BUG: Some metadata field (reference and cwe) are not in semgrep recommended format - Githubissues

MobSF / mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

GNU Lesser General Public License v3.0

607 stars 97 forks source link

BUG: Some metadata field (reference and cwe) are not in semgrep recommended format #80

Closed nitinNayar closed 5 months ago

nitinNayar commented 9 months ago

Identified 4 issues related to metadata field (reference and cwe) are not in semgrep recommended format :

the semgrep rules have reference key. This should be references to be compliant with semgrep required format
the semgrep rules references key should be a list. This is semgrep required format
the semgrep rules have cwe key. This should be in the format CWE-XXX: CWE_TITLEto be compliant with semgrep required format
the semgrep rules cwe key should be a list. This is semgrep required format

-- nitin (Semgrep Solution Engineering, EMEA)