Tune NodeJS Scan primary Identifiers
What does this MR do?
This is a no-op change as the NodeJS Scan rules are not yet deployed by the deploy script.
This MR updates the ID and primary identifier of the nodejs_scan ruleset. These changes mean a generated ruleset will look like:
rules:
- id: nodejs_scan.javascript-crypto-rule-node_aes_ecb
patterns:
...
message: ...
languages:
- javascript
severity: ERROR
metadata:
owasp: A9:2017-Using Components with Known Vulnerabilities
cwe: 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm'
security-severity: HIGH
primary_identifier: nodejs_scan.javascript-crypto-rule-node_aes_ecb
secondary_identifiers:
- name: NodeJS Scan ID javascript-crypto-rule-node_aes_ecb
type: njsscan_rule_type
value: javascript-crypto-rule-node_aes_ecb
The main purpose of this MR is to have concise primary identifiers.
What are the relevant issue numbers?
gitlab-org/gitlab#395487 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Adam Cohen