Some SAST-rules are not being shipped due to missing mapping definition
Summary
Our checks in sast-rules
are insufficient at identifying rules without a mapping.
As pointed out in gitlab-org/security-products/sast-rules!393 (comment 1900051618), that affects rules/lgpl-cc/python/flask/security/injection/sql/rule-flask-tainted-sql-string.yml
. However, other rules might be affected.
We should:
-
identify which rules aren't being included in the semgrep analyzer release -
create mappings for them -
update mappings to include rules potentially not being included
gitlab-org/security-products/sast-rules!373 (closed)
Steps to reproduce
Example Project
What is the current bug behavior?
What is the expected correct behavior?
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
cc @craigmsmith
Edited by Jayson Salazar Rodriguez