Skip to content

Commit 2fb6e3a

Browse files
nickcdonnickcdon
committed
Merge remote-tracking branch 'upstream/main'
2 parents 4f6afee + 1da3910 commit 2fb6e3a

5 files changed

Lines changed: 287 additions & 0 deletions

File tree

server/projects/main/apps/scan_conf/management/commands/open_source/semgrep.json

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15438,6 +15438,20 @@
1543815438
],
1543915439
"labels": []
1544015440
},
15441+
{
15442+
"real_name": "owasp.java.xxe.org.xml.sax.XMLReader",
15443+
"display_name": "Owasp.java.xxe.org.xml.sax.xmlreader",
15444+
"severity": "error",
15445+
"category": "security",
15446+
"rule_title": "contrib.owasp: owasp.java.xxe.org.xml.sax.XMLReader",
15447+
"description": "XMLReader being instantiated without calling the setFeature functions that are generally used for disabling entity processing\n",
15448+
"rule_params": null,
15449+
"solution": null,
15450+
"languages": [
15451+
"java"
15452+
],
15453+
"labels": []
15454+
},
1544115455
{
1544215456
"real_name": "insecure-pickle-use",
1544315457
"display_name": "InsecurePickleUse",

server/projects/main/apps/scan_conf/management/commands/open_source_package/safety_go.json

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -339,6 +339,20 @@
339339
"severity": "warning",
340340
"rule_params": null,
341341
"state": "enabled"
342+
},
343+
{
344+
"checktool": "semgrep",
345+
"checkrule": "use-of-md5",
346+
"severity": "warning",
347+
"rule_params": null,
348+
"state": "enabled"
349+
},
350+
{
351+
"checktool": "semgrep",
352+
"checkrule": "raw-html-format",
353+
"severity": "warning",
354+
"rule_params": null,
355+
"state": "enabled"
342356
}
343357
],
344358
"open_saas": true,

server/projects/main/apps/scan_conf/management/commands/open_source_package/safety_java.json

Lines changed: 147 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -235,6 +235,153 @@
235235
"rule_params": null,
236236
"state": "enabled"
237237
},
238+
{
239+
"checktool": "semgrep",
240+
"checkrule": "jjwt-none-alg",
241+
"severity": "error",
242+
"rule_params": null,
243+
"state": "enabled"
244+
},
245+
{
246+
"checktool": "semgrep",
247+
"checkrule": "formatted-sql-string",
248+
"severity": "error",
249+
"rule_params": null,
250+
"state": "enabled"
251+
},
252+
{
253+
"checktool": "semgrep",
254+
"checkrule": "cookie-missing-secure-flag",
255+
"severity": "warning",
256+
"rule_params": null,
257+
"state": "enabled"
258+
},
259+
{
260+
"checktool": "semgrep",
261+
"checkrule": "tainted-session-from-http-request",
262+
"severity": "warning",
263+
"rule_params": null,
264+
"state": "enabled"
265+
},
266+
{
267+
"checktool": "semgrep",
268+
"checkrule": "cookie-missing-httponly",
269+
"severity": "warning",
270+
"rule_params": null,
271+
"state": "enabled"
272+
},
273+
{
274+
"checktool": "semgrep",
275+
"checkrule": "weak-random",
276+
"severity": "warning",
277+
"rule_params": null,
278+
"state": "enabled"
279+
},
280+
{
281+
"checktool": "semgrep",
282+
"checkrule": "use-of-md5",
283+
"severity": "warning",
284+
"rule_params": null,
285+
"state": "enabled"
286+
},
287+
{
288+
"checktool": "semgrep",
289+
"checkrule": "cve-2022-22965",
290+
"severity": "warning",
291+
"rule_params": null,
292+
"state": "enabled"
293+
},
294+
{
295+
"checktool": "semgrep",
296+
"checkrule": "tainted-sql-string",
297+
"severity": "error",
298+
"rule_params": null,
299+
"state": "enabled"
300+
},
301+
{
302+
"checktool": "semgrep",
303+
"checkrule": "tainted-file-path",
304+
"severity": "error",
305+
"rule_params": null,
306+
"state": "enabled"
307+
},
308+
{
309+
"checktool": "semgrep",
310+
"checkrule": "tainted-html-string",
311+
"severity": "error",
312+
"rule_params": null,
313+
"state": "enabled"
314+
},
315+
{
316+
"checktool": "semgrep",
317+
"checkrule": "owasp.java.ssrf.java.net.url",
318+
"severity": "error",
319+
"rule_params": null,
320+
"state": "enabled"
321+
},
322+
{
323+
"checktool": "semgrep",
324+
"checkrule": "owasp.java.xxe.javax.xml.stream.XMLInputFactory",
325+
"severity": "warning",
326+
"rule_params": null,
327+
"state": "enabled"
328+
},
329+
{
330+
"checktool": "semgrep",
331+
"checkrule": "owasp.java.ssrf.org.apache.commons.httpclient",
332+
"severity": "error",
333+
"rule_params": null,
334+
"state": "enabled"
335+
},
336+
{
337+
"checktool": "semgrep",
338+
"checkrule": "owasp.java.ssrf.org.apache.http.impl.client.CloseableHttpClient",
339+
"severity": "error",
340+
"rule_params": null,
341+
"state": "enabled"
342+
},
343+
{
344+
"checktool": "semgrep",
345+
"checkrule": "owasp.java.xxe.org.apache.commons.digester3.Digester",
346+
"severity": "error",
347+
"rule_params": null,
348+
"state": "enabled"
349+
},
350+
{
351+
"checktool": "semgrep",
352+
"checkrule": "owasp.java.xxe.javax.xml.parsers.DocumentBuilderFactory",
353+
"severity": "error",
354+
"rule_params": null,
355+
"state": "enabled"
356+
},
357+
{
358+
"checktool": "semgrep",
359+
"checkrule": "owasp.java.xxe.org.jdom2.input.SAXBuilder",
360+
"severity": "error",
361+
"rule_params": null,
362+
"state": "enabled"
363+
},
364+
{
365+
"checktool": "semgrep",
366+
"checkrule": "owasp.java.xxe.org.dom4j.io.SAXReader",
367+
"severity": "error",
368+
"rule_params": null,
369+
"state": "enabled"
370+
},
371+
{
372+
"checktool": "semgrep",
373+
"checkrule": "owasp.java.xxe.org.xml.sax.XMLReader",
374+
"severity": "error",
375+
"rule_params": null,
376+
"state": "enabled"
377+
},
378+
{
379+
"checktool": "semgrep",
380+
"checkrule": "owasp.java.xxe.javax.xml.parsers.SAXParserFactory",
381+
"severity": "error",
382+
"rule_params": null,
383+
"state": "enabled"
384+
},
238385
{
239386
"checktool": "infer_java",
240387
"checkrule": "BUFFER_OVERRUN_L1",

server/projects/main/apps/scan_conf/management/commands/open_source_package/safety_php.json

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,69 @@
115115
"severity": "warning",
116116
"rule_params": null,
117117
"state": "enabled"
118+
},
119+
{
120+
"checktool": "semgrep",
121+
"checkrule": "exec-use",
122+
"severity": "error",
123+
"rule_params": null,
124+
"state": "enabled"
125+
},
126+
{
127+
"checktool": "semgrep",
128+
"checkrule": "unserialize-use",
129+
"severity": "warning",
130+
"rule_params": null,
131+
"state": "enabled"
132+
},
133+
{
134+
"checktool": "semgrep",
135+
"checkrule": "eval-use",
136+
"severity": "error",
137+
"rule_params": null,
138+
"state": "enabled"
139+
},
140+
{
141+
"checktool": "semgrep",
142+
"checkrule": "weak-crypto",
143+
"severity": "error",
144+
"rule_params": null,
145+
"state": "enabled"
146+
},
147+
{
148+
"checktool": "semgrep",
149+
"checkrule": "md5-loose-equality",
150+
"severity": "error",
151+
"rule_params": null,
152+
"state": "enabled"
153+
},
154+
{
155+
"checktool": "semgrep",
156+
"checkrule": "file-inclusion",
157+
"severity": "error",
158+
"rule_params": null,
159+
"state": "enabled"
160+
},
161+
{
162+
"checktool": "semgrep",
163+
"checkrule": "tainted-sql-string",
164+
"severity": "error",
165+
"rule_params": null,
166+
"state": "enabled"
167+
},
168+
{
169+
"checktool": "semgrep",
170+
"checkrule": "tainted-object-instantiation",
171+
"severity": "warning",
172+
"rule_params": null,
173+
"state": "enabled"
174+
},
175+
{
176+
"checktool": "semgrep",
177+
"checkrule": "tainted-filename",
178+
"severity": "warning",
179+
"rule_params": null,
180+
"state": "enabled"
118181
}
119182
],
120183
"open_saas": false,

server/projects/main/apps/scan_conf/management/commands/open_source_package/safety_python.json

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -318,6 +318,55 @@
318318
"severity": "error",
319319
"rule_params": null,
320320
"state": "enabled"
321+
},
322+
{
323+
"checktool": "semgrep",
324+
"checkrule": "template-href-var",
325+
"severity": "warning",
326+
"rule_params": null,
327+
"state": "enabled"
328+
},
329+
{
330+
"checktool": "semgrep",
331+
"checkrule": "render-template-string",
332+
"severity": "warning",
333+
"rule_params": null,
334+
"state": "enabled"
335+
},
336+
{
337+
"checktool": "semgrep",
338+
"checkrule": "raw-html-format",
339+
"severity": "warning",
340+
"rule_params": null,
341+
"state": "enabled"
342+
},
343+
{
344+
"checktool": "semgrep",
345+
"checkrule": "tainted-sql-string",
346+
"severity": "error",
347+
"rule_params": null,
348+
"state": "enabled"
349+
},
350+
{
351+
"checktool": "semgrep",
352+
"checkrule": "formatted-sql-query",
353+
"severity": "warning",
354+
"rule_params": null,
355+
"state": "enabled"
356+
},
357+
{
358+
"checktool": "semgrep",
359+
"checkrule": "md5-used-as-password",
360+
"severity": "warning",
361+
"rule_params": null,
362+
"state": "enabled"
363+
},
364+
{
365+
"checktool": "semgrep",
366+
"checkrule": "insecure-requests-use",
367+
"severity": "warning",
368+
"rule_params": null,
369+
"state": "enabled"
321370
}
322371
],
323372
"open_saas": true,

0 commit comments

Comments
 (0)