Semgrep Parser: Add new severities (#10936)

Author: Maffooch

dojo/tools/semgrep/parser.py

@@ -130,13 +130,16 @@ def get_findings(self, filename, test):
         return list(dupes.values())
 
     def convert_severity(self, val):
-        if "CRITICAL" == val.upper():
+        upper_value = val.upper()
+        if upper_value == "CRITICAL":
             return "Critical"
-        elif "WARNING" == val.upper():
+        elif upper_value in ["WARNING", "MEDIUM"]:
             return "Medium"
-        elif "ERROR" == val.upper() or "HIGH" == val.upper():
+        elif upper_value in ["ERROR", "HIGH"]:
             return "High"
-        elif "INFO" == val.upper():
+        elif upper_value == "LOW":
+            return "Low"
+        elif upper_value == "INFO":
             return "Info"
         else:
             msg = f"Unknown value for severity: {val}"

unittests/scans/semgrep/high-medium-low-severities.json

@@ -0,0 +1,95 @@
+    {
+    "errors": [],
+    "interfile_languages_used": [],
+    "paths": {
+        "scanned": []
+    },
+    "results": [
+        {
+            "check_id": "rules.sast.dev.generic.internal.detect-cdn-usage-react-express",
+            "end": {
+                "col": 89,
+                "line": 48,
+                "offset": 1772
+            },
+            "extra": {
+                "engine_kind": "OSS",
+                "fingerprint": "d30b51e68d2d56fb34e5a87920208e0f18b71dbec62b2ad91d1b55e566c5796c64b1e161d7fd3c0f65834756474c0617c29b7c5bd76b76f14f2d3fc537a664b9_0",
+                "is_ignored": false,
+                "lines": "<script src=\"https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js\"></script>",
+                "message": "Potential CDN usage detected. Consider removing or replacing CDN references to comply with GDPR and also avoid supply chain risk",
+                "metadata": {
+                    "category": "security",
+                    "technology": "cdn"
+                },
+                "metavars": {},
+                "severity": "LOW",
+                "validation_state": "NO_VALIDATOR"
+            },
+            "path": "/Users/user.example/git/company/full-codebase/company/lead-magnet/src/templates/base.html.twig",
+            "start": {
+                "col": 1,
+                "line": 48,
+                "offset": 1684
+            }
+        },
+        {
+            "check_id": "rules.sast.dev.generic.internal.detect-cdn-usage-react-express",
+            "end": {
+                "col": 206,
+                "line": 49,
+                "offset": 1978
+            },
+            "extra": {
+                "engine_kind": "OSS",
+                "fingerprint": "d30b51e68d2d56fb34e5a87920208e0f18b71dbec62b2ad91d1b55e566c5796c64b1e161d7fd3c0f65834756474c0617c29b7c5bd76b76f14f2d3fc537a664b9_1",
+                "is_ignored": false,
+                "lines": "<script src=\"https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js\" integrity=\"sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1\" crossorigin=\"anonymous\"></script>",
+                "message": "Potential CDN usage detected. Consider removing or replacing CDN references to comply with GDPR and also avoid supply chain risk",
+                "metadata": {
+                    "category": "security",
+                    "technology": "cdn"
+                },
+                "metavars": {},
+                "severity": "LOW",
+                "validation_state": "NO_VALIDATOR"
+            },
+            "path": "/Users/user.example/git/company/full-codebase/company/lead-magnet/src/templates/base.html.twig",
+            "start": {
+                "col": 1,
+                "line": 49,
+                "offset": 1773
+            }
+        },
+        {
+            "check_id": "rules.sast.dev.generic.internal.detect-cdn-usage-react-express",
+            "end": {
+                "col": 203,
+                "line": 50,
+                "offset": 2181
+            },
+            "extra": {
+                "engine_kind": "OSS",
+                "fingerprint": "d30b51e68d2d56fb34e5a87920208e0f18b71dbec62b2ad91d1b55e566c5796c64b1e161d7fd3c0f65834756474c0617c29b7c5bd76b76f14f2d3fc537a664b9_2",
+                "is_ignored": false,
+                "lines": "<script src=\"https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js\" integrity=\"sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM\" crossorigin=\"anonymous\"></script>{% block javascripts %}{% endblock %}",
+                "message": "Potential CDN usage detected. Consider removing or replacing CDN references to comply with GDPR and also avoid supply chain risk",
+                "metadata": {
+                    "category": "security",
+                    "technology": "cdn"
+                },
+                "metavars": {},
+                "severity": "LOW",
+                "validation_state": "NO_VALIDATOR"
+            },
+            "path": "/Users/user.example/git/company/full-codebase/company/lead-magnet/src/templates/base.html.twig",
+            "start": {
+                "col": 1,
+                "line": 50,
+                "offset": 1979
+            }
+        }
+    ],
+    "skipped_rules": [],
+    "version": "1.84.1"
+}

unittests/tools/test_semgrep_parser.py

@@ -121,6 +121,12 @@ def test_parse_issue_8435(self):
             findings = parser.get_findings(testfile, Test())
             self.assertEqual(1, len(findings))
 
+    def test_parse_low_medium_high_severity(self):
+        with open("unittests/scans/semgrep/high-medium-low-severities.json", encoding="utf-8") as testfile:
+            parser = SemgrepParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(3, len(findings))
+
     def test_parse_sca_deployments_vulns(self):
         with open("unittests/scans/semgrep/sca-deployments-vulns.json", encoding="utf-8") as testfile:
             parser = SemgrepParser()