Merge branch '218414-refine-sast-analyzer-language-detection' into 'master'

Refine SAST analyzer detection beyond base language See merge request gitlab-org/gitlab!33226

Merge branch '218414-refine-sast-analyzer-language-detection' into 'master'
Refine SAST analyzer detection beyond base language See merge request gitlab-org/gitlab!33226
bb73ad65 · Heinrich Lee Yu · 588bb2c3 · 5bfb234e · bb73ad65 · bb73ad65
Commit bb73ad65 authored May 28, 2020 by Heinrich Lee Yu
3 changed files
--- a/changelogs/unreleased/218414-refine-sast-analyzer-language-detection.yml
+++ b/changelogs/unreleased/218414-refine-sast-analyzer-language-detection.yml
+---
+title: Refine SAST language detection by frameworks
+merge_request: 33226
+author:
+type: changed
--- a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
+++ b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
@@ -63,17 +63,18 @@ describe 'SAST.gitlab-ci.yml' do
            'C'                    | { 'app.c' => '' }                    | {}                                        | %w(flawfinder-sast secrets-sast)
            'C++'                  | { 'app.cpp' => '' }                  | {}                                        | %w(flawfinder-sast secrets-sast)
            'C#'                   | { 'app.csproj' => '' }               | {}                                        | %w(security-code-scan-sast secrets-sast)
-            'Elixir'               | { 'mix.ex' => '' }                   | {}                                        | %w(sobelow-sast secrets-sast)
+            'Elixir'               | { 'mix.exs' => '' }                  | {}                                        | %w(sobelow-sast secrets-sast)
            'Golang'               | { 'main.go' => '' }                  | {}                                        | %w(gosec-sast secrets-sast)
            'Groovy'               | { 'app.groovy' => '' }               | {}                                        | %w(spotbugs-sast secrets-sast)
            'Java'                 | { 'app.java' => '' }                 | {}                                        | %w(spotbugs-sast secrets-sast)
-            'Javascript'           | { 'app.js' => '' }                   | {}                                        | %w(eslint-sast nodejs-scan-sast secrets-sast)
+            'Javascript'           | { 'app.js' => '' }                   | {}                                        | %w(eslint-sast secrets-sast)
+            'Javascript Node'      | { 'package.json' => '' }             | {}                                        | %w(nodejs-scan-sast secrets-sast)
            'HTML'                 | { 'index.html' => '' }               | {}                                        | %w(eslint-sast secrets-sast)
            'Kubernetes Manifests' | { 'Chart.yaml' => '' }               | { 'SCAN_KUBERNETES_MANIFESTS' => 'true' } | %w(kubesec-sast secrets-sast)
-            'Multiple languages'   | { 'app.java' => '', 'app.js' => '' } | {}                                        | %w(eslint-sast nodejs-scan-sast spotbugs-sast secrets-sast)
+            'Multiple languages'   | { 'app.java' => '', 'app.js' => '' } | {}                                        | %w(eslint-sast spotbugs-sast secrets-sast)
            'PHP'                  | { 'app.php' => '' }                  | {}                                        | %w(phpcs-security-audit-sast secrets-sast)
            'Python'               | { 'app.py' => '' }                   | {}                                        | %w(bandit-sast secrets-sast)
-            'Ruby'                 | { 'application.rb' => '' }           | {}                                        | %w(brakeman-sast secrets-sast)
+            'Ruby'                 | { 'config/routes.rb' => '' }         | {}                                        | %w(brakeman-sast secrets-sast)
            'Scala'                | { 'app.scala' => '' }                | {}                                        | %w(spotbugs-sast secrets-sast)
            'Typescript'           | { 'app.ts' => '' }                   | {}                                        | %w(tslint-sast secrets-sast)
            'Visual Basic'         | { 'app.vbproj' => '' }               | {}                                        | %w(security-code-scan-sast secrets-sast)

--- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
@@ -83,7 +83,7 @@ brakeman-sast:
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /brakeman/
      exists:
-        - '**/*.rb'
+        - 'config/routes.rb'
 eslint-sast:
  extends: .sast-analyzer
@@ -149,7 +149,7 @@ nodejs-scan-sast:
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/
      exists:
-        - '**/*.js'
+        - 'package.json'
 phpcs-security-audit-sast:
  extends: .sast-analyzer
@@ -213,8 +213,7 @@ sobelow-sast:
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /sobelow/
      exists:
-        - '**/*.ex'
+        - 'mix.exs'
-        - '**/*.exs'
 spotbugs-sast:
  extends: .sast-analyzer