Source not available for rules in registry

[Sjord]

Some rules are available in the registry, but not in this semgrep-rules repository:

• python.lang.security.audit.dangerous-spawn-process.dangerous-spawn-process
• python.lang.security.audit.dangerous-system-call.dangerous-system-call
• python.jinja2.security.audit.autoescape-disabled.autoescape-disabled
• generic.dockerfile.security.last-user-is-root.last-user-is-root
• html.security.missing-noopener.missing-noopener
• html.security.missing-noreferrer.missing-noreferrer

These rules seem to be moved, keeping the old rule in the registry. Also, if you click on the "View source" link on any of the above pages, you get a 404.

[minusworld]

Hey @Sjord, thanks for filing.

This is a known issue between how the registry stores rules (in a database) and the semgrep-rules repository. Deletions don't sync since the logic to remove rules from downstream references (CI policies, rule packs, etc.) isn't implemented yet.

@raghavjain3 Should we move this to the App issues?