Upgrade SAST rules to v2.1.1
What does this MR do?
Upgrade SAST rules to v2.1.1
Changes to SAST rules include:
- Update
rules/lgpl/javascript/crypto/rule-node_insecure_random_generator.yml
with better description text and pattern constraints - Update
rules/lgpl/javascript/eval/rule-yaml_deserialize.yml
to match on typescript import pattern - Update
rules/lgpl/javascript/xss/rule-handlebars-noescape.yml
with improved patterns and test-cases - Update
rules/lgpl/javascript/crypto/rule-node_md5.yml
with improved patterns and description text - Update
javascript/xss/rule-mustache-escape.yml
to match on how escape is actually used in mustache - Remove
rules/lgpl/javascript/xml/rule-xxe_xml2json.yml
- Remove all rules under
rules/lgpl/javascript/generic
as they contain secret detection rules or are FP prone - Import initial Ruby ruleset (but not yet enabled)
- Correctly apply license for
rules/lgpl-cc/java/ftp/rule-FTPInsecureTransport
in distribution file - Correctly apply license for
rules/lgpl-cc/java/password/rule-HardcodeKey
in distribution file - Correctly apply license for
rules/lgpl-cc/java/crypto/rule-JwtNoneAlgorithm
in distribution file
What are the relevant issue numbers?
NA
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests updated/added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles