Import Semgrep Ruby rules
As part of our effort rely more on Semgrep, we want to import the following Ruby rules as-is into sast-rules - only adjusting the metadata to match our standards (eg. OWASP mappings).
-
hardcoded-http-auth-in-controller.yaml -
cookie-serialization.yaml -
avoid-default-routes.yaml -
bad-deserialization-env.yaml -
bad-deserialization-yaml.yaml -
bad-deserialization.yaml -
detailed-exceptions.yaml -
divide-by-zero.yaml -
no-eval.yaml -
dangerous-exec.yaml -
force-ssl-false.yaml -
missing-csrf-protection.yaml -
json-entity-escape.yaml -
avoid-link-to.yaml (*.rb) -
unprotected-mass-assign.yaml -
model-attr-accessible.yaml -
check-permit-attributes-high.yaml -
check-permit-attributes-medium.yaml -
check-redirect-to.yaml -
check-regex-dos.yaml -
check-render-local-file-include.yaml -
avoid-render-inline.yaml -
avoid-render-text.yaml -
no-send.yaml -
check-send-file.yaml -
avoid-session-manipulation.yaml -
check-cookie-store-session-security-attributes.yaml -
check-before-filter.yaml -
check-sql.yaml -
ssl-mode-no-verify.yaml -
manual-template-creation.yaml -
check-unsafe-reflection.yaml -
check-unsafe-reflection-methods.yaml -
check-unscoped-find.yaml -
check-validation-regex.yaml -
check-http-verb-confusion.yaml -
weak-hashes-md5.yaml -
weak-hashes-sha1.yaml -
insufficient-rsa-key-size.yaml -
avoid-tainted-file-access.yaml -
avoid-tainted-http-request.yaml -
avoid-tainted-shell-call.yaml -
avoid-tainted-ftp-call.yaml
Edited by Dinesh Bolkensteyn