Merge Develop into Release #3508
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![r2c-argo[bot]](https://avatars.githubusercontent.com/u/29760937?s=60&v=4){kind=small}
test plan: make test
* PHP tainted exec When user input is passed to a function that executes a shell command, without escaping. * Correct message string YAML operator Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]> --------- Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]> Co-authored-by: Lewis <[email protected]>
* Upload dockerd socket mount detection rule and test file * Update dockerd-socket-mount.dockerfile * Update documentbuilderfactory-disallow-doctype-decl-missing.yaml Update the rule for checking if FEATURE_SECURE_PROCESSING is set to TRUE for DocumentBuilderFactory object. * Revert "Update documentbuilderfactory-disallow-doctype-decl-missing.yaml" This reverts commit c1e2281. --------- Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
* Switch to osemgrep test --experimental test plan: wait for green CI check * comment * comments
* remove fingerprints/fingerprints.yaml No idea what this file is, but it's annoying because we have to skip it in many scripts because it does not contain regular rules and target test files. Let's just remove it to simplify things. test plan: wait for green CI checks * remove every use of fingerprints (each time it was to skip the dir)
test plan: osemgrep test on those dirs do not report any more warnings about wrong annotations
test plan: wait for green CI checks
* Named metavariable bug for CMD-like instructions using array syntax was fixed * Update the expected autofixes
test plan: osemgrep validate --pro .
…ration in OpenAPI spec (#3446) * Rule: OpenAI isConsequential flag set to false for state changing operation in OpenAPI spec * set subcategory to audit instead of vuln * alternative approach --------- Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
Co-authored-by: Vasilii Ermilov <[email protected]>
* Exclude Slack webhook sample URL. * Test case for excluding Slack webhook sample URL. --------- Co-authored-by: Vasilii Ermilov <[email protected]>
* add semgrep/check-is-none-explicitly.yaml * add semgrep/check-is-none-explicitly.py * move new rule to correctness directory --------- Co-authored-by: Clara McCreery <[email protected]> Co-authored-by: Vasilii <[email protected]>
test plan: osemgrep test --pro solidity
Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
…eeptodoruleid:) (#3490) * Fix for osemgrep test --pro with DeepScan too Mostly some deepruleid: -> deeptodoruleid: as unfortunately the engine is still not good enough to find them test plan: osemgrep-pro test --pro . * fix
test plan: osemgrep-pro test --pro semgrep-rules/
* Remove scripts/run-test to simplify, call just osemgrep test It has been almost a month that we run both osemgrep test and pysemgrep --test and no complaints, so let's remove the use of pysemgrep --test so we can then remove the corresponding python code in pysemgrep. test plan: make validate make test-only wait for green CI checks * more
* remove redundant rules for HTML templates * Delete python/django/security/audit/xss/var-in-script-tag.html * Delete python/django/security/audit/xss/var-in-script-tag.yaml --------- Co-authored-by: Claudio <[email protected]>
* Update stacktrace-disclosure.cs * Update stacktrace-disclosure.yaml
* Remove redundant rule python.lang.security.audit.ftplib python.lang.security.audit.ftplib.ftplib is best replaced by python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls * Update use-ftp-tls.yaml
Should have been deleted in #3496, causing semgrep/semgrep-proprietary#2505 to fail
Delete python/lang/security/audit/ftplib.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Created automatically with the Argo bot using the Argo workflow in release-workflow.yaml