Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Andre/sync 1 #10534

Closed
wants to merge 7 commits into from
Closed

Andre/sync 1 #10534

wants to merge 7 commits into from

Commits on Sep 17, 2024

  1. feat: [fail-open] add exit code to fail-open payload (semgrep/semgrep… 

    …-proprietary#2033)

synced from Pro b6398f332c4fc19a2325d649b183ff748770026b
    @spencerdrak
    spencerdrak authored and GitHub Actions Bot committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    7cc4a04 View commit details
    Browse the repository at this point in the history

  2. feat(sca): improve lockfile and manifest matching (semgrep/semgrep-pr… 

    …oprietary#2126)

Refactor the existing lockfile/manifest matching code to allow for easy 
support for pattern based matching in the future. This PR should have 
no effect on functionality.

synced from Pro 6b7f4cd595769643cf32fb91875e923158f33458
    @salolivares
    salolivares authored and GitHub Actions Bot committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    9025f10 View commit details
    Browse the repository at this point in the history

  3. feat(sca): update parsers to include lockfile path in found dependency ( 

    semgrep/semgrep-proprietary#2230)

The `FoundDependency` interface recently added a new property
`lockfile_path` in order to support upcoming features. In this PR we
update all parsers to include the lockfile_path.

Related semgrep/semgrep-interfaces#289

synced from Pro 4b259e10dec4076ee9ad81c57cecb967a0ecc1b1
    @salolivares
    salolivares authored and GitHub Actions Bot committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    e339493 View commit details
    Browse the repository at this point in the history

  4. chore: fixes required to run previous release (semgrep/semgrep-propri… 

    …etary#2251)

Allow the commit to be empty.
Checkout release_branch before release.

synced from OSS 0b46384

Co-authored-by: Andre Kuhlenschmidt <andre@semgrep.com>

synced from Pro d2beac3543a29d303f9b4679d212e4f3b16dc3dd
    @semgrep-ci
    semgrep-ci[bot] authored and GitHub Actions Bot committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    638024b View commit details
    Browse the repository at this point in the history

  5. refactor: tainting: Prepare for mutual rec shapes and signatures (sem… 

    …grep/semgrep-proprietary#2248)

In preparation for adding function shapes, we want to allow shapes and
signatures types to be mutually recursive.

Initially I thought PR #2192 was enough but because there are `Set`s
involved, making the types mutually recursive is more complicated.

Follows: a85658b30f7 refactor: Merge Taint_shape into Taint_sig (semgrep/semgrep-proprietary#2192)

test plan:
make test

synced from Pro e5a705c3bd3b112b3e2a5cf3cf32a1c4ffabdf1e
    @IagoAbal
    IagoAbal authored and GitHub Actions Bot committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    788f2a5 View commit details
    Browse the repository at this point in the history

  6. Add annotated target tracing (semgrep/semgrep-proprietary#2237) 

    This adds a small module that will annotate a list of targets that we're
about to scan with relevant info, and now we will send that off in
traces.

Note that most of this PR is just adding yojson derivers to things. If
we don't like the way I chose to derive some of the edge cases I'm open
to changing them!

## Test plan
```bash
semgrep --pro --trace --config p/default --trace-endpoint semgrep-dev
```
in https://github.com/SigNoz/signoz. relevant trace
[here](https://jaeger-dev2.corp.semgrep.dev/trace/53dd39781d191adb57711cc43f518608?uiFind=b704e985bd5b28c9),
check the `annotated_targets` tag, and hit "copy" not "JSON".

Easiest way to use it is something like pbpaste:
```bash
pbpaste > annotated_targets.json
jq ".[] | select(.stat.textual | not) | .internal_path" annotated_targets.json # get list of non text files
jq "sort_by(.stat.line_count) | .[] | select(.stat.line_count > 4000) | {path: .internal_path, line_count:.stat.line_count}" annotated_targets.json # get list of files w/ line count > 4k
jq ".[] | select(.minified) | .internal_path" annotated_targets.json # get list of minified files
```

tested on elastic search also (>30k targets). Only adds 5s overhead
there. Jaeger is still workable too, and doesn't lag unless manually
exploring the json. Note we will need to wait until @semgrep/infra bumps
some jaeger settings though before traces with >5k targets will actually
be picked up since they're relatively large.

synced from Pro b942b9a1266d7975333a74f03ad1ae3c24def812
    @ajbt200128
    ajbt200128 authored and GitHub Actions Bot committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    56f5bd1 View commit details
    Browse the repository at this point in the history

  7. Resolve names for interface methods with multiple implementations (se… 

    …mgrep/semgrep-proprietary#2181)

This PR is a follow-up extension of
semgrep/semgrep-proprietary#2022 and enables
resolving names for interface methods with multiple implementations.

synced from Pro 34e6f3eee95533834423b9a8af9e058d7877a9c9
    @ihji
    ihji authored and GitHub Actions Bot committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    5250e14 View commit details
    Browse the repository at this point in the history