Add support for custom severities (#281)

steeve85 · web-flow · commit bf3f7b8f8016 · 2020-11-18T11:33:01.000+05:30
diff --git a/README.md b/README.md
@@ -410,6 +410,20 @@ This will report all Medium severity issues and higher (Potential risks that are
 2. By default, the threshold is set to low.
 3. Any custom search patterns you add, are considered to be of high severity.
 
+## Configuring custom severities
+
+You can customize the [security levels](detector/severity/severity_config.go) of the detectors provided by Talisman in the .talismanrc file:
+
+```yaml
+custom_severities:
+- detector: Base64Content
+  severity: medium
+- detector: HexContent
+  severity: low
+```
+
+By using custom severities and a severity threshold, Talisman can be configured to alert only on what is important based on your context. This can be useful to reduce the number of false positives.
+
 ## Talisman as a CLI utility
 
 If you execute `talisman` on the command line, you will be able to view all the parameter options you can pass
diff --git a/runner.go b/runner.go
@@ -7,6 +7,7 @@ import (
 	"talisman/checksumcalculator"
 	"talisman/detector"
 	"talisman/detector/helpers"
+	"talisman/detector/severity"
 	"talisman/gitrepo"
 	"talisman/prompt"
 	"talisman/report"
@@ -52,8 +53,9 @@ func (r *Runner) Scan(reportDirectory string, ignoreHistory bool) int {
 	fmt.Printf("\n\n")
 	utility.CreateArt("Running Scan..")
 	additions := scanner.GetAdditions(ignoreHistory)
-	ignores := &talismanrc.TalismanRC{}
-	detector.DefaultChain(ignores).Test(additions, ignores, r.results)
+	rcConfig := talismanrc.Get()
+	setCustomSeverities(rcConfig)
+	detector.DefaultChain(rcConfig).Test(additions, rcConfig, r.results)
 	reportsPath, err := report.GenerateReport(r.results, reportDirectory)
 	if err != nil {
 		log.Printf("error while generating report: %v", err)
@@ -82,10 +84,19 @@ func (r *Runner) RunChecksumCalculator(fileNamePatterns []string) int {
 }
 
 func (r *Runner) doRun() {
-	rcConfigIgnores := talismanrc.Get()
+	rcConfig := talismanrc.Get()
+	setCustomSeverities(rcConfig)
 	scopeMap := getScopeConfig()
-	additionsToScan := rcConfigIgnores.IgnoreAdditionsByScope(r.additions, scopeMap)
-	detector.DefaultChain(rcConfigIgnores).Test(additionsToScan, rcConfigIgnores, r.results)
+	additionsToScan := rcConfig.IgnoreAdditionsByScope(r.additions, scopeMap)
+	detector.DefaultChain(rcConfig).Test(additionsToScan, rcConfig, r.results)
+}
+
+func setCustomSeverities(tRC *talismanrc.TalismanRC) {
+	for _, cs := range tRC.CustomSeverities {
+		severity.SeverityConfiguration[cs.Detector] = severity.Severity{
+															Value: severity.SeverityStringToValue(cs.Severity),
+														}
+	}
 }
 
 func getScopeConfig() map[string][]string {
diff --git a/talismanrc/talismanrc.go b/talismanrc/talismanrc.go
@@ -26,6 +26,11 @@ var (
 	currentRCFileName  = DefaultRCFileName
 )
 
+type CustomSeverityConfig struct {
+	Detector        string `yaml:"detector"`
+	Severity        string `yaml:"severity"`
+}
+
 type FileIgnoreConfig struct {
 	FileName        string   `yaml:"filename"`
 	Checksum        string   `yaml:"checksum,omitempty"`
@@ -47,18 +52,20 @@ type TalismanRC struct {
 	FileIgnoreConfig []FileIgnoreConfig     `yaml:"fileignoreconfig,omitempty"`
 	ScopeConfig      []ScopeConfig          `yaml:"scopeconfig,omitempty"`
 	CustomPatterns   []PatternString        `yaml:"custom_patterns,omitempty"`
+	CustomSeverities []CustomSeverityConfig `yaml:"custom_severities,omitempty"`
 	AllowedPatterns  []string               `yaml:"allowed_patterns,omitempty"`
 	Experimental     ExperimentalConfig     `yaml:"experimental,omitempty"`
 	Threshold        severity.SeverityValue `default:"1" yaml:"threshold,omitempty"`
 }
 
 type TalismanRCFile struct {
-	FileIgnoreConfig []FileIgnoreConfig `yaml:"fileignoreconfig,omitempty"`
-	ScopeConfig      []ScopeConfig      `yaml:"scopeconfig,omitempty"`
-	CustomPatterns   []PatternString    `yaml:"custom_patterns,omitempty"`
-	AllowedPatterns  []string           `yaml:"allowed_patterns,omitempty"`
-	Experimental     ExperimentalConfig `yaml:"experimental,omitempty"`
-	Threshold        string             `default:"low" yaml:"threshold,omitempty"`
+	FileIgnoreConfig []FileIgnoreConfig     `yaml:"fileignoreconfig,omitempty"`
+	ScopeConfig      []ScopeConfig          `yaml:"scopeconfig,omitempty"`
+	CustomPatterns   []PatternString        `yaml:"custom_patterns,omitempty"`
+	CustomSeverities []CustomSeverityConfig `yaml:"custom_severities,omitempty"`
+	AllowedPatterns  []string               `yaml:"allowed_patterns,omitempty"`
+	Experimental     ExperimentalConfig     `yaml:"experimental,omitempty"`
+	Threshold        string                 `default:"low" yaml:"threshold,omitempty"`
 }
 
 func SetFs(_fs afero.Fs) {
@@ -103,6 +110,7 @@ func NewTalismanRC(fileContents []byte) *TalismanRC {
 		FileIgnoreConfig: talismanRCFile.FileIgnoreConfig,
 		ScopeConfig:      talismanRCFile.ScopeConfig,
 		CustomPatterns:   talismanRCFile.CustomPatterns,
+		CustomSeverities: talismanRCFile.CustomSeverities,
 		AllowedPatterns:  talismanRCFile.AllowedPatterns,
 		Experimental:     talismanRCFile.Experimental,
 		Threshold:        severity.SeverityStringToValue(talismanRCFile.Threshold),
