add risk score to query-page-generator, template and extract info (#7766)

Author: cx-artur-ribeiro

.github/scripts/docs-generator/query-page-generator/query-page-generator.py

@@ -153,12 +153,20 @@ def format_positive_tests(positive_tests : dict) -> str:
 
     return result if result != '' else 'Tests Not Fround'
 
+# Utility for generate ".md" documentation - gets color for a severity level
+def get_severity_color(severity : str) -> str:
+    colors = {'Critical': '#ff0000', 'High': '#bb2124', 'Medium': '#ff7213', 'Low': '#edd57e', 'Info': '#5bc0de', 'Trace': '#CCCCCC'}
+    return colors.get(severity.capitalize())
+
 # Utility for generate ".md" documentation
 def format_severity(severity : str) -> str:
-    colors = {'Critical': '#ff0000', 'High': '#bb2124', 'Medium': '#ff7213', 'Low': '#edd57e', 'Info': '#5bc0de', 'Trace': '#CCCCCC'}
-    severity = severity.capitalize()
-    color = colors.get(severity)
-    return f'<span style="color:{color}">{severity}</span>'
+    color = get_severity_color(severity)
+    return f'<span style="color:{color}">{severity.capitalize()}</span>'
+
+# Utility for generate ".md" documentation - formats risk score with color based on severity
+def format_risk_score(risk_score : str, severity : str) -> str:
+    color = get_severity_color(severity)
+    return f'<span style="color:{color}">{risk_score}</span>'
 
 # Generates a ".md" file for each query
 def generate_md_docs(queries_database : str, output_path : str, template_file_path = 'template.md', delete_folders : bool = False):
@@ -198,6 +206,7 @@ def generate_md_docs(queries_database : str, output_path : str, template_file_pa
             '<SEVERITY>', format_severity(query_data.get('severity'))).replace(
             '<CATEGORY>', query_data.get('category')).replace(
             '<CWE>', cwe).replace(
+            '<RISKSCORE>', format_risk_score(query_data.get('riskScore'), query_data.get('severity'))).replace(
             '<GITHUB_URL>', query_data.get('githubUrl')).replace(
             '<DESCRIPTION_TEXT>', query_data.get('descriptionText')).replace(
             '<DESCRIPTION_URL>', query_data.get('descriptionUrl')).replace(

.github/scripts/docs-generator/query-page-generator/templates/query-page-template.md

@@ -21,6 +21,7 @@ hide:
 -   **Severity:** <SEVERITY>
 -   **Category:** <CATEGORY>
 -   **CWE:** <CWE>
+-   **Risk score:** <RISKSCORE>
 -   **URL:** [Github](<GITHUB_URL>)
 
 ### Description
@@ -32,4 +33,4 @@ hide:
 <POSITIVE_TESTS>
 
 #### Code samples without security vulnerabilities
-<NEGATIVE_TESTS>
+<NEGATIVE_TESTS>

.github/scripts/extract-kics-info/extract-info.py

@@ -15,6 +15,8 @@ class Query:
     descriptionID: str
     aggregation: int
     cloudProviderId: int
+    cwe: str
+    riskScore: str
 
     def __init__(self, queryData):
         self.id = queryData['id']
@@ -25,6 +27,8 @@ def __init__(self, queryData):
         self.descriptionUrl = queryData['descriptionUrl']
         self.platformId = platforms.getPlatformId(queryData['platform'])
         self.descriptionID = queryData['descriptionID']
+        self.riskScore = queryData['riskScore']
+        self.cwe =  queryData['cwe']
         if queryData.__contains__('cloudProvider'):
             self.cloudProviderId = cloudProviders.getCloudProviderId(
                 queryData['cloudProvider'])