Only use single primary identifier without any suffix (!101) · Merge requests · GitLab.org / security-products / sast-rules

Julian Thome requested to merge primaryidcomputation into main Nov 09, 2022

This MR uses only the first component of the primary identifier so that we do no longer generate very long primary identifiers and that they map to a distinct native analyser rule. The complete mappings are still available by means of the secondary identifiers array.

The -X suffixes can be stripped as they are not relevant with regards to the rule mappings. For example, the four bandit rules below are just components/sub-rules of B301 so that they could all just be mapped to B301.

  - id: "B301"
    rules:
    - "python/deserialization/rule-cpickle"
    - "python/deserialization/rule-shelve"
    - "python/deserialization/rule-pickle"
    - "python/deserialization/rule-dill"

Edited Nov 09, 2022 by Julian Thome

Only use single primary identifier without any suffix

Merge request reports