Import njsscan rules
What does this MR do?
This MR is a step in migrating NodeJS Scan to Semgrep. It copies a selection of rules from njsscan to sast-rules so that in the future they can be used in Semgrep.
The selection of rules copied is listed in gitlab-org/gitlab#362849 (comment 1304925623) which also includes why.
The njsscan rules are licensed under LGPL and so must be in their own directory, at the root of which is the LGPL LICENSE file.
The generated ruleset must also have the LGPL license, so the deploy script adds the path dist/lgpl
, adds a LICENSE file to that directory and then builds all nodejs scan ruleset in that directory.
This MR does not create a nodejs_scan ruleset in the dist directory, only adds the lgpl directory and LICENSE file. The ruleset itself will be added in a follow-up MR when they're ready to be released.