Expose the optional description field of rules

praetorian-inc · Dec 3, 2024 · 45ee29c · 45ee29c
1 parent 369036f
commit 45ee29c
Show file tree

Hide file tree

Showing 6 changed files with 227 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -30,6 +30,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
   - `Credentials in .NET System.Net.NetworkCredential` ([#234](https://github.com/praetorian-inc/noseyparker/pull/234))
   - `Kubernetes Bootstrap Token` ([#235](https://github.com/praetorian-inc/noseyparker/pull/235))
 
+- Rules now contain an optional `description` string field.
+  This is intended to be a message for human consumption that indicates (a) what was detected and (b) how an attacker might use it.
+  Only a few rules have descriptions so far.
+  Use `rules list -f json` to see.
+
 
 ## [v0.21.0](https://github.com/praetorian-inc/noseyparker/releases/v0.21.0) (2024-11-20)
 

diff --git a/crates/noseyparker-cli/src/cmd_rules/cmd_rules_check.rs b/crates/noseyparker-cli/src/cmd_rules/cmd_rules_check.rs
@@ -319,6 +319,11 @@ fn check_rule(rule: &Rule, args: &RulesCheckArgs) -> Result<CheckStats> {
         }
     }
 
+    if args.pedantic && syntax.description.is_none() {
+        error!("Rule has no description");
+        num_errors += 1;
+    }
+
     if num_warnings == 0 && num_errors == 0 {
         info!("No issues detected");
     } else {