Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Published Rules - p0_security.direct-response-write-copy #3382

Merged
merged 5 commits into from
May 9, 2024

Conversation

semgrep-dev-pr-bot[bot]
Copy link
Contributor

Wahoo! New published rules with p0_security.direct-response-write-copy from @nbrahms.

See semgrep.dev/s/PeodN for more details.

Thanks for your contribution! ❤️

@nbrahms
Copy link
Contributor

nbrahms commented May 8, 2024

I couldn't figure out how to make a PR directly to the source rule from the online editor. Clicking "publish" as an outside contributor on a diff to an existing rule from the editor yields a "fatal error" screen.

Therefore, these code files are in the wrong location (should be in /javascript/express/security/audit/xss).

Anyway, this rule code appears to work.

Fixes #3381

@inkz
Copy link
Member

inkz commented May 9, 2024

@nbrahms Hey! thanks for the update! I added your fix to the original rule 👍

@inkz inkz enabled auto-merge (squash) May 9, 2024 03:04
@inkz inkz merged commit 4c5bd64 into develop May 9, 2024
8 checks passed
@inkz inkz deleted the semgrep-live-PeodN branch May 9, 2024 03:05
@nbrahms
Copy link
Contributor

nbrahms commented May 10, 2024

@nbrahms Hey! thanks for the update! I added your fix to the original rule 👍

Yay thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

False positive in javascript.express.security.audit.xss.direct-response-write.direct-response-write
2 participants