Skip to content

Improve python/request-without-timeout rules to catch unresolved variables

Duncan Macleod requested to merge duncanmmacleod/sast-rules:fix-false-negative-request-without-timeout into main
  • Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do?

This MR modifies the rules for the python/request-without-timeout rule (from bandit) to fix semgrep-sast missing python request-without-tim... (gitlab-org/gitlab#463069).

What are the relevant issue numbers?

gitlab-org/gitlab#463069

Does this MR meet the acceptance criteria?

  • The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations:
    • For positive cases: // ruleid: ...
    • For negative cases: // ok: ....
  • Following metadata fields exist for the rule(s) added/updated in this MR:
    • owasp with both 2017 and 2021 mappings.
    • category: "security"
    • cwe
    • shortDescription
    • security-severity
  • The message field is valid and contains a secure code example.
  • Applicable license is mentioned in the rule if embedded/taken from external source.
  • Relevant labels including workflow labels are appropriately selected.
Edited by 🤖 GitLab Bot 🤖

Merge request reports