STRLCPY/bearer

■ ■ ■ ■ ■ ■

README.md

		skipped 48 lines
49	49
50	50		SUCCESS
51	51
52		-	14 policies were run and no breaches were detected.
	52	+	14 policies were run and no failures were detected.
53	53
54	54		```
55	55
56	56		Curio helps developers and security teams to:
57	57
58	58		- Protect their application from leaking sensitive data (loggers, cookies, third-parties, etc.)
59		-	- Protect their application from having their sensitive data breached (missing encryption, insecure communication, SQL injection, etc.)
	59	+	- Protect their application from having their sensitive data failed (missing encryption, insecure communication, SQL injection, etc.)
60	60		- Monitor sensitive data flows across every component (Data stores, internal and external APIs)
61	61
62	62		Curio is Open Source ([see license](#mortar_board-license)), and is built to be fully customizable, from creating your own policies, to adding custom code detectors up to enriching our data classifiers.
		skipped 38 lines
101	101
102	102		The easiest way to try out Curio is with our example project, [Bear Publishing](https://github.com/Bearer/bear-publishing). It simulates a realistic Ruby application with common data security flaws. Clone or download it to a convenient location to get started. Alternately, you can use your own application. Check the [supported languages](#supported-language) to see if your stack supports a policy report.
103	103
104		-	You won't need to run the sample project. Curio scan the codebase without running the application.
	104	+	You won't need to run the sample project. Curio scans the codebase without running the application.
105	105
106	106		Now, run the scan command with `curio scan` on the project directory:
107	107
		skipped 3 lines
111	111
112	112		A progress bar will display the status of the scan.
113	113
114		-	Once the scan is complete, Curio will output a policy report with details of any policy breaches, as well as where in the codebase the infractions happened.
	114	+	Once the scan is complete, Curio will output a policy report with details of any policy failures, as well as where in the codebase the infractions happened.
115	115
116	116		### Analyze the report
117	117
118	118		The policy report is an easily digestible view of the data security problems detected by Curio. A report is made up of:
119	119
120	120		- The list of [policies](https://curio.sh/reference/policies/) run against your code.
121		-	- Each detected breach, containing the file location and lines that triggered the policy breach.
	121	+	- Each detected failure, containing the file location and lines that triggered the policy failure.
122	122		- A summary of the report with the stats for passing and failing policies.
123	123
124		-	The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy breaches and output a full report. Here's a section of the output:
	124	+	The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy failures and output a full report. Here's a section of the output:
125	125
126	126		```text
127	127
128		-	HIGH: Application level encryption missing policy breach with PHI, PII
	128	+	HIGH: Application level encryption missing policy failure with PHI, PII
129	129		Application level encryption missing. Enable application level encryption to reduce the risk of leaking sensitive data.
130	130
131	131		File: /bear-publishing/db/schema.rb:22
		skipped 6 lines
138	138
139	139		=====================================
140	140
141		-	Policy breaches detected
	141	+	Policy failures detected
142	142
143		-	14 policies were run and 12 breaches were detected.
	143	+	14 policies were run and 12 failures were detected.
144	144
145	145		CRITICAL: 0
146	146		HIGH: 10 (Application level encryption missing, Insecure HTTP with Data Category, JWT leaking, Logger leaking, Cookie leaking, Third-party data category exposure)
		skipped 102 lines

■ ■ ■ ■ ■ ■

docs/explanations/reports.md

		skipped 14 lines
15	15
16	16		```txt
17	17		...
18		-	CRITICAL: JWT leaking policy breach with Personal data
	18	+	CRITICAL: JWT leaking policy failure with Personal data
19	19		JWT leaks detected. Avoid storing sensitive data in JWTs.
20	20
21	21		File: lib/jwt.rb:6
		skipped 12 lines
34	34
35	35		=====================================
36	36
37		-	Policy breaches detected
	37	+	Policy failures detected
38	38
39		-	14 policies were run and 6 breaches were detected.
	39	+	14 policies were run and 6 failures were detected.
40	40
41	41		CRITICAL: 0
42	42		HIGH: 4 (Insecure HTTP with Data Category, Logger leaking, JWT leaking, Cookie leaking)
		skipped 121 lines
164	164		The detectors report type is the most low-level, data-rich type. You’re unlikely to use this report on its own, but it can be useful for building your own tooling based on the data parsed by Curio.
165	165
166	166		To run your first detectors report, run `curio scan` with the `--report detectors` flag.
	167	+

