Draft: Show that the rule tests fail for semgrep 1.75

What does this MR do?

This MR is used to show the difference in test results between semgrep 1.74 and semgrep 1.75.

In semgrep 1.74 job, all the tests pass as expected. In semgrep 1.75 job, the tests fail.

What are the relevant issue numbers?

• Upgrade Semgrep past v1.75.0 (gitlab-org/gitlab#472378 - closed) • Craig Smith • Backlog

Does this MR meet the acceptance criteria?

• The test cases cover both positive and negative cases and have appropriate Semgrep annotations:
  • For positive cases: // ruleid: ...
  • For negative cases: // ok: ....
• Prefer ($X.servlet.http.HttpServletResponse $RESP).addCookie($C) over $RESPONSE.addCookie($C) to avoid False-Positives.
• Following metadata fields exist for the rule(s) added/updated in this MR:
  • owasp: with both 2017 and 2021 mappings
  • shortDescription: e.g: "Use of a broken or risky cryptographic algorithm NOT "Use of a Broken or Risky Cryptographic Algorithm"
  • security-severity: one of Info, Low, Medium, High or Critical
  • pattern: use multi-line patterns (with |) only when the actual search patterns spans more than a single line
• The message contains a secure code example and no insecure ones.
• The rule is placed in the correct rules/ subfolder based on its license, refering to the internal guidance.
• Relevant labels including workflow labels are appropriately selected.
• The MR is freshly rebased with main.