semgrep_rules/**/*.yaml: add category when missing

assets/semgrep_rules/client/android-resolve-intent.yaml

@@ -16,6 +16,7 @@ rules:
       author: Artem Chaikin
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/android-resolve-intent.yaml
       assignees: stoletheminerals
+      category: security
     message: Implicit intents in resolveComponent and queryComponent methods for component launch may pose security risks, as other installed apps can register similar components with higher priority. Instead, it is recommended to use hardcoded package names for third-party components launch or getApplicationContext().getPackageName() for local component launch.
     languages: [java, kotlin]
     severity: WARNING

assets/semgrep_rules/client/brave-execute-script-ios.yaml

@@ -8,6 +8,7 @@ rules:
       assignees: |
         stoletheminerals
         bridiver
+      category: security
     message: |
       $FUNC usages should be vet by the security-team.
 

assets/semgrep_rules/client/brave-execute-script.yaml

@@ -10,6 +10,7 @@ rules:
         thypon
         diracdeltas
         bridiver
+      category: security
     message: |
       $FUNC usages should be vet by the security-team.
 

assets/semgrep_rules/client/brave-isolated-world.yaml

@@ -8,6 +8,7 @@ rules:
         diracdeltas
         bridiver
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-isolated-world.yaml
+      category: security
     message: Security hotspot found (`ISOLATED_WORLD`). A security-team member should analyze the code security for possible vulnerabilities.
     severity: WARNING
     languages:

assets/semgrep_rules/client/brave-missing-break-in-switch.yaml

@@ -10,6 +10,7 @@ rules:
         - https://github.com/returntocorp/semgrep/issues/4939
       confidence: MEDIUM
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-missing-break-in-switch.yaml
+      category: security
       # NOTE: we should also check for default blocks that miss the
       # break/return/exit or equivalent statement/function call.
     message: >-

assets/semgrep_rules/client/cast-signed-to-unsigned.yaml

@@ -6,6 +6,7 @@ rules:
         fmarier
         thypon
         bridiver
+      category: security
     patterns:
       - pattern: ($CAST)($TYPE $X)
       - metavariable-regex:

assets/semgrep_rules/client/check_includes.yaml

@@ -9,6 +9,7 @@ rules:
       assignees: |
         bridiver
         thypon
+      category: security
     paths:
       include:
         - "*.gn"

assets/semgrep_rules/client/chromium-insecure-gurl.yaml

@@ -6,6 +6,7 @@ rules:
       assignees: |
         thypon
         fmarier
+      category: security
     pattern-either:
       - patterns:
           - pattern: $TYPE $VAR = ...;

assets/semgrep_rules/client/chromium-uaf.yaml

@@ -16,6 +16,7 @@ rules:
         thypon
         goodov
         iefremov
+      category: security
     message: |
       base::Unretained is most of the time unrequited, and a weak reference is better suited for secure coding.
       Consider swapping Unretained for a weak reference.

assets/semgrep_rules/client/dangling-pointer-trait.yaml

@@ -9,6 +9,7 @@ rules:
         stoletheminerals
         thypon
         cdesouza-chromium
+      category: security
     patterns:
       - pattern-either:
         - pattern-inside: raw_ptr<...>

assets/semgrep_rules/client/glide-library.yaml

@@ -8,6 +8,7 @@ rules:
       assignees: |
         stoletheminerals
         bridiver
+      category: security
     message: "The Glide image loading library is not yet approved, new usages should not be implemented until the security team has given their approval."
     languages: [java]
     severity: WARNING

assets/semgrep_rules/client/interesting-api-calls.yaml

@@ -11,6 +11,7 @@ rules:
       # NOTE: goto, try/catch, kill/sig/jmp, sem/mutex, new/delete, 
       # static_cast/reinterpret_cast are not covered.
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/interesting-api-calls.yaml
+      category: security
     message: >-
       Locate all calls to interesting and potentially insecure API functions (candidate points). The auditor can backtrace from these candidate points to find pathways allowing access from untrusted input.
     severity: INFO

assets/semgrep_rules/client/licensing.yaml

@@ -8,6 +8,7 @@ rules:
         fmarier
         thypon
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/licensing.yaml
+      category: security
     message: "Non-free license detected"
     severity: ERROR
     languages:

assets/semgrep_rules/client/mismatched-memory-management-cpp.yaml

@@ -13,6 +13,7 @@ rules:
       # NOTE: overloaded operators, VirtualAlloc()/VirtualFree(),
       # mmap()/munmap() are not covered.
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/mismatched-memory-management-cpp.yaml
+      category: security
     message: >-
       The software attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed. Due to inherent limitations of Semgrep, this rule might generate many false positives and should therefore be customized for your codebase.
     severity: INFO

assets/semgrep_rules/client/signed-unsigned-conversion.yaml

@@ -15,6 +15,7 @@ rules:
         - http://www.phrack.org/issues/60/10.html#article
         - https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples
       confidence: MEDIUM
+      category: security
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/signed-unsigned-conversion.yaml
     message: The software uses a signed primitive and performs a cast to an unsigned primitive, or uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the signed primitive cannot be represented using an unsigned primitive, or if the value of the unsigned primitive cannot be represented using a signed primitive. It is dangerous to rely on implicit casts between signed and unsigned numbers because the result can take on an unexpected value and violate assumptions made by the program. Often, functions will return negative values to indicate a failure. When the result of a function is to be used as a size parameter, using these negative return values can have unexpected results. For example, if negative size values are passed to the standard memory copy or allocation functions they will be implicitly cast to a large unsigned value. This may lead to an exploitable buffer overflow or underflow condition. Although less frequent an issue than signed-to-unsigned conversion, unsigned-to-signed conversion can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.
     severity: WARNING