■ ■ ■ ■ ■ ■

docs/quickstart.md

		skipped 40 lines
41	41
42	42		The easiest way to try out Curio is with our example project, [Bear Publishing](https://github.com/Bearer/bear-publishing). It simulates a realistic Ruby application with common data security flaws. Clone or download it to a convenient location to get started. Alternately, you can use your own application.
43	43
44		-	You won't need to run the sample project. Curio scan the codebase without running the application.
	44	+	You won't need to run the sample project. Curio scans the codebase without running the application.
45	45
46	46		Now, run a scan with `curio scan` on the project directory:
47	47
		skipped 3 lines
51	51
52	52		A progress bar will display the status of the scan.
53	53
54		-	Once the scan is complete, Curio will output a policy report with details of any policy breaches, as well as where in the codebase the infractions happened.
	54	+	Once the scan is complete, Curio will output a policy report with details of any policy failures, as well as where in the codebase the infractions happened.
55	55
56	56		### Analyze the report
57	57
58	58		The policy report is an easily digestible view of the data security problems detected by Curio. A report is made up of:
59	59
60	60		- The list of [policies](/reference/policies/) run against your code.
61		-	- Each detected breach, containing the file location and lines that triggered the policy breach.
	61	+	- Each detected failure, containing the file location and lines that triggered the policy failure.
62	62		- A summary of the report with the stats for passing and failing policies.
63	63
64		-	The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy breaches and output a full report. Here's a section of the output containing a breach snippet and the final summary:
	64	+	The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy failures and output a full report. Here's a section of the output containing a failure snippet and the final summary:
65	65
66	66		```text
67	67
68		-	HIGH: Application level encryption missing policy breach with PHI, PII
	68	+	HIGH: Application level encryption missing policy failure with PHI, PII
69	69		Application level encryption missing. Enable application level encryption to reduce the risk of leaking sensitive data.
70	70
71	71		File: /bear-publishing/db/schema.rb:22
		skipped 6 lines
78	78
79	79		=====================================
80	80
81		-	Policy breaches detected
	81	+	Policy failures detected
82	82
83		-	14 policies were run and 12 breaches were detected.
	83	+	14 policies were run and 12 failures were detected.
84	84
85	85		CRITICAL: 0
86	86		HIGH: 10 (Application level encryption missing, Insecure HTTP with Data Category, JWT leaking, Logger leaking, Cookie leaking, Third-party data category exposure)
		skipped 2 lines
89	89		```
90	90
91	91		The policy report is just one report type available in Curio. Additional options for using and configuring the `scan` command can be found in the [scan documentation](/reference/commands/#scan). For additional guides and usage tips, [view the docs](https://curio.sh).
	92	+

