Skip to content

DRAFT: Improve Java rules benchmark

Michael Henriksen requested to merge fix/epic-13906 into main

What does this MR do?

Improves Java rules for better performance against the OWASP BenchmarkJava project which is commonly used to assess SAST tools.

Detected CWEs in v2.5.5:

  CWE-22 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 317
  CWE-79 ▇▇▇ 12
  CWE-89 ▇ 6
  CWE-90 ▇▇▇▇▇▇▇▇▇▇▇▇ 55
 CWE-113 ▇▇▇▇▇▇ 28
 CWE-259 ▇▇ 11
 CWE-306 ▏ 1
 CWE-326 ▇▇▇▇▇▇▇▇▇ 41
 CWE-327 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 82
 CWE-614 ▇▇▇▇▇▇▇▇ 36
 CWE-643 ▇▇▇▇▇▇ 30
CWE-1004 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 216

Detected CWES in this branch:

  CWE-22 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 673 (+356)
  CWE-78 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 234 (+234)
  CWE-79 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 428 (+416)
  CWE-89 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 307 (+301)
  CWE-90 ▇▇▇▇▇ 55
 CWE-113 ▇▇▇ 28
 CWE-259 ▇ 11
 CWE-306 ▏ 1
 CWE-326 ▇▇▇▇▇▇▇▇▇▇ 97
 CWE-327 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 410 (+330)
 CWE-614 ▇▇▇▇ 36
 CWE-643 ▇▇▇ 30
CWE-1004 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ 216

Related to Assess and improve SAST performance against OWA... (gitlab-org&13906)

Edited by Michael Henriksen

Merge request reports