Skip to content

Add Scala Rules

Arpit Gogia requested to merge scala-rules into main

What does this MR do?

  • This MR adds Semgrep rules for Scala
  • This set of rules are translated from the current Semgrep Java Rules
  • The test code has been generated by converting the existing Java test code to Scala code and then manually reviewing where needed. The conversion was done using IntelliJ's Scala plugin

Relevant issue: gitlab-org/gitlab#362958 (closed)

Notes

  • Currently the following rules are pending conversion

@arpitgogia

  • cookie/rule-CookieUsage.yml
  • cors/rule-PermissiveCORSInjection.yml
  • crypto/rule-CipherECBMode.yml
  • crypto/rule-InsufficientKeySizeRsa.yml
  • crypto/rule-CipherIntegrity.yml
  • crypto/rule-NullCipher.yml
  • crypto/rule-CipherDESedeInsecure.yml
  • crypto/rule-CipherDESInsecure.yml
  • crypto/rule-DefaultHTTPClient.yml
  • crypto/rule-RsaNoPadding.yml
  • crypto/rule-BlowfishKeySize.yml
  • crypto/rule-CustomMessageDigest.yml
  • crypto/rule-CipherPaddingOracle.yml
  • crypto/rule-WeakMessageDigest.yml
  • crypto/rule-HazelcastSymmetricEncryption.yml
  • crypto/rule-WeakTLSProtocol.yml
  • endpoint/rule-InsecureServlet.yml
  • endpoint/rule-JaxRsEndpoint.yml
  • endpoint/rule-WeakHostNameVerification.yml
  • endpoint/rule-UnvalidatedRedirect.yml
  • endpoint/rule-UnencryptedSocket.yml
  • endpoint/rule-JaxWsEndpoint.yml

@julianthome

  • inject/rule-FileDisclosure.yml
  • inject/rule-SqlInjection.yml
  • inject/rule-BeanPropertyInjection.yml
  • inject/rule-PathTraversalOut.yml
  • inject/rule-CustomInjectionSQLString.yml
  • inject/rule-OgnlInjection.yml
  • inject/rule-CommandInjection.yml
  • inject/rule-SpotbugsPathTraversalAbsolute.yml
  • inject/rule-CustomInjection.yml
  • inject/rule-HttpParameterPollution.yml
  • inject/rule-LDAPInjection.yml
  • inject/rule-ELInjection.yml
  • inject/rule-PathTraversalIn.yml
  • inject/rule-AWSQueryInjection.yml
  • inject/rule-CLRFInjectionLogs.yml
  • inject/rule-SpotbugsPathTraversalRelative.yml
  • password/rule-ConstantDBPassword.yml
  • password/rule-EmptyDBPassword.yml
  • password/rule-HardcodeKey.yml
  • password/rule-HardcodeKeySuspiciousValue.yml
  • password/rule-HardcodePassword.yml
  • password/rule-HardcodeKeyEquals.yml
  • password/rule-HardcodeKeySuspiciousName.yml
  • script/rule-SpelView.yml
  • unsafe/rule-InformationExposure.yml
  • unsafe/rule-InformationExposureVariant2.yml
  • xss/rule-XSSServletParameter.yml
  • xxe/rule-XMLStreamRdr.yml
Edited by Julian Thome

Merge request reports