,
+      "line_number": 15,
       "full_filename": "/tmp/bearer-scan/file_generation.js",
       "filename": ".",
       "data_type": {
@@ -125,8 +41,8 @@ exports[`javascript_lang_file_generation file_generation 1`] = `
       },
       "parent_line_number": 15,
       "snippet": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})",
-      "fingerprint": "7162a96ee591e4689c1fa24bfcc02fd5_3",
-      "old_fingerprint": "e07392ef7687a29685f9b9f7fd673469_3",
+      "fingerprint": "7162a96ee591e4689c1fa24bfcc02fd5_0",
+      "old_fingerprint": "e07392ef7687a29685f9b9f7fd673469_0",
       "code_extract": "fs.writeFile(\\"data.csv\\", JSON.stringify(users), \\"utf-8\\", (err) => {\\n  if (err) console.log(err)\\n  else console.log(\\"Data saved\\")\\n})"
     }
   ]