From 9fae5c30a92ca3e7de1234ff3fd838b7b19f4c70 Mon Sep 17 00:00:00 2001
From: Emmanuel Gautier <git@emmanuelgautier.fr>
Date: Thu, 21 Mar 2024 15:28:07 +0100
Subject: [PATCH] feat: add info severity

---
 cmd/scan/root.go                         |  2 +-
 report/vuln.go                           |  6 ++++++
 scan/best_practices/http_cookies.go      |  8 ++++----
 scan/best_practices/http_headers.go      | 10 +++++-----
 scan/best_practices/http_trace_method.go |  2 +-
 scan/discover/discoverable_openapi.go    |  2 +-
 scan/discover/graphql.go                 |  2 +-
 scan/discover/server_signature.go        |  2 +-
 8 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/cmd/scan/root.go b/cmd/scan/root.go
index 31bc644..05ad03e 100644
--- a/cmd/scan/root.go
+++ b/cmd/scan/root.go
@@ -14,7 +14,7 @@ import (
 var reporter *report.Reporter
 
 func severityTableColor(v *report.VulnerabilityReport) int {
-	if v.IsLowRiskSeverity() {
+	if v.IsLowRiskSeverity() || v.IsInfoRiskSeverity() {
 		return tablewriter.BgBlueColor
 	} else if v.IsMediumRiskSeverity() {
 		return tablewriter.FgYellowColor
diff --git a/report/vuln.go b/report/vuln.go
index 146f6b3..d8bf55d 100644
--- a/report/vuln.go
+++ b/report/vuln.go
@@ -26,6 +26,10 @@ func (vr *VulnerabilityReport) IsHighRiskSeverity() bool {
 	return vr.SeverityLevel > 7
 }
 
+func (vr *VulnerabilityReport) IsInfoRiskSeverity() bool {
+	return vr.SeverityLevel == 0
+}
+
 func (vr *VulnerabilityReport) String() string {
 	return fmt.Sprintf("[%s][%s] %s %s: %s", vr.SeverityLevelString(), vr.Name, vr.Operation.Method, vr.Operation.Request.URL.String(), vr.Description)
 }
@@ -39,6 +43,8 @@ func (vr *VulnerabilityReport) SeverityLevelString() string {
 		return "Medium"
 	} else if vr.SeverityLevel < 4 && vr.SeverityLevel >= 0.1 {
 		return "Low"
+	} else if vr.SeverityLevel == 0 {
+		return "Info"
 	} else {
 		return "None"
 	}
diff --git a/scan/best_practices/http_cookies.go b/scan/best_practices/http_cookies.go
index 9562b0b..17ed881 100644
--- a/scan/best_practices/http_cookies.go
+++ b/scan/best_practices/http_cookies.go
@@ -10,19 +10,19 @@ import (
 )
 
 const (
-	HTTPCookiesNotHTTPOnlySeverityLevel            = 1
+	HTTPCookiesNotHTTPOnlySeverityLevel            = 0
 	HTTPCookiesNotHTTPOnlyVulnerabilityName        = "Cookies not HTTP-Only"
 	HTTPCookiesNotHTTPOnlyVulnerabilityDescription = "Cookies should be http-only."
 
-	HTTPCookiesNotSecureSeverityLevel            = 1
+	HTTPCookiesNotSecureSeverityLevel            = 0
 	HTTPCookiesNotSecureVulnerabilityName        = "Cookies not Secure"
 	HTTPCookiesNotSecureVulnerabilityDescription = "Cookies should be secure."
 
-	HTTPCookiesSameSiteSeverityLevel            = 1
+	HTTPCookiesSameSiteSeverityLevel            = 0
 	HTTPCookiesSameSiteVulnerabilityName        = "Cookies SameSite not set or set to None"
 	HTTPCookiesSameSiteVulnerabilityDescription = "Cookies should have SameSite attribute set to Strict or Lax."
 
-	HTTPCookiesExpiresSeverityLevel            = 1
+	HTTPCookiesExpiresSeverityLevel            = 0
 	HTTPCookiesExpiresVulnerabilityName        = "Cookies Expires not set"
 	HTTPCookiesExpiresVulnerabilityDescription = "Cookies should have Expires attribute set."
 )
diff --git a/scan/best_practices/http_headers.go b/scan/best_practices/http_headers.go
index 3f59a8d..148632b 100644
--- a/scan/best_practices/http_headers.go
+++ b/scan/best_practices/http_headers.go
@@ -19,27 +19,27 @@ const (
 )
 
 const (
-	CSPHTTPHeaderSeverityLevel                                  = 1
+	CSPHTTPHeaderSeverityLevel                                  = 0
 	CSPHTTPHeaderIsNotSetVulnerabilityName                      = "CSP Header is not set"
 	CSPHTTPHeaderIsNotSetVulnerabilityDescription               = "No Content Security Policy (CSP) Header has been detected in HTTP Response."
 	CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityName        = "CSP frame-ancestors policy is not set"
 	CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityDescription = "No frame-ancestors policy has been set in CSP HTTP Response Header."
 
