No merge plz - tweaking semgrep output

freedomofpress · Jan 19, 2024 · 67aedfe · 67aedfe
1 parent 80b03ed
commit 67aedfe
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -271,7 +271,7 @@ jobs:
           command: |
             fromtag=$(docker images |grep securedrop-test-focal-py3 |head -n1 |awk '{print $2}')
             DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-focal-py3:${fromtag:-latest}" securedrop/bin/dev-shell \
-                  bash -c "pip3 install -U -q --upgrade pip && pip3 install -U -q --upgrade semgrep && make -C .. semgrep"
+                  bash -c "pip3 install -U -q --upgrade pip && pip3 install -U -q semgrep==1.56.0 && make -C .. semgrep"
 
   staging-test-with-rebase:
     machine:

diff --git a/Makefile b/Makefile
@@ -186,8 +186,10 @@ safety:  ## Run `safety check` to check python dependencies for vulnerabilities.
 .PHONY: semgrep
 semgrep:
 	@command -v semgrep || (echo "Please run 'pip install -U semgrep'."; exit 1)
+	@echo "Checking for tty"
+	@tty
 	@echo "███ Running semgrep on securedrop/..."
-	@semgrep --exclude "securedrop/tests/" --error --strict --metrics off --max-chars-per-line 200 --verbose --config "p/r2c-security-audit" securedrop
+	@semgrep --exclude "securedrop/tests/" --error --strict --metrics off --max-chars-per-line=200 --verbose --config "p/r2c-security-audit" securedrop
 	@echo