From de68b8a0a6038a255884265b4c7b75f925e12c60 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 9 Feb 2024 09:05:57 +0000 Subject: [PATCH] Update pytest snapshots --- tests/acceptance/baseline-generic/new-agent.out | 5 ++--- tests/acceptance/baseline-local-file/new-agent.out | 5 ++--- .../disconnected-generic/disconnected-agent.out | 7 +++---- tests/acceptance/ignore-logs/new-agent.err | 4 ++-- tests/acceptance/mergebase-generic/new-agent.out | 14 ++++++-------- .../empty-deployment-token-env-gha-dependabot.out | 2 +- .../empty-deployment-token-env-gha.out | 2 +- .../misconfigured-generic/missing-config.err | 2 +- tests/acceptance/multiconfig-generic/new-agent.err | 6 +++--- tests/acceptance/multiconfig-generic/new-agent.out | 5 ++--- tests/acceptance/mutlimerge-generic/new-agent.err | 6 +++--- tests/acceptance/push-generic/push-agent.out | 7 +++---- .../semgrep-rules-repo/local-config-full-scan.out | 2 +- .../local-config-some-new-results-audit-mode.out | 10 ++++------ ...cal-config-some-new-results-github-env-json.err | 3 +-- ...cal-config-some-new-results-github-env-json.out | 2 +- ...cal-config-some-new-results-gitlab-env-json.out | 6 ++++-- .../local-config-some-new-results-gitlab-json.out | 6 ++++-- .../local-config-some-new-results-json.out | 2 +- .../local-config-some-new-results.out | 10 ++++------ tests/acceptance/semgrep-rules-repo/no-config.err | 2 +- tests/acceptance/symlink-dir/new-agent.err | 4 ++-- 22 files changed, 52 insertions(+), 60 deletions(-) diff --git a/tests/acceptance/baseline-generic/new-agent.out b/tests/acceptance/baseline-generic/new-agent.out index 1b2d6349..53513d29 100644 --- a/tests/acceptance/baseline-generic/new-agent.out +++ b/tests/acceptance/baseline-generic/new-agent.out @@ -5,9 +5,8 @@ └─────────────────────────┘ bar.py - python.lang.correctness.useless-eqeq.useless-eqeq - This expression is always True: `2 == 2` or `2 != 2`. If testing for - floating point NaN, use + ❱ python.lang.correctness.useless-eqeq.useless-eqeq + This expression is always True: `2 == 2` or `2 != 2`. If testing for floating point NaN, use `math.isnan(2)`, or `cmath.isnan(2)` if the number is complex. Details: https://sg.run/GeAp diff --git a/tests/acceptance/baseline-local-file/new-agent.out b/tests/acceptance/baseline-local-file/new-agent.out index a173d34f..0354f501 100644 --- a/tests/acceptance/baseline-local-file/new-agent.out +++ b/tests/acceptance/baseline-local-file/new-agent.out @@ -5,9 +5,8 @@ └─────────────────────────┘ bar.py - python.lang.correctness.useless-eqeq.useless-eqeq - This expression is always True: `3 == 3` or `3 != 3`. If testing for - floating point NaN, use + ❱ python.lang.correctness.useless-eqeq.useless-eqeq + This expression is always True: `3 == 3` or `3 != 3`. If testing for floating point NaN, use `math.isnan(3)`, or `cmath.isnan(3)` if the number is complex. Details: https://sg.run/GeAp diff --git a/tests/acceptance/disconnected-generic/disconnected-agent.out b/tests/acceptance/disconnected-generic/disconnected-agent.out index 83896c45..9b976d4e 100644 --- a/tests/acceptance/disconnected-generic/disconnected-agent.out +++ b/tests/acceptance/disconnected-generic/disconnected-agent.out @@ -5,10 +5,9 @@ └─────────────────────────┘ foo.py - python.lang.correctness.useless-eqeq.useless-eqeq - This expression is always True: `10 == 10` or `10 != 10`. If testing - for floating point NaN, - use `math.isnan(10)`, or `cmath.isnan(10)` if the number is complex. + ❱ python.lang.correctness.useless-eqeq.useless-eqeq + This expression is always True: `10 == 10` or `10 != 10`. If testing for floating point NaN, use + `math.isnan(10)`, or `cmath.isnan(10)` if the number is complex. Details: https://sg.run/GeAp 1┆ 10 == 10 diff --git a/tests/acceptance/ignore-logs/new-agent.err b/tests/acceptance/ignore-logs/new-agent.err index 1372cf29..5ff4d92b 100644 --- a/tests/acceptance/ignore-logs/new-agent.err +++ b/tests/acceptance/ignore-logs/new-agent.err @@ -13,7 +13,7 @@ ┌─────────────┐ │ Scan Status │ └─────────────┘ - Scanning 2 files tracked by git with 98 Code rules: + Scanning 2 files tracked by git with 122 Code rules: Scanning 1 file. Current version has 0 findings. @@ -31,5 +31,5 @@ Some files were skipped or only partially analyzed. (need more rules? `semgrep login` for additional free Semgrep Registry rules) CI scan completed successfully. - Found 0 findings (0 blocking) from 98 rules. + Found 0 findings (0 blocking) from 122 rules. No blocking findings so exiting with code 0 diff --git a/tests/acceptance/mergebase-generic/new-agent.out b/tests/acceptance/mergebase-generic/new-agent.out index f98733e7..84c6fe87 100644 --- a/tests/acceptance/mergebase-generic/new-agent.out +++ b/tests/acceptance/mergebase-generic/new-agent.out @@ -5,19 +5,17 @@ └──────────────────────────┘ baz.py - python.lang.correctness.useless-eqeq.useless-eqeq - This expression is always True: `15 == 15` or `15 != 15`. If testing - for floating point NaN, - use `math.isnan(15)`, or `cmath.isnan(15)` if the number is complex. + ❱ python.lang.correctness.useless-eqeq.useless-eqeq + This expression is always True: `15 == 15` or `15 != 15`. If testing for floating point NaN, use + `math.isnan(15)`, or `cmath.isnan(15)` if the number is complex. Details: https://sg.run/GeAp 1┆ 15 == 15 foo.py - python.lang.correctness.useless-eqeq.useless-eqeq - This expression is always True: `10 == 10` or `10 != 10`. If testing - for floating point NaN, - use `math.isnan(10)`, or `cmath.isnan(10)` if the number is complex. + ❱ python.lang.correctness.useless-eqeq.useless-eqeq + This expression is always True: `10 == 10` or `10 != 10`. If testing for floating point NaN, use + `math.isnan(10)`, or `cmath.isnan(10)` if the number is complex. Details: https://sg.run/GeAp 1┆ 10 == 10 diff --git a/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha-dependabot.out b/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha-dependabot.out index 8ac4446a..be61b638 100644 --- a/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha-dependabot.out +++ b/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha-dependabot.out @@ -1 +1 @@ -run `semgrep login` before using `semgrep ci` or set `--config` +run `semgrep login` before using `semgrep ci` or use `semgrep scan` and set `--config` diff --git a/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha.out b/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha.out index 8ac4446a..be61b638 100644 --- a/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha.out +++ b/tests/acceptance/misconfigured-generic/empty-deployment-token-env-gha.out @@ -1 +1 @@ -run `semgrep login` before using `semgrep ci` or set `--config` +run `semgrep login` before using `semgrep ci` or use `semgrep scan` and set `--config` diff --git a/tests/acceptance/misconfigured-generic/missing-config.err b/tests/acceptance/misconfigured-generic/missing-config.err index 61a51020..6f12b8ec 100644 --- a/tests/acceptance/misconfigured-generic/missing-config.err +++ b/tests/acceptance/misconfigured-generic/missing-config.err @@ -1,2 +1,2 @@ === Running: semgrep ci --no-suppress-errors -run `semgrep login` before using `semgrep ci` or set `--config` +run `semgrep login` before using `semgrep ci` or use `semgrep scan` and set `--config` diff --git a/tests/acceptance/multiconfig-generic/new-agent.err b/tests/acceptance/multiconfig-generic/new-agent.err index d1f9132e..d04c76fc 100644 --- a/tests/acceptance/multiconfig-generic/new-agent.err +++ b/tests/acceptance/multiconfig-generic/new-agent.err @@ -13,11 +13,11 @@ ┌─────────────┐ │ Scan Status │ └─────────────┘ - Scanning 1 file tracked by git with 98 Code rules: + Scanning 1 file tracked by git with 123 Code rules: Language Rules Files Origin Rules ───────────────────────────── ─────────────────── - python 7 1 Community 98 + python 9 1 Community 123 1 1 Current version has 1 finding. @@ -32,5 +32,5 @@ Some files were skipped or only partially analyzed. Scan was limited to files changed since baseline commit. CI scan completed successfully. - Found 1 finding (1 blocking) from 98 rules. + Found 1 finding (1 blocking) from 123 rules. Has findings for blocking rules so exiting with code 1 diff --git a/tests/acceptance/multiconfig-generic/new-agent.out b/tests/acceptance/multiconfig-generic/new-agent.out index 1b2d6349..53513d29 100644 --- a/tests/acceptance/multiconfig-generic/new-agent.out +++ b/tests/acceptance/multiconfig-generic/new-agent.out @@ -5,9 +5,8 @@ └─────────────────────────┘ bar.py - python.lang.correctness.useless-eqeq.useless-eqeq - This expression is always True: `2 == 2` or `2 != 2`. If testing for - floating point NaN, use + ❱ python.lang.correctness.useless-eqeq.useless-eqeq + This expression is always True: `2 == 2` or `2 != 2`. If testing for floating point NaN, use `math.isnan(2)`, or `cmath.isnan(2)` if the number is complex. Details: https://sg.run/GeAp diff --git a/tests/acceptance/mutlimerge-generic/new-agent.err b/tests/acceptance/mutlimerge-generic/new-agent.err index f22c6c0b..bb574473 100644 --- a/tests/acceptance/mutlimerge-generic/new-agent.err +++ b/tests/acceptance/mutlimerge-generic/new-agent.err @@ -13,11 +13,11 @@ ┌─────────────┐ │ Scan Status │ └─────────────┘ - Scanning 1 file tracked by git with 98 Code rules: + Scanning 1 file tracked by git with 122 Code rules: Language Rules Files Origin Rules ───────────────────────────── ─────────────────── - python 7 1 Community 98 + python 9 1 Community 122 1 1 Current version has 0 findings. @@ -34,5 +34,5 @@ Some files were skipped or only partially analyzed. (need more rules? `semgrep login` for additional free Semgrep Registry rules) CI scan completed successfully. - Found 0 findings (0 blocking) from 98 rules. + Found 0 findings (0 blocking) from 122 rules. No blocking findings so exiting with code 0 diff --git a/tests/acceptance/push-generic/push-agent.out b/tests/acceptance/push-generic/push-agent.out index 83896c45..9b976d4e 100644 --- a/tests/acceptance/push-generic/push-agent.out +++ b/tests/acceptance/push-generic/push-agent.out @@ -5,10 +5,9 @@ └─────────────────────────┘ foo.py - python.lang.correctness.useless-eqeq.useless-eqeq - This expression is always True: `10 == 10` or `10 != 10`. If testing - for floating point NaN, - use `math.isnan(10)`, or `cmath.isnan(10)` if the number is complex. + ❱ python.lang.correctness.useless-eqeq.useless-eqeq + This expression is always True: `10 == 10` or `10 != 10`. If testing for floating point NaN, use + `math.isnan(10)`, or `cmath.isnan(10)` if the number is complex. Details: https://sg.run/GeAp 1┆ 10 == 10 diff --git a/tests/acceptance/semgrep-rules-repo/local-config-full-scan.out b/tests/acceptance/semgrep-rules-repo/local-config-full-scan.out index 608a30c2..23378f4a 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-full-scan.out +++ b/tests/acceptance/semgrep-rules-repo/local-config-full-scan.out @@ -5,7 +5,7 @@ └──────────────────────────┘ python/lang/best-practice/sleep.py - python.lang.best-practice.arbitrary-sleep + ❯❯❱ python.lang.best-practice.arbitrary-sleep time.sleep() call; did you mean to leave this in? 12┆ t.sleep(5) diff --git a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-audit-mode.out b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-audit-mode.out index de2550a9..676e8c98 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-audit-mode.out +++ b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-audit-mode.out @@ -5,12 +5,10 @@ └──────────────────────────┘ python/django/security/audit/xss/template-translate-as-no-escape.html - python.django.security.audit.xss.template-translate-as-no-escape - Translated strings will not be escaped when rendered in a template. - This leads to a - vulnerability where translators could include malicious script tags in - their translations. - Consider using `force_escape` to explicitly escape a transalted text. + ❱ python.django.security.audit.xss.template-translate-as-no-escape + Translated strings will not be escaped when rendered in a template. This leads to a vulnerability + where translators could include malicious script tags in their translations. Consider using + `force_escape` to explicitly escape a transalted text. 2┆ {% translate "Hello world" as the_title %} 3┆
diff --git a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.err b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.err index fceab6b1..eccb9279 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.err +++ b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.err @@ -7,8 +7,7 @@ SCAN ENVIRONMENT versions - semgrep x.y.z on python x.y.z - environment - running in environment github-actions, triggering event is - unknown + environment - running in environment github-actions, triggering event is unknown ┌─────────────┐ diff --git a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.out b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.out index 11863a77..ed3b6de2 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.out +++ b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-github-env-json.out @@ -1 +1 @@ -{"errors": [], "paths": {"_comment": "", "scanned": ["python/django/security/audit/xss/template-blocktranslate-no-escape.html", "python/django/security/audit/xss/template-blocktranslate-no-escape.yaml", "python/django/security/audit/xss/template-translate-as-no-escape.html", "python/django/security/audit/xss/template-translate-as-no-escape.yaml", "python/django/security/audit/xss/template-translate-no-escape.html", "python/django/security/audit/xss/template-translate-no-escape.yaml"]}, "results": [{"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 20, "line": 4, "offset": 117}, "extra": {"engine_kind": "OSS", "fingerprint": "d8dc2478e002dedfd9c2d410f6b9a8ff46d070d80c65728e2cf6b8a7c016b16614976de312d01ada1bee21eb89448ac73a6110a1c1ecbe35d7df9840eb4a9870_0", "is_ignored": false, "lines": "{% translate \"Hello world\" as the_title %}\n
\n

{{ the_title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "the_title", "end": {"col": 40, "line": 2, "offset": 88}, "start": {"col": 31, "line": 2, "offset": 79}}}, "severity": "INFO"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 2, "offset": 49}}, {"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 15, "line": 9, "offset": 229}, "extra": {"engine_kind": "OSS", "fingerprint": "fa6a9f618686d3d1fadc6b2043dfffa90cf409c3e3b523b60bdb67da5960774bb917d9894d29c71ac38fad0ad46f2294d9618af7673bddc8006b4e94c8787830_0", "is_ignored": false, "lines": "{% trans \"Hello world\" as title %}\n

{{ title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "title", "end": {"col": 32, "line": 8, "offset": 211}, "start": {"col": 27, "line": 8, "offset": 206}}}, "severity": "INFO"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 8, "offset": 180}}], "version": "x.y.z"} +{"errors": [], "interfile_languages_used": [], "paths": {"scanned": ["python/django/security/audit/xss/template-blocktranslate-no-escape.html", "python/django/security/audit/xss/template-blocktranslate-no-escape.yaml", "python/django/security/audit/xss/template-translate-as-no-escape.html", "python/django/security/audit/xss/template-translate-as-no-escape.yaml", "python/django/security/audit/xss/template-translate-no-escape.html", "python/django/security/audit/xss/template-translate-no-escape.yaml"]}, "results": [{"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 20, "line": 4, "offset": 117}, "extra": {"engine_kind": "OSS", "fingerprint": "d8dc2478e002dedfd9c2d410f6b9a8ff46d070d80c65728e2cf6b8a7c016b16614976de312d01ada1bee21eb89448ac73a6110a1c1ecbe35d7df9840eb4a9870_0", "is_ignored": false, "lines": "{% translate \"Hello world\" as the_title %}\n