-	HSTSHTTPHeaderSeverityLevel                    = 1
+	HSTSHTTPHeaderSeverityLevel                    = 0
 	HSTSHTTPHeaderIsNotSetVulnerabilityName        = "HSTS Header is not set"
 	HSTSHTTPHeaderIsNotSetVulnerabilityDescription = "No HSTS Header has been detected in HTTP Response."
 
-	CORSHTTPHeaderSeverityLevel                       = 1
+	CORSHTTPHeaderSeverityLevel                       = 0
 	CORSHTTPHeaderIsNotSetVulnerabilityName           = "CORS Header is not set"
 	CORSHTTPHeaderIsNotSetVulnerabilityDescription    = "No CORS Header has been detected in HTTP Response."
 	CORSHTTPHeaderIsPermisiveVulnerabilityName        = "CORS Header is set but permissive"
 	CORSHTTPHeaderIsPermisiveVulnerabilityDescription = "CORS Header has been detected in HTTP Response but is permissive."
 
-	XContentTypeOptionsHTTPHeaderIsNotSetSeverityLevel            = 1
+	XContentTypeOptionsHTTPHeaderIsNotSetSeverityLevel            = 0
 	XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityName        = "X-Content-Type-Options Header is not set"
 	XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Content-Type-Options Header has been detected in HTTP Response."
 
-	XFrameOptionsHTTPHeaderIsNotSetSeverityLevel            = 1
+	XFrameOptionsHTTPHeaderIsNotSetSeverityLevel            = 0
 	XFrameOptionsHTTPHeaderIsNotSetVulnerabilityName        = "X-Frame-Options Header is not set"
 	XFrameOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Frame-Options Header has been detected in HTTP Response."
 )
diff --git a/scan/best_practices/http_trace_method.go b/scan/best_practices/http_trace_method.go
index 553eb4d..7cfe65c 100644
--- a/scan/best_practices/http_trace_method.go
+++ b/scan/best_practices/http_trace_method.go
@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	HTTPTraceMethodSeverityLevel            = 1
+	HTTPTraceMethodSeverityLevel            = 0
 	HTTPTraceMethodVulnerabilityName        = "HTTP Trace Method enabled"
 	HTTPTraceMethodVulnerabilityDescription = "HTTP Trace method seems enabled for this request."
 )
diff --git a/scan/discover/discoverable_openapi.go b/scan/discover/discoverable_openapi.go
index cbb87b3..9c7709c 100644
--- a/scan/discover/discoverable_openapi.go
+++ b/scan/discover/discoverable_openapi.go
@@ -11,7 +11,7 @@ import (
 )
 
 const (
-	DiscoverableOpenAPISeverityLevel            = 1
+	DiscoverableOpenAPISeverityLevel            = 0
 	DiscoverableOpenAPIVulnerabilityName        = "Discoverable OpenAPI"
 	DiscoverableOpenAPIVulnerabilityDescription = "An OpenAPI file is exposed without protection. This can lead to information disclosure and security issues"
 )
diff --git a/scan/discover/graphql.go b/scan/discover/graphql.go
index 47ddb09..fd8323d 100644
--- a/scan/discover/graphql.go
+++ b/scan/discover/graphql.go
@@ -12,7 +12,7 @@ import (
 )
 
 const (
-	GraphqlIntrospectionEnabledSeverityLevel            = 1
+	GraphqlIntrospectionEnabledSeverityLevel            = 0
 	GraphqlIntrospectionEnabledVulnerabilityName        = "GraphQL Introspection enabled"
 	GraphqlIntrospectionEnabledVulnerabilityDescription = "GraphQL Introspection seems enabled and can lead to information disclosure and security issues"
 )
diff --git a/scan/discover/server_signature.go b/scan/discover/server_signature.go
index def771a..cf997c9 100644
--- a/scan/discover/server_signature.go
+++ b/scan/discover/server_signature.go
@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	ServerSignatureSeverityLevel            = 1
+	ServerSignatureSeverityLevel            = 0
 	ServerSignatureVulnerabilityName        = "Server Signature Exposed"
 	ServerSignatureVulnerabilityDescription = "A Server signature is exposed in an header."
 )