🐛 fix semgrep severity logic #11218 (#11219)

* 🐛 fix semgrep severity logic #11218

* ruff

* udpate according to comment

* fix unittest

Author: manuel-sommer

dojo/tools/semgrep/parser.py

@@ -137,15 +137,8 @@ def convert_severity(self, val):
             return "Medium"
         if upper_value in ["ERROR", "HIGH"]:
             return "High"
-        if upper_value == "LOW":
+        if upper_value in ["LOW", "INFO"]:
             return "Low"
-        if upper_value == "INFO":
-            if "WARNING" == val.upper():
-                return "Medium"
-            if "ERROR" == val.upper() or "HIGH" == val.upper():
-                return "High"
-            if "INFO" == val.upper():
-                return "Info"
         msg = f"Unknown value for severity: {val}"
         raise ValueError(msg)
 

unittests/tools/test_semgrep_parser.py

@@ -39,7 +39,7 @@ def test_parse_many_finding(self):
             self.assertEqual('javax crypto Cipher.getInstance("AES/GCM/NoPadding");', finding.mitigation)
             self.assertEqual("java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle", finding.vuln_id_from_tool)
             finding = findings[2]
-            self.assertEqual("Info", finding.severity)
+            self.assertEqual("Low", finding.severity)
             self.assertEqual("src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01150.java", finding.file_path)
             self.assertEqual(66, finding.line)
             self.assertEqual(696, finding.cwe)
@@ -96,7 +96,7 @@ def test_parse_cwe_list(self):
             findings = parser.get_findings(testfile, Test())
             self.assertEqual(1, len(findings))
             finding = findings[0]
-            self.assertEqual("Info", finding.severity)
+            self.assertEqual("Low", finding.severity)
             self.assertEqual("index.js", finding.file_path)
             self.assertEqual(12, finding.line)
             self.assertEqual(352, finding.cwe)