Semgrep rule translation may break custom rulesets if individual identifiers are not preserved

Summary

When combining scanner rules into single semgrep rules (Semgrep-based analysis in GitLab SAST (&5245 - closed)) we may introduce a regression if we do not preserve the original identifiers.

See mappings for combined rules https://gitlab.com/gitlab-org/secure/gsoc-sast-vulnerability-rules/playground/sast-rules/-/blob/5496b2a1c2e1bf2018d87bdaf1a3b0288ad6ce40/mappings/bandit.yml#L95-106

Steps to reproduce

Add a custom ruleset configuration for bandit disabling B313
Run bandit, see no results for B313
Switch to semgrep using bandit ruleset, see results for identifier bandit.B313.B314.B315.B316.B318.B319.B320.B405.B406.B407.B408.B409.B410

Example Project

What is the current bug behavior?

Custom ruleset disablements/overrides are not preserved when switching to semgrep rulesets which combine rules

What is the expected correct behavior?

Custom ruleset disablements/overrides should be preserved when switching to semgrep rulesets which combine rules

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Possible fixes

Auto-Summary 🤖

Discoto Usage

Points

Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive) point:. For example, the following are all valid points:

#### POINT: This is a point

* point: This is a point

+ Point: This is a point

- pOINT: This is a point

point: This is a **point**

Note that any markdown used in the point text will also be propagated into the topic summaries.

Topics

Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.

Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive) topic:. For example, the following are all valid topics:

# Topic: Inline discussion topic 1

## TOPIC: **{+A Green, bolded topic+}**

### tOpIc: Another topic

Quick Actions

Action Description

/discuss sub-topic TITLE Create an issue for a sub-topic. Does not work in epics

/discuss link ISSUABLE-LINK Link an issuable as a child of this discussion

Action	Description
`/discuss sub-topic TITLE`	Create an issue for a sub-topic. Does not work in epics
`/discuss link ISSUABLE-LINK`	Link an issuable as a child of this discussion

Last updated by this job

Discoto Settings

---
summary:
  max_items: -1
  sort_by: created
  sort_direction: ascending

See the settings schema for details.

Edited Aug 29, 2024 by Lucas Charles