fix(ci): fix semgrep rules

Signed-off-by: zhaochenyang <[email protected]>
yhjiango · Dec 8, 2023 · 39a2b43 · 39a2b43
1 parent cd4058d
commit 39a2b43
Showing 1 changed file with 2 additions and 10 deletions.
diff --git a/.semgrep.yml b/.semgrep.yml
@@ -11,17 +11,9 @@ rules:
       - pattern-not-regex: '10\.\d+\.\d+.\d+'
       - pattern-not-regex: '192\.168\.\d+.\d+'
       - pattern-not-regex: '127\.0\.0\.\d+'
+      - pattern-not-regex: '0\.0\.0\.\d+'
+      - pattern-not-regex: '255\.255\.255\.\d+'
       - pattern-not-regex: '192\.0\.2\.\d+'    # 192.0.2.0/24 (TEST-NET-1, rfc5737)
       - pattern-not-regex: '198\.51\.100\.\d+' # 198.51.100.0/24 (TEST-NET-2, rfc5737)
       - pattern-not-regex: '203\.0\.113\.\d+'  # 203.0.113.0/24 (TEST-NET-3, rfc5737)
-    severity: WARNING
-  - id: rfc-3849-ip-address
-    languages:
-      - go
-    message: Where a real IPv6 address isn't needed, use IPv6 addresses from RFC3849.
-    paths:
-      include:
-        - '*.go'
-    patterns:
-      - pattern-regex: '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
     severity: WARNING