Incorporated changes suggested by CodeRabbit Bot

ESS-ENN · ESS-ENN · commit b0c6e4e3fafb · 2024-09-06T18:36:25.000+05:30
diff --git a/rules/html/security/plaintext-http-link-html.yml b/rules/html/security/plaintext-http-link-html.yml
@@ -1,9 +1,8 @@
 id: plaintext-http-link-html
 language: html
-severity: info
+severity: warning
 message: >-
-  This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL
-       if possible.
+  "This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible."
 note: >-
   [CWE-319] Authentication Bypass by Primary Weakness
   [REFERENCES]
diff --git a/rules/java/security/cbc-padding-oracle-java.yml b/rules/java/security/cbc-padding-oracle-java.yml
@@ -13,5 +13,5 @@ note: >-
 rule:
   pattern: Cipher.getInstance($MODE)
 constraints:
-      MODE:
-          regex: '.*/CBC/PKCS5Padding'
+  MODE:
+    regex: ".*/CBC/PKCS5Padding"
diff --git a/rules/java/security/no-null-cipher-java.yml b/rules/java/security/no-null-cipher-java.yml
@@ -2,16 +2,16 @@ id: no-null-cipher-java
 severity: warning
 language: java
 message: >-
-      NullCipher was detected. This will not encrypt anything; the cipher
-      text will be the same as the plain text. Use a valid, secure cipher:
-      Cipher.getInstance("AES/CBC/PKCS7PADDING"). See
-      https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions
-      for more information.
+  NullCipher was detected. This will not encrypt anything; the cipher
+  text will be the same as the plain text. Use a valid, secure cipher:
+  Cipher.getInstance("AES/CBC/PKCS7PADDING"). See
+  https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions
+  for more information.
 note: >-
   [CWE-327] Use of a Broken or Risky Cryptographic Algorithm.
   [REFERENCES]
       - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
 rule:
-      any:
-          - pattern: new NullCipher($$$)
-          - pattern: new javax.crypto.NullCipher($$$)
+  any:
+    - pattern: new NullCipher($$$)
+    - pattern: new javax.crypto.NullCipher($$$)
diff --git a/rules/java/security/rsa-no-padding-java.yml b/rules/java/security/rsa-no-padding-java.yml
@@ -10,5 +10,5 @@ note: >-
 rule:
   pattern: $YST.getInstance($MODE)
 constraints:
-      MODE:
-          regex: 'RSA/[Nn][Oo][Nn][Ee]/NoPadding'
+  MODE:
+    regex: "RSA/[Nn][Oo][Nn][Ee]/NoPadding"
diff --git a/rules/scala/security/rsa-padding-set-scala.yml b/rules/scala/security/rsa-padding-set-scala.yml
@@ -2,14 +2,17 @@ id: rsa-padding-set-scala
 language: scala
 severity: warning
 message: >-
-  Usage of RSA without OAEP (Optimal Asymmetric Encryption Padding) may.
+  Usage of RSA without OAEP (Optimal Asymmetric Encryption Padding) may
+    weaken encryption. This could lead to sensitive data exposure. Instead,
+    use RSA with `OAEPWithMD5AndMGF1Padding` instead.
+
 note: >-
   [CWE-780] Use of RSA Algorithm without OAEP
   [REFERENCES]
       - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
 rule:
   any:
-  - pattern: $CIPHER.getInstance($MODE)
+    - pattern: $CIPHER.getInstance($MODE)
 constraints:
-      MODE:
-          regex: '.*RSA/.*/NoPadding.*'
+  MODE:
+    regex: ".*RSA/.*/NoPadding.*"
diff --git a/rules/swift/security/insecure-biometrics-swift.yml b/rules/swift/security/insecure-biometrics-swift.yml
@@ -14,5 +14,6 @@ note: >-
       - https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06f-testing-local-authentication
       - https://shirazkhan030.medium.com/biometric-authentication-in-ios-6c53c54f17df
 rule:
-  pattern: |
-    $X.evaluatePolicy
+  any:
+    - pattern: LAContext.evaluatePolicy
+    - pattern: $X.evaluatePolicy
