Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge Develop into Release #3510

Merged
merged 30 commits into from
Nov 4, 2024
Merged

Merge Develop into Release #3510

merged 30 commits into from
Nov 4, 2024

Conversation

r2c-argo[bot]
Copy link
Contributor

@r2c-argo r2c-argo bot commented Nov 4, 2024

Created automatically with the Argo bot using the Argo workflow in release-workflow.yaml

Yoann Padioleau and others added 30 commits September 18, 2024 11:17
* PHP tainted exec

When user input is passed to a function that executes a shell command, without
escaping.

* Correct message string YAML operator

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>

---------

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>
Co-authored-by: Lewis <LewisArdern@live.co.uk>
* Upload dockerd socket mount detection rule and test file

* Update dockerd-socket-mount.dockerfile

* Update documentbuilderfactory-disallow-doctype-decl-missing.yaml

Update the rule for checking if FEATURE_SECURE_PROCESSING is set to TRUE for DocumentBuilderFactory object.

* Revert "Update documentbuilderfactory-disallow-doctype-decl-missing.yaml"

This reverts commit c1e2281.

---------

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>
* Switch to osemgrep test --experimental

test plan:
wait for green CI check

* comment

* comments
* remove fingerprints/fingerprints.yaml

No idea what this file is, but it's annoying because
we have to skip it in many scripts because it does not
contain regular rules and target test files.
Let's just remove it to simplify things.

test plan:
wait for green CI checks

* remove every use of fingerprints (each time it was to skip the dir)
test plan:
osemgrep test on those dirs do not report any more warnings
about wrong annotations
test plan:
wait for green CI checks
* Named metavariable bug for CMD-like instructions using array syntax was fixed

* Update the expected autofixes
test plan:
osemgrep validate --pro .
…ration in OpenAPI spec (#3446)

* Rule: OpenAI isConsequential flag set to false for state changing operation in OpenAPI spec

* set subcategory to audit instead of vuln

* alternative approach

---------

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>
Co-authored-by: Vasilii Ermilov <inkz@xakep.ru>
* Exclude Slack webhook sample URL.

* Test case for excluding Slack webhook sample URL.

---------

Co-authored-by: Vasilii Ermilov <inkz@xakep.ru>
* add semgrep/check-is-none-explicitly.yaml

* add semgrep/check-is-none-explicitly.py

* move new rule to correctness directory

---------

Co-authored-by: Clara McCreery <clara@semgrep.com>
Co-authored-by: Vasilii <inkz@xakep.ru>
test plan:
osemgrep test --pro solidity
Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>
…eeptodoruleid:) (#3490)

* Fix for osemgrep test --pro with DeepScan too

Mostly some deepruleid: -> deeptodoruleid: as unfortunately
the engine is still not good enough to find them

test plan:
osemgrep-pro test --pro .

* fix
test plan:
osemgrep-pro test --pro semgrep-rules/
* Remove scripts/run-test to simplify, call just osemgrep test

It has been almost a month that we run both osemgrep test
and pysemgrep --test and no complaints, so let's remove
the use of pysemgrep --test so we can then remove the
corresponding python code in pysemgrep.

test plan:
make validate
make test-only
wait for green CI checks

* more
* remove redundant rules for HTML templates

* Delete python/django/security/audit/xss/var-in-script-tag.html

* Delete python/django/security/audit/xss/var-in-script-tag.yaml

---------

Co-authored-by: Claudio <claudio@r2c.dev>
* Update stacktrace-disclosure.cs

* Update stacktrace-disclosure.yaml
* Remove redundant rule python.lang.security.audit.ftplib

python.lang.security.audit.ftplib.ftplib is best replaced by  python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls

* Update use-ftp-tls.yaml
Delete python/lang/security/audit/ftplib.py
Copy link
Collaborator

@p4p3r p4p3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@p4p3r p4p3r merged commit 7a0f292 into release Nov 4, 2024
9 checks passed
@p4p3r p4p3r deleted the merge-develop-to-release branch November 4, 2024 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.