Upgraded java and kotlin pseudo random rules to
What does this MR do?
Updated java
and kotlin
pseudo random rules to match parameters in methods of Random
What are the relevant issue numbers?
Semgrep not detecting variant of SQL injection ... (gitlab-org/gitlab#455781) • Hua Yan • 17.1
Does this MR meet the acceptance criteria?
-
The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations: - For positive cases:
// ruleid: ...
- For negative cases:
// ok: ....
- For positive cases:
-
Following metadata fields exist for the rule(s) added/updated in this MR: -
owasp
with both 2017 and 2021 mappings. category: "security"
cwe
shortDescription
security-severity
-
-
The message field is valid and contains a secure code example. -
Applicable license is mentioned in the rule if embedded/taken from external source. -
Relevant labels including workflow labels are appropriately selected.