Importing Ruby Community rules
What does this MR do?
This MR imports 43 Semgrep community rules for Ruby language.
For all the 43 rules, these are the changes I have made.
- Put rules in appropriate sub-folders to match Gitlab format
- Renamed files to match Gitlab format
- Renamed ids in rule files and in test files to match Gitlab format
- Added licenses to both rules and test files
- Changed description to add more detailed description, mitigation strategies and also added secure code examples.
- Updated metadata
- Added correct owasp mappings
- Fixed cwe and short description fields to match Gitlab format
- Changed references to point to semgrep rules
- Added security-severity in-accordance with existing rules (from other Gitlab Language rules)
- Changed severity in-accordance with existing rules (from other Gitlab Language rules)
What are the relevant issue numbers?
Addresses issue : gitlab-org/gitlab#442397 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer