Update Default.md
What does this MR do?
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
The test cases cover both positive and negative cases and have appropriate Semgrep annotations: - For positive cases:
// ruleid: ...
- For negative cases:
// ok: ....
- For positive cases:
-
Prefer ($X.servlet.http.HttpServletResponse $RESP).addCookie($C);
over$RESPONSE.addCookie($C)
to avoid False-Positives. -
Following metadata fields exist for the rule(s) added/updated in this MR: -
owasp:
with both 2017 and 2021 mappings category: "security"
-
cwe:
e.g.cwe: CWE-76
NOTcwe: CWE-76 Some Other Text
-
shortDescription:
e.g:"Use of a broken or risky cryptographic algorithm
NOT"Use of a Broken or Risky Cryptographic Algorithm
security-severity:
-
-
The message contains a secure code example and no insecure ones. -
The rule is placed in the correct rules/
subfolder based on its license, refering to the internal guidance. -
Relevant labels including workflow labels are appropriately selected.