■ ■ ■ ■ ■ ■

integration/flags/.snapshots/TestInitCommand-init

		skipped 423 lines
424	424		policies:
425	425		application_level_encryption_missing:
426	426		query: \|
427		-	policy_breach = data.bearer.application_level_encryption.policy_breach
	427	+	policy_failure = data.bearer.application_level_encryption.policy_failure
428	428		id: application_level_encryption_missing
429	429		name: Application level encryption missing
430	430		description: Application level encryption missing. Enable application level encryption to reduce the risk of leaking sensitive data.
		skipped 48 lines
479	479
480	480		import future.keywords
481	481
482		-	policy_breach contains item if {
	482	+	policy_failure contains item if {
483	483		datatype = input.dataflow.data_types[_]
484	484		detector = datatype.detectors[_]
485	485		location = detector.locations[_]
		skipped 12 lines
498	498		}
499	499		cookie_leaks:
500	500		query: \|
501		-	policy_breach = data.bearer.leakage.policy_breach
	501	+	policy_failure = data.bearer.leakage.policy_failure
502	502		id: detect_rails_cookies
503	503		name: Cookie leaking
504	504		description: Cookie leaks detected. Avoid storing sensitive data in cookies.
		skipped 48 lines
553	553
554	554		import future.keywords
555	555
556		-	policy_breach contains item if {
	556	+	policy_failure contains item if {
557	557		some detector in input.dataflow.risks
558	558		detector.detector_id == input.policy_id
559	559
		skipped 11 lines
571	571		}
572	572		http_get_parameters:
573	573		query: \|
574		-	policy_breach = data.bearer.http_get_parameters.policy_breach
	574	+	policy_failure = data.bearer.http_get_parameters.policy_failure
575	575		id: ruby_http_get_detection
576	576		name: HTTP GET parameters
577	577		description: Sending data as HTTP GET parameters. Avoid sending sensitive data as parameters in GET requests.
		skipped 48 lines
626	626
627	627		import future.keywords
628	628
629		-	policy_breach contains item if {
	629	+	policy_failure contains item if {
630	630		some detector in input.dataflow.risks
631	631		detector.detector_id == input.policy_id
632	632
		skipped 11 lines
644	644		}
645	645		insecure_communication_processing_sensitive_data:
646	646		query: \|
647		-	policy_breach = data.bearer.insecure_communication.policy_breach
	647	+	policy_failure = data.bearer.insecure_communication.policy_failure
648	648		id: detect_rails_insecure_communication
649	649		name: Insecure communication
650	650		description: Insecure communication in an application processing sensitive data. Ensure communication occurs over SSL.
		skipped 48 lines
699	699
700	700		import future.keywords
701	701
702		-	policy_breach contains item if {
	702	+	policy_failure contains item if {
703	703		some data_type in input.dataflow.data_types
704	704
705	705		some detector in input.dataflow.risks
		skipped 12 lines
718	718		}
719	719		insecure_ftp_processing_sensitive_data:
720	720		query: \|
721		-	policy_breach = data.bearer.insecure_ftp.policy_breach
	721	+	policy_failure = data.bearer.insecure_ftp.policy_failure
722	722		id: detect_rails_insecure_ftp
723	723		name: Insecure FTP
724	724		description: Communication with an insecure FTP server in an application processing sensitive data. Only connect to FTP securely.
		skipped 48 lines
773	773
774	774		import future.keywords
775	775
776		-	policy_breach contains item if {
	776	+	policy_failure contains item if {
777	777		some data_type in input.dataflow.data_types
778	778
779	779		some detector in input.dataflow.risks
		skipped 11 lines
791	791		}
792	792		insecure_ftp_with_data_category:
793	793		query: \|
794		-	policy_breach = data.bearer.insecure_ftp_with_data_category.policy_breach
	794	+	policy_failure = data.bearer.insecure_ftp_with_data_category.policy_failure
795	795		id: insecure_ftp_with_data_category
796	796		name: Insecure FTP with Data Category
797	797		description: Communicating Data Category with an insecure FTP server. Only connect to FTP securely.
		skipped 48 lines
846	846
847	847		import future.keywords
848	848
849		-	policy_breach contains item if {
	849	+	policy_failure contains item if {
850	850		some risk in input.dataflow.risks
851	851		risk.detector_id == "detect_rails_insecure_ftp_data"
852	852
		skipped 11 lines
864	864		}
865	865		insecure_http_get:
866	866		query: \|
867		-	policy_breach = data.bearer.insecure_http_get.policy_breach
	867	+	policy_failure = data.bearer.insecure_http_get.policy_failure
868	868		id: insecure_http_get
869	869		name: Insecure HTTP GET
870	870		description: Communicating using insecure HTTP GET in an application processing sensitive data. Ensure all HTTP communication occurs over HTTPS.
		skipped 48 lines
919	919
920	920		import future.keywords
921	921
922		-	policy_breach contains item if {
	922	+	policy_failure contains item if {
923	923		some data_type in input.dataflow.data_types
924	924
925	925		some detector in input.dataflow.risks
		skipped 11 lines
937	937		}
938	938		insecure_http_with_data_category:
939	939		query: \|
940		-	policy_breach = data.bearer.insecure_http_with_data_category.policy_breach
	940	+	policy_failure = data.bearer.insecure_http_with_data_category.policy_failure
941	941		id: insecure_http_with_data_category
942	942		name: Insecure HTTP with Data Category
943	943		description: Communicating Data Category using insecure HTTP. Ensure all HTTP communication occurs over HTTPS.
		skipped 71 lines
1015	1015		}
1016	1016		}
1017	1017
1018		-	policy_breach contains item if {
	1018	+	policy_failure contains item if {
1019	1019		insecure_http_with_data[["ruby_http_get_detection", "ruby_http_get_insecure", item]]
1020	1020		}
1021	1021
1022		-	policy_breach contains item if {
	1022	+	policy_failure contains item if {
1023	1023		insecure_http_with_data[["ruby_http_post_detection", "ruby_http_post_insecure", item]]
1024	1024		}
1025	1025		insecure_smtp_processing_sensitive_data:
1026	1026		query: \|
1027		-	policy_breach = data.bearer.insecure_smtp.policy_breach
	1027	+	policy_failure = data.bearer.insecure_smtp.policy_failure
1028	1028		id: detect_rails_insecure_smtp
1029	1029		name: Insecure SMTP
1030	1030		description: Communication using insecure SMTP in an application processing sensitive data. Verify that SMTP settings use OpenSSL or equivalent.
		skipped 48 lines
1079	1079
1080	1080		import future.keywords
1081	1081
1082		-	policy_breach contains item if {
	1082	+	policy_failure contains item if {
1083	1083		some data_type in input.dataflow.data_types
1084	1084
1085	1085		some detector in input.dataflow.risks
		skipped 12 lines
1098	1098		}
1099	1099		jwt_leaks:
1100	1100		query: \|
1101		-	policy_breach = data.bearer.leakage.policy_breach
	1101	+	policy_failure = data.bearer.leakage.policy_failure
1102	1102		id: detect_rails_jwt
1103	1103		name: JWT leaking
1104	1104		description: JWT leaks detected. Avoid storing sensitive data in JWTs.
		skipped 48 lines
1153	1153
1154	1154		import future.keywords
1155	1155
1156		-	policy_breach contains item if {
	1156	+	policy_failure contains item if {
1157	1157		some detector in input.dataflow.risks
1158	1158		detector.detector_id == input.policy_id
1159	1159
		skipped 11 lines
1171	1171		}
1172	1172		logger_leaks:
1173	1173		query: \|
1174		-	policy_breach = data.bearer.leakage.policy_breach
	1174	+	policy_failure = data.bearer.leakage.policy_failure
1175	1175		id: detect_ruby_logger
1176	1176		name: Logger leaking
1177	1177		description: Logger leaks detected. Avoid passing sensitive data to loggers.
		skipped 48 lines
1226	1226
1227	1227		import future.keywords
1228	1228
1229		-	policy_breach contains item if {
	1229	+	policy_failure contains item if {
