Closed bbrink1 closed 9 months ago
@rica-graca Would you be able to chime in?
Hello :smiley_cat: Will take a look asap. @daveshanley I will try to explain here afterwards so @bbrink1 can contribute.
This has been resolved in v0.7.0
, all of the OWASP functions were re-written to use custom logic that does not depend on any kind of ordering.
The owasp linter expects properties to be in a certain seqence including leaf limits, otherwise they are flagged as not found. For example if minLength is not before maxLength, or minLength doesn't exist, but maxLength does, the linter doesn't see the properties. There are many other cases too. This can lead to a significant number of false positives.
I'd like to contribute a fix, but need to understand where to make changes in the system.
I'm guessing the issue is the modality of if/then/else in this file: rulesets/owasp_ruleset_functions.go
Yet, I'm not sure how/where to apply a fix.
Where may I see an example of how the owasp ruleset should be applied?
Thank you.