Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Adds owasp rules to vacuum #285

Merged
merged 198 commits into from
Jul 6, 2023
Merged

feat: Adds owasp rules to vacuum #285

merged 198 commits into from
Jul 6, 2023

Conversation

Ricagraca
Copy link
Contributor

@Ricagraca Ricagraca commented Jun 1, 2023
edited
Loading

This PR serves to extend vacuum with the OWASP rules that already exist for spectral:

https://github.com/stoplightio/spectral-owasp-ruleset/blob/main/src/ruleset.ts

and use the tests that they provide to guarantee quality

https://github.com/stoplightio/spectral-owasp-ruleset/blob/main/__tests__/

@Ricagraca Ricagraca mentioned this pull request Jun 1, 2023
Closed
@Ricagraca Ricagraca changed the title feat: <wip> Adding owasp rules to vacuum feat: <wip> Adds owasp rules to vacuum Jun 2, 2023
daveshanley
daveshanley reviewed Jun 4, 2023
View reviewed changes
Copy link
Owner

@daveshanley daveshanley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So far, this all looks fine to me!

Do those JSON Path expressions work?

@daveshanley daveshanley added the release/patch Patch / non-breaking release label Jun 4, 2023
rica-graca and others added 27 commits July 5, 2023 17:45
@rica-graca
Adds tests and removes TODOS
1c94211
@rica-graca
Add unused field
b35d053
@daveshanley @rica-graca
Updated license and install script to retry on failure
53909fe 
Thanks to @markdespain for the tip

Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Updated pattern function rendering to be more useful daveshanley#276
aa4c616 
Pattern output is now clear when using paths, before it was not accurate.

Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Fixed dashboard bug with empty vilolations scrolling daveshanley#292
74a8495 
No more panic when hitting up/down within emoty lists.

Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Period in path templates now supported daveshanley#282
d1c8cf1 
Added a test to validate.

Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Ran go fmt across all files to reset whitespace.
95967ad 
Lots of commits, and work from contributors, and me changing machines and Goland having random fun.. it’s time to clean house again.

Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Allow for indexing post resolving daveshanley#294
ceaef8f 
Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Fixed a small path issue
27a92a6 
Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Updated dependencies to latest.
1e1dcb4 
Signed-off-by: Dave Shanley <[email protected]>
@daveshanley @rica-graca
Schema was not being constructed properly daveshanley#281
f3bbf2b 
When vacuum was reading in the function options for a rule, it was not constructing the schema from the options correctlty. This bug may exist in other functions, but it’s been fixed here.

Signed-off-by: Dave Shanley <[email protected]>
@rica-graca
Adds owasp rule to extends
2c40121
@rica-graca
Adds test case
16d532c
@rica-graca
Small fixes
6a4900d
@rica-graca
Fix last small issues
548949a
@rica-graca
fixed comment
e7729da
@rica-graca
Fixes name of function
aa9d0f9
@rica-graca
Generalizes owaspRateLimitDefinition to account for any header set as…
0c6cfd9 
… an option
@rica-graca
Fixes test names
1552883
@rica-graca
Adds owasp to vacuum namespace
9440851
@rica-graca
Adds an how to fix for each of the owasp rules and also fixes the fal…
9c81d59 
…sy function whenever the node has content (it not empty)
@rica-graca
Adds a comment to each function that uses the if/then/else to know th…
97054b0 
…at duplicate errors will appear
@rica-graca
Extends falsy test to evaluate a non empty object to an error if found
22dda2d
@FedeBev @rica-graca
use RuleSetExecution.Document in ApplyRulesToRuleSet
aad430a
@FedeBev @rica-graca
use RuleSetExecution.Document in ApplyRulesToRuleSet
9605b26
@rica-graca
Fixes conflicts
e2cebcd
@rica-graca
Fixes some issues
66cb47e
@daveshanley daveshanley merged commit 92d48f4 into daveshanley:main Jul 6, 2023
@daveshanley daveshanley mentioned this pull request Jul 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daveshanley daveshanley daveshanley approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Ricagraca @daveshanley @olivercalder @AdrianMachado @rica-graca @FedeBev