tests/java/weak-ssl-context-java-test.yml (1)

1-9: Clear Separation of Valid Scenarios
The valid section clearly differentiates secure SSL context instantiation examples by demonstrating protocols "TLSv1.2", "TLSv1.3", and a dynamic use via getSslContext(). This explicit separation helps ensure that only properly secured contexts are accepted.

rules/java/security/weak-ssl-context-java.yml (2)

16-35: Remove Unnecessary Commented Code
The commented-out rule configuration (lines 16–35) appears redundant given the active rule block below. Removing it (or moving it to a developer note) could help keep the file concise and easier to maintain.

---

36-80: AST Rule Configuration Complexity
The AST rule block is quite intricate and appears intended to flag insecure invocations of SSLContext.getInstance—by allowing only "TLSv1.2" and "TLSv1.3". Please verify that the use of nthChild: 3 for the argument list aligns with your AST’s node structure. Adding inline comments to explain the nested conditional logic (especially in lines 57–72) would benefit future maintainers in understanding the rationale behind these constraints.

tests/__snapshots__/weak-ssl-context-java-snapshot.yml (1)

1-158: Comprehensive Snapshot Documentation
This snapshot file meticulously captures various insecure SSLContext instantiations (using "SSL", "SSLv3", "TLS", "TLSv1", and "TLSv1.1") along with detailed labeling of each component (primary and secondary). Such granularity is highly useful for validating the AST rule’s performance. Please confirm that the repeated label entries (e.g. duplicate protocol labels) are intentional and are produced consistently by the AST tool; if not, consider streamlining these to ease future maintenance.

tests/ruby/hardcoded-secret-rsa-passphrase-ruby-test.yml (1)

15-31: Insecure Examples Clearly Illustrate Hardcoded Secrets.
The “invalid” section intentionally includes hardcoded values (e.g. $pass = 'super secret', @pass1 = 'my secure pass phrase goes here', and the literal "secret" in the RSA instantiation) to trigger the detection rule. Consider adding inline comments or annotations within this block to document each vulnerability for clarity during testing.

tests/__snapshots__/hardcoded-secret-rsa-passphrase-ruby-snapshot.yml (1)

18-42: Detailed Label Definitions for AST Matching.
The labels provide a granular breakdown of the code segments and their offsets. Please verify that the start and end positions accurately reflect the intended AST node boundaries. Additionally, if possible, consider consolidating overly granular labels to reduce redundancy.

rules/ruby/security/hardcoded-secret-rsa-passphrase-ruby.yml (4)

1-15: Metadata and Rule Configuration Look Correct.
The rule metadata is properly set up with an appropriate severity level and clear messaging. One minor nitpick: update “an hardcoded” to “a hardcoded” for grammatical accuracy.

---

44-74: Refine Regex in Call Chain Matching.
This segment for detecting OpenSSL::PKey::RSA.new(...).to_pem(..., '...') is well structured. However, the regex pattern ^to_pem|export$ (line 57) could be more precise if rewritten as ^(to_pem|export)$ to avoid any unintended matches.

---

106-137: Consistent Matching for Extended Method Chains.
The OpenSSL::PKey::RSA.new(...).to_pem(..., '...')_with_instance segment mirrors earlier patterns with an additional instance check. As with the previous block, consider updating the regex (line 117) to ^(to_pem|export)$ for clarity and accuracy.

---

171-204: Thorough Matching for $OPENSSL.to_pem Usage.
The segment captures method calls on $OPENSSL with a hardcoded secret ($ASSIGN) and validates corresponding assignments within the class. Similar to earlier notes, consider refining the regex for method identifiers for enhanced precision.

tests/__snapshots__/stacktrace-disclosure-csharp-snapshot.yml (1)

6-6: Trailing Whitespace Issue
YAMLlint has flagged trailing spaces on several lines (lines 6, 10, 12, 20, 22, 25, 30, 32, 35, and 37). Please remove these extraneous spaces to ensure a clean and consistent YAML format.

Also applies to: 10-10, 12-12, 20-20, 22-22, 25-25, 30-30, 32-32, 35-35, 37-37

tests/csharp/stacktrace-disclosure-csharp-test.yml (1)

6-6: Trailing Whitespace Issue
YAMLlint reports trailing spaces on several lines (lines 6, 10, 12, 20, 22, 25, 30, 32, 35, and 37). Please remove these trailing spaces to maintain consistency and prevent potential formatting issues.

Also applies to: 10-10, 12-12, 20-20, 22-22, 25-25, 30-30, 32-32, 35-35, 37-37

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 6-6: trailing spaces

(trailing-spaces)

rules/csharp/security/stacktrace-disclosure-csharp.yml (1)

6-6: Trailing Whitespace Issue
YAMLlint has identified trailing spaces on multiple lines (lines 6, 10, 12, 20, 22, 25, 30, 32, 35, and 37). Removing these will help ensure the YAML remains clean and compliant with formatting standards.

Also applies to: 10-10, 12-12, 20-20, 22-22, 25-25, 30-30, 32-32, 35-35, 37-37

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro