fix: error message prefix not showing in output

Author: HabibMAALEM

config/config.yml

@@ -49,13 +49,29 @@ profile: false
 # security options
 security:
   # override or not default security rules
-  merge_rules: true
+  merge_rules: false
   # reveal_secrets < 0  reveal full secrets
   # reveal_secrets = 0  hide secrets
   # reveal_secrets > 0  partial reveal "N" characters from secrets
   reveal_secrets: 4
   # security rules
   rules:
-  - description: GOOGLE_API_KEY
-    regexp: AIza[0-9A-Za-z\\-_]{35}
-    tags: [key, google]
+  - description: AWS_ACCESS_KEY
+    regexp: (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
+    severity: MAJOR
+    tags: ["cloud", "aws"]
+  - description: ASYMMETRIC_PRIVATE_KEY
+    regexp: (\-){5}BEGIN[[:blank:]]*?(RSA|OPENSSH|DSA|EC|PGP)?[[:blank:]]*?PRIVATE[[:blank:]]KEY[[:blank:]]*?(BLOCK)?(\-){5}.*
+    severity: MAJOR
+    tags: ["key", "certificates"]
+  - description: CONNECTION_STRING
+    regexp: (?i)(?P<scheme>[a-z0-9+-.]{3,30}://)?[0-9a-z-]{3,30}:(?P<secret>[a-zA-Z0-9!?$)(.=<>\/%@#*&{}_^+-]{6,45})@(?P<host>[0-9a-z-.]{1,50})(?::(?P<port>[0-9]{1,5}))?]?
+    severity: MAJOR
+  - description: PASSWORD_XML
+    file: (?i)(.*.xml)$
+    regexp: (?i)<(?:(?:pass(?:w(?:or)?d)?)|(?:p(?:s)?w(?:r)?d)|secret)>(?P<secret>.{5,256})</(?:(?:pass(?:w(?:or)?d)?)|(?:p(?:s)?w(?:r)?d)|secret)>
+    severity: MAJOR
+  - description: SECRET_KEY
+    regexp: (?im)(?:(?:a(?:ws|ccess|p(?:i|p(?:lication)?)))|private|se(?:nsitive|cret))?[[:space:]_-]?(?:key|token)[[:space:]]{0,20}[=:]{1,2}[[:space:]]{0,20}['\"]?(?P<secret>[a-zA-Z0-9!?$)(.=<>\/%@#*&{}_^+-]{6,45})(?:[[:space:];'\",]|$)
+    severity: MAJOR
+    tags: ["token"]

internal/config/config.go

@@ -16,7 +16,7 @@ type Options struct {
 	Contact            string               `mapstructure:"contact"`
 	Handlers           map[string]hook.Rule `mapstructure:"handlers"`
 	DocsLink           string               `mapstructure:"docs-link"`
-	ErrorMessagePrefix string               `mapstructure:"error-message-prefix"`
+	ErrorMessagePrefix string               `mapstructure:"error_message_prefix"`
 	HookFile           string               `mapstructure:"hook-file"`
 	HookInput          string               `mapstructure:"hook-input"`
 	HookType           string               `mapstructure:"hook-type"`
@@ -30,7 +30,7 @@ type Options struct {
 	Output           string `mapstructure:"output"`
 	OutputFormat     string `mapstructure:"output-format"`
 	PluginsDirectory string `mapstructure:"plugins-directory"`
-	Security         `mapstructure:"security"`
+	*Security        `mapstructure:"security"`
 	Verbose          bool   `mapstructure:"verbose"`
 	URI              string `mapstructure:"uri"`
 }
@@ -57,6 +57,16 @@ func (options *Options) Validate() error {
 	if options.Concurrent == 0 {
 		options.Concurrent = runtime.NumCPU()
 	}
+	if options.Security != nil && len(options.Security.Rules) > 0 {
+		for index, rule := range options.Security.Rules {
+			if rule.Description == "" || rule.Regexp == "" {
+				options.Security.Rules = append(options.Security.Rules[:index], options.Security.Rules[index+1:]...)
+			}
+			if rule.Severity == "" {
+				rule.Severity = "INFO"
+			}
+		}
+	}
 	return nil
 }