Add exclusions for weak hash vulnerabilities

[uurien]

What does this PR do?

Excludes vulnerabilities to be detected preventing some false positives.

Motivation

We are detecting as vulnerability each time that vulnerable hashing algorithm as sha1 is used in the customer application. Sometimes, the use of this kind of algorithms doesn't involve a risk, and we can't prevent the the noise in the UI just excluding it.

Plugin Checklist

• Unit tests.

Additional Notes

[github-actions]

Overall package size

Self size: 4.25 MB
Deduped: 58.45 MB
No deduping: 58.49 MB

Dependency sizes

name	version	self size	total size
@datadog/pprof	2.2.1	14.24 MB	15.12 MB
@datadog/native-iast-taint-tracking	1.4.1	14.85 MB	14.86 MB
@datadog/native-appsec	3.2.0	13.38 MB	13.39 MB
protobufjs	7.1.2	2.76 MB	6.55 MB
@datadog/native-iast-rewriter	2.0.1	2.09 MB	2.1 MB
@datadog/native-metrics	2.0.0	898.77 kB	1.3 MB
opentracing	0.14.7	194.81 kB	194.81 kB
semver	7.3.8	88.2 kB	118.6 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
ipaddr.js	2.0.1	59.52 kB	59.52 kB
ignore	5.2.0	48.87 kB	48.87 kB
import-in-the-middle	1.3.5	34.34 kB	38.81 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
retry	0.10.1	27.44 kB	27.44 kB
lodash.uniq	4.5.0	25.01 kB	25.01 kB
limiter	1.1.5	23.17 kB	23.17 kB
lodash.kebabcase	4.1.1	17.75 kB	17.75 kB
lodash.pick	4.4.0	16.33 kB	16.33 kB
node-abort-controller	3.0.1	14.33 kB	14.33 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
diagnostics_channel	1.1.0	7.07 kB	7.07 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
methods	1.1.2	5.29 kB	5.29 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[uurien]

last path.sep is to force the directory name and not any other module that can be something like node_modules/object-hash-but-this-is-fake/index.js

[codecov]

Codecov Report

Merging #3223 (255a2f4) into master (5082455) will increase coverage by 0.05%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #3223      +/-   ##
==========================================
+ Coverage   85.72%   85.77%   +0.05%     
==========================================
  Files         182      182              
  Lines        7229     7235       +6     
  Branches       33       33              
==========================================
+ Hits         6197     6206       +9     
+ Misses       1032     1029       -3     

Impacted Files	Coverage Δ
...ce/src/appsec/iast/analyzers/weak-hash-analyzer.js	100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[pr-commenter]

Benchmarks

Comparing candidate commit 255a2f4 in PR branch ugaitz/exclude-weak-hash-false-positives with baseline commit 5082455 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 449 metrics, 23 unstable metrics.