• Update sast-rules version 2.5.5 (!438)
  • Add rules/lgpl-cc/java/traversal/rule-RelativePathTraversal
  • Add rules/lgpl-cc/java/xxe/rule-DocumentBuilderFactoryDisallowDoctypeDeclMissing
  • Add rules/lgpl-cc/java/inject/rule-DangerousGroovyShell
  • Add rules/lgpl-cc/java/inject/rule-MongodbNoSQLi.java
  • Add rules/gitlab/javascript/crypto/rule-NodeLibcurlSSLVerificationDisable
  • Add rules/lgpl-cc/java/crypto/rule-DisallowOldTLSVersion.java
  • Add rules/lgpl-cc/java/deserialization/rule-SnakeYamlConstructor.java
  • Add rules/lgpl-cc/java/xxe/rule-DisallowDoctypeDeclFalse.java
  • Add rules/lgpl-cc/python/flask/security/injection/path-traversal/rule-path-traversal-open
  • Add rules/lgpl-cc/java/crypto/rule-UseOfRC4
  • Add and update missing mappings for rules
  • Add missing mapping for rules/lgpl-cc/python/flask/security/injection/path-traversal/rule-path-traversal-open
  • Add rules/lgpl-cc/java/inject/rule-EnvInjection.yml
  • Add rules/lgpl-cc/python/crypto/rule-HTTPConnectionPool.yml
  • Add rules/lgpl-cc/python/flask/security/redirection/rule-flask-open-redirect.yml
  • Add java/crypto/rule-WeakTLSProtocolSSLContext.yml
  • Add rules/lgpl-cc/java/crypto/rule-HttpComponentsRequest.yml
  • Remove java/cookie/rule-CookieHTTPOnly and add rules/lgpl-cc/java/cookie/rule-CookieHTTPOnly with enhanced patterns
  • Remove java/xxe/rule-XMLStreamRdr and add rules/lgpl-cc/java/xxe/rule-XMLStreamRdr with additional patterns
  • Remove rules/lgpl/javascript/dos/rule-regex_injection_dos and enhance javascript/dos/rule-non-literal-regexp with additional patterns
  • Remove java/password/rule-HardcodeKeyEquals.yml as secret detection should be used instead.
  • Remove rules/lgpl-cc/java/password/rule-HardcodeKey.yml as secret detection should be used instead.
  • Remove rules/gitlab/scala/password/rule-HardcodeKey.yml as secret detection should be used instead.
  • Remove rules/gitlab/scala/password/rule-HardcodeKeyEquals.yml as secret detection should be used instead.
  • Remove rules/gitlab/scala/password/rule-HardcodeKeySuspiciousName.yml as secret detection should be used instead.
  • Remove rules/gitlab/scala/password/rule-HardcodeKeySuspiciousValue.yml as secret detection should be used instead.
  • Remove rules/lgpl/javascript/traversal/rule-zip_path_overwrite2.yml
  • Remove java/random/rule-PseudoRandom.yml rule (!635)
  • Remove rules/lgpl/kotlin/random/rule-PseudoRandom.yml rule (!635)
  • Remove scala/random/rule-PseudoRandom.yml rule (!635)
  • Update python/sql/rule-hardcoded-sql-expression.yml
  • Update rules/lgpl-cc/java/deserialization/rule-InsecureJmsDeserialization.yml
  • Update java/crypto/rule-WeakTLSProtocolDefaultHttpClient.yml
  • Update rules/lgpl-cc/java/inject/rule-SqlInjection.yml
  • Update python/requests/rule-request-without-timeout.yml
  • Update severity ratings across all Java, Scala, and Kotlin password related rules to match
  • Update java/password/rule-ConstantDBPassword.yml to remove patterns that try to match on password like strings
  • Update rules/lgpl/kotlin/password/rule-HardcodePassword.yml to remove patterns that try to match on password like strings
  • Update scala/password/rule-ConstantDBPassword.yml updated description
  • Update scala/password/rule-HardcodePassword.yml updated description
  • Update java/file/rule-FilenameUtils to enhance patterns and use taint mode
  • Update rules/lgpl/javascript/xml/rule-node_xpath_injection to reduce false positives
  • Update java/random/rule-PseudoRandom and rules/lgpl/kotlin/random/rule-PseudoRandom to enhance patterns
  • Update rules/lgpl/javascript/traversal/rule-generic_path_traversal to enhance patterns and use taint mode
  • Update rules/lgpl/javascript/traversal/rule-zip_path_overwrite to enhance patterns
  • Update rules/lgpl/javascript/ssrf/rule-node_ssrf to enhance patterns and use taint mode
  • Update test cases for rule rules/lgpl/javascript/xml/rule-node_xpath_injection