Merge Develop into Release #3185
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![r2c-argo[bot]](https://avatars.githubusercontent.com/u/29760937?s=60&v=4){kind=small}
…riable (#3159) * add returntocorp/reserved-aws-lambda-environment-variable.yaml * add returntocorp/reserved-aws-lambda-environment-variable.tf * move files --------- Co-authored-by: Grayson H <[email protected]> Co-authored-by: Vasilii <[email protected]>
I'm making a change to the Semgrep Pro Engine which will correctly model the fact that `java.lang.Object` is at the top of any inheritance hierarchy in Java. As such, the pattern `Object $X` will match any object type, including the `String` types used in the tests here. In general, we do want the Pro Engine, when presented with a pattern `(Foo $X)`, to also match any subtypes of `Foo`. Based on a discussion with Pieter, this should actually match any object type except for `String`s and boxed types. As such, I have updated this rule and the test cases accordingly. Now, it functions the same both on the Pro Engine and OSS, and is more accurate than before on both.
Update `server-dangerous-object-deserialization` rule
…Image package_type (#3167) * Add rule flagging redundant fields on AWS Lambda resource when using Image package_type * Shorten rule ID a tad --------- Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
Thanks to semgrep/semgrep#8993 the include: directive in the rule is now ignored in a test context, so you can use back the same name than the rule for the test target file test plan: see related PR in semgrep
…tch permissions (#3163) * Add rule for missing asterisk at end of aws_lambda_permission cloudwatch permissions * Remove swap file, add tech metadata * Shorten rule ID a tad
Update test targets for tests relying on include:
* Skip Apex rules when running the OSS testsuite * Skip Apex rules in testsuite - part 2
* Add apex and VF security rules * Remove best practice rule * Clean up * Add performance and best practice rules * Rename AbsoluteUrls rule to use Pascal Case * Update technology to Salesforce * Update ids and metadata * Use standard folder structure * Update ids and metadata for VF rules * Fix lints * Move best practice rule * Fix testsuite * Update min-version --------- Co-authored-by: Claudio <[email protected]> Co-authored-by: Claudio <[email protected]>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
* hashids-with-django-secret The Django secret key is used as salt in HashIDs. The HashID mechanism is not secure. By observing sufficient HashIDs, the salt used to construct them can be recovered. This means the Django secret key can be obtained by attackers, through the HashIDs. This is a rare bug, but easy to detect. * hashids-with-flask-secret The Flask secret key is used as salt in HashIDs. The HashID mechanism is not secure. By observing sufficient HashIDs, the salt used to construct them can be recovered. This means the Flask secret key can be obtained by attackers, through the HashIDs. * Add subcategory vuln Linter complained about subcategory missing. This seems like an actual problem that should be resolved. --------- Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
* test-is-missing-assert Check for `a == b` in tests, which should probably be `assert a == b`. * Set message with >- To make the linter happy --------- Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Created automatically with the Argo bot using the Argo workflow in release-workflow.yaml