semgrep rule to flag undesirable package imports in adapter code #2911
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
onkarvhanumante
changed the title
onkarvhanumante
changed the title
gargcreation1992
approved these changes
Jul 10, 2023
SyntaxNode
reviewed
Jul 10, 2023
| @@ -0,0 +1,13 @@ | |||
| rules: | |||
| - id: package-import-check | |||
| message: Importing "$PKG" package is not recommended in adapter code | |||
There was a problem hiding this comment.
Please use stronger wording. These packages are not allowed / banned. It's more than a recommendation.
There was a problem hiding this comment.
Apologies. PR got merged. Added #2913 to make this change
Sonali-More-Xandr
approved these changes
Jul 10, 2023
Peiling-Ding
pushed a commit
to ParticleMedia/prebid-server
that referenced
this pull request
Jul 14, 2023
Peiling-Ding
added a commit
to ParticleMedia/prebid-server
that referenced
this pull request
Jul 14, 2023
* Fix: deal tiers no longer ignored due to presence of tid (prebid#2829) * CAPT-787: GPP support for imds bidder. (prebid#2867) Co-authored-by: Timothy M. Ace <tace@imds.tv> * Adsinteractive: change usersync endpoint to https (prebid#2861) Co-authored-by: Balint Vargha <varghabalint@gmail.com> * consumable adapter: add gpp support (prebid#2883) * feat: IX Bid Adapter - gpp support for user sync urls (prebid#2873) Co-authored-by: Chris Corbo <chris.corbo@indexexchange.com> * fix: update links in readme (prebid#2888) authored by @akkapur * New Adapter: AIDEM (prebid#2824) Co-authored-by: AndreaC <67786179+darkstarac@users.noreply.github.com> Co-authored-by: Andrea Tumbarello <Wazabit@users.noreply.github.com> Co-authored-by: darkstar <canazza@wazabit.it> * Improve Digital adapter: Set currency in bid response (prebid#2886) * Sharethrough: Support multiformat bid request impression (prebid#2866) * Triplelift Bid Adapter: Adding GPP Support (prebid#2887) * YahooAdvertising rebranding to Yahoo Ads. (prebid#2872) Co-authored-by: oath-jac <dsp-supply-prebid@verizonmedia.com> * IX: MultiImp Implementation (prebid#2779) Co-authored-by: Chris Corbo <chris.corbo@indexexchange.com> Co-authored-by: Oronno Mamun <oronno.mamun@indexexchange.com> * Exchange unit test fix (prebid#2868) * Semgrep rules for adapters (prebid#2833) * IX: Remove glog statement (prebid#2909) * Activities framework (prebid#2844) * PWBID: Update Default Endpoint (prebid#2903) * script to run semgrep tests against adapter PRs (prebid#2907) authored by @onkarvhanumante * semgrep rule to detect undesirable package imports in adapter code (prebid#2911) * update package-import message (prebid#2913) authored by @onkarvhanumante * Bump google.golang.org/grpc from 1.46.2 to 1.53.0 (prebid#2905) --------- Co-authored-by: Brian Sardo <1168933+bsardo@users.noreply.github.com> Co-authored-by: Timothy Ace <github.com-1@timothyace.com> Co-authored-by: Timothy M. Ace <tace@imds.tv> Co-authored-by: balintvargha <122350182+balintvargha@users.noreply.github.com> Co-authored-by: Balint Vargha <varghabalint@gmail.com> Co-authored-by: Jason Piros <jasonpiros@gmail.com> Co-authored-by: ccorbo <ccorbo2013@gmail.com> Co-authored-by: Chris Corbo <chris.corbo@indexexchange.com> Co-authored-by: Ankush <ankush.kapur@gmail.com> Co-authored-by: Giovanni Sollazzo <gs@aidem.com> Co-authored-by: AndreaC <67786179+darkstarac@users.noreply.github.com> Co-authored-by: Andrea Tumbarello <Wazabit@users.noreply.github.com> Co-authored-by: darkstar <canazza@wazabit.it> Co-authored-by: Jozef Bartek <31618107+jbartek25@users.noreply.github.com> Co-authored-by: Max Dupuis <118775839+maxime-dupuis@users.noreply.github.com> Co-authored-by: Patrick Loughrey <ploughrey@triplelift.com> Co-authored-by: radubarbos <raduiquest79@gmail.com> Co-authored-by: oath-jac <dsp-supply-prebid@verizonmedia.com> Co-authored-by: Oronno Mamun <oronno.mamun@indexexchange.com> Co-authored-by: Veronika Solovei <kalypsonika@gmail.com> Co-authored-by: Onkar Hanumante <onkar.hanumante@xandr.com> Co-authored-by: Stephen Johnston <tiquortoo@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
PR adds semgrep rule to flag undesirable package imports in adapter code. Plan here is to run this rule as adapter PR checks. Refer #2907 for more details.
Semgrep uses import metavariable to match package imports - https://semgrep.dev/docs/writing-rules/pattern-syntax/#import-metavariables
Testing
Sample playground example: https://semgrep.dev/playground/s/QBlo
Semgrep unit tests passing
Found following instances in repo