Fortify custom rules to detect spring boot misconfiguration in application-property.yml file
Anyone has any experience writing Fortify SCA custom rules to detect spring boot misconfiguration in YML file?
I have tried creating a rule for yml file but it looks like it is not supporting.Same rule works fine with respect to .properties file.I am attaching screenshots for your reference.
[error]: Rules file C:\installation\Samples\advanced\customrules\configuration\configuration_rules.xml has an error at line -1, column -1: The following error occured while trying to unmarshal field _type of class com.fortify.io.rule.ConfigFile.
For example as per the attached screenshot if show-details: ALWAYS then I want to flag this as a vulnerability.
Re: Fortify custom rules to detect spring boot misconfiguration in application-property.yml file
@Amrityam_Rout I do not have extensive experience with creating custom rules in SCA; however, in researching the error there are a number of reasons (e.g., syntax error in rule).
In the Custom Rules Editor when creating a Configuration Rule there are only two options available: properties and xml. This could be the reason for your syntax error: