Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugins/semgrep: add csmock semgrep plugin #149

Merged
merged 2 commits into from
Apr 2, 2024
Merged

plugins/semgrep: add csmock semgrep plugin #149

merged 2 commits into from
Apr 2, 2024

Conversation

rhyw
Copy link
Contributor

@rhyw rhyw commented Jan 8, 2024
edited
Loading

@rhyw rhyw marked this pull request as draft January 8, 2024 07:09
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 8, 2024
View reviewed changes
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 8, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
57f548a 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 8, 2024
View reviewed changes
py/plugins/semgrep.py Fixed Show fixed Hide fixed
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 8, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
67c318d 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 8, 2024
View reviewed changes
py/plugins/semgrep.py Fixed Show fixed Hide fixed
kdudka
kdudka requested changes Jan 8, 2024
View reviewed changes
py/plugins/semgrep.py Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 8, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
5102f33 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
@rhyw rhyw force-pushed the semgrep branch 2 times, most recently from 5102f33 to 0ef1ef1 Compare January 8, 2024 09:40
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 8, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
0ef1ef1 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 11, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
f52f52f 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 11, 2024
View reviewed changes
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
@rhyw rhyw self-assigned this Jan 11, 2024
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 11, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
70b1eef 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 11, 2024
View reviewed changes
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 11, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
117a232 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 11, 2024
View reviewed changes
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
py/plugins/semgrep.py Fixed Show fixed Hide fixed
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 11, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
b1e94e2 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
@rhyw rhyw requested a review from kdudka January 12, 2024 02:03
kdudka
kdudka requested changes Jan 17, 2024
View reviewed changes
make-srpm.sh Outdated Show resolved Hide resolved
make-srpm.sh Outdated Show resolved Hide resolved
make-srpm.sh Outdated Show resolved Hide resolved
py/CMakeLists.txt Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
rhyw added a commit to rhyw/csmock that referenced this pull request Jan 18, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
b55975e 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 18, 2024
View reviewed changes
py/plugins/semgrep.py Fixed Show fixed Hide fixed
@rhyw
Copy link
Contributor Author

rhyw commented Mar 4, 2024

Any more updates needed please?

kdudka
kdudka reviewed Mar 6, 2024
View reviewed changes
py/plugins/semgrep.py Outdated Show resolved Hide resolved
py/plugins/semgrep.py Outdated Show resolved Hide resolved
@kdudka
Copy link
Member

kdudka commented Mar 18, 2024

@rhyw Did you look at the warnings produced by Differential PyLint? For example, this one looks valid:

Error: PYLINT_WARNING:
py/plugins/semgrep.py:83:4: R1710[inconsistent-return-statements]: Plugin.handle_args: Either all return statements in a function should return an expression, or none of them should.

As far as I can see, no other csmock plug-in returns any value from handle_args(). I find it confusing that the semgrep plug-in (in some cases) does.

rhyw added a commit to rhyw/csmock that referenced this pull request Mar 20, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
d37732b 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
kdudka
kdudka requested changes Mar 20, 2024
View reviewed changes
py/plugins/semgrep.py Outdated Show resolved Hide resolved
rhyw added a commit to rhyw/csmock that referenced this pull request Mar 21, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
a874a2d 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 21, 2024
View reviewed changes
py/plugins/semgrep.py Outdated
"""
import os

from csmock.common.util import sanitize_opts_arg

Check warning

Code scanning / vcs-diff-lint

Unable to import 'csmock.common.util'

Unable to import 'csmock.common.util'
py/plugins/semgrep.py
parser.error("'--semgrep-rules-repo' is required to run semgrep scan")

# sanitize options passed to --semgrep-scan-opts to avoid shell injection
self.semgrep_scan_opts = sanitize_opts_arg(parser, args, "--semgrep-scan-opts")

Check warning

Code scanning / vcs-diff-lint

Plugin.handle_args: Attribute 'semgrep_scan_opts' defined outside __init__

Plugin.handle_args: Attribute 'semgrep_scan_opts' defined outside __init__
rhyw added a commit to rhyw/csmock that referenced this pull request Mar 21, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
1215d78 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
@lzaoral
Copy link
Member

lzaoral commented Mar 21, 2024
edited
Loading

@rhyw It is possible to execute the semgrep plugin without any need for additional resources? If yes, could you please add a test description for it? You can take a look at the one for the GCC plugin as the inspiration: 219e34e

edit: typo

@kdudka
Copy link
Member

kdudka commented Mar 21, 2024

@lzaoral If we want to extend test coverage, I would focus on plug-ins with self.stable = True in PluginProps. All other plug-ins are experimental. This plug-in downloads the full software stack of semgrep over network, which is going to be slow and prone to fail for gazillion of reasons unrelated to the changes of csmock code.

kdudka
kdudka requested changes Mar 21, 2024
View reviewed changes
py/plugins/semgrep.py Outdated Show resolved Hide resolved
hanchuntao
hanchuntao reviewed Mar 22, 2024
View reviewed changes
py/plugins/semgrep.py Show resolved Hide resolved
py/plugins/semgrep.py Show resolved Hide resolved
py/plugins/semgrep.py Show resolved Hide resolved
py/plugins/semgrep.py Show resolved Hide resolved
py/plugins/semgrep.py Show resolved Hide resolved
@rhyw rhyw requested review from kdudka and hanchuntao March 27, 2024 09:34
@kdudka
Copy link
Member

kdudka commented Mar 27, 2024

@rhyw Looks good. Please squash the fixup commits. Namely 4014c4e needs to be squashed before merging so that we do not unnecessarily introduce and fix a security issue in the git history.

rhyw added a commit to rhyw/csmock that referenced this pull request Mar 28, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
9d1c4db 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: csutils#149
@rhyw
Copy link
Contributor Author

rhyw commented Mar 28, 2024

@rhyw Looks good. Please squash the fixup commits. Namely 4014c4e needs to be squashed before merging so that we do not unnecessarily introduce and fix a security issue in the git history.

Thanks, commits squashed

@kdudka
Copy link
Member

kdudka commented Mar 28, 2024

@rhyw Thanks! I have squashed my fixup commits, too. We do not want them in the main branch.

@rhyw rhyw merged commit feba72d into csutils:main Apr 2, 2024
42 checks passed
rhyw added a commit that referenced this pull request Apr 2, 2024
@rhyw
plugins/semgrep: add csmock semgrep plugin
2ce26a6 
Resolves: https://issues.redhat.com/browse/OSH-57
Closes: #149
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kdudka kdudka kdudka approved these changes

@lzaoral lzaoral Awaiting requested review from lzaoral

@hanchuntao hanchuntao Awaiting requested review from hanchuntao

Assignees

@rhyw rhyw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rhyw @kdudka @jperezdealgaba @lzaoral @hanchuntao