forked from Checkmarx/kics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request Checkmarx#7057 from Checkmarx/AST-40742
fix(query): implicit flow in oauth2 queries duplicated
- Loading branch information
Showing
14 changed files
with
73 additions
and
340 deletions.
There are no files selected for viewing
11 changes: 0 additions & 11 deletions
11
assets/queries/openAPI/3.0/implicit_flow_oauth2/metadata.json
This file was deleted.
Oops, something went wrong.
21 changes: 0 additions & 21 deletions
21
assets/queries/openAPI/3.0/implicit_flow_oauth2/query.rego
This file was deleted.
Oops, something went wrong.
61 changes: 0 additions & 61 deletions
61
assets/queries/openAPI/3.0/implicit_flow_oauth2/test/negative1.json
This file was deleted.
Oops, something went wrong.
36 changes: 0 additions & 36 deletions
36
assets/queries/openAPI/3.0/implicit_flow_oauth2/test/negative2.yaml
This file was deleted.
Oops, something went wrong.
40 changes: 0 additions & 40 deletions
40
assets/queries/openAPI/3.0/implicit_flow_oauth2/test/positive1.json
This file was deleted.
Oops, something went wrong.
48 changes: 0 additions & 48 deletions
48
assets/queries/openAPI/3.0/implicit_flow_oauth2/test/positive2.json
This file was deleted.
Oops, something went wrong.
54 changes: 0 additions & 54 deletions
54
assets/queries/openAPI/3.0/implicit_flow_oauth2/test/positive3.json
This file was deleted.
Oops, something went wrong.
25 changes: 0 additions & 25 deletions
25
assets/queries/openAPI/3.0/implicit_flow_oauth2/test/positive4.yaml
This file was deleted.
Oops, something went wrong.
38 changes: 0 additions & 38 deletions
38
assets/queries/openAPI/3.0/implicit_flow_oauth2/test/positive_expected_result.json
This file was deleted.
Oops, something went wrong.
12 changes: 6 additions & 6 deletions
12
assets/queries/openAPI/3.0/oauth2_with_implicit_flow/query.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,21 @@ | ||
package Cx | ||
|
||
import data.generic.openapi as openapi_lib | ||
import data.generic.common as common_lib | ||
|
||
CxPolicy[result] { | ||
doc := input.document[i] | ||
openapi_lib.check_openapi(doc) == "3.0" | ||
|
||
security_scheme := doc.components.securitySchemes[name] | ||
security_scheme := doc.components.securitySchemes[key] | ||
security_scheme.type == "oauth2" | ||
flow := security_scheme.flows[flow_object] | ||
flow_object == "implicit" | ||
common_lib.valid_key(security_scheme.flows, "implicit") | ||
|
||
result := { | ||
"documentId": doc.id, | ||
"searchKey": sprintf("components.securitySchemes.{{%s}}.flows.implicit", [name]), | ||
"searchKey": sprintf("components.securitySchemes.{{%s}}.flows.implicit", [key]), | ||
"issueType": "IncorrectValue", | ||
"keyExpectedValue": sprintf("components.securitySchemes.{{%s}}.flows do not contain an 'implicit' flow", [name]), | ||
"keyActualValue": sprintf("components.securitySchemes.{{%s}}.flows contain an 'implicit' flow", [name]), | ||
"keyExpectedValue": sprintf("components.securitySchemes.{{%s}}.flows should not use 'implicit' flow", [key]), | ||
"keyActualValue": sprintf("components.securitySchemes.{{%s}}.flows is using 'implicit' flow", [key]), | ||
} | ||
} |
Oops, something went wrong.