Skip to content
Snippets Groups Projects

semgrep-appsec-custom-rules

Passed Started by
Michał Wielich
@michold
Log timestamps in UTC.
117:14:54Running with gitlab-runner 17.7.0~pre.103.g896916a8 (896916a8)
217:14:54 on green-3.shared-gitlab-org.runners-manager.gitlab.com/default EuhiQzPR, system ID: s_360bc9544527
317:14:54 feature flags: FF_NETWORK_PER_BUILD:true, FF_USE_FASTZIP:true, FF_TIMESTAMPS:true
417:14:54Resolving secrets
5 17:14:54 Preparing the "docker+machine" executor 00:12
617:14:54Using Docker executor with image returntocorp/semgrep ...
717:14:56Pulling docker image returntocorp/semgrep ...
817:15:06Using docker image sha256:0e2f37efa9d2b314b6bbbec7fcd8139c91aace29bb039cef436400bcbb60c64b for returntocorp/semgrep with digest returntocorp/semgrep@sha256:d8338657666af859e8562f367a9b9af24659c005f5a8677e6fca116b402d1a3d ...
9 17:15:06 Preparing environment 00:05
1017:15:11Running on runner-euhiqzpr-project-278964-concurrent-0 via runner-euhiqzpr-shared-gitlab-org-1740417028-cd8e97cf...
11 17:15:11 Getting source from Git repository 00:43
1217:15:11Fetching changes with git depth set to 20...
1317:15:11Initialized empty Git repository in /builds/gitlab-org/gitlab/.git/
1417:15:11Created fresh repository.
1517:15:12remote: Enumerating objects: 259387, done.
1617:15:12remote: Counting objects: 100% (259387/259387), done.
1717:15:12remote: Compressing objects: 100% (151443/151443), done.
1817:15:12remote: Total 259387 (delta 144948), reused 187574 (delta 98199), pack-reused 0 (from 0)
1917:15:19Receiving objects: 100% (259387/259387), 198.23 MiB | 29.90 MiB/s, done.
2017:15:19Resolving deltas: 100% (144948/144948), done.
2117:15:35From https://us-east1-c.ci-gateway.int.gprd.gitlab.net:8989/gitlab-org/gitlab
2217:15:35 * [new ref] refs/pipelines/1686224521 -> refs/pipelines/1686224521
2317:15:35Checking out 9c5e00a2 as detached HEAD (ref is refs/merge-requests/182450/merge)...
2417:15:49Skipping Git submodules setup
2517:15:49$ git remote set-url origin "${CI_REPOSITORY_URL}