Skip to content

Removing obsolete rule node curl

Bhavya Kaushal requested to merge remove-rule-node-curl into main

What does this MR do?

This MR deletes this rule due to it being obsolete - https://gitlab.com/gitlab-org/security-products/sast-rules/-/blob/main/rules/lgpl/javascript/crypto/rule-node_curl_ssl_verify_disable.yml?ref_type=heads.

It also deletes the corresponding test file and mapping.

Discussion - gitlab-org/gitlab#440261 (comment 1791115486)

What are the relevant issue numbers?

gitlab-org/gitlab#440261 (closed)

Does this MR meet the acceptance criteria?

  • The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations:
    • For positive cases: // ruleid: ...
    • For negative cases: // ok: ....
  • Following metadata fields exist for the rule(s) added/updated in this MR:
    • owasp with both 2017 and 2021 mappings.
    • category: "security"
    • cwe
    • shortDescription
    • security-severity
  • The message field is valid and contains a secure code example.
  • Applicable license is mentioned in the rule if embedded/taken from external source.
  • Relevant labels including workflow labels are appropriately selected.

Merge request reports