forked from semgrep/semgrep-action
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9edb51e
commit de68b8a
Showing
22 changed files
with
52 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha-dependabot.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
run `semgrep login` before using `semgrep ci` or set `--config` | ||
run `semgrep login` before using `semgrep ci` or use `semgrep scan` and set `--config` |
2 changes: 1 addition & 1 deletion
2
tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
run `semgrep login` before using `semgrep ci` or set `--config` | ||
run `semgrep login` before using `semgrep ci` or use `semgrep scan` and set `--config` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
=== Running: semgrep ci --no-suppress-errors | ||
run `semgrep login` before using `semgrep ci` or set `--config` | ||
run `semgrep login` before using `semgrep ci` or use `semgrep scan` and set `--config` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{"errors": [], "paths": {"_comment": "<add --verbose for a list of skipped paths>", "scanned": ["python/django/security/audit/xss/template-blocktranslate-no-escape.html", "python/django/security/audit/xss/template-blocktranslate-no-escape.yaml", "python/django/security/audit/xss/template-translate-as-no-escape.html", "python/django/security/audit/xss/template-translate-as-no-escape.yaml", "python/django/security/audit/xss/template-translate-no-escape.html", "python/django/security/audit/xss/template-translate-no-escape.yaml"]}, "results": [{"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 20, "line": 4, "offset": 117}, "extra": {"engine_kind": "OSS", "fingerprint": "d8dc2478e002dedfd9c2d410f6b9a8ff46d070d80c65728e2cf6b8a7c016b16614976de312d01ada1bee21eb89448ac73a6110a1c1ecbe35d7df9840eb4a9870_0", "is_ignored": false, "lines": "{% translate \"Hello world\" as the_title %}\n<div>\n<h1>{{ the_title }}</h1>", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "the_title", "end": {"col": 40, "line": 2, "offset": 88}, "start": {"col": 31, "line": 2, "offset": 79}}}, "severity": "INFO"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 2, "offset": 49}}, {"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 15, "line": 9, "offset": 229}, "extra": {"engine_kind": "OSS", "fingerprint": "fa6a9f618686d3d1fadc6b2043dfffa90cf409c3e3b523b60bdb67da5960774bb917d9894d29c71ac38fad0ad46f2294d9618af7673bddc8006b4e94c8787830_0", "is_ignored": false, "lines": "{% trans \"Hello world\" as title %}\n<p>{{ title }}</p>", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "title", "end": {"col": 32, "line": 8, "offset": 211}, "start": {"col": 27, "line": 8, "offset": 206}}}, "severity": "INFO"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 8, "offset": 180}}], "version": "x.y.z"} | ||
{"errors": [], "interfile_languages_used": [], "paths": {"scanned": ["python/django/security/audit/xss/template-blocktranslate-no-escape.html", "python/django/security/audit/xss/template-blocktranslate-no-escape.yaml", "python/django/security/audit/xss/template-translate-as-no-escape.html", "python/django/security/audit/xss/template-translate-as-no-escape.yaml", "python/django/security/audit/xss/template-translate-no-escape.html", "python/django/security/audit/xss/template-translate-no-escape.yaml"]}, "results": [{"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 20, "line": 4, "offset": 117}, "extra": {"engine_kind": "OSS", "fingerprint": "d8dc2478e002dedfd9c2d410f6b9a8ff46d070d80c65728e2cf6b8a7c016b16614976de312d01ada1bee21eb89448ac73a6110a1c1ecbe35d7df9840eb4a9870_0", "is_ignored": false, "lines": "{% translate \"Hello world\" as the_title %}\n<div>\n<h1>{{ the_title }}</h1>", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "the_title", "end": {"col": 40, "line": 2, "offset": 88}, "start": {"col": 31, "line": 2, "offset": 79}}}, "severity": "INFO", "validation_state": "NO_VALIDATOR"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 2, "offset": 49}}, {"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 15, "line": 9, "offset": 229}, "extra": {"engine_kind": "OSS", "fingerprint": "fa6a9f618686d3d1fadc6b2043dfffa90cf409c3e3b523b60bdb67da5960774bb917d9894d29c71ac38fad0ad46f2294d9618af7673bddc8006b4e94c8787830_0", "is_ignored": false, "lines": "{% trans \"Hello world\" as title %}\n<p>{{ title }}</p>", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "title", "end": {"col": 32, "line": 8, "offset": 211}, "start": {"col": 27, "line": 8, "offset": 206}}}, "severity": "INFO", "validation_state": "NO_VALIDATOR"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 8, "offset": 180}}], "skipped_rules": [], "version": "x.y.z"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.