Add flawfinder mapping file (!31) · Merge requests · GitLab.org / security-products / sast-rules

Anshuman Singh requested to merge flawfinder-mapping into main Jul 22, 2021

WHAT IS THIS MR?

With this MR we aim to add the mappings file for Flawfinder.

Relates to https://gitlab.com/gitlab-org/secure/gsoc-sast-vulnerability-rules/playground/sast-rules/-/issues/11 Changes done:

Add flawfinder mappings file.
Make corresponding additions in ci/schema.rb
Update README.md

/cc @rossfuhrman /cc @julianthome

# yamllint disable       <- THE HEADERS
# maps flawfinder rule ids to semgrep rules
# License: MIT (c) GitLab Inc.
# yamllint enable
---
flawfinder:               
  - id: strcpy           #<- EVERY VULNERABILITY IS REPORTED BY FUNCTION NAME IN gl-sast-report IN FLAWFINDER. Discussed in #11 
    rules:  
      - c/buffer/rule-strcpy             #<- RULE-ID WE HAVE CREATED
  - id: strcpyA
    rules: 
      - c/buffer/rule-strcpyA_strcpyW
  - id: lstrcpy
    rules: 
      - c/buffer/rule-lstrcpy_wcscpy
  - id: memcpy
    rules: 
      - c/buffer/rule-memcpy_CopyMemory

Edited Jul 26, 2021 by Anshuman Singh

Add flawfinder mapping file

WHAT IS THIS MR?

Merge request reports