Draft: Modify the rule schema to be consistent with the monolith (!550) · Merge requests · GitLab.org / security-products / sast-rules

Hua Yan requested to merge huayan-fix-rule_schema into main Apr 29, 2024

What does this MR do?

Problem to fix: The current schema is not consistent with the monolith #419092. The sast-rules repo uses a padded format, while the monolith uses a no-pad format. For example, in sast-rules the owasp id is like "A01:2021-Broken Access Control", while in the monolith it is like "A1:2021-Broken Access Control".

This MR fixes the above problem by modifying the schema, following the discussion here.

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations:
- For positive cases: // ruleid: ...
- For negative cases: // ok: ....
Following metadata fields exist for the rule(s) added/updated in this MR:
- owasp with both 2017 and 2021 mappings.
- category: "security"
- cwe
- shortDescription
- security-severity
The message field is valid and contains a secure code example.
Applicable license is mentioned in the rule if embedded/taken from external source.
Relevant labels including workflow labels are appropriately selected.

Draft: Modify the rule schema to be consistent with the monolith

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports