🐛 fix Noseyparker description

[manuel-sommer]

Rule Text ID does not contain the cleartext credentialset in v 0.22.0

[dryrunsecurity]

DryRun Security Summary

The code changes in the NoseyParkerParser class enhance the tool's reporting capabilities by using more descriptive rule identifiers and improving the handling of scan results both with and without Git history information.

Expand for full summary

Summary:

The provided code change is related to the NoseyParkerParser class, which is responsible for processing the Nosey Parker scan results in the JSON Lines format. The key changes include:

1. Updating the description field in the Finding object to use the more descriptive rule_text_id instead of the first three characters of the secret or rule_text_id. This change provides more detailed information about the type of secret found, which can help security analysts better understand the nature of the discovered secrets and take appropriate remediation actions.

2. Refining the logic for handling the case where the scan was performed with and without Git history. When Git history is available, the title and filepath are derived from the first_commit information. When Git history is not available, the title is more generic, and the filepath is taken from the path field. This ensures that the tool can provide meaningful information in both scenarios, which is important for security teams to have a comprehensive understanding of potential secret leaks in the codebase.

Overall, the changes in this pull request appear to enhance the security capabilities of the Nosey Parker tool and improve the quality of the reported findings, which is a positive contribution from an application security perspective.

Files Changed:

• dojo/tools/noseyparker/parser.py: The changes in this file are related to the version_0_22_0 function in the NoseyParkerParser class, which is responsible for processing the Nosey Parker scan results in the JSON Lines format. The key changes include updating the description field in the Finding object to use the more descriptive rule_text_id and refining the logic for handling scans with and without Git history.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[dryrunsecurity]

DryRun Security Summary

The code changes in the NoseyParkerParser class enhance the tool's reporting capabilities by using more descriptive rule identifiers and improving the handling of scan results both with and without Git history information.

Expand for full summary

Summary:

The provided code change is related to the NoseyParkerParser class, which is responsible for processing the Nosey Parker scan results in the JSON Lines format. The key changes include:

1. Updating the description field in the Finding object to use the more descriptive rule_text_id instead of the first three characters of the secret or rule_text_id. This change provides more detailed information about the type of secret found, which can help security analysts better understand the nature of the discovered secrets and take appropriate remediation actions.

2. Refining the logic for handling the case where the scan was performed with and without Git history. When Git history is available, the title and filepath are derived from the first_commit information. When Git history is not available, the title is more generic, and the filepath is taken from the path field. This ensures that the tool can provide meaningful information in both scenarios, which is important for security teams to have a comprehensive understanding of potential secret leaks in the codebase.

Overall, the changes in this pull request appear to enhance the security capabilities of the Nosey Parker tool and improve the quality of the reported findings, which is a positive contribution from an application security perspective.

Files Changed:

• dojo/tools/noseyparker/parser.py: The changes in this file are related to the version_0_22_0 function in the NoseyParkerParser class, which is responsible for processing the Nosey Parker scan results in the JSON Lines format. The key changes include updating the description field in the Finding object to use the more descriptive rule_text_id and refining the logic for handling scans with and without Git history.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved