address daveshanley#552

Author: daveshanley

cmd/build_results.go

@@ -60,7 +60,7 @@ func BuildResultsWithDocCheckSkip(
 		if !silent {
 			box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
 			box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
-			box.Println(pterm.LightRed("🚨 HARD MODE ENABLED 🚨"))
+			box.Println(pterm.LightRed(HardModeEnabled))
 			pterm.Println()
 		}
 	}
@@ -101,6 +101,16 @@ func BuildResultsWithDocCheckSkip(
 				return nil, nil, rsErr
 			}
 		}
+
+		// Merge OWASP rules if hard mode is enabled
+		if MergeOWASPRulesToRuleSet(selectedRS, hardMode) {
+			if !silent {
+				box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
+				box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
+				box.Println(pterm.LightRed(HardModeWithCustomRuleset))
+				pterm.Println()
+			}
+		}
 	}
 
 	pterm.Info.Printf("Linting against %d rules: %s\n", len(selectedRS.Rules), selectedRS.DocumentationURI)

cmd/lint.go

@@ -152,7 +152,7 @@ func GetLintCommand() *cobra.Command {
 				if !silent && !pipelineOutput {
 					box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
 					box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
-					box.Println(pterm.LightRed("🚨 HARD MODE ENABLED 🚨"))
+					box.Println(pterm.LightRed(HardModeEnabled))
 					pterm.Println()
 				}
 			}
@@ -185,6 +185,16 @@ func GetLintCommand() *cobra.Command {
 					pterm.Println()
 					return rsErr
 				}
+
+				// Merge OWASP rules if hard mode is enabled
+				if MergeOWASPRulesToRuleSet(selectedRS, hardModeFlag) {
+					if !silent && !pipelineOutput {
+						box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
+						box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
+						box.Println(pterm.LightRed(HardModeWithCustomRuleset))
+						pterm.Println()
+					}
+				}
 			}
 
 			// Show which rules are being used (after ruleset is fully loaded)

cmd/shared_functions.go

@@ -18,6 +18,11 @@ import (
 	"time"
 )
 
+// Hard mode message constants
+const (
+	HardModeEnabled = "🚨 HARD MODE ENABLED 🚨"
+	HardModeWithCustomRuleset = "🚨 OWASP Rules added to custom ruleset 🚨"
+)
 
 // BuildRuleSetFromUserSuppliedSet creates a ready to run ruleset, augmented or provided by a user
 // configured ruleset. This ruleset could be lifted directly from a Spectral configuration.
@@ -62,6 +67,29 @@ func BuildRuleSetFromUserSuppliedLocation(rulesetFlag string, rs rulesets.RuleSe
 	}
 }
 
+// MergeOWASPRulesToRuleSet merges OWASP rules into the provided ruleset when hard mode is enabled.
+// This fixes issue #552 where -z flag was ignored when using -r flag.
+// Returns true if OWASP rules were merged, false otherwise.
+func MergeOWASPRulesToRuleSet(selectedRS *rulesets.RuleSet, hardModeFlag bool) bool {
+	if !hardModeFlag || selectedRS == nil {
+		return false
+	}
+	
+	owaspRules := rulesets.GetAllOWASPRules()
+	if selectedRS.Rules == nil {
+		selectedRS.Rules = make(map[string]*model.Rule)
+	}
+	
+	for k, v := range owaspRules {
+		// Add OWASP rule if it doesn't already exist in the custom ruleset
+		if selectedRS.Rules[k] == nil {
+			selectedRS.Rules[k] = v
+		}
+	}
+	
+	return true
+}
+
 // RenderTimeAndFiles  will render out the time taken to process a specification, and the size of the file in kb.
 // it will also render out how many files were processed.
 func RenderTimeAndFiles(timeFlag bool, duration time.Duration, fileSize int64, totalFiles int) {

cmd/spectral_report.go

@@ -145,7 +145,7 @@ func GetSpectralReportCommand() *cobra.Command {
 				if !stdIn && !stdOut {
 					box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
 					box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
-					box.Println(pterm.LightRed("🚨 HARD MODE ENABLED 🚨"))
+					box.Println(pterm.LightRed(HardModeEnabled))
 					pterm.Println()
 				}
 
@@ -181,6 +181,16 @@ func GetSpectralReportCommand() *cobra.Command {
 					pterm.Println()
 					return rsErr
 				}
+
+				// Merge OWASP rules if hard mode is enabled
+				if MergeOWASPRulesToRuleSet(selectedRS, hardModeFlag) {
+					if !stdIn && !stdOut {
+						box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
+						box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
+						box.Println(pterm.LightRed(HardModeWithCustomRuleset))
+						pterm.Println()
+					}
+				}
 			}
 
 			if !stdIn && !stdOut {

cmd/vacuum_report.go

@@ -146,7 +146,7 @@ func GetVacuumReportCommand() *cobra.Command {
 				if !stdIn && !stdOut {
 					box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
 					box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
-					box.Println(pterm.LightRed("🚨 HARD MODE ENABLED 🚨"))
+					box.Println(pterm.LightRed(HardModeEnabled))
 					pterm.Println()
 				}
 
@@ -183,6 +183,16 @@ func GetVacuumReportCommand() *cobra.Command {
 					pterm.Println()
 					return rsErr
 				}
+
+				// Merge OWASP rules if hard mode is enabled
+				if MergeOWASPRulesToRuleSet(selectedRS, hardModeFlag) {
+					if !stdIn && !stdOut {
+						box := pterm.DefaultBox.WithLeftPadding(5).WithRightPadding(5)
+						box.BoxStyle = pterm.NewStyle(pterm.FgLightRed)
+						box.Println(pterm.LightRed(HardModeWithCustomRuleset))
+						pterm.Println()
+					}
+				}
 			}
 
 			if !stdIn && !stdOut {