Test that security-related rules have proper security properties.
()
| 189 | |
| 190 | |
| 191 | def test_sarif_security_rules(): |
| 192 | """Test that security-related rules have proper security properties.""" |
| 193 | sarif = run_sarif_check(TEST_CODE) |
| 194 | |
| 195 | run = sarif["runs"][0] |
| 196 | driver = run["tool"]["driver"] |
| 197 | rules = driver["rules"] |
| 198 | |
| 199 | # Check for security-related rules |
| 200 | security_rule_ids = [ |
| 201 | "nullPointer", |
| 202 | "arrayIndexOutOfBounds", |
| 203 | "memleak", |
| 204 | "uninitvar", |
| 205 | "doubleFree", |
| 206 | ] |
| 207 | |
| 208 | for rule_id in security_rule_ids: |
| 209 | matching_rules = [r for r in rules if r["id"] == rule_id] |
| 210 | if matching_rules: |
| 211 | rule = matching_rules[0] |
| 212 | props = rule.get("properties", {}) |
| 213 | |
| 214 | # Security rules should have security-severity |
| 215 | if "tags" in props and "security" in props["tags"]: |
| 216 | assert "security-severity" in props |
| 217 | assert float(props["security-severity"]) > 0 |
| 218 | |
| 219 | # Should have problem.severity |
| 220 | assert "problem.severity" in props |
| 221 | |
| 222 | # Should have precision |
| 223 | assert "precision" in props |
| 224 | |
| 225 | |
| 226 | def test_sarif_rule_descriptions(): |
nothing calls this directly
no test coverage detected