Merge branch 'disable_sast' into 'master'

Get rid of Gitlab SAST See merge request OpenMW/openmw!2011
2025-01-28 14:53:58 +00:00 · 2022-06-13 19:20:31 +00:00 · 2022-06-13 19:20:31 +00:00 · 1a23f7efb8
commit 1a23f7efb8
parent 5c8ca4c7b9 9067db523b
2 changed files with 0 additions and 88 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,14 +1,10 @@
 default:
  interruptible: true
 include:
  - template: Security/SAST.gitlab-ci.yml
 # Note: We set `needs` on each job to control the job DAG.
 # See https://docs.gitlab.com/ee/ci/yaml/#needs
 stages:
  - build
  - test
 # https://blog.nimbleways.com/let-s-make-faster-gitlab-ci-cd-pipelines/
 variables:
@ -17,14 +13,6 @@ variables:
  # These can be specified per job or per pipeline
  ARTIFACT_COMPRESSION_LEVEL: "fast"
  CACHE_COMPRESSION_LEVEL: "fast"
  SAST_EXCLUDED_ANALYZERS: "bandit"
  SAST_EXCLUDED_PATHS: "extern"
 sast:
  tags:
    - docker
    - linux
  needs: []
 .Ubuntu_Image:
  tags:
--- a/.gitlab/sast-ruleset.toml
+++ b/.gitlab/sast-ruleset.toml
@ -1,76 +0,0 @@
 [flawfinder]
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "readlink"  # openmw isn't a privileged process
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "access"  # openmw isn't a privileged process
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "random"  # duh.
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "getenv"  # duh.
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "open" # openmw isn't a privileged process
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "char"  # too many false positives
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "read"  # too many false positives
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "snprintf"  # too many false positives
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "strlen"  # too many false positives
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "mkstemp"  # openmw doesn't run on old Unix systems
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "fopen"   # openmw isn't a privileged process
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "equal"  # only false positives, sigh
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "_snprintf"  # only false positives, sigh
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "printf"  # only false positives, sigh
 	[[flawfinder.ruleset]]
 		disable = true
 		[flawfinder.ruleset.identifier]
 			type = "flawfinder_func_name"
 			value = "system"  # only false positives, sigh