Added FileDisclosure vulnerability enhancements
What does this MR do?
Enhanced sast-rule java/inject/rule-FileDisclosure.yml
- Removed
org.apache.struts.action.ActionForward
patterns because it is struts 1 which was EOL'd in 2008. - Splited the rules into two files:
rule-FileDisclosureRequestDispatcher
andrule-FileDisclosureSpringFramework
- Fixed descriptions for each rule file
- Fixed mappings
- Added new
pattern-sources
- Updated the sample java code files
What are the relevant issue numbers?
Issue - 433056
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer