CWE mappings for findings (#43)

* update finding types to refer to CWE id * fix the broken tests
praetorian-inc · Sep 15, 2021 · 4b43e9f · 4b43e9f
1 parent 0dbd84d
commit 4b43e9f
Show file tree

Hide file tree

Showing 10 changed files with 12 additions and 12 deletions.
diff --git a/analyzers/cmdi.go b/analyzers/cmdi.go
@@ -75,7 +75,7 @@ func cmdInjectionRun(pass *analysis.Pass) (interface{}, error) {
 						message := "Danger: possible command injection detected"
 						targetFunc := util.GenerateTaintedCode(pass, vulnFunc.Fn, vulnFunc.Instr.Pos())
 						taintSource := taintAnalyzer.TaintSource
-						finding := util.MakeFinding(message, targetFunc, taintSource, "Command Injection")
+						finding := util.MakeFinding(message, targetFunc, taintSource, "CWE-78: OS Command Injection")
 						results = append(results, finding)
 					}
 				}

diff --git a/analyzers/cmdi_test.go b/analyzers/cmdi_test.go
@@ -39,7 +39,7 @@ func TestCommandInjection(t *testing.T) {
 	}
 	for i := 0; i < len(testFiles); i++ {
 		t.Run(testFiles[i], func(t *testing.T) {
-			testutil.RunTest(testFiles[i], testResults[i], "Command Injection", CommandInjectionAnalyzer, t)
+			testutil.RunTest(testFiles[i], testResults[i], "CWE-78: OS Command Injection", CommandInjectionAnalyzer, t)
 		})
 	}
 }
diff --git a/analyzers/rsa.go b/analyzers/rsa.go
@@ -173,9 +173,9 @@ func rsaRun(pass *analysis.Pass) (interface{}, error) {
 
 				// Check if argument of vulnerable function has keylen that is less than RECOMMENDED_KEYLEN
 				if keylen_check(pass, vulnFunc.Instr.Call.Args[1], call_graph) {
-					message := fmt.Sprintf("Danger: key length is too short, recommend %d", RECOMMENDED_KEYLEN)
+					message := fmt.Sprintf("Danger: RSA key length is too short, recommend %d", RECOMMENDED_KEYLEN)
 					targetFunc := util.GenerateTaintedCode(pass, vulnFunc.Fn, vulnFunc.Instr.Pos())
-					results = append(results, util.MakeFinding(message, targetFunc, nil, "RSA Key Length"))
+					results = append(results, util.MakeFinding(message, targetFunc, nil, "CWE-326: Inadequate Encryption Strength"))
 				}
 			}
 		}

diff --git a/analyzers/rsa_test.go b/analyzers/rsa_test.go
@@ -51,7 +51,7 @@ func TestRsaKeylen(t *testing.T) {
 	}
 	for i := 0; i < len(testFiles); i++ {
 		t.Run(testFiles[i], func(t *testing.T) {
-			testutil.RunTest(testFiles[i], testResults[i], "RSA Key Length", RsaKeylenAnalyzer, t)
+			testutil.RunTest(testFiles[i], testResults[i], "CWE-326: Inadequate Encryption Strength", RsaKeylenAnalyzer, t)
 		})
 	}
 }
diff --git a/analyzers/sqli.go b/analyzers/sqli.go
@@ -80,7 +80,7 @@ func sqlRun(pass *analysis.Pass) (interface{}, error) {
 					message := "Danger: possible SQL injection detected"
 					targetFunc := util.GenerateTaintedCode(pass, vulnFunc.Fn, vulnFunc.Instr.Pos())
 					taintSource := taint_analyzer.TaintSource
-					results = append(results, util.MakeFinding(message, targetFunc, taintSource, "SQL Injection"))
+					results = append(results, util.MakeFinding(message, targetFunc, taintSource, "CWE-89: SQL Injection"))
 				}
 			}
 		}

diff --git a/analyzers/sqli_test.go b/analyzers/sqli_test.go
@@ -39,7 +39,7 @@ func TestSQLInjection(t *testing.T) {
 	}
 	for i := 0; i < len(testFiles); i++ {
 		t.Run(testFiles[i], func(t *testing.T) {
-			testutil.RunTest(testFiles[i], testResults[i], "SQL Injection", SQLInjectionAnalyzer, t)
+			testutil.RunTest(testFiles[i], testResults[i], "CWE-89: SQL Injection", SQLInjectionAnalyzer, t)
 		})
 	}
 }
diff --git a/analyzers/ssrf.go b/analyzers/ssrf.go
@@ -158,7 +158,7 @@ func ssrfRun(pass *analysis.Pass) (interface{}, error) {
 								message := "Danger: possible SSRF detected"
 								targetFunc := util.GenerateTaintedCode(pass, vulnFunc.Fn, vulnFunc.Instr.Pos())
 								taintSource := taintAnalyzer.TaintSource
-								results = append(results, util.MakeFinding(message, targetFunc, taintSource, "SSRF"))
+								results = append(results, util.MakeFinding(message, targetFunc, taintSource, "CWE-918: Server-Side Request Forgery"))
 
 							}
 						}
@@ -169,7 +169,7 @@ func ssrfRun(pass *analysis.Pass) (interface{}, error) {
 							message := "Danger: possible SSRF detected"
 							targetFunc := util.GenerateTaintedCode(pass, vulnFunc.Fn, vulnFunc.Instr.Pos())
 							taintSource := taintAnalyzer.TaintSource
-							results = append(results, util.MakeFinding(message, targetFunc, taintSource, "SSRF"))
+							results = append(results, util.MakeFinding(message, targetFunc, taintSource, "CWE-918: Server-Side Request Forgery"))
 
 						}
 					}

diff --git a/analyzers/ssrf_test.go b/analyzers/ssrf_test.go
@@ -47,7 +47,7 @@ func TestSSRF(t *testing.T) {
 	}
 	for i := 0; i < len(testFiles); i++ {
 		t.Run(testFiles[i], func(t *testing.T) {
-			testutil.RunTest(testFiles[i], testResults[i], "SSRF", SSRFAnalyzer, t)
+			testutil.RunTest(testFiles[i], testResults[i], "CWE-918: Server-Side Request Forgery", SSRFAnalyzer, t)
 		})
 	}
 }
diff --git a/analyzers/traversal.go b/analyzers/traversal.go
@@ -75,7 +75,7 @@ func traversalRun(pass *analysis.Pass) (interface{}, error) {
 
 					targetFunc := util.GenerateTaintedCode(pass, vulnFunc.Fn, vulnFunc.Instr.Pos())
 					taintSource := taintAnalyzer.TaintSource
-					results = append(results, util.MakeFinding(message, targetFunc, taintSource, "Path Traversal"))
+					results = append(results, util.MakeFinding(message, targetFunc, taintSource, "CWE-22: Path Traversal"))
 
 				}
 			}

diff --git a/analyzers/traversal_test.go b/analyzers/traversal_test.go
@@ -51,7 +51,7 @@ func TestPathTraversal(t *testing.T) {
 	}
 	for i := 0; i < len(testFiles); i++ {
 		t.Run(testFiles[i], func(t *testing.T) {
-			testutil.RunTest(testFiles[i], testResults[i], "Path Traversal", PathTraversalAnalyzer, t)
+			testutil.RunTest(testFiles[i], testResults[i], "CWE-22: Path Traversal", PathTraversalAnalyzer, t)
 		})
 	}
 }