Skip to content

Commit cb66b8c

Browse files
lcarteylcartey
committed
Update script to check for CERT risk assessment tags
1 parent 242744c commit cb66b8c

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

scripts/verify_rule_package_consistency.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,24 @@
109109
print(
110110
f' - ERROR: {standard_name} query {query["short_name"]}.ql for Rule {rule_id} in {package_name}.json has a spurious `external/misra/c/2012/...` tag.')
111111
failed = True
112+
if standard_name == "CERT-C" or standard_name == "CERT-C++":
113+
expected_properties = [
114+
"severity",
115+
"likelihood",
116+
"remediation-cost",
117+
"priority",
118+
"level"
119+
]
120+
for expected_property in expected_properties:
121+
if not any(tag for tag in query["tags"] if tag.startswith(f"external/cert/{expected_property}/")):
122+
print(
123+
f' - ERROR: {standard_name} query {query["short_name"]}.ql for Rule {rule_id} in {package_name}.json is missing a `external/cert/{expected_property}/...` tag.')
124+
failed = True
125+
if not standard_name == "CERT-C" and not standard_name == "CERT-C++":
126+
if any(tag for tag in query["tags"] if tag.startswith("external/cert/")):
127+
print(
128+
f' - ERROR: {standard_name} query {query["short_name"]}.ql for Rule {rule_id} in {package_name}.json has a spurious `external/cert/...` tag.')
129+
failed = True
112130
rules_csv_rule_ids = package_rules_from_csv[package_name]
113131

114132
json_missing_rules = rules_csv_rule_ids.difference(package_json_rule_ids)

0 commit comments

Comments
 (0)