Add rules for past S1 incidents (!41) · Merge requests · GitLab.com / GitLab Security Division / Product Security Department / Application Security / SAST Custom Rules · GitLab

This MR adds the rules for the following S1 issues:

CVE-2022-0244: https://gitlab.com/gitlab-com/gl-security/product-security/appsec/appsec-rcas/-/issues/9+
CVE-2022-3067: https://gitlab.com/gitlab-com/gl-security/product-security/appsec/appsec-rcas/-/issues/8+
CVE-2023-2478: https://gitlab.com/gitlab-com/gl-security/rcas/-/issues/10+
CVE-2023-2825: https://gitlab.com/gitlab-com/gl-security/rcas/-/issues/9+

The semgrep rules currently look for changes to the fixing code, or repetition of the offending code.

Edited Oct 16, 2024 by Ameya Darshan