fix: Reintroduce security prefix for secondary identifiers, drop unneeded index suffix when single-mapping, and split react rule mapping
What
Assorted changes to get us closer to gitlab-org/security-products/analyzers/semgrep!147 (closed)
- Previous
security
prefix removal should have only applied to primary IDs, see https://gitlab.com/gitlab-org/secure/gsoc-sast-vulnerability-rules/playground/sast-rules/-/merge_requests/94
- eslint primary identifier: https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/e6978b54efac950db7231abdbb336e9c7760135e/qa/expect/js/gl-sast-report.json#L23
- eslint secondary identifier: https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/e6978b54efac950db7231abdbb336e9c7760135e/qa/expect/js/gl-sast-report.json#L40
- Drops unnecessary
-1
suffix for rules which are not aggregated
- This prevents primary identifier mismatches and simplies
semgrep
's convert functionality to no longer needcomputeRuleName
to split
- (relies on 2 above) Splits react eslint rule into two separate rules to ensure secondary_identifier mapping corresponds:
- https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/e6978b54efac950db7231abdbb336e9c7760135e/rules/react.yml#L2
- https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/e6978b54efac950db7231abdbb336e9c7760135e/rules/react.yml#L56
The second item is probably the biggest change. Any reason to not do this?
Edited by Lucas Charles