diff --git a/dojo/tools/semgrep/parser.py b/dojo/tools/semgrep/parser.py index 883fcc4f31..39f72f8b43 100644 --- a/dojo/tools/semgrep/parser.py +++ b/dojo/tools/semgrep/parser.py @@ -137,15 +137,8 @@ def convert_severity(self, val): return "Medium" if upper_value in ["ERROR", "HIGH"]: return "High" - if upper_value == "LOW": + if upper_value in ["LOW", "INFO"]: return "Low" - if upper_value == "INFO": - if "WARNING" == val.upper(): - return "Medium" - if "ERROR" == val.upper() or "HIGH" == val.upper(): - return "High" - if "INFO" == val.upper(): - return "Info" msg = f"Unknown value for severity: {val}" raise ValueError(msg) diff --git a/unittests/tools/test_semgrep_parser.py b/unittests/tools/test_semgrep_parser.py index 8729e4cc00..5517077e97 100644 --- a/unittests/tools/test_semgrep_parser.py +++ b/unittests/tools/test_semgrep_parser.py @@ -39,7 +39,7 @@ def test_parse_many_finding(self): self.assertEqual('javax crypto Cipher.getInstance("AES/GCM/NoPadding");', finding.mitigation) self.assertEqual("java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle", finding.vuln_id_from_tool) finding = findings[2] - self.assertEqual("Info", finding.severity) + self.assertEqual("Low", finding.severity) self.assertEqual("src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01150.java", finding.file_path) self.assertEqual(66, finding.line) self.assertEqual(696, finding.cwe) @@ -96,7 +96,7 @@ def test_parse_cwe_list(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) finding = findings[0] - self.assertEqual("Info", finding.severity) + self.assertEqual("Low", finding.severity) self.assertEqual("index.js", finding.file_path) self.assertEqual(12, finding.line) self.assertEqual(352, finding.cwe)