refactor: unset experimental for shady-link, suspicious-file and weak…

…-crypto
NodeSecure · Aug 16, 2024 · 32e71b3 · 32e71b3
1 parent 68dae0a
commit 32e71b3
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -136,10 +136,10 @@ This section describe all the possible warnings returned by JSXRay. Click on the
 | [encoded-literal](./docs/encoded-literal.md) | ❌ | An encoded literal has been detected (it can be an hexa value, unicode sequence or a base64 string) |
 | [short-identifiers](./docs/short-identifiers.md) | ❌ | This mean that all identifiers has an average length below 1.5. |
 | [suspicious-literal](./docs/suspicious-literal.md) | ❌ | A suspicious literal has been found in the source code. |
-| [suspicious-file](./docs/suspicious-file.md) | ✔️ | A suspicious file with more than ten encoded-literal in it |
+| [suspicious-file](./docs/suspicious-file.md) | ❌ | A suspicious file with more than ten encoded-literal in it |
 | [obfuscated-code](./docs/obfuscated-code.md) | ✔️ | There's a very high probability that the code is obfuscated. |
-| [weak-crypto](./docs/weak-crypto.md) | ✔️ | The code probably contains a weak crypto algorithm (md5, sha1...) |
-| [shady-link](./docs/shady-link.md) | ✔️ | The code contains shady/unsafe link |
+| [weak-crypto](./docs/weak-crypto.md) | ❌ | The code probably contains a weak crypto algorithm (md5, sha1...) |
+| [shady-link](./docs/shady-link.md) | ❌ | The code contains shady/unsafe link |
 
 ## Workspaces
 

diff --git a/docs/shady-link.md b/docs/shady-link.md
@@ -1,7 +1,7 @@
 # Shady link
 | Code | Severity | i18n | Experimental |
 | --- | --- | --- | :-: |
-| shady-link | `Warning` | `sast_warnings.shady_link` | ✔️ | 
+| shady-link | `Warning` | `sast_warnings.shady_link` | ❌ | 
 
 ## Introduction
 
@@ -36,4 +36,4 @@ const IPv6URL = "http://2444:1130:80:2aa8:c313:150d:b8cf:c321/script";
 
 > [!IMPORTANT]\
 > Credit goes to the [guarddog](https://github.dev/DataDog/guarddog) team.\
-> Credit goes to the [ietf.org](https://www.ietf.org/rfc/rfc3986.txt).
+> Credit goes to the [ietf.org](https://www.ietf.org/rfc/rfc3986.txt).
diff --git a/docs/suspicious-file.md b/docs/suspicious-file.md
@@ -2,7 +2,7 @@
 
 | Code | Severity | i18n | Experimental |
 | --- | --- | --- | :-: |
-| suspicious-file | `Critical` | `sast_warnings.suspicious_file` | ✔️ | 
+| suspicious-file | `Critical` | `sast_warnings.suspicious_file` | ❌ | 
 
 ## Introduction
 

diff --git a/docs/weak-crypto.md b/docs/weak-crypto.md
@@ -2,7 +2,7 @@
 
 | Code | Severity | i18n | Experimental |
 | --- | --- | --- | :-: |
-| weak-crypto | `Information` | `sast_warnings.weak_crypto` | ✔️ | 
+| weak-crypto | `Information` | `sast_warnings.weak_crypto` | ❌ | 
 
 ## Introduction
 

diff --git a/src/warnings.js b/src/warnings.js
@@ -34,7 +34,7 @@ export const warnings = Object.freeze({
   "suspicious-file": {
     i18n: "sast_warnings.suspicious_file",
     severity: "Critical",
-    experimental: true
+    experimental: false
   },
   "obfuscated-code": {
     i18n: "sast_warnings.obfuscated_code",
@@ -44,12 +44,12 @@ export const warnings = Object.freeze({
   "weak-crypto": {
     i18n: "sast_warnings.weak_crypto",
     severity: "Information",
-    experimental: true
+    experimental: false
   },
   "shady-link": {
     i18n: "sast_warnings.shady_link",
     severity: "Warning",
-    experimental: true
+    experimental: false
   }
 });
 

diff --git a/test/probes/isWeakCrypto.spec.js b/test/probes/isWeakCrypto.spec.js
@@ -21,7 +21,6 @@ test("it should report a warning in case of `createHash(<weak-algo>)` usage", as
     assert.strictEqual(outputWarnings.length, 1);
     assert.deepEqual(firstWarning.kind, "weak-crypto");
     assert.strictEqual(firstWarning.value, fixtureFile.split(".").at(0));
-    assert.ok(firstWarning.experimental);
   }
 });
 
@@ -37,7 +36,6 @@ test("it should report a warning in case of `[expression]createHash(<weak-algo>)
     assert.strictEqual(outputWarnings.length, 1);
     assert.deepEqual(firstWarning.kind, "weak-crypto");
     assert.strictEqual(firstWarning.value, fixtureFile.split(".").at(0));
-    assert.ok(firstWarning.experimental);
   }
 });
 

diff --git a/test/warnings.spec.js b/test/warnings.spec.js
@@ -40,6 +40,6 @@ test("Given a weak-crypto kind it should generate a warning with value, simple l
     ],
     i18n: "sast_warnings.weak_crypto",
     severity: "Information",
-    experimental: true
+    experimental: false
   });
 });