- Fix a bug where only a subset of rules was copied over (!451)
- Update sast-rules version 2.5.5 (!451)
- Add
rules/lgpl-cc/java/traversal/rule-RelativePathTraversal - Add
rules/lgpl-cc/java/xxe/rule-DocumentBuilderFactoryDisallowDoctypeDeclMissing - Add
rules/lgpl-cc/java/inject/rule-DangerousGroovyShell - Add
rules/lgpl-cc/java/inject/rule-MongodbNoSQLi.java - Add
rules/gitlab/javascript/crypto/rule-NodeLibcurlSSLVerificationDisable - Add
rules/lgpl-cc/java/crypto/rule-DisallowOldTLSVersion.java - Add
rules/lgpl-cc/java/deserialization/rule-SnakeYamlConstructor.java - Add
rules/lgpl-cc/java/xxe/rule-DisallowDoctypeDeclFalse.java - Add
rules/lgpl-cc/python/flask/security/injection/path-traversal/rule-path-traversal-open - Add
rules/lgpl-cc/java/crypto/rule-UseOfRC4 - Add and update missing mappings for rules
- Add missing mapping for
rules/lgpl-cc/python/flask/security/injection/path-traversal/rule-path-traversal-open - Add
rules/lgpl-cc/java/inject/rule-EnvInjection.yml - Add
rules/lgpl-cc/python/crypto/rule-HTTPConnectionPool.yml - Add
rules/lgpl-cc/python/flask/security/redirection/rule-flask-open-redirect.yml - Add
java/crypto/rule-WeakTLSProtocolSSLContext.yml - Add
rules/lgpl-cc/java/crypto/rule-HttpComponentsRequest.yml - Remove
java/cookie/rule-CookieHTTPOnlyand addrules/lgpl-cc/java/cookie/rule-CookieHTTPOnlywith enhanced patterns - Remove
java/xxe/rule-XMLStreamRdrand addrules/lgpl-cc/java/xxe/rule-XMLStreamRdrwith additional patterns - Remove
rules/lgpl/javascript/dos/rule-regex_injection_dosand enhancejavascript/dos/rule-non-literal-regexpwith additional patterns - Remove
java/password/rule-HardcodeKeyEquals.ymlas secret detection should be used instead. - Remove
rules/lgpl-cc/java/password/rule-HardcodeKey.ymlas secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKey.ymlas secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKeyEquals.ymlas secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKeySuspiciousName.ymlas secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKeySuspiciousValue.ymlas secret detection should be used instead. - Remove
rules/lgpl/javascript/traversal/rule-zip_path_overwrite2.yml - Remove java/random/rule-PseudoRandom.yml rule
- Remove rules/lgpl/kotlin/random/rule-PseudoRandom.yml rule
- Remove scala/random/rule-PseudoRandom.yml rule
- Update
python/sql/rule-hardcoded-sql-expression.yml - Update
rules/lgpl-cc/java/deserialization/rule-InsecureJmsDeserialization.yml - Update
java/crypto/rule-WeakTLSProtocolDefaultHttpClient.yml - Update
rules/lgpl-cc/java/inject/rule-SqlInjection.yml - Update
python/requests/rule-request-without-timeout.yml - Update severity ratings across all Java, Scala, and Kotlin password related rules to match
- Update
java/password/rule-ConstantDBPassword.ymlto remove patterns that try to match on password like strings - Update
rules/lgpl/kotlin/password/rule-HardcodePassword.ymlto remove patterns that try to match on password like strings - Update
scala/password/rule-ConstantDBPassword.ymlupdated description - Update
scala/password/rule-HardcodePassword.ymlupdated description - Update
java/file/rule-FilenameUtilsto enhance patterns and use taint mode - Update
rules/lgpl/javascript/xml/rule-node_xpath_injectionto reduce false positives - Update
java/random/rule-PseudoRandomandrules/lgpl/kotlin/random/rule-PseudoRandomto enhance patterns - Update
rules/lgpl/javascript/traversal/rule-generic_path_traversalto enhance patterns and use taint mode - Update
rules/lgpl/javascript/traversal/rule-zip_path_overwriteto enhance patterns - Update
rules/lgpl/javascript/ssrf/rule-node_ssrfto enhance patterns and use taint mode - Update test cases for rule
rules/lgpl/javascript/xml/rule-node_xpath_injection
- Add
gitlab-org/security-products/analyzers/semgrep
v4.20.0
on GitLab
4 months ago