Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Andre/sync 1 #10534

Draft
wants to merge 7 commits into
base: develop
Choose a base branch
from
Draft

Andre/sync 1 #10534

wants to merge 7 commits into from

Conversation

akuhlens
Copy link
Collaborator

No description provided.

spencerdrak and others added 7 commits September 17, 2024 00:03
@spencerdrak
feat: [fail-open] add exit code to fail-open payload (semgrep/semgrep…
7cc4a04 
…-proprietary#2033)

synced from Pro b6398f332c4fc19a2325d649b183ff748770026b
@salolivares
feat(sca): improve lockfile and manifest matching (semgrep/semgrep-pr…
9025f10 
…oprietary#2126)

Refactor the existing lockfile/manifest matching code to allow for easy 
support for pattern based matching in the future. This PR should have 
no effect on functionality.

synced from Pro 6b7f4cd595769643cf32fb91875e923158f33458
@salolivares
feat(sca): update parsers to include lockfile path in found dependency (
e339493 
semgrep/semgrep-proprietary#2230)

The `FoundDependency` interface recently added a new property
`lockfile_path` in order to support upcoming features. In this PR we
update all parsers to include the lockfile_path.

Related semgrep/semgrep-interfaces#289

synced from Pro 4b259e10dec4076ee9ad81c57cecb967a0ecc1b1
@semgrep-ci
chore: fixes required to run previous release (semgrep/semgrep-propri…
638024b 
…etary#2251)

Allow the commit to be empty.
Checkout release_branch before release.

synced from OSS 0b46384

Co-authored-by: Andre Kuhlenschmidt <andre@semgrep.com>

synced from Pro d2beac3543a29d303f9b4679d212e4f3b16dc3dd
@IagoAbal
refactor: tainting: Prepare for mutual rec shapes and signatures (sem…
788f2a5 
…grep/semgrep-proprietary#2248)

In preparation for adding function shapes, we want to allow shapes and
signatures types to be mutually recursive.

Initially I thought PR #2192 was enough but because there are `Set`s
involved, making the types mutually recursive is more complicated.

Follows: a85658b30f7 refactor: Merge Taint_shape into Taint_sig (semgrep/semgrep-proprietary#2192)

test plan:
make test

synced from Pro e5a705c3bd3b112b3e2a5cf3cf32a1c4ffabdf1e
@ajbt200128
Add annotated target tracing (semgrep/semgrep-proprietary#2237)
56f5bd1 
This adds a small module that will annotate a list of targets that we're
about to scan with relevant info, and now we will send that off in
traces.

Note that most of this PR is just adding yojson derivers to things. If
we don't like the way I chose to derive some of the edge cases I'm open
to changing them!

## Test plan
```bash
semgrep --pro --trace --config p/default --trace-endpoint semgrep-dev
```
in https://github.com/SigNoz/signoz. relevant trace
[here](https://jaeger-dev2.corp.semgrep.dev/trace/53dd39781d191adb57711cc43f518608?uiFind=b704e985bd5b28c9),
check the `annotated_targets` tag, and hit "copy" not "JSON".

Easiest way to use it is something like pbpaste:
```bash
pbpaste > annotated_targets.json
jq ".[] | select(.stat.textual | not) | .internal_path" annotated_targets.json # get list of non text files
jq "sort_by(.stat.line_count) | .[] | select(.stat.line_count > 4000) | {path: .internal_path, line_count:.stat.line_count}" annotated_targets.json # get list of files w/ line count > 4k
jq ".[] | select(.minified) | .internal_path" annotated_targets.json # get list of minified files
```

tested on elastic search also (>30k targets). Only adds 5s overhead
there. Jaeger is still workable too, and doesn't lag unless manually
exploring the json. Note we will need to wait until @semgrep/infra bumps
some jaeger settings though before traces with >5k targets will actually
be picked up since they're relatively large.

synced from Pro b942b9a1266d7975333a74f03ad1ae3c24def812
@ihji
Resolve names for interface methods with multiple implementations (se…
5250e14 
…mgrep/semgrep-proprietary#2181)

This PR is a follow-up extension of
semgrep/semgrep-proprietary#2022 and enables
resolving names for interface methods with multiple implementations.

synced from Pro 34e6f3eee95533834423b9a8af9e058d7877a9c9
@akuhlens akuhlens marked this pull request as draft September 17, 2024 19:04
@github-actions GitHub Actions
Copy link
Contributor

PR checklist:

  • Purpose of the code is evident to future readers
  • Tests included or PR comment includes a reproducible test plan
  • Documentation is up-to-date
  • A changelog entry was added to changelog.d for any user-facing change
  • Change has no security implications (otherwise, ping security team)

If you're unsure about any of this, please see:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IagoAbal IagoAbal Awaiting requested review from IagoAbal IagoAbal is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@akuhlens @spencerdrak @salolivares @IagoAbal @ajbt200128 @ihji