Base for analyzers to produce detections from audit scans that are reported back to the Aura framework Subclass this to have different hits on semantic level :param message: Detection message, intended to be displayed to a user :type message: str :param signature: Used by defau
| 13 | @dataclass |
| 14 | @total_ordering |
| 15 | class Detection: |
| 16 | """ |
| 17 | Base for analyzers to produce detections from audit scans that are reported back to the Aura framework |
| 18 | Subclass this to have different hits on semantic level |
| 19 | |
| 20 | :param message: Detection message, intended to be displayed to a user |
| 21 | :type message: str |
| 22 | :param signature: Used by default for hashing/deduplication of various detections. At minimum, it is highly recommended to include at least a detection name and a normalized path to the scanned file. In case of AST based detections, line number is also recommended as it is possible that the source code can contain multiple detections of the same anomaly that are on different lines and should be reported separately. |
| 23 | :type signature: str |
| 24 | |
| 25 | :param score: A score associated with this detection that is then used to compute the overall score of the input scanned by Aura. |
| 26 | :type score: int, optional |
| 27 | :param node: A reference to the AST node object. It is recommended to set this attribute for AST based detections as the framework will automatically fill some of the emtadata for the output such as line number or the actual content of the line. |
| 28 | :type node: ASTNode, optional |
| 29 | :param extra: A schema less dictionary. Use this to report back any data fields when exporting the scan data into various formats such as JSON |
| 30 | :type extra: dict, optional |
| 31 | :param tags: A set of strings that acts as tags for this detection. Used for filtering the outputs and tagging whole files via detections. |
| 32 | :type tags: Set[str], optional |
| 33 | :param detection_type: An identifier of the detection type. Used for filtering out the different detections. If not provided, class name is used. |
| 34 | :type detection_type: str, optional |
| 35 | """ |
| 36 | |
| 37 | signature: str |
| 38 | message: str |
| 39 | score: int = 0 # Score that affects security audit |
| 40 | line_no: Optional[int] = None # Set to None to hide it from output |
| 41 | line: Union[ |
| 42 | str, None |
| 43 | ] = None # Set to None or empty string to hide it from output |
| 44 | # If the rule is tied to the AST tree detections, then set the node pointer appropriately |
| 45 | # Set to None to hide or for rules that are not tied to the AST tree |
| 46 | detection_type: Optional[str] = None |
| 47 | node: Optional[NodeType] = None |
| 48 | tags: Set[str] = field(default_factory=set) |
| 49 | extra: dict = field(default_factory=dict) |
| 50 | informational: bool = False |
| 51 | location: Optional[Path, str] = None |
| 52 | scan_location = None |
| 53 | _metadata: Optional[dict] = None |
| 54 | |
| 55 | def __post_init__(self): |
| 56 | self._hash = None |
| 57 | self._diff_hash = None |
| 58 | self._severity = None |
| 59 | |
| 60 | if isinstance(self.node, ASTNode) and self.line_no is None: |
| 61 | self.line_no = self.node.line_no |
| 62 | |
| 63 | def _asdict(self) -> Dict: |
| 64 | """ |
| 65 | Exporting mechanism for JSON output/machine processing |
| 66 | Define fields to be exported here, subclass need to fetch the fields from their parent in this method |
| 67 | Output dict must contain only elements that are JSON serializable |
| 68 | |
| 69 | :return: Serialized data for the detection |
| 70 | :rtype: dict |
| 71 | """ |
| 72 | data = { |
no outgoing calls
no test coverage detected