testable-eu / sast-tp-framework

TP-Framework: Testability Pattern Framework for SAST
https://owasp.org/www-project-testability-patterns-for-web-applications/
Apache License 2.0
11 stars 3 forks source link

Folder structure for discovery rules for multiple patterns #12

Open mal-tee opened 1 year ago

mal-tee commented 1 year ago

The framework seems to support one discovery rule for multiple patterns via the 2nd tuple entry. How should we store this single rule in the current folder structure?

Take PHP pattern 44 for example where the same file exists in three places:

compaluca commented 1 year ago

Indeed duplicating the rule is not the best. However for the moment, please follow that practice. We are discussing about removing metadata. If we do so the only possibility is to strictly follow a file structure where each pattern instance comprises its discovery rule.