💄 beautify drheader jsonfiles (#13672)

* 💄 beautify drheader jsonfiles

* add more json

Author: manuel-sommer

unittests/scans/drheader/scan2.json

@@ -1 +1,72 @@
-[{"rule": "Content-Security-Policy", "severity": "high", "message": "Must-Contain-One directive missed", "expected": ["default-src 'none'", "default-src 'self'"], "delimiter": ";", "value": "default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:;", "anomaly": ["default-src 'none'", "default-src 'self'"]}, {"rule": "Content-Security-Policy", "severity": "medium", "message": "Must-Avoid directive included", "avoid": ["unsafe-inline", "unsafe-eval"], "delimiter": ";", "value": "default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:;", "anomaly": "unsafe-inline"}, {"rule": "Content-Security-Policy", "severity": "medium", "message": "Must-Avoid directive included", "avoid": ["unsafe-inline", "unsafe-eval"], "delimiter": ";", "value": "default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:;", "anomaly": "unsafe-eval"}, {"rule": "Strict-Transport-Security", "severity": "high", "message": "Header not included in response", "expected": ["max-age=31536000", "includesubdomains"], "delimiter": ";"}, {"rule": "Cache-Control", "severity": "high", "message": "Value does not match security policy", "expected": ["no-cache", "no-store", "must-revalidate"], "delimiter": ",", "value": "private, must-revalidate, max-age=900"}, {"rule": "Pragma", "severity": "high", "message": "Header not included in response", "expected": ["no-cache"], "delimiter": ";"}]
+[
+  {
+    "rule": "Content-Security-Policy",
+    "severity": "high",
+    "message": "Must-Contain-One directive missed",
+    "expected": [
+      "default-src 'none'",
+      "default-src 'self'"
+    ],
+    "delimiter": ";",
+    "value": "default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:;",
+    "anomaly": [
+      "default-src 'none'",
+      "default-src 'self'"
+    ]
+  },
+  {
+    "rule": "Content-Security-Policy",
+    "severity": "medium",
+    "message": "Must-Avoid directive included",
+    "avoid": [
+      "unsafe-inline",
+      "unsafe-eval"
+    ],
+    "delimiter": ";",
+    "value": "default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:;",
+    "anomaly": "unsafe-inline"
+  },
+  {
+    "rule": "Content-Security-Policy",
+    "severity": "medium",
+    "message": "Must-Avoid directive included",
+    "avoid": [
+      "unsafe-inline",
+      "unsafe-eval"
+    ],
+    "delimiter": ";",
+    "value": "default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:;",
+    "anomaly": "unsafe-eval"
+  },
+  {
+    "rule": "Strict-Transport-Security",
+    "severity": "high",
+    "message": "Header not included in response",
+    "expected": [
+      "max-age=31536000",
+      "includesubdomains"
+    ],
+    "delimiter": ";"
+  },
+  {
+    "rule": "Cache-Control",
+    "severity": "high",
+    "message": "Value does not match security policy",
+    "expected": [
+      "no-cache",
+      "no-store",
+      "must-revalidate"
+    ],
+    "delimiter": ",",
+    "value": "private, must-revalidate, max-age=900"
+  },
+  {
+    "rule": "Pragma",
+    "severity": "high",
+    "message": "Header not included in response",
+    "expected": [
+      "no-cache"
+    ],
+    "delimiter": ";"
+  }
+]

unittests/scans/drheader/scan3.json

@@ -1 +1,104 @@
-[{"rule": "Content-Security-Policy", "severity": "high", "message": "Header not included in response"}, {"rule": "X-XSS-Protection", "severity": "high", "message": "Value does not match security policy", "expected": ["1", "mode=block"], "delimiter": ";", "value": "0"}, {"rule": "Server", "severity": "high", "message": "Header should not be returned"}, {"rule": "Strict-Transport-Security", "severity": "high", "message": "Header not included in response", "expected": ["max-age=31536000", "includesubdomains"], "delimiter": ";"}, {"rule": "X-Content-Type-Options", "severity": "high", "message": "Header not included in response", "expected": ["nosniff"], "delimiter": ";"}, {"rule": "Set-Cookie", "severity": "high", "message": "Must-Contain directive missed", "expected": ["httponly", "secure"], "delimiter": ";", "value": "nid=208=d8xko0gp8g_pycvdqrwtvdpdiu_7es-hyvqugfqshzyjz5sozpy3y0ayn4kzdkpuzz-ylqjsydscnyuf58liz54ytg7by8smauul5noxicgela-oyi5lu4d_juan8geufgyxg1xao2bqronqyiplvbivs-nndfbywyjwnz0myso; expires=wed, 11-aug-2021 16:59:02 gmt; path=/; domain=.google.com; httponly", "anomaly": "secure"}, {"rule": "Set-Cookie", "severity": "medium", "message": "Must-Contain directive missed", "expected": ["httponly", "secure"], "delimiter": ";", "value": "consent=pending+061; expires=fri, 01-jan-2038 00:00:00 gmt; path=/; domain=.google.com", "anomaly": "httponly"}, {"rule": "Set-Cookie", "severity": "high", "message": "Must-Contain directive missed", "expected": ["httponly", "secure"], "delimiter": ";", "value": "consent=pending+061; expires=fri, 01-jan-2038 00:00:00 gmt; path=/; domain=.google.com", "anomaly": "secure"}, {"rule": "Referrer-Policy", "severity": "high", "message": "Header not included in response"}, {"rule": "Cache-Control", "severity": "high", "message": "Value does not match security policy", "expected": ["no-cache", "no-store", "must-revalidate"], "delimiter": ",", "value": "private, max-age=0"}, {"rule": "Pragma", "severity": "high", "message": "Header not included in response", "expected": ["no-cache"], "delimiter": ";"}]
+[
+  {
+    "rule": "Content-Security-Policy",
+    "severity": "high",
+    "message": "Header not included in response"
+  },
+  {
+    "rule": "X-XSS-Protection",
+    "severity": "high",
+    "message": "Value does not match security policy",
+    "expected": [
+      "1",
+      "mode=block"
+    ],
+    "delimiter": ";",
+    "value": "0"
+  },
+  {
+    "rule": "Server",
+    "severity": "high",
+    "message": "Header should not be returned"
+  },
+  {
+    "rule": "Strict-Transport-Security",
+    "severity": "high",
+    "message": "Header not included in response",
+    "expected": [
+      "max-age=31536000",
+      "includesubdomains"
+    ],
+    "delimiter": ";"
+  },
+  {
+    "rule": "X-Content-Type-Options",
+    "severity": "high",
+    "message": "Header not included in response",
+    "expected": [
+      "nosniff"
+    ],
+    "delimiter": ";"
+  },
+  {
+    "rule": "Set-Cookie",
+    "severity": "high",
+    "message": "Must-Contain directive missed",
+    "expected": [
+      "httponly",
+      "secure"
+    ],
+    "delimiter": ";",
+    "value": "nid=208=d8xko0gp8g_pycvdqrwtvdpdiu_7es-hyvqugfqshzyjz5sozpy3y0ayn4kzdkpuzz-ylqjsydscnyuf58liz54ytg7by8smauul5noxicgela-oyi5lu4d_juan8geufgyxg1xao2bqronqyiplvbivs-nndfbywyjwnz0myso; expires=wed, 11-aug-2021 16:59:02 gmt; path=/; domain=.google.com; httponly",
+    "anomaly": "secure"
+  },
+  {
+    "rule": "Set-Cookie",
+    "severity": "medium",
+    "message": "Must-Contain directive missed",
+    "expected": [
+      "httponly",
+      "secure"
+    ],
+    "delimiter": ";",
+    "value": "consent=pending+061; expires=fri, 01-jan-2038 00:00:00 gmt; path=/; domain=.google.com",
+    "anomaly": "httponly"
+  },
+  {
+    "rule": "Set-Cookie",
+    "severity": "high",
+    "message": "Must-Contain directive missed",
+    "expected": [
+      "httponly",
+      "secure"
+    ],
+    "delimiter": ";",
+    "value": "consent=pending+061; expires=fri, 01-jan-2038 00:00:00 gmt; path=/; domain=.google.com",
+    "anomaly": "secure"
+  },
+  {
+    "rule": "Referrer-Policy",
+    "severity": "high",
+    "message": "Header not included in response"
+  },
+  {
+    "rule": "Cache-Control",
+    "severity": "high",
+    "message": "Value does not match security policy",
+    "expected": [
+      "no-cache",
+      "no-store",
+      "must-revalidate"
+    ],
+    "delimiter": ",",
+    "value": "private, max-age=0"
+  },
+  {
+    "rule": "Pragma",
+    "severity": "high",
+    "message": "Header not included in response",
+    "expected": [
+      "no-cache"
+    ],
+    "delimiter": ";"
+  }
+]

unittests/scans/intsights/intsights_zero_vuln.json

@@ -1 +1,3 @@
-{"Alerts":  []}
+{
+  "Alerts": []
+}

unittests/scans/mend/mend-sca-platform-api3-no-findings.json

@@ -1 +1,8 @@
-{"additionalData": {"totalItems": 0, "paging": {}}, "supportToken": "123442284e284dddb0652ff65c9f3ebd1731540952924", "response": []}
+{
+  "additionalData": {
+    "totalItems": 0,
+    "paging": {}
+  },
+  "supportToken": "123442284e284dddb0652ff65c9f3ebd1731540952924",
+  "response": []
+}

unittests/scans/mend/okhttp_no_vuln.json

@@ -1,5 +1,3 @@
-{  
-   "vulnerabilities":[  
-      
-   ]
+{
+  "vulnerabilities": []
 }

unittests/scans/semgrep/empty.json

@@ -1 +1,4 @@
-{"results": [], "errors": []}
+{
+  "results": [],
+  "errors": []
+}