Skip to content

Commit

Permalink
Update severity levels
Browse files Browse the repository at this point in the history
  • Loading branch information
@adeptex
adeptex committed Sep 5, 2023
1 parent 57ef43b commit f46052d
Show file tree
Hide file tree
Showing 19 changed files with 140 additions and 140 deletions.
68 changes: 34 additions & 34 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,9 @@ whispers dir/or/file | jq '.[].value'

# Custom usage:
# - only check 'keys' rule group
# - with CRITICAL or HIGH severity
# - with Critical or High severity
# - everywhere in target/dir except for .log & .raw files (regex)
whispers -g keys -s CRITICAL,HIGH -F '.*\.(log|raw)' target/dir
whispers -g keys -s Critical,High -F '.*\.(log|raw)' target/dir
```

```bash
Expand Down Expand Up @@ -111,11 +111,11 @@ whispers --xgroups files dir/or/file
```

```bash
# Include only CRITICAL & HIGH severity
whispers --severity CRITICAL,HIGH dir/or/file
# Include only Critical & High severity
whispers --severity Critical,High dir/or/file

# Exclude all LOW severity
whispers --xseverity LOW dir/or/file
# Exclude all Low severity
whispers --xseverity Low dir/or/file
```

```bash
Expand All @@ -132,7 +132,7 @@ whispers --xfiles '.*\.(log|cfg)' dir/or/file
```py
import whispers

args = "-c whispers/config.yml -R file-known -S INFO tests/fixtures"
args = "-c whispers/config.yml -R file-known -S Info tests/fixtures"

for secret in whispers.secrets(args):
print(f"[{secret.file}:{secret.line}] {secret.key} = {secret.value}")
Expand Down Expand Up @@ -180,7 +180,7 @@ include:
files:
- "**/*.npmrc"
severity:
- HIGH
- High

exclude:
values:
Expand All @@ -199,16 +199,16 @@ include:
- uri
- id: starks # inline rule
message: Whispers from the North
severity: CRITICAL
severity: Critical
value:
regex: (Aria|Ned) Stark
ignorecase: True
groups:
- keys
severity:
- CRITICAL
- HIGH
- MEDIUM
- Critical
- High
- Medium

exclude:
files:
Expand Down Expand Up @@ -238,27 +238,27 @@ Simple filtering based on rules and severity can also be done with CLI arguments

| Group | Rule ID | Severity |
|----------------------|----------------------|-----------------|
| files | file-known | LOW |
| infra | dockercfg | HIGH |
| infra | htpasswd | MEDIUM |
| infra | npmrc | HIGH |
| infra | pip | HIGH |
| infra | pypirc | HIGH |
| keys | apikey | MEDIUM |
| keys | apikey-known | HIGH |
| keys | apikey-maybe | LOW |
| keys | aws-id | CRITICAL |
| keys | aws-secret | CRITICAL |
| keys | aws-token | CRITICAL |
| keys | privatekey | HIGH |
| misc | comment | INFO |
| misc | creditcard | LOW |
| misc | secret | LOW |
| misc | webhook | LOW |
| passwords | password | HIGH |
| passwords | uri | HIGH |
| python | cors | LOW |
| python | system | LOW |
| files | file-known | Low |
| infra | dockercfg | High |
| infra | htpasswd | Medium |
| infra | npmrc | High |
| infra | pip | High |
| infra | pypirc | High |
| keys | apikey | Medium |
| keys | apikey-known | High |
| keys | apikey-maybe | Low |
| keys | aws-id | Critical |
| keys | aws-secret | Critical |
| keys | aws-token | Critical |
| keys | privatekey | High |
| misc | comment | Info |
| misc | creditcard | Low |
| misc | secret | Low |
| misc | webhook | Low |
| passwords | password | High |
| passwords | uri | High |
| python | cors | Low |
| python | system | Low |


### Custom rules
Expand All @@ -276,7 +276,7 @@ Rules specify the actual things that should be pulled out from key-value pairs.
group: rule-group # rule group name
description: Values formatted like AWS Session Token
message: AWS Session Token # report will show this message
severity: CRITICAL # one of CRITICAL, HIGH, MEDIUM, LOW, INFO
severity: Critical # one of Critical, High, Medium, Low, Info

key: # specify key format
regex: (aws.?session.?token)?
Expand Down
10 changes: 5 additions & 5 deletions RELEASE_NOTES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ Severity level names have been adapted to a more common format:

| Version 2.1 (before) | Version 2.2 (now) |
|---|---|
| BLOCKER | CRITICAL |
| CRITICAL | HIGH |
| MAJOR | MEDIUM |
| MINOR | LOW |
| INFO | INFO |
| BLOCKER | Critical |
| CRITICAL | High |
| MAJOR | Medium |
| MINOR | Low |
| INFO | Info |

Please update your custom rules and CLI args to reflect these changes.

Expand Down
2 changes: 1 addition & 1 deletion tests/configs/inline_rule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ include:
group: test
description: This rule is defined directly in the config file
message: Inline Rule
severity: INFO
severity: Info
key:
regex: inline
ignorecase: False
2 changes: 1 addition & 1 deletion tests/integration/test_whispers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
(f"-c {config_path('integration.yml')} {fixture_path()}", 5),
(f"-r apikey-known {fixture_path('apikeys-known.yml')}", 56),
(f"--rules file-known {fixture_path('files')}", 3),
(f"-s CRITICAL {fixture_path('aws.yml')}", 3),
(f"-s Critical {fixture_path('aws.yml')}", 3),
],
)
def test_whispers(args, expected):
Expand Down
8 changes: 4 additions & 4 deletions tests/rules/multiple.yml
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
- id: dup1
description: This rule is ok
message: Valid
severity: INFO
severity: Info

- id: dup2
description: This rule is duplicated
message: Rule ID already exists
severity: HIGH
severity: High

- id: dup3
description: This rule is ok
message: Valid
severity: INFO
severity: Info

- id: dup4
description: This rule is duplicated
message: Rule ID already exists
severity: HIGH
severity: High
2 changes: 1 addition & 1 deletion tests/rules/valid.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
group: test
description: Valid rule config
message: Valid
severity: INFO
severity: Info
value:
regex: ^test$
ignorecase: False
2 changes: 1 addition & 1 deletion tests/unit/conftest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ def does_not_raise():

@pytest.fixture
def rule_fixture():
return Rule({"id": "fixture", "group": "tests", "message": "test", "severity": "INFO", "key": {}, "value": {}})
return Rule({"id": "fixture", "group": "tests", "message": "test", "severity": "Info", "key": {}, "value": {}})


def fixture_path(filename: str = "") -> str:
Expand Down
2 changes: 1 addition & 1 deletion tests/unit/core/test_args.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ def test_show_info():
with patch("sys.stdout", mock_print):
show_info()
result = mock_print.getvalue()
expected = ["keys", "apikey-known", "HIGH"]
expected = ["keys", "apikey-known", "High"]
for item in expected:
assert item in result

Expand Down
2 changes: 1 addition & 1 deletion tests/unit/core/test_rules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def test_load_rules_groups():


def test_load_rules_severity():
args = parse_args(["-s", "CRITICAL,HIGH,LOW", "-S", "LOW", "tests/fixtures"])
args = parse_args(["-s", "Critical,High,Low", "-S", "Low", "tests/fixtures"])
config = load_config(args)
rules = load_rules(args, config)
assert len(rules) == 11
132 changes: 66 additions & 66 deletions tests/unit/core/test_secrets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ def test_filter_rule_lineno(rule_fixture):
],
)
def test_detect_secrets_by_key(src, expected):
args = parse_args(["-S", "LOW", fixture_path(src)])
args = parse_args(["-S", "Low", fixture_path(src)])
config = load_config(args)
rules = load_rules(args, config)
pairs = make_pairs(config, FIXTURE_PATH.joinpath(src))
Expand All @@ -46,88 +46,88 @@ def test_detect_secrets_by_key(src, expected):
@pytest.mark.parametrize(
("src", "severity", "expected"),
[
(".aws/credentials", "CRITICAL", 3),
(".dockercfg", "HIGH", 1),
(".htpasswd", "MEDIUM", 2),
(".npmrc", "HIGH", 5),
(".pypirc", "HIGH", 1),
("apikeys-known.yml", "HIGH", 56),
("apikeys.json", "MEDIUM", 9),
("apikeys.xml", "MEDIUM", 9),
("apikeys.yml", "MEDIUM", 9),
("apikeys.json", "LOW", 1),
("apikeys.xml", "LOW", 2),
("apikeys.yml", "LOW", 1),
("arn.yml", "LOW", 4),
("arn.xml", "LOW", 3),
("aws.yml", "CRITICAL", 3),
("aws.json", "CRITICAL", 3),
("aws.xml", "CRITICAL", 3),
("beans.xml", "HIGH", 1),
("beans.xml.dist", "HIGH", 1),
("beans.xml.template", "HIGH", 1),
("build.gradle", "HIGH", 2),
("cloudformation.json", "HIGH", 1),
(".aws/credentials", "Critical", 3),
(".dockercfg", "High", 1),
(".htpasswd", "Medium", 2),
(".npmrc", "High", 5),
(".pypirc", "High", 1),
("apikeys-known.yml", "High", 56),
("apikeys.json", "Medium", 9),
("apikeys.xml", "Medium", 9),
("apikeys.yml", "Medium", 9),
("apikeys.json", "Low", 1),
("apikeys.xml", "Low", 2),
("apikeys.yml", "Low", 1),
("arn.yml", "Low", 4),
("arn.xml", "Low", 3),
("aws.yml", "Critical", 3),
("aws.json", "Critical", 3),
("aws.xml", "Critical", 3),
("beans.xml", "High", 1),
("beans.xml.dist", "High", 1),
("beans.xml.template", "High", 1),
("build.gradle", "High", 2),
("cloudformation.json", "High", 1),
("cloudformation.json.template", DEFAULT_SEVERITY, 0),
("cloudformation.yml", "HIGH", 1),
# ("connection.config", "HIGH", 1),
("cors.py", "LOW", 1),
("creditcards.yml", "LOW", 3),
("cloudformation.yml", "High", 1),
# ("connection.config", "High", 1),
("cors.py", "Low", 1),
("creditcards.yml", "Low", 3),
("custom.json", DEFAULT_SEVERITY, 0),
("custom.xml", DEFAULT_SEVERITY, 0),
("custom.yml", DEFAULT_SEVERITY, 0),
("Dockerfile", "MEDIUM", 3),
("empty.dockercfg", "CRITICAL,HIGH,MEDIUM,INFO", 0),
("excluded.json", "CRITICAL", 0),
("excluded.xml", "CRITICAL", 0),
("excluded.yml", "CRITICAL", 0),
("Dockerfile", "Medium", 3),
("empty.dockercfg", "Critical,High,Medium,Info", 0),
("excluded.json", "Critical", 0),
("excluded.xml", "Critical", 0),
("excluded.yml", "Critical", 0),