1230	1230		some detector in input.dataflow.risks
1231	1231		detector.detector_id == input.policy_id
1232	1232
		skipped 11 lines
1244	1244		}
1245	1245		sending_data_in_category_to_third_party:
1246	1246		query: \|
1247		-	policy_breach = data.bearer.third_party_data_category.policy_breach
	1247	+	policy_failure = data.bearer.third_party_data_category.policy_failure
1248	1248		id: detect_ruby_third_party_data_send
1249	1249		name: Third-party data category exposure
1250	1250		description: Sending data in category to third party. Ensure data sent to third party is intended and secured.
		skipped 48 lines
1299	1299
1300	1300		import future.keywords
1301	1301
1302		-	policy_breach contains item if {
	1302	+	policy_failure contains item if {
1303	1303		some detector in input.dataflow.risks
1304	1304		detector.detector_id == input.policy_id
1305	1305
		skipped 11 lines
1317	1317		}
1318	1318		session_leaks:
1319	1319		query: \|
1320		-	policy_breach = data.bearer.leakage.policy_breach
	1320	+	policy_failure = data.bearer.leakage.policy_failure
1321	1321		id: detect_rails_session
1322	1322		name: Session leaking
1323	1323		description: Session leaks detected. Avoid storing sensitive data in the session.
		skipped 48 lines
1372	1372
1373	1373		import future.keywords
1374	1374
1375		-	policy_breach contains item if {
	1375	+	policy_failure contains item if {
1376	1376		some detector in input.dataflow.risks
1377	1377		detector.detector_id == input.policy_id
1378	1378
		skipped 11 lines
1390	1390		}
1391	1391		ssl_certificate_verification_disabled:
1392	1392		query: \|
1393		-	policy_breach = data.bearer.ssl_certificate_verification_disabled.policy_breach
	1393	+	policy_failure = data.bearer.ssl_certificate_verification_disabled.policy_failure
1394	1394		id: ssl_certificate_verification_disabled
1395	1395		name: SSL certificate verification disabled
1396	1396		description: SSL certificate verification is disabled in an application processing sensitive data. Enable SSL certificate verification.
		skipped 48 lines
1445	1445
1446	1446		import future.keywords
1447	1447
1448		-	policy_breach contains item if {
	1448	+	policy_failure contains item if {
1449	1449		some data_type in input.dataflow.data_types
1450	1450
1451	1451		some detector in input.dataflow.risks
		skipped 27 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/application_level_encryption.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		datatype = input.dataflow.data_types[_]
9	9		detector = datatype.detectors[_]
10	10		location = detector.locations[_]
		skipped 13 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/http_get_parameters.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some detector in input.dataflow.risks
9	9		detector.detector_id == input.policy_id
10	10
		skipped 12 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/insecure_communication.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some data_type in input.dataflow.data_types
9	9
10	10		some detector in input.dataflow.risks
		skipped 14 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/insecure_ftp.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some data_type in input.dataflow.data_types
9	9
10	10		some detector in input.dataflow.risks
		skipped 13 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/insecure_ftp_with_data_category.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some risk in input.dataflow.risks
9	9		risk.detector_id == "detect_rails_insecure_ftp_data"
10	10
		skipped 13 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/insecure_http_get.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some data_type in input.dataflow.data_types
9	9
10	10		some detector in input.dataflow.risks
		skipped 13 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/insecure_http_with_data_category.rego

		skipped 26 lines
27	27		}
28	28		}
29	29
30		-	policy_breach contains item if {
	30	+	policy_failure contains item if {
31	31		insecure_http_with_data[["ruby_http_get_detection", "ruby_http_get_insecure", item]]
32	32		}
33	33
34		-	policy_breach contains item if {
	34	+	policy_failure contains item if {
35	35		insecure_http_with_data[["ruby_http_post_detection", "ruby_http_post_insecure", item]]
36	36		}
37	37

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/insecure_smtp.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some data_type in input.dataflow.data_types
9	9
10	10		some detector in input.dataflow.risks
		skipped 14 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/leakage.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some detector in input.dataflow.risks
9	9		detector.detector_id == input.policy_id
10	10
		skipped 13 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/ssl_certificate_verification_disabled.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some data_type in input.dataflow.data_types
9	9
10	10		some detector in input.dataflow.risks
		skipped 13 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies/third_party_data_category.rego

		skipped 3 lines
4	4
5	5		import future.keywords
6	6
7		-	policy_breach contains item if {
	7	+	policy_failure contains item if {
8	8		some detector in input.dataflow.risks
9	9		detector.detector_id == input.policy_id
10	10
		skipped 13 lines

■ ■ ■ ■ ■ ■

pkg/commands/process/settings/policies.yml

		skipped 2 lines
3	3		name: "Logger leaking"
4	4		id: "detect_ruby_logger"
5	5		query: \|
6		-	policy_breach = data.bearer.leakage.policy_breach
	6	+	policy_failure = data.bearer.leakage.policy_failure
7	7		modules:
8	8		- path: policies/common.rego
9	9		name: bearer.common
		skipped 4 lines
14	14		name: "Session leaking"
15	15		id: "detect_rails_session"
16	16		query: \|
17		-	policy_breach = data.bearer.leakage.policy_breach
	17	+	policy_failure = data.bearer.leakage.policy_failure
18	18		modules:
19	19		- path: policies/common.rego
20	20		name: bearer.common
		skipped 4 lines
25	25		name: "JWT leaking"
26	26		id: "detect_rails_jwt"
27	27		query: \|
28		-	policy_breach = data.bearer.leakage.policy_breach
	28	+	policy_failure = data.bearer.leakage.policy_failure
29	29		modules:
30	30		- path: policies/common.rego
31	31		name: bearer.common
		skipped 4 lines
36	36		name: "Cookie leaking"
37	37		id: "detect_rails_cookies"
38	38		query: \|
39		-	policy_breach = data.bearer.leakage.policy_breach
	39	+	policy_failure = data.bearer.leakage.policy_failure
40	40		modules:
41	41		- path: policies/common.rego
42	42		name: bearer.common
		skipped 4 lines
47	47		name: "SSL certificate verification disabled"
48	48		id: "ssl_certificate_verification_disabled"
49	49		query: \|
50		-	policy_breach = data.bearer.ssl_certificate_verification_disabled.policy_breach
	50	+	policy_failure = data.bearer.ssl_certificate_verification_disabled.policy_failure
51	51		modules:
52	52		- path: policies/common.rego
53	53		name: bearer.common
		skipped 4 lines
58	58		name: "Application level encryption missing"
59	59		id: "application_level_encryption_missing"
60	60		query: \|
61		-	policy_breach = data.bearer.application_level_encryption.policy_breach
	61	+	policy_failure = data.bearer.application_level_encryption.policy_failure
62	62		modules:
63	63		- path: policies/common.rego
64	64		name: bearer.common
		skipped 4 lines
69	69		name: "Insecure SMTP"
70	70		id: "detect_rails_insecure_smtp"
71	71		query: \|
72		-	policy_breach = data.bearer.insecure_smtp.policy_breach
	72	+	policy_failure = data.bearer.insecure_smtp.policy_failure
73	73		modules:
74	74		- path: policies/common.rego
75	75		name: bearer.common
		skipped 4 lines
80	80		name: "HTTP GET parameters"
81	81		id: "ruby_http_get_detection"
82	82		query: \|
83		-	policy_breach = data.bearer.http_get_parameters.policy_breach
	83	+	policy_failure = data.bearer.http_get_parameters.policy_failure
84	84		modules:
85	85		- path: policies/common.rego
86	86		name: bearer.common
		skipped 4 lines
91	91		name: "Insecure communication"
92	92		id: "detect_rails_insecure_communication"
93	93		query: \|
94		-	policy_breach = data.bearer.insecure_communication.policy_breach
	94	+	policy_failure = data.bearer.insecure_communication.policy_failure
95	95		modules:
96	96		- path: policies/common.rego
97	97		name: bearer.common
		skipped 4 lines
102	102		name: "Insecure FTP"
103	103		id: "detect_rails_insecure_ftp"
104	104		query: \|
105		-	policy_breach = data.bearer.insecure_ftp.policy_breach
	105	+	policy_failure = data.bearer.insecure_ftp.policy_failure
106	106		modules:
107	107		- path: policies/common.rego
108	108		name: bearer.common
		skipped 4 lines
113	113		name: "Insecure FTP with Data Category"
114	114		id: insecure_ftp_with_data_category
115	115		query: \|
116		-	policy_breach = data.bearer.insecure_ftp_with_data_category.policy_breach
	116	+	policy_failure = data.bearer.insecure_ftp_with_data_category.policy_failure
117	117		modules:
118	118		- path: policies/common.rego
119	119		name: bearer.common
		skipped 4 lines
124	124		name: "Insecure HTTP GET"
125	125		id: insecure_http_get
126	126		query: \|
127		-	policy_breach = data.bearer.insecure_http_get.policy_breach
	127	+	policy_failure = data.bearer.insecure_http_get.policy_failure
128	128		modules:
129	129		- path: policies/common.rego
130	130		name: bearer.common
		skipped 4 lines
135	135		name: "Insecure HTTP with Data Category"
136	136		id: insecure_http_with_data_category
137	137		query: \|
138		-	policy_breach = data.bearer.insecure_http_with_data_category.policy_breach
	138	+	policy_failure = data.bearer.insecure_http_with_data_category.policy_failure
139	139		modules:
140	140		- path: policies/common.rego
141	141		name: bearer.common
		skipped 4 lines
146	146		name: "Third-party data category exposure"
147	147		id: "detect_ruby_third_party_data_send"
148	148		query: \|
149		-	policy_breach = data.bearer.third_party_data_category.policy_breach
	149	+	policy_failure = data.bearer.third_party_data_category.policy_failure
150	150		modules:
151	151		- path: policies/common.rego
152	152		name: bearer.common
		skipped 3 lines

