Skip to content

Draft: Update README.md

Julian Thome requested to merge julianthome-test into main

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

  • The test cases cover both positive and negative cases and have appropriate Semgrep annotations:
    • For positive cases: // ruleid: ...
    • For negative cases: // ok: ....
  • Prefer ($X.servlet.http.HttpServletResponse $RESP).addCookie($C) over $RESPONSE.addCookie($C) to avoid False-Positives.
  • Following metadata fields exist for the rule(s) added/updated in this MR:
    • owasp: with both 2017 and 2021 mappings
    • shortDescription: e.g: "Use of a broken or risky cryptographic algorithm NOT "Use of a Broken or Risky Cryptographic Algorithm"
    • security-severity: one of Info, Low, Medium, High or Critical
  • The message contains a secure code example and no insecure ones.
  • The rule is placed in the correct rules/ subfolder based on its license, refering to the internal guidance.
  • Relevant labels including workflow labels are appropriately selected.
  • The MR is freshly rebased with main.

Merge request reports