- Update sast-rules version 2.5.5 (!438)
- Add
rules/lgpl-cc/java/traversal/rule-RelativePathTraversal
- Add
rules/lgpl-cc/java/xxe/rule-DocumentBuilderFactoryDisallowDoctypeDeclMissing
- Add
rules/lgpl-cc/java/inject/rule-DangerousGroovyShell
- Add
rules/lgpl-cc/java/inject/rule-MongodbNoSQLi.java
- Add
rules/gitlab/javascript/crypto/rule-NodeLibcurlSSLVerificationDisable
- Add
rules/lgpl-cc/java/crypto/rule-DisallowOldTLSVersion.java
- Add
rules/lgpl-cc/java/deserialization/rule-SnakeYamlConstructor.java
- Add
rules/lgpl-cc/java/xxe/rule-DisallowDoctypeDeclFalse.java
- Add
rules/lgpl-cc/python/flask/security/injection/path-traversal/rule-path-traversal-open
- Add
rules/lgpl-cc/java/crypto/rule-UseOfRC4
- Add and update missing mappings for rules
- Add missing mapping for
rules/lgpl-cc/python/flask/security/injection/path-traversal/rule-path-traversal-open
- Add
rules/lgpl-cc/java/inject/rule-EnvInjection.yml
- Add
rules/lgpl-cc/python/crypto/rule-HTTPConnectionPool.yml
- Add
rules/lgpl-cc/python/flask/security/redirection/rule-flask-open-redirect.yml
- Add
java/crypto/rule-WeakTLSProtocolSSLContext.yml
- Add
rules/lgpl-cc/java/crypto/rule-HttpComponentsRequest.yml
- Remove
java/cookie/rule-CookieHTTPOnly
and addrules/lgpl-cc/java/cookie/rule-CookieHTTPOnly
with enhanced patterns - Remove
java/xxe/rule-XMLStreamRdr
and addrules/lgpl-cc/java/xxe/rule-XMLStreamRdr
with additional patterns - Remove
rules/lgpl/javascript/dos/rule-regex_injection_dos
and enhancejavascript/dos/rule-non-literal-regexp
with additional patterns - Remove
java/password/rule-HardcodeKeyEquals.yml
as secret detection should be used instead. - Remove
rules/lgpl-cc/java/password/rule-HardcodeKey.yml
as secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKey.yml
as secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKeyEquals.yml
as secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKeySuspiciousName.yml
as secret detection should be used instead. - Remove
rules/gitlab/scala/password/rule-HardcodeKeySuspiciousValue.yml
as secret detection should be used instead. - Remove
rules/lgpl/javascript/traversal/rule-zip_path_overwrite2.yml
- Remove java/random/rule-PseudoRandom.yml rule (!635)
- Remove rules/lgpl/kotlin/random/rule-PseudoRandom.yml rule (!635)
- Remove scala/random/rule-PseudoRandom.yml rule (!635)
- Update
python/sql/rule-hardcoded-sql-expression.yml
- Update
rules/lgpl-cc/java/deserialization/rule-InsecureJmsDeserialization.yml
- Update
java/crypto/rule-WeakTLSProtocolDefaultHttpClient.yml
- Update
rules/lgpl-cc/java/inject/rule-SqlInjection.yml
- Update
python/requests/rule-request-without-timeout.yml
- Update severity ratings across all Java, Scala, and Kotlin password related rules to match
- Update
java/password/rule-ConstantDBPassword.yml
to remove patterns that try to match on password like strings - Update
rules/lgpl/kotlin/password/rule-HardcodePassword.yml
to remove patterns that try to match on password like strings - Update
scala/password/rule-ConstantDBPassword.yml
updated description - Update
scala/password/rule-HardcodePassword.yml
updated description - Update
java/file/rule-FilenameUtils
to enhance patterns and use taint mode - Update
rules/lgpl/javascript/xml/rule-node_xpath_injection
to reduce false positives - Update
java/random/rule-PseudoRandom
andrules/lgpl/kotlin/random/rule-PseudoRandom
to enhance patterns - Update
rules/lgpl/javascript/traversal/rule-generic_path_traversal
to enhance patterns and use taint mode - Update
rules/lgpl/javascript/traversal/rule-zip_path_overwrite
to enhance patterns - Update
rules/lgpl/javascript/ssrf/rule-node_ssrf
to enhance patterns and use taint mode - Update test cases for rule
rules/lgpl/javascript/xml/rule-node_xpath_injection
- Add