Add Scala Rules
What does this MR do?
- This MR adds Semgrep rules for Scala
- This set of rules are translated from the current Semgrep Java Rules
- The test code has been generated by converting the existing Java test code to Scala code and then manually reviewing where needed. The conversion was done using IntelliJ's Scala plugin
Relevant issue: gitlab-org/gitlab#362958 (closed)
Notes
- Currently the following rules are pending conversion
-
cookie/rule-CookieUsage.yml -
cors/rule-PermissiveCORSInjection.yml -
crypto/rule-CipherECBMode.yml -
crypto/rule-InsufficientKeySizeRsa.yml -
crypto/rule-CipherIntegrity.yml -
crypto/rule-NullCipher.yml -
crypto/rule-CipherDESedeInsecure.yml -
crypto/rule-CipherDESInsecure.yml -
crypto/rule-DefaultHTTPClient.yml -
crypto/rule-RsaNoPadding.yml -
crypto/rule-BlowfishKeySize.yml -
crypto/rule-CustomMessageDigest.yml -
crypto/rule-CipherPaddingOracle.yml -
crypto/rule-WeakMessageDigest.yml -
crypto/rule-HazelcastSymmetricEncryption.yml -
crypto/rule-WeakTLSProtocol.yml -
endpoint/rule-InsecureServlet.yml -
endpoint/rule-JaxRsEndpoint.yml -
endpoint/rule-WeakHostNameVerification.yml -
endpoint/rule-UnvalidatedRedirect.yml -
endpoint/rule-UnencryptedSocket.yml -
endpoint/rule-JaxWsEndpoint.yml
-
inject/rule-FileDisclosure.yml -
inject/rule-SqlInjection.yml -
inject/rule-BeanPropertyInjection.yml -
inject/rule-PathTraversalOut.yml -
inject/rule-CustomInjectionSQLString.yml -
inject/rule-OgnlInjection.yml -
inject/rule-CommandInjection.yml -
inject/rule-SpotbugsPathTraversalAbsolute.yml -
inject/rule-CustomInjection.yml -
inject/rule-HttpParameterPollution.yml -
inject/rule-LDAPInjection.yml -
inject/rule-ELInjection.yml -
inject/rule-PathTraversalIn.yml -
inject/rule-AWSQueryInjection.yml -
inject/rule-CLRFInjectionLogs.yml -
inject/rule-SpotbugsPathTraversalRelative.yml -
password/rule-ConstantDBPassword.yml -
password/rule-EmptyDBPassword.yml -
password/rule-HardcodeKey.yml -
password/rule-HardcodeKeySuspiciousValue.yml -
password/rule-HardcodePassword.yml -
password/rule-HardcodeKeyEquals.yml -
password/rule-HardcodeKeySuspiciousName.yml -
script/rule-SpelView.yml -
unsafe/rule-InformationExposure.yml -
unsafe/rule-InformationExposureVariant2.yml -
xss/rule-XSSServletParameter.yml -
xxe/rule-XMLStreamRdr.yml
Edited by Julian Thome