test plan:
make test

* PHP tainted exec

When user input is passed to a function that executes a shell command, without
escaping.

* Correct message string YAML operator

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>

---------

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>
Co-authored-by: Lewis <LewisArdern@live.co.uk>

* Upload dockerd socket mount detection rule and test file

* Update dockerd-socket-mount.dockerfile

* Update documentbuilderfactory-disallow-doctype-decl-missing.yaml

Update the rule for checking if FEATURE_SECURE_PROCESSING is set to TRUE for DocumentBuilderFactory object.

* Revert "Update documentbuilderfactory-disallow-doctype-decl-missing.yaml"

This reverts commit c1e2281.

---------

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>

* Switch to osemgrep test --experimental

test plan:
wait for green CI check

* comment

* comments

* remove fingerprints/fingerprints.yaml

No idea what this file is, but it's annoying because
we have to skip it in many scripts because it does not
contain regular rules and target test files.
Let's just remove it to simplify things.

test plan:
wait for green CI checks

* remove every use of fingerprints (each time it was to skip the dir)

test plan:
osemgrep test on those dirs do not report any more warnings
about wrong annotations

test plan:
wait for green CI checks

* Named metavariable bug for CMD-like instructions using array syntax was fixed

* Update the expected autofixes

test plan:
osemgrep validate --pro .

…ration in OpenAPI spec (#3446)

* Rule: OpenAI isConsequential flag set to false for state changing operation in OpenAPI spec

* set subcategory to audit instead of vuln

* alternative approach

---------

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>

Co-authored-by: Vasilii Ermilov <inkz@xakep.ru>

* Exclude Slack webhook sample URL.

* Test case for excluding Slack webhook sample URL.

---------

Co-authored-by: Vasilii Ermilov <inkz@xakep.ru>

* add semgrep/check-is-none-explicitly.yaml

* add semgrep/check-is-none-explicitly.py

* move new rule to correctness directory

---------

Co-authored-by: Clara McCreery <clara@semgrep.com>
Co-authored-by: Vasilii <inkz@xakep.ru>

test plan:
osemgrep test --pro solidity

Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>

…eeptodoruleid:) (#3490)

* Fix for osemgrep test --pro with DeepScan too

Mostly some deepruleid: -> deeptodoruleid: as unfortunately
the engine is still not good enough to find them

test plan:
osemgrep-pro test --pro .

* fix

…id: -> deeptodoruleid:) (#3490)" (#3491)

This reverts commit 5583c92.

test plan:
osemgrep-pro test --pro semgrep-rules/

* Remove scripts/run-test to simplify, call just osemgrep test

It has been almost a month that we run both osemgrep test
and pysemgrep --test and no complaints, so let's remove
the use of pysemgrep --test so we can then remove the
corresponding python code in pysemgrep.

test plan:
make validate
make test-only
wait for green CI checks

* more

* remove redundant rules for HTML templates

* Delete python/django/security/audit/xss/var-in-script-tag.html

* Delete python/django/security/audit/xss/var-in-script-tag.yaml

---------

Co-authored-by: Claudio <claudio@r2c.dev>

* Update stacktrace-disclosure.cs

* Update stacktrace-disclosure.yaml

* Remove redundant rule python.lang.security.audit.ftplib

python.lang.security.audit.ftplib.ftplib is best replaced by  python.lang.security.audit.insecure-transport.ftplib.use-ftp-tls.use-ftp-tls

* Update use-ftp-tls.yaml

Should have been deleted in #3496, causing semgrep/semgrep-proprietary#2505 to fail

Delete python/lang/security/audit/ftplib.py