Changed behavior on 0 scoreRuleType to be changed to 1

Author: cx-diogo-rocha

engine/rules/rules.go

@@ -297,7 +297,7 @@ func FilterRules(selectedList, ignoreList, specialList []string,
 
 	// Fill in missing fields in custom rules if they match default rules.
 	// Needs to run before selection/ignoring so that if rule names are used in selected/ignored, overrides will be selected/ignored properly
-	completeOverridesWithDefaultFields(customRules, selectedRules)
+	completeQueriesFields(customRules, selectedRules)
 
 	if len(selectedList) > 0 {
 		selectedRules = selectRules(selectedRules, selectedList)
@@ -351,9 +351,14 @@ func addCustomRules(selectedRules, customRules []*ruledefine.Rule) []*ruledefine
 	return selectedRules
 }
 
-// completeOverridesWithDefaultFields fills in some missing fields in custom rules if they match default rules by ruleID
-func completeOverridesWithDefaultFields(customRules, defaultRules []*ruledefine.Rule) {
+// completeQueriesFields fills some missing fields, including in case of overrides
+func completeQueriesFields(customRules, defaultRules []*ruledefine.Rule) {
 	for _, customRule := range customRules {
+		// always consider scoreRuleType 1 if left empty (0) in custom rule
+		if customRule.ScoreRuleType == 0 {
+			customRule.ScoreRuleType = 1
+		}
+		// fill missing fields from default rules if custom rule is an override
 		for _, defaultRule := range defaultRules {
 			if defaultRule.RuleID == customRule.RuleID {
 				if customRule.RuleName == "" {
@@ -362,10 +367,6 @@ func completeOverridesWithDefaultFields(customRules, defaultRules []*ruledefine.
 
 				if customRule.Category == "" {
 					customRule.Category = defaultRule.Category
-					// only replace with default ScoreRuleType if category wasn't defined, otherwise assume user set RuleType at 0 intentionally
-					if customRule.ScoreRuleType == 0 {
-						customRule.ScoreRuleType = defaultRule.ScoreRuleType
-					}
 				}
 				break
 			}

engine/rules/rules_test.go

@@ -174,7 +174,7 @@ func Test_CustomRules(t *testing.T) {
 		Regex:         "[A-Za-z0-9]{32}",
 		Tags:          []string{"custom"},
 		Category:      ruledefine.GenericCredential().Category,
-		ScoreRuleType: ruledefine.GenericCredential().ScoreRuleType,
+		ScoreRuleType: 1,
 	}
 
 	completeGenericCredentialOverride := &ruledefine.Rule{
@@ -184,7 +184,7 @@ func Test_CustomRules(t *testing.T) {
 		Regex:         "[A-Za-z0-9]{32}",
 		Tags:          []string{"custom"},
 		Category:      ruledefine.CategorySaaS,
-		ScoreRuleType: 1,
+		ScoreRuleType: 2,
 	}
 
 	deprecatedGenericCredentialOverride := &ruledefine.Rule{

pkg/testData/expectedReports/customRules/onlyOverrideRules.json

@@ -37,7 +37,7 @@
         "validationStatus": "Unknown",
         "ruleDescription": "Custom Generic Api Key override, should override the default one (very specific regex just for testing purposes)",
         "severity": "Medium",
-        "cvssScore": 8.2
+        "cvssScore": 4.6
       }
     ],
     "993b789425c810d4956c5ed8c84f02f90b0531ee": [
@@ -94,7 +94,7 @@
         "validationStatus": "Unknown",
         "ruleDescription": "Custom Generic Api Key override, should override the default one (very specific regex just for testing purposes)",
         "severity": "Medium",
-        "cvssScore": 8.2
+        "cvssScore": 4.6
       }
     ]
   }