Skip to content

Fix where sarif output is invalid missing cwe or shortdescription

Isaac Dawson requested to merge check_split_length into main

What does this MR do?

Fixes an unlikely case where the CWE-XXX tag is missing the title text as well as a shortDescription metadata field. (Validation of this is done on downstream rules)

Bug was identified when updating semgrep rules to use the new shortDescription field: https://gitlab.com/gitlab-org/security-products/sast-rule-testing-framework/rule-testing/-/jobs/4097499692

What are the relevant issue numbers?

N/A

Does this MR meet the acceptance criteria?

Edited by Lucas Charles

Merge request reports

Loading