Fix a bug where only a subset of rules was copied over (!424) · Merge requests · GitLab.org / security-products / analyzers / semgrep

Julian Thome requested to merge julianthome/copy-sast-rules into main May 23, 2024

What does this MR do?

Copy all rules from sast-rules into the /rules directory.

Currently, only the rules below are active within our semgrep analyser:

/rules/bandit.yml
/rules/brakeman.yml
/rules/eslint.yml
/rules/find_sec_bugs.yml
/rules/find_sec_bugs_kotlin.yml
/rules/find_sec_bugs_scala.yml
/rules/flawfinder.yml
/rules/gosec.yml
/rules/mobsf.yml
/rules/nodejs_scan.yml
/rules/phpcs_security_audit.yml
/rules/security_code_scan.yml

With the new changes, the rules below are included:

/rules/bandit.yml
/rules/lgpl-cc/brakeman.yml
/rules/eslint.yml
/rules/find_sec_bugs.yml
/rules/lgpl/find_sec_bugs_kotlin.yml
/rules/find_sec_bugs_scala.yml
/rules/flawfinder.yml
/rules/gosec.yml
/rules/lgpl/mobsf.yml
/rules/lgpl/nodejs_scan.yml
/rules/lgpl-cc/phpcs_security_audit.yml
/rules/security_code_scan.yml
---
/rules/gitlab/gitlab_ee_java.yml
/rules/lgpl-cc/gitlab_lgpl_cc_java.yml
/rules/lgpl-cc/gitlab_lgpl_cc_javascript.yml
/rules/lgpl-cc/gitlab_lgpl_cc_python.yml

Rule-sets that were not previously available:

/rules/gitlab/gitlab_ee_java.yml
/rules/lgpl-cc/gitlab_lgpl_cc_java.yml
/rules/lgpl-cc/gitlab_lgpl_cc_javascript.yml
/rules/lgpl-cc/gitlab_lgpl_cc_python.yml

The effect of this change with regards to Semgrep-based analyzer image omits files that a... (gitlab-org/gitlab#463397 - closed) • Julian Thome • 17.1 • On track is described in gitlab-org/gitlab#463397 (comment 1920756356).

What are the relevant issue numbers?

gitlab-org/gitlab#463397 (closed)

Does this MR meet the acceptance criteria?

Edited May 24, 2024 by Julian Thome

Fix a bug where only a subset of rules was copied over

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports