Missing CWE id for gosec rule G601 (SAST)
Summary
gosec rule G601
is a CWE 118, but vulnerabilities matching this gosec rule have no CWE id in the GitLab UI.
See gosec codebase
Steps to reproduce
create a Go project that match gosec rule G601
, and enable SAST
Example Project
What is the current bug behavior?
no CWE id in the vulnerability modal view
What is the expected correct behavior?
CWE 118 shows up in the vulnerability modal view
Relevant logs and/or screenshots
Possible fixes
This could because CWE 118 is not covered by cwe-info-go. cc @julianthome