■ ■ ■ ■ ■ ■

pkg/report/output/policies/policies.go

		skipped 88 lines
89	89		return nil, err
90	90		}
91	91
92		-	for _, policyOutput := range policyResults["policy_breach"] {
	92	+	for _, policyOutput := range policyResults["policy_failure"] {
93	93		policyResult := PolicyResult{
94	94		PolicyName: policy.Name,
95	95		PolicyDescription: policy.Description,
		skipped 28 lines
124	124
125	125		writePolicyListToString(reportStr, policies)
126	126
127		-	breachedPolicies := map[string]map[string]bool{
	127	+	policyFailures := map[string]map[string]bool{
128	128		settings.LevelCritical: make(map[string]bool),
129	129		settings.LevelHigh: make(map[string]bool),
130	130		settings.LevelMedium: make(map[string]bool),
		skipped 6 lines
137	137		settings.LevelMedium,
138	138		settings.LevelLow,
139	139		} {
140		-	for _, policyBreach := range policyResults[policyLevel] {
141		-	breachedPolicies[policyLevel][policyBreach.PolicyName] = true
142		-	writePolicyBreachToString(reportStr, policyBreach, policyLevel)
	140	+	for _, policyFailure := range policyResults[policyLevel] {
	141	+	policyFailures[policyLevel][policyFailure.PolicyName] = true
	142	+	writePolicyFailureToString(reportStr, policyFailure, policyLevel)
143	143		}
144	144		}
145	145
146		-	writeSummaryToString(reportStr, policyResults, len(policies), breachedPolicies)
	146	+	writeSummaryToString(reportStr, policyResults, len(policies), policyFailures)
147	147
148	148		color.NoColor = initialColorSetting
149	149
		skipped 12 lines
162	162		func writeSummaryToString(
163	163		reportStr *strings.Builder,
164	164		policyResults map[string][]PolicyResult,
165		-	policyCount int, breachedPolicies map[string]map[string]bool,
	165	+	policyCount int, policyFailures map[string]map[string]bool,
166	166		) {
167	167		reportStr.WriteString("\n=====================================")
168	168
		skipped 1 lines
170	170		if len(policyResults) == 0 {
171	171		reportStr.WriteString("\n\n")
172	172		reportStr.WriteString(color.HiGreenString("SUCCESS\n\n"))
173		-	reportStr.WriteString(fmt.Sprint(policyCount) + " policies were run and no breaches were detected.\n\n")
	173	+	reportStr.WriteString(fmt.Sprint(policyCount) + " policies were run and no failures were detected.\n\n")
174	174		return
175	175		}
176	176
		skipped 5 lines
182	182		totalCount := criticalCount + highCount + mediumCount + lowCount
183	183
184	184		reportStr.WriteString("\n\n")
185		-	reportStr.WriteString(color.RedString("Policy breaches detected\n\n"))
	185	+	reportStr.WriteString(color.RedString("Policy failures detected\n\n"))
186	186		reportStr.WriteString(fmt.Sprint(policyCount) + " policies were run ")
187		-	reportStr.WriteString("and " + fmt.Sprint(totalCount) + " breaches were detected.\n\n")
	187	+	reportStr.WriteString("and " + fmt.Sprint(totalCount) + " failures were detected.\n\n")
188	188
189	189		// critical count
190	190		reportStr.WriteString(formatSeverity(settings.LevelCritical) + fmt.Sprint(criticalCount))
191		-	if len(breachedPolicies[settings.LevelCritical]) > 0 {
192		-	reportStr.WriteString(" (" + strings.Join(maps.Keys(breachedPolicies[settings.LevelCritical]), ", ") + ")")
	191	+	if len(policyFailures[settings.LevelCritical]) > 0 {
	192	+	reportStr.WriteString(" (" + strings.Join(maps.Keys(policyFailures[settings.LevelCritical]), ", ") + ")")
193	193		}
194	194		// high count
195	195		reportStr.WriteString("\n" + formatSeverity(settings.LevelHigh) + fmt.Sprint(highCount))
196		-	if len(breachedPolicies[settings.LevelHigh]) > 0 {
197		-	reportStr.WriteString(" (" + strings.Join(maps.Keys(breachedPolicies[settings.LevelHigh]), ", ") + ")")
	196	+	if len(policyFailures[settings.LevelHigh]) > 0 {
	197	+	reportStr.WriteString(" (" + strings.Join(maps.Keys(policyFailures[settings.LevelHigh]), ", ") + ")")
198	198		}
199	199		// medium count
200	200		reportStr.WriteString("\n" + formatSeverity(settings.LevelMedium) + fmt.Sprint(mediumCount))
201		-	if len(breachedPolicies[settings.LevelMedium]) > 0 {
202		-	reportStr.WriteString(" (" + strings.Join(maps.Keys(breachedPolicies[settings.LevelMedium]), ", ") + ")")
	201	+	if len(policyFailures[settings.LevelMedium]) > 0 {
	202	+	reportStr.WriteString(" (" + strings.Join(maps.Keys(policyFailures[settings.LevelMedium]), ", ") + ")")
203	203		}
204	204		// low count
205	205		reportStr.WriteString("\n" + formatSeverity(settings.LevelLow) + fmt.Sprint(lowCount))
206		-	if len(breachedPolicies[settings.LevelLow]) > 0 {
207		-	reportStr.WriteString(" (" + strings.Join(maps.Keys(breachedPolicies[settings.LevelLow]), ", ") + ")")
	206	+	if len(policyFailures[settings.LevelLow]) > 0 {
	207	+	reportStr.WriteString(" (" + strings.Join(maps.Keys(policyFailures[settings.LevelLow]), ", ") + ")")
208	208		}
209	209
210	210		reportStr.WriteString("\n\n")
211	211		}
212	212
213		-	func writePolicyBreachToString(reportStr *strings.Builder, policyBreach PolicyResult, policySeverity string) {
	213	+	func writePolicyFailureToString(reportStr *strings.Builder, policyFailure PolicyResult, policySeverity string) {
214	214		reportStr.WriteString("\n\n")
215	215		reportStr.WriteString(formatSeverity(policySeverity))
216		-	reportStr.WriteString(policyBreach.PolicyName + " policy breach with " + strings.Join(policyBreach.CategoryGroups, ", ") + "\n")
217		-	reportStr.WriteString(color.HiBlackString(policyBreach.PolicyDescription + "\n"))
	216	+	reportStr.WriteString(policyFailure.PolicyName + " policy failure with " + strings.Join(policyFailure.CategoryGroups, ", ") + "\n")
	217	+	reportStr.WriteString(color.HiBlackString(policyFailure.PolicyDescription + "\n"))
218	218		reportStr.WriteString("\n")
219		-	reportStr.WriteString(color.HiBlueString("File: " + underline(policyBreach.Filename+":"+fmt.Sprint(policyBreach.LineNumber)) + "\n"))
	219	+	reportStr.WriteString(color.HiBlueString("File: " + underline(policyFailure.Filename+":"+fmt.Sprint(policyFailure.LineNumber)) + "\n"))
220	220
221	221		reportStr.WriteString("\n")
222		-	reportStr.WriteString(highlightCodeExtract(policyBreach.Filename, policyBreach.LineNumber, policyBreach.ParentLineNumber, policyBreach.ParentContent, policyBreach.OmitParent))
	222	+	reportStr.WriteString(highlightCodeExtract(policyFailure.Filename, policyFailure.LineNumber, policyFailure.ParentLineNumber, policyFailure.ParentContent, policyFailure.OmitParent))
223	223		}
224	224
225	225		func formatSeverity(policySeverity string) string {
		skipped 33 lines

chore: Rename policy breach -> policy failure (#239)