\n

{{ the_title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "the_title", "end": {"col": 40, "line": 2, "offset": 88}, "start": {"col": 31, "line": 2, "offset": 79}}}, "severity": "INFO", "validation_state": "NO_VALIDATOR"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 2, "offset": 49}}, {"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 15, "line": 9, "offset": 229}, "extra": {"engine_kind": "OSS", "fingerprint": "fa6a9f618686d3d1fadc6b2043dfffa90cf409c3e3b523b60bdb67da5960774bb917d9894d29c71ac38fad0ad46f2294d9618af7673bddc8006b4e94c8787830_0", "is_ignored": false, "lines": "{% trans \"Hello world\" as title %}\n

{{ title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "title", "end": {"col": 32, "line": 8, "offset": 211}, "start": {"col": 27, "line": 8, "offset": 206}}}, "severity": "INFO", "validation_state": "NO_VALIDATOR"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 8, "offset": 180}}], "skipped_rules": [], "version": "x.y.z"} diff --git a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-env-json.out b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-env-json.out index 6db55095..da2eb866 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-env-json.out +++ b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-env-json.out @@ -30,6 +30,7 @@ { "category": "sast", "cve": "python/django/security/audit/xss/template-translate-as-no-escape.html:676a433f628cec7914931f26ad682a3c0e54381b0ae0f5795c47f740e439889a:python.django.security.audit.xss.template-translate-as-no-escape", + "description": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "details": {}, "flags": [], "id": "d09ee83a-faa4-91ef-daa4-3032a2a896e1", @@ -37,7 +38,7 @@ { "name": "Semgrep - python.django.security.audit.xss.template-translate-as-no-escape", "type": "semgrep_type", - "url": "https://semgrep.dev/r/python.django.security.audit.xss.template-translate-as-no-escape", + "url": null, "value": "python.django.security.audit.xss.template-translate-as-no-escape" } ], @@ -59,6 +60,7 @@ { "category": "sast", "cve": "python/django/security/audit/xss/template-translate-as-no-escape.html:676a433f628cec7914931f26ad682a3c0e54381b0ae0f5795c47f740e439889a:python.django.security.audit.xss.template-translate-as-no-escape", + "description": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "details": {}, "flags": [], "id": "c05aaeaf-7b55-6fde-76e5-13617669ae1e", @@ -66,7 +68,7 @@ { "name": "Semgrep - python.django.security.audit.xss.template-translate-as-no-escape", "type": "semgrep_type", - "url": "https://semgrep.dev/r/python.django.security.audit.xss.template-translate-as-no-escape", + "url": null, "value": "python.django.security.audit.xss.template-translate-as-no-escape" } ], diff --git a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-json.out b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-json.out index 6db55095..da2eb866 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-json.out +++ b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-gitlab-json.out @@ -30,6 +30,7 @@ { "category": "sast", "cve": "python/django/security/audit/xss/template-translate-as-no-escape.html:676a433f628cec7914931f26ad682a3c0e54381b0ae0f5795c47f740e439889a:python.django.security.audit.xss.template-translate-as-no-escape", + "description": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "details": {}, "flags": [], "id": "d09ee83a-faa4-91ef-daa4-3032a2a896e1", @@ -37,7 +38,7 @@ { "name": "Semgrep - python.django.security.audit.xss.template-translate-as-no-escape", "type": "semgrep_type", - "url": "https://semgrep.dev/r/python.django.security.audit.xss.template-translate-as-no-escape", + "url": null, "value": "python.django.security.audit.xss.template-translate-as-no-escape" } ], @@ -59,6 +60,7 @@ { "category": "sast", "cve": "python/django/security/audit/xss/template-translate-as-no-escape.html:676a433f628cec7914931f26ad682a3c0e54381b0ae0f5795c47f740e439889a:python.django.security.audit.xss.template-translate-as-no-escape", + "description": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "details": {}, "flags": [], "id": "c05aaeaf-7b55-6fde-76e5-13617669ae1e", @@ -66,7 +68,7 @@ { "name": "Semgrep - python.django.security.audit.xss.template-translate-as-no-escape", "type": "semgrep_type", - "url": "https://semgrep.dev/r/python.django.security.audit.xss.template-translate-as-no-escape", + "url": null, "value": "python.django.security.audit.xss.template-translate-as-no-escape" } ], diff --git a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-json.out b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-json.out index 11863a77..ed3b6de2 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-json.out +++ b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results-json.out @@ -1 +1 @@ -{"errors": [], "paths": {"_comment": "", "scanned": ["python/django/security/audit/xss/template-blocktranslate-no-escape.html", "python/django/security/audit/xss/template-blocktranslate-no-escape.yaml", "python/django/security/audit/xss/template-translate-as-no-escape.html", "python/django/security/audit/xss/template-translate-as-no-escape.yaml", "python/django/security/audit/xss/template-translate-no-escape.html", "python/django/security/audit/xss/template-translate-no-escape.yaml"]}, "results": [{"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 20, "line": 4, "offset": 117}, "extra": {"engine_kind": "OSS", "fingerprint": "d8dc2478e002dedfd9c2d410f6b9a8ff46d070d80c65728e2cf6b8a7c016b16614976de312d01ada1bee21eb89448ac73a6110a1c1ecbe35d7df9840eb4a9870_0", "is_ignored": false, "lines": "{% translate \"Hello world\" as the_title %}\n
\n

{{ the_title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "the_title", "end": {"col": 40, "line": 2, "offset": 88}, "start": {"col": 31, "line": 2, "offset": 79}}}, "severity": "INFO"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 2, "offset": 49}}, {"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 15, "line": 9, "offset": 229}, "extra": {"engine_kind": "OSS", "fingerprint": "fa6a9f618686d3d1fadc6b2043dfffa90cf409c3e3b523b60bdb67da5960774bb917d9894d29c71ac38fad0ad46f2294d9618af7673bddc8006b4e94c8787830_0", "is_ignored": false, "lines": "{% trans \"Hello world\" as title %}\n

{{ title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "title", "end": {"col": 32, "line": 8, "offset": 211}, "start": {"col": 27, "line": 8, "offset": 206}}}, "severity": "INFO"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 8, "offset": 180}}], "version": "x.y.z"} +{"errors": [], "interfile_languages_used": [], "paths": {"scanned": ["python/django/security/audit/xss/template-blocktranslate-no-escape.html", "python/django/security/audit/xss/template-blocktranslate-no-escape.yaml", "python/django/security/audit/xss/template-translate-as-no-escape.html", "python/django/security/audit/xss/template-translate-as-no-escape.yaml", "python/django/security/audit/xss/template-translate-no-escape.html", "python/django/security/audit/xss/template-translate-no-escape.yaml"]}, "results": [{"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 20, "line": 4, "offset": 117}, "extra": {"engine_kind": "OSS", "fingerprint": "d8dc2478e002dedfd9c2d410f6b9a8ff46d070d80c65728e2cf6b8a7c016b16614976de312d01ada1bee21eb89448ac73a6110a1c1ecbe35d7df9840eb4a9870_0", "is_ignored": false, "lines": "{% translate \"Hello world\" as the_title %}\n
\n

{{ the_title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "the_title", "end": {"col": 40, "line": 2, "offset": 88}, "start": {"col": 31, "line": 2, "offset": 79}}}, "severity": "INFO", "validation_state": "NO_VALIDATOR"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 2, "offset": 49}}, {"check_id": "python.django.security.audit.xss.template-translate-as-no-escape", "end": {"col": 15, "line": 9, "offset": 229}, "extra": {"engine_kind": "OSS", "fingerprint": "fa6a9f618686d3d1fadc6b2043dfffa90cf409c3e3b523b60bdb67da5960774bb917d9894d29c71ac38fad0ad46f2294d9618af7673bddc8006b4e94c8787830_0", "is_ignored": false, "lines": "{% trans \"Hello world\" as title %}\n

{{ title }}

", "message": "Translated strings will not be escaped when rendered in a template.\nThis leads to a vulnerability where translators could include malicious script tags in their translations.\nConsider using `force_escape` to explicitly escape a transalted text.\n", "metadata": {"cwe": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "owasp": "A7: Cross-site Scripting (XSS)", "references": ["https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/preventing_xss_in_django_templates.html#html-escaping-translations-in-django-templates", "https://docs.djangoproject.com/en/3.1/topics/i18n/translation/#internationalization-in-template-code"]}, "metavars": {"$TRANS": {"abstract_content": "title", "end": {"col": 32, "line": 8, "offset": 211}, "start": {"col": 27, "line": 8, "offset": 206}}}, "severity": "INFO", "validation_state": "NO_VALIDATOR"}, "path": "python/django/security/audit/xss/template-translate-as-no-escape.html", "start": {"col": 1, "line": 8, "offset": 180}}], "skipped_rules": [], "version": "x.y.z"} diff --git a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results.out b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results.out index de2550a9..676e8c98 100644 --- a/tests/acceptance/semgrep-rules-repo/local-config-some-new-results.out +++ b/tests/acceptance/semgrep-rules-repo/local-config-some-new-results.out @@ -5,12 +5,10 @@ └──────────────────────────┘ python/django/security/audit/xss/template-translate-as-no-escape.html - python.django.security.audit.xss.template-translate-as-no-escape - Translated strings will not be escaped when rendered in a template. - This leads to a - vulnerability where translators could include malicious script tags in - their translations. - Consider using `force_escape` to explicitly escape a transalted text. + ❱ python.django.security.audit.xss.template-translate-as-no-escape + Translated strings will not be escaped when rendered in a template. This leads to a vulnerability + where translators could include malicious script tags in their translations. Consider using + `force_escape` to explicitly escape a transalted text. 2┆ {% translate "Hello world" as the_title %} 3┆
diff --git a/tests/acceptance/semgrep-rules-repo/no-config.err b/tests/acceptance/semgrep-rules-repo/no-config.err index 61a51020..6f12b8ec 100644 --- a/tests/acceptance/semgrep-rules-repo/no-config.err +++ b/tests/acceptance/semgrep-rules-repo/no-config.err @@ -1,2 +1,2 @@ === Running: semgrep ci --no-suppress-errors -run `semgrep login` before using `semgrep ci` or set `--config` +run `semgrep login` before using `semgrep ci` or use `semgrep scan` and set `--config` diff --git a/tests/acceptance/symlink-dir/new-agent.err b/tests/acceptance/symlink-dir/new-agent.err index 2354411f..fe71f7f8 100644 --- a/tests/acceptance/symlink-dir/new-agent.err +++ b/tests/acceptance/symlink-dir/new-agent.err @@ -13,7 +13,7 @@ ┌─────────────┐ │ Scan Status │ └─────────────┘ - Scanning 0 files tracked by git with 98 Code rules: + Scanning 0 files tracked by git with 122 Code rules: Nothing to scan. Current version has 0 findings. @@ -27,5 +27,5 @@ Some files were skipped or only partially analyzed. Scan was limited to files changed since baseline commit. CI scan completed successfully. - Found 0 findings (0 blocking) from 98 rules. + Found 0 findings (0 blocking) from 122 rules. No blocking findings so exiting with code 0