From 1f4b73329930f10fffe7b74cbf6a5dddf5d42741 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Wed, 18 Oct 2023 11:19:55 +0200 Subject: [PATCH] fix: improve line number reported when datatype detected (#1337) --- .../TestAuxilary-testdata-data-auxilary | 2 +- .../TestSanitizer-testdata-data-sanitizer | 48 ++++----- .../process/settings/policies/common.rego | 2 +- .../flow/TestFlow--different-line.yml | 100 ++++++------------ .../flow/TestFlow--different-line.yml | 2 +- .../flow/TestFlow--assigment-expression.yml | 2 +- .../flow/TestFlow--variable-declarator.yml | 2 +- .../flow/TestFlow--different-line.yml | 2 +- .../flow/TestFlow--different-line.yml | 2 +- ...stRuby--object-variable-reconciliation.yml | 2 +- 10 files changed, 65 insertions(+), 99 deletions(-) diff --git a/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary b/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary index f162b6194..b10b86bce 100644 --- a/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary +++ b/e2e/rules/.snapshots/TestAuxilary-testdata-data-auxilary @@ -16,7 +16,7 @@ high: - [Datadog docs](https://docs.datadoghq.com) - [Scrubbing data](https://docs.datadoghq.com/tracing/configure_data_security/?tab=mongodb#scrub-sensitive-data-from-your-spans) documentation_url: "" - line_number: 3 + line_number: 11 full_filename: e2e/rules/testdata/data/auxilary/unsecure.js filename: unsecure.js data_type: diff --git a/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer b/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer index f454e2970..e3e45d88e 100644 --- a/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer +++ b/e2e/rules/.snapshots/TestSanitizer-testdata-data-sanitizer @@ -6,7 +6,7 @@ critical: title: Test sanitizer description: Test sanitizer documentation_url: "" - line_number: 1 + line_number: 4 full_filename: e2e/rules/testdata/data/sanitizer/sanitizer.rb filename: sanitizer.rb data_type: @@ -17,24 +17,24 @@ critical: - Personal Data source: location: - start: 1 - end: 1 + start: 4 + end: 4 column: - start: 5 - end: 15 + start: 13 + end: 23 sink: location: - start: 5 - end: 5 + start: 4 + end: 4 column: start: 1 - end: 15 - content: log("abc" + x) - parent_line_number: 5 - snippet: log("abc" + x) + end: 24 + content: log("abc" + user.email) + parent_line_number: 4 + snippet: log("abc" + user.email) fingerprint: 6c505050fabde2c4ed17380d19fab254_0 old_fingerprint: d2e829ba86a33c5a52844641617ad8a7_0 - code_extract: log("abc" + x) + code_extract: log("abc" + user.email) - rule: cwe_ids: - "42" @@ -42,7 +42,7 @@ critical: title: Test sanitizer description: Test sanitizer documentation_url: "" - line_number: 4 + line_number: 5 full_filename: e2e/rules/testdata/data/sanitizer/sanitizer.rb filename: sanitizer.rb data_type: @@ -53,24 +53,24 @@ critical: - Personal Data source: location: - start: 4 - end: 4 + start: 1 + end: 1 column: - start: 13 - end: 23 + start: 5 + end: 15 sink: location: - start: 4 - end: 4 + start: 5 + end: 5 column: start: 1 - end: 24 - content: log("abc" + user.email) - parent_line_number: 4 - snippet: log("abc" + user.email) + end: 15 + content: log("abc" + x) + parent_line_number: 5 + snippet: log("abc" + x) fingerprint: 6c505050fabde2c4ed17380d19fab254_1 old_fingerprint: d2e829ba86a33c5a52844641617ad8a7_1 - code_extract: log("abc" + user.email) + code_extract: log("abc" + x) -- diff --git a/internal/commands/process/settings/policies/common.rego b/internal/commands/process/settings/policies/common.rego index 082acc0b6..b3c00d22c 100644 --- a/internal/commands/process/settings/policies/common.rego +++ b/internal/commands/process/settings/policies/common.rego @@ -63,7 +63,7 @@ build_local_item(location, data_type) := { "end": location.end_column_number, }, }, - "line_number": location.start_line_number, + "line_number": location.source.start_line_number, } if { not input.rule.has_detailed_context == true } diff --git a/internal/languages/golang/.snapshots/flow/TestFlow--different-line.yml b/internal/languages/golang/.snapshots/flow/TestFlow--different-line.yml index 9b7db3427..6cfe2193b 100644 --- a/internal/languages/golang/.snapshots/flow/TestFlow--different-line.yml +++ b/internal/languages/golang/.snapshots/flow/TestFlow--different-line.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 20 + line_number: 29 full_filename: different-line.go filename: different-line.go data_type: @@ -16,21 +16,21 @@ high: - Personal Data source: location: - start: 20 - end: 20 + start: 24 + end: 24 column: - start: 3 - end: 7 + start: 10 + end: 19 sink: location: - start: 31 - end: 31 + start: 29 + end: 29 column: start: 2 end: 23 - content: log.Error().Msg(user) - parent_line_number: 31 - snippet: log.Error().Msg(user) + content: log.Error().Msg(name) + parent_line_number: 29 + snippet: log.Error().Msg(name) fingerprint: f8cb961f0fc2f87d026bf9f5db408736_0 old_fingerprint: f8cb961f0fc2f87d026bf9f5db408736_0 - rule: @@ -39,32 +39,32 @@ high: title: "" description: "" documentation_url: "" - line_number: 21 + line_number: 30 full_filename: different-line.go filename: different-line.go data_type: - category_uuid: 94007e1e-57d8-43e8-90f2-246236dc5dde - name: Gender + category_uuid: 14124881-6b92-4fc5-8005-ea7c1c09592e + name: Fullname category_groups: - PII - Personal Data source: location: - start: 21 - end: 21 + start: 26 + end: 26 column: - start: 3 - end: 9 + start: 14 + end: 27 sink: location: - start: 31 - end: 31 + start: 30 + end: 30 column: start: 2 - end: 23 - content: log.Error().Msg(user) - parent_line_number: 31 - snippet: log.Error().Msg(user) + end: 24 + content: log.Error().Msg(other) + parent_line_number: 30 + snippet: log.Error().Msg(other) fingerprint: f8cb961f0fc2f87d026bf9f5db408736_1 old_fingerprint: f8cb961f0fc2f87d026bf9f5db408736_1 - rule: @@ -73,7 +73,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 24 + line_number: 31 full_filename: different-line.go filename: different-line.go data_type: @@ -84,55 +84,21 @@ high: - Personal Data source: location: - start: 24 - end: 24 + start: 20 + end: 20 column: - start: 10 - end: 19 + start: 3 + end: 7 sink: location: - start: 29 - end: 29 + start: 31 + end: 31 column: start: 2 end: 23 - content: log.Error().Msg(name) - parent_line_number: 29 - snippet: log.Error().Msg(name) + content: log.Error().Msg(user) + parent_line_number: 31 + snippet: log.Error().Msg(user) fingerprint: f8cb961f0fc2f87d026bf9f5db408736_2 old_fingerprint: f8cb961f0fc2f87d026bf9f5db408736_2 - - rule: - cwe_ids: [] - id: rule_logger_test - title: "" - description: "" - documentation_url: "" - line_number: 26 - full_filename: different-line.go - filename: different-line.go - data_type: - category_uuid: 14124881-6b92-4fc5-8005-ea7c1c09592e - name: Fullname - category_groups: - - PII - - Personal Data - source: - location: - start: 26 - end: 26 - column: - start: 14 - end: 27 - sink: - location: - start: 30 - end: 30 - column: - start: 2 - end: 24 - content: log.Error().Msg(other) - parent_line_number: 30 - snippet: log.Error().Msg(other) - fingerprint: f8cb961f0fc2f87d026bf9f5db408736_3 - old_fingerprint: f8cb961f0fc2f87d026bf9f5db408736_3 diff --git a/internal/languages/java/.snapshots/flow/TestFlow--different-line.yml b/internal/languages/java/.snapshots/flow/TestFlow--different-line.yml index ca8ef073f..4e59752f6 100644 --- a/internal/languages/java/.snapshots/flow/TestFlow--different-line.yml +++ b/internal/languages/java/.snapshots/flow/TestFlow--different-line.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 2 + line_number: 3 full_filename: different-line.java filename: different-line.java data_type: diff --git a/internal/languages/javascript/.snapshots/flow/TestFlow--assigment-expression.yml b/internal/languages/javascript/.snapshots/flow/TestFlow--assigment-expression.yml index aeb104e95..0a06989ec 100644 --- a/internal/languages/javascript/.snapshots/flow/TestFlow--assigment-expression.yml +++ b/internal/languages/javascript/.snapshots/flow/TestFlow--assigment-expression.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 1 + line_number: 2 full_filename: assigment-expression.js filename: assigment-expression.js data_type: diff --git a/internal/languages/javascript/.snapshots/flow/TestFlow--variable-declarator.yml b/internal/languages/javascript/.snapshots/flow/TestFlow--variable-declarator.yml index a33388a12..a824ac068 100644 --- a/internal/languages/javascript/.snapshots/flow/TestFlow--variable-declarator.yml +++ b/internal/languages/javascript/.snapshots/flow/TestFlow--variable-declarator.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 1 + line_number: 2 full_filename: variable-declarator.js filename: variable-declarator.js data_type: diff --git a/internal/languages/php/.snapshots/flow/TestFlow--different-line.yml b/internal/languages/php/.snapshots/flow/TestFlow--different-line.yml index a214bce0e..3e63b515e 100644 --- a/internal/languages/php/.snapshots/flow/TestFlow--different-line.yml +++ b/internal/languages/php/.snapshots/flow/TestFlow--different-line.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 3 + line_number: 4 full_filename: different-line.php filename: different-line.php data_type: diff --git a/internal/languages/python/.snapshots/flow/TestFlow--different-line.yml b/internal/languages/python/.snapshots/flow/TestFlow--different-line.yml index 4b058e325..510eaed45 100644 --- a/internal/languages/python/.snapshots/flow/TestFlow--different-line.yml +++ b/internal/languages/python/.snapshots/flow/TestFlow--different-line.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 2 + line_number: 3 full_filename: different-line.py filename: different-line.py data_type: diff --git a/internal/languages/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml b/internal/languages/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml index 38b3095b3..adfb653d3 100644 --- a/internal/languages/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml +++ b/internal/languages/ruby/.snapshots/TestRuby--object-variable-reconciliation.yml @@ -5,7 +5,7 @@ high: title: "" description: "" documentation_url: "" - line_number: 1 + line_number: 2 full_filename: object-variable-reconciliation.rb filename: object-variable-reconciliation.rb data_type: