Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync with Pro #10250

Closed
wants to merge 9 commits into from
Closed

Sync with Pro #10250

wants to merge 9 commits into from

Conversation

IagoAbal
Copy link
Collaborator

No description provided.

mmcqd and others added 9 commits May 15, 2024 12:24
@mmcqd @IagoAbal
feat: AWS validator type for Secrets (#1483)
262be23 
Depends on #10216

To query the AWS STS endpoint, some extra data is needed to compute
authorization headers. Currently these can be included in an `http`
validator using the optional `auth` field. Since we should only ever
need to query one endpoint for AWS tokens, this PR adds a new `aws`
validator, where the rule writer can include much less information
manually. Before an AWS validator looked like this:
```
  validators:
  - http:
      request:
        auth:
          access_key_id: $KEY
          region: us-east-1
          secret_access_key: $SECRET
          service: sts
          type: sigv4
        headers:
          Host: sts.amazonaws.com
          User-Agent: Semgrep
        method: GET
        url: https://sts.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15
      response:
        ...
```
Now it can look like this:
```
  validators:
  - aws:
      request:
        access_key_id: $KEY
        region: us-east-1
        secret_access_key: $SECRET
      response:
       ...
```

synced from 64c9364fbeea7c56bbf26e8804566867e21477b8
@IagoAbal
ci: pro-benchmark-testing: Rename semgrep -> OSS (#1505)
dd9a4b9 
During the merge of Pro+OSS we renamed `semgrep/` to `OSS/` and that
broke the benchmarks.

Had to remove an expected finding in _aws-doc-sdk-examples_: 

    Error running benchmark semgrep.bench.aws-doc-sdk-examples
    Missing 1 findings:
{"check_id":
"OSS.perf.bench.rules_cache.aws-doc-sdk-examples.tainted-sql-string",
"end": {"col": 243, "line": 57, "offset": 2421}, "extra": "<masked in
benchmarks>", "path": "<masked in
benchmarks>/OSS/perf/bench/aws-doc-sdk-examples/input/aws-doc-sdk-examples.git/javav2/usecases/CreatingSpringRedshiftRest/src/main/java/com/aws/rest/InjectWorkService.java",
"start": {"col": 35, "line": 57, "offset": 2213}}

I tried reproducing this with a pre-merge version (but using directly
_semgrep-core-proprietary_) and I could not get that finding either.

Also deleted some files that referred to Emma's HOME folder which I'm
assuming should not have been committed.

test plan:
CI

synced from f089de8d20f6143034fe5a63a3b81649ab490317
@aryx @IagoAbal
Do not ignore OSS/ anymore in precommit (#1509)
467a2e2 
test plan:
modify OSS/src/main/Main.ml indentation and run
pre-commit run -a
=> now it fixes the file

synced from 0fb525f415fcc7bfe13cda0e0c0b9b1bd86c090b
@kopecs @IagoAbal
feat: use product_ignored_files in semgrep ci (#1501)
62384ec 
Previously we only consumed a single "global" ignore list from the App.
With this, we'll use the new `product_ignored_files` (See
semgrep/semgrep-interfaces#248) and only use the
deprecated `ignored_files` as a fallback if `product_ignored_files` is
not present. Existing plumbing makes it so that this merely requires a
swap out for the `ignore_patterns` property.

Test plan: updated pytest coverage.

synced from 014272b1ee69731f74af0aff2a59cbd50e2f26c8
@aryx @IagoAbal
Relax OSS/.pre-commit-config.yaml (#1511)
5f46332 
test plan:
wait for sync script of iago and see if precommit now pass
for #10241

synced from 55840a1d105aece6cb5d054dbd3f08696ca40d49
@aryx @IagoAbal
Add more precommit from OSS to pro, part2 (#1512)
773972e 
test plan:
pre-commit run -a

See that it fixes some of the CI failures in
#10241 precommit check

synced from 740a985a8b024fec103f7d96a9d542302e07a4ff
@aryx @IagoAbal
Fix OSS/.../check-semgrep-pro.jsonnet, use OSS folder (#1514)
d6d558c 
test plan:
made similar PR in semgrep:
https://github.com/semgrep/semgrep/pull/10243/files
and it passes

synced from b273346673bfa331418ec6457bfec701b64cf5ba
@akuhlens @IagoAbal
fix: Parsing some git urls that don't end in ".git" (#1504) (#1503)
b55a0c7 
Adds support for parsing git urls without an explicit protocol or being
terminated in ".git" that contain dashes in the owner or repo.

closes
[saf-988](https://linear.app/semgrep/issue/SAF-988/limitation-in-git-url-parser-for-the-format-gitserverownerrepo-with-no)

## test plan
Adds tests, CI should continue to pass, plus the following commands.
* `make`
* `make install`
* `cd semgrep/cli`
* `make setup`
* `make test`

synced from df1b33caeb13087b6f206b3a95ff4d1b8fe60bc6
@aryx @IagoAbal
precommit part3: adding flake8 from OSS (#1515)
8fbdd74 
test plan:
pre-commit run -a

synced from 7476ab566890701c85fe1fe1c370437dca2b2fbb
@github-actions GitHub Actions
Copy link
Contributor

PR checklist:

  • Purpose of the code is evident to future readers
  • Tests included or PR comment includes a reproducible test plan
  • Documentation is up-to-date
  • A changelog entry was added to changelog.d for any user-facing change
  • Change has no security implications (otherwise, ping security team)

If you're unsure about any of this, please see:

@aryx
Copy link
Collaborator

aryx commented May 15, 2024

?? dupe?

@aryx aryx closed this May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@IagoAbal @aryx @mmcqd @kopecs @akuhlens