Convert go sqli rule to taint mode to reduce false-positives
What does this MR do?
Converts the concat-sqli
Go rule to taint mode to reduce false-positives
The previous rule would flag occurrences of fmt.Sprintf(...)
if the format
argument contained a SQL query keyword such as select
, update
, insert
, etc. The rule seemed to be attempting to emulate a taint mode flow, but it FP'ed because of the lack of distinction between source and sink patterns in the regular rule mode.
Playground: https://semgrep.dev/playground/s/KxJwn
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Michael Henriksen