From e52b41a1a8ca3f36efbfedca7c8728b88f92edde Mon Sep 17 00:00:00 2001 From: elsapet Date: Mon, 20 Jan 2025 09:57:22 +0200 Subject: [PATCH] feat: update CWE translation for Bearer reader --- .../org/owasp/benchmarkutils/score/parsers/BearerReader.java | 5 ++++- .../owasp/benchmarkutils/score/parsers/BearerReaderTest.java | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/BearerReader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/BearerReader.java index ca7688a0..a481fad1 100644 --- a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/BearerReader.java +++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/BearerReader.java @@ -55,9 +55,12 @@ public TestSuiteResults parse(ResultFile resultFile) throws Exception { private int translate(int cwe) { switch (cwe) { + case 73: + return CweNumber.PATH_TRAVERSAL; case 326: - return CweNumber.WEAK_CRYPTO_ALGO; case 327: + return CweNumber.WEAK_CRYPTO_ALGO; + case 328: return CweNumber.WEAK_HASH_ALGO; default: return cwe; diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java index 4ed882b3..2e7bb7a5 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java @@ -56,7 +56,6 @@ void readerHandlesGivenResultFileInV1_30() throws Exception { assertEquals(3, result.getTotalResults()); assertEquals(CweNumber.COMMAND_INJECTION, result.get(7).get(0).getCWE()); - assertEquals(CweNumber.WEAK_HASH_ALGO, result.get(5).get(0).getCWE()); assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get(35).get(0).getCWE()); } }