Remove rules_lgpl_javascript_dos_rule-regex-injection-dos and enhance javascript_dos_rule-non-literal-regexp
What does this MR do?
- Remove rule rules_lgpl_javascript_dos_rule-regex-injection-dos
- Remove mappings related to rules_lgpl_javascript_dos_rule-regex-injection-dos
- Enhance enhance javascript_dos_rule-non-literal-regexp with adding
string.match(), string.search()
as sinks - Update test file with
string.match(), string.search()
related test cases
What are the relevant issue numbers?
gitlab-org/gitlab#440550 (closed)
Does this MR meet the acceptance criteria?
-
The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations: - For positive cases:
// ruleid: ...
- For negative cases:
// ok: ....
- For positive cases:
-
Following metadata fields exist for the rule(s) added/updated in this MR: -
owasp
with both 2017 and 2021 mappings. category: "security"
cwe
shortDescription
security-severity
-
-
The message field is valid and contains a secure code example. -
Applicable license is mentioned in the rule if embedded/taken from external source. -
Relevant labels including workflow labels are appropriately selected.
Edited by Chathumina Vimukthi