Skip to content

Beautifications for the unmapped rule script

Julian Thome requested to merge julianthome/rulemapping-ok into main

What does this MR do?

We have a script that notifies users in the presence of unmapped rules, i.e., rules that are not included in a mapping file.

This MR beautifies the script in two regards:

  1. introducing a Ruby class to wrap/manage the API calls.
  2. adds a notification in the absence of errors. The version of the script that currently runs on the default branch expects the user to resolve the discussion thread it opens as it does not update the comment box if the rule mappings are fixed. The new version of the script resolves this issue by adding a comment that everything is okay if all rules are mapped (see screenshots below)

image image

What are the relevant issue numbers?

gitlab-org/gitlab#461799 (closed)

Does this MR meet the acceptance criteria?

  • The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations:
    • For positive cases: // ruleid: ...
    • For negative cases: // ok: ....
  • Following metadata fields exist for the rule(s) added/updated in this MR:
    • owasp with both 2017 and 2021 mappings.
    • category: "security"
    • cwe
    • shortDescription
    • security-severity
  • The message field is valid and contains a secure code example.
  • Applicable license is mentioned in the rule if embedded/taken from external source.
  • Relevant labels including workflow labels are appropriately selected.
Edited by Julian Thome

Merge request reports