Spring: Add Semgrep metavar for exact path/route variables

[Gby56]

Attempt at fixing/improving https://github.com/mschwager/route-detect/issues/10 and https://github.com/mschwager/route-detect/issues/12 Adding a $PATH metavar in the rules allows you to really extract the exact values Only on unauthorized paths for now, I tried also supporting that for the other rules but it would break weirdly

The final graph will show something more readable like:

ln 22: PostMapping "/api/book/{bookId}"

(Can't run the tests on my machine, weird python parallel processing issues)

[mschwager]

(Can't run the tests on my machine, weird python parallel processing issues)

I'm guessing this is this bug: https://github.com/returntocorp/semgrep/issues/8120

[Gby56]

Correct !

[Gby56]

The parallelism bug is gone, but now I'm having a weird issue.

poetry run semgrep --test --config routes/rules/ tests/test_rules/
....

Found rule id mismatch - file=/Users/gabrielmarquet/Desktop/route-detect/tests/test_rules/spring.java 'ruleid' annotation with no YAML rule={'spring-route-unauthenticated'}
Failing due to rule id mismatch. There is a test denoted with 'ruleid: <rule name>' where the rule name does not exist or is not expected in the test file.

[mschwager]

The parallelism bug is gone, but now I'm having a weird issue.

poetry run semgrep --test --config routes/rules/ tests/test_rules/
....

Found rule id mismatch - file=/Users/gabrielmarquet/Desktop/route-detect/tests/test_rules/spring.java 'ruleid' annotation with no YAML rule={'spring-route-unauthenticated'}
Failing due to rule id mismatch. There is a test denoted with 'ruleid: <rule name>' where the rule name does not exist or is not expected in the test file.

I believe this means there is a test with a ruleid, and the rule isn't firing there.

[Gby56]

Sorry, for the delay, will take a look at this asap