Merge branch 'master' of https://github.com/Checkmarx/kics into AST-5…

…0621
Checkmarx · Sep 20, 2024 · 1321068 · 1321068
2 parents 417492d + 21234ad
commit 1321068
Show file tree

Hide file tree

Showing 3,617 changed files with 6,226 additions and 3,042 deletions.
diff --git a/.github/scripts/docs-generator/query-page-generator/query-page-generator.py b/.github/scripts/docs-generator/query-page-generator/query-page-generator.py
@@ -181,12 +181,20 @@ def generate_md_docs(queries_database : str, output_path : str, template_file_pa
         doc_template = f.read()
 
     for key, query_data in queries_database.items():
+        cwe = query_data.get('cwe', '')
+        if cwe == '':
+            cwe = 'Ongoing'
+        else:
+            cwe_url = f'https://cwe.mitre.org/data/definitions/{cwe}.html'
+            cwe = f'<a href="{cwe_url}" onclick="newWindowOpenerSafe(event, \'{cwe_url}\')">{cwe}</a>'
+
         query_doc = doc_template
         query_doc = doc_template.replace('<QUERY_ID>', key).replace(
             '<QUERY_NAME>', query_data.get('queryName')).replace(
             '<PLATFORM>', query_data.get('platform')).replace(
             '<SEVERITY>', format_severity(query_data.get('severity'))).replace(
             '<CATEGORY>', query_data.get('category')).replace(
+            '<CWE>', cwe).replace(
             '<GITHUB_URL>', query_data.get('githubUrl')).replace(
             '<DESCRIPTION_TEXT>', query_data.get('descriptionText')).replace(
             '<DESCRIPTION_URL>', query_data.get('descriptionUrl')).replace(

diff --git a/...ub/scripts/docs-generator/query-page-generator/templates/query-page-template.md b/...ub/scripts/docs-generator/query-page-generator/templates/query-page-template.md
@@ -20,6 +20,7 @@ hide:
 -   **Platform:** <PLATFORM>
 -   **Severity:** <SEVERITY>
 -   **Category:** <CATEGORY>
+-   **CWE:** <CWE>
 -   **URL:** [Github](<GITHUB_URL>)
 
 ### Description

diff --git a/.github/scripts/queries-validator/metadata-schema.json b/.github/scripts/queries-validator/metadata-schema.json
@@ -7,6 +7,16 @@
             "minLength": 1,
             "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-4{1}[a-f0-9]{3}-[89ab]{1}[a-f0-9]{3}-[a-f0-9]{12}$"
         },
+        "description_text_pattern": {
+            "type": "string",
+            "minLength": 1,
+            "pattern": "^.{1,500}$"
+        },
+        "query_name_pattern": {
+            "type": "string",
+            "minLength": 1,
+            "pattern": "^[a-zA-Z][a-zA-Z0-9_ \\-\"',:$.()]{0,119}$"
+        },
         "description_id_pattern": {
             "type": "string",
             "minLength": 1,
@@ -29,8 +39,9 @@
             "$ref": "#/definitions/query_id_pattern"
         },
         "queryName": {
+            "$ref": "#/definitions/query_name_pattern",
             "type": "string",
-            "minLength": 8,
+            "minLength": 1,
             "maxLength": 120
         },
         "severity": {
@@ -75,8 +86,9 @@
             ]
         },
         "descriptionText": {
+            "$ref": "#/definitions/description_text_pattern",
             "type": "string",
-            "minLength": 16,
+            "minLength": 1,
             "maxLength" : 500
         },
         "descriptionUrl": {

diff --git a/.github/scripts/report/go.mod b/.github/scripts/report/go.mod
@@ -1,6 +1,6 @@
 module github.com/Checkmarx/e2e-report
 
-go 1.21
+go 1.23.1
 
 require (
 	github.com/rs/zerolog v1.31.0

diff --git a/.github/scripts/server-mock/package-lock.json b/.github/scripts/server-mock/package-lock.json
diff --git a/.github/workflows/cxone.yaml b/.github/workflows/cxone.yaml
diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml
@@ -7,7 +7,7 @@ on:
 jobs:
   lint:
     name: lint
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Set up Go
@@ -16,9 +16,9 @@ jobs:
           go-version-file: go.mod
           cache: false
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
         with:
-          version: v1.57.2
+          version: v1.61.0
           args: -c .golangci.yml --timeout 20m
   go-generate:
     name: go-generate
@@ -39,7 +39,7 @@ jobs:
     name: unit-tests
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -99,10 +99,13 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
+        uses: securego/gosec@6fbd381238e97e1d1f3358f0d6d65de78dcf9245 # v2.20.0
         with:
           args: "-no-fail -fmt sarif -out results.sarif ./..."
+      - name: Show results
+        run: |
+          cat results.sarif
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml
@@ -10,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:

diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml
@@ -10,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
         kics-docker: ["Dockerfile", "docker/Dockerfile.ubi8"]
     runs-on: ${{ matrix.os }}