("falsepositive.yml", DEFAULT_SEVERITY, 4),
("Groups.xml", "HIGH", 2),
("hardcoded.json", "HIGH", 5),
("hardcoded.xml", "HIGH", 5),
("hardcoded.yml", "HIGH", 5),
("integration.conf", "HIGH", 5),
("integration.json", "HIGH", 5),
("integration.xml", "HIGH", 5),
("integration.yml", "HIGH", 5),
("Groups.xml", "High", 2),
("hardcoded.json", "High", 5),
("hardcoded.xml", "High", 5),
("hardcoded.yml", "High", 5),
("integration.conf", "High", 5),
("integration.json", "High", 5),
("integration.xml", "High", 5),
("integration.yml", "High", 5),
("invalid.yml", DEFAULT_SEVERITY, 0),
("invalid.json", DEFAULT_SEVERITY, 0),
("invalid.ini", "CRITICAL,HIGH,MEDIUM,INFO", 0),
("invalid.ini", "Critical,High,Medium,Info", 0),
("invalid.py", DEFAULT_SEVERITY, 0),
("invalid.sh", DEFAULT_SEVERITY, 0),
("java.properties", "HIGH,MEDIUM", 3),
("jdbc.xml", "HIGH", 3),
("jenkins.xml", "HIGH,MEDIUM", 2),
("language.html", "INFO", 3),
("language.py", "HIGH", 11),
("java.properties", "High,Medium", 3),
("jdbc.xml", "High", 3),
("jenkins.xml", "High,Medium", 2),
("language.html", "Info", 3),
("language.py", "High", 11),
("language.py2", DEFAULT_SEVERITY, 0),
("language.sh", "HIGH,MEDIUM", 15),
("language.sh", "High,Medium", 15),
("nginx.conf", DEFAULT_SEVERITY, 4),
("passwords.json", "HIGH", 5),
("passwords.xml", "HIGH", 5),
("passwords.yml", "HIGH", 5),
("passwords.json", "High", 5),
("passwords.xml", "High", 5),
("passwords.yml", "High", 5),
("paths.yml", DEFAULT_SEVERITY, 0),
("pip.conf", "HIGH", 2),
("pip.conf", "High", 2),
("placeholders.json", DEFAULT_SEVERITY, 0),
("placeholders.xml", DEFAULT_SEVERITY, 0),
("placeholders.yml", DEFAULT_SEVERITY, 0),
("plaintext.txt", "HIGH", 2),
("private-pgp-block.txt", "HIGH", 1),
("privatekey.pem", "HIGH", 1),
("privatekeys.json", "HIGH", 6),
("privatekeys.xml", "HIGH", 6),
("privatekeys.yml", "HIGH", 6),
("plaintext.txt", "High", 2),
("private-pgp-block.txt", "High", 1),
("privatekey.pem", "High", 1),
("privatekeys.json", "High", 6),
("privatekeys.xml", "High", 6),
("privatekeys.yml", "High", 6),
("putty.ppk", DEFAULT_SEVERITY, 1),
("ruleslist.yml", "HIGH", 3),
("settings.cfg", "HIGH", 1),
("settings.conf", "HIGH", 1),
("settings.env", "HIGH", 1),
("settings01.ini", "HIGH", 1),
("settings02.ini", "HIGH", 1),
("severity.yml", "CRITICAL", 1),
("ruleslist.yml", "High", 3),
("settings.cfg", "High", 1),
("settings.conf", "High", 1),
("settings.env", "High", 1),
("settings01.ini", "High", 1),
("settings02.ini", "High", 1),
("severity.yml", "Critical", 1),
("sops.yml", DEFAULT_SEVERITY, 1),
("uri.yml", "HIGH", 3),
("webhooks.yml", "LOW", 6),
("uri.yml", "High", 3),
("webhooks.yml", "Low", 6),
],
)
def test_detect_secrets_by_value(src, severity, expected):
Expand Down
2 changes: 1 addition & 1 deletion tests/unit/models/test_appconfig.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def test_appconfig():
@pytest.mark.parametrize(
("config", "expected"),
[
({"include": {"severity": ["CRITICAL"]}, "exclude": {}}, ["CRITICAL"]),
({"include": {"severity": ["Critical"]}, "exclude": {}}, ["Critical"]),
({"include": {}, "exclude": {}}, DEFAULT_SEVERITY),
],
)
Expand Down
Loading

0 comments on commit f46052d

Please sign in to comment.