Report ingestion fails due to problematic character sequences in B701
Summary
The report ingestion fails whenever the rule semgrep.B701
is triggered. A screenshot of this issue is below. This issue relates to Vulnerability report with Unicode NULL (U+0000)... (#417916 - closed) • Mehmet Emin INAC • 16.8
Steps to reproduce
Create a new project with SAST enabled. Add a copy of https://gitlab.com/gitlab-org/security-products/sast-rules/-/blob/main/python/escaping/rule-jinja2-autoescape-false.py as test.py
to the repository (Semgrep v5.2.0, sast-rules v2.5.1).
What is the current bug behavior?
The whole report is not digested anymore (no single security result from the report is displayed in the Vulnerability Report).
What is the expected correct behavior?
The report should be successfully digested and all findings should be visible in the Vulnerability Report.
Relevant logs and/or screenshots
Possible fixes
A temporary workaround: Create the file .gitlab/sast-ruleset.toml
with the content below to disable the problematic rule for the time being.
[semgrep]
[[semgrep.ruleset]]
disable = true
[semgrep.ruleset.identifier]
type = "semgrep_id"
value = "bandit.B701"
The error seems to originate here. For null byte characters we seem to apply escaping so that PostgreSQL can cope with it.