assets/semgrep_rules/client/typos.yaml

@@ -14,6 +14,7 @@ rules:
       license: MIT
       original_source: https://raw.githubusercontent.com/0xdea/semgrep-rules/main/c/typos.yaml
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/typos.yaml
+      category: security
       # NOTE: common issues with comments are not covered.
       # NOTE: constructs such as assert(var == val) lead to false positives.
     message: >-

assets/semgrep_rules/client/unsafe-cpp-constructs.yaml

@@ -9,6 +9,7 @@ rules:
         stoletheminerals
         thypon
         cdesouza-chromium
+      category: security
     languages: [cpp]
     message: "Potentially unsafe C++ construct detected"
     severity: WARNING

assets/semgrep_rules/client/unsafejs-in-cpp.yaml

@@ -7,6 +7,7 @@ rules:
         diracdeltas
         thypon
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/unsafejs-in-cpp.yaml
+      category: security
     message: Unsafe JS in CPP strings
     languages:
       - c

assets/semgrep_rules/services/activerecord-sanitize-sql-noop.yaml

@@ -25,3 +25,4 @@ rules:
         - https://api.rubyonrails.org/classes/ActiveRecord/Sanitization/ClassMethods.html
       confidence: LOW
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/activerecord-sanitize-sql-noop.yaml
+      category: security

assets/semgrep_rules/services/find-links-without-no-index.yaml

@@ -1,11 +1,13 @@
 rules:
   - id: find-links-without-no-index
-    author: Artem Chaikin
-    source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/find-links-without-no-index.yaml
-    references:
+    metadata:
+      author: Artem Chaikin
+      source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/find-links-without-no-index.yaml
+      references:
         - https://portswigger.net/daily-swig/dependency-confusion-attack-mounted-via-pypi-repo-exposes-flawed-package-installer-behavior
         - https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/
-    confidence: LOW
+      confidence: LOW
+      category: security
     pattern-either:
       - pattern-regex: ^(?!.*--no-index).*--find-links
       - pattern-regex: ^(?!.*--no-index).*(pip|pip3)\s.*\s-f

assets/semgrep_rules/services/http-parse-multipart-dos.yaml

@@ -10,6 +10,7 @@ rules:
       assignees: |
         thypon
         kdenhartog
+      category: security
     severity: INFO
     languages:
       - go

assets/semgrep_rules/services/internal-digest-call.yaml

@@ -7,3 +7,8 @@ rules:
     severity: WARNING
     metadata:
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/internal-digest-call.yaml
+      assignees: |
+        stoletheminerals
+        thypon
+        cdesouza-chromium
+        bridiver

assets/semgrep_rules/services/io-readall-dos.yaml

@@ -10,6 +10,7 @@ rules:
       assignees: |
         thypon
         kdenhartog
+      category: security
     severity: INFO
     languages:
       - go

assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml

@@ -3,6 +3,7 @@ rules:
     metadata:
       author: Andrea Brancaleoni @ Brave
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml
+      category: security
     patterns:
       - pattern-either:
           - pattern-inside: $HANDLER="..."

assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml

@@ -9,6 +9,7 @@ rules:
       references:
         - https://nodejs.org/api/url.html#urlparseurlstring-parsequerystring-slashesdenotehost
         - https://nodejs.org/api/url.html#the-whatwg-url-api
+      category: security
     pattern-either:
       - pattern: url.parse(...)
       - pattern: require('url').parse(...)

assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml

@@ -4,6 +4,7 @@ rules:
       author: Ben Caller
       confidence: MEDIUM
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml
+      category: security
     message: The code contains new security hotspots which should be checked manually by a security team member! Could a user perform path traversal by setting a variable to include `../`?
     severity: INFO
     languages:

assets/semgrep_rules/services/pip-extra-index-url.yaml

@@ -7,6 +7,7 @@ rules:
         - https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/
       confidence: LOW
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/pip-extra-index-url.yaml
+      category: security
     message: >-
       Use --index-url instead of --extra-index-url to avoid dependency confusion. When using --extra-index-url, pip looks on pypi.org as well as the private index. It may install a malicious package from pypi.org with the same name as your private package instead of the package in your private index.
     severity: INFO

assets/semgrep_rules/services/starts-with-partial-host-py.yaml

@@ -4,6 +4,7 @@ rules:
       author: Ben Caller
       confidence: LOW
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/starts-with-partial-host-py.yaml
+      category: security
     patterns:
       - pattern: $URL.startswith("$PREFIX")
       - metavariable-regex:

assets/semgrep_rules/services/svelte-html-usages.yaml

@@ -8,6 +8,7 @@ rules:
         - https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
       confidence: LOW
       source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-html-usages.yaml
+      category: security
     message: >-
       The code contains new security hotspots (`{@html expression}`) which should be checked manually by a security team member!
     severity: INFO

assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml

@@ -7,7 +7,8 @@ rules:
         - https://cwe.mitre.org/data/definitions/615
         - https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
       confidence: LOW
-      source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-purifyConfig-usages.yaml
+      source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml
+      category: security
     message: >-
       The code contains new security hotspots (`purifyConfig`) which should be checked manually by a security team member!
     severity: INFO

assets/semgrep_rules/services/url-constructor-base.yaml

@@ -9,6 +9,7 @@ rules:
       assignees: |
         thypon
         kdenhartog
+      category: security
     message: Are you using the `URL(url, base)` constructor as a security control to limit the origin with base `$BASE`? The base is ignored whenever url looks like an absolute URL, e.g. when it begins `protocol://`. `\\\\` or `//x.y`. Verify that the URL's origin is as expected rather than relying on the URL constructor.
     severity: INFO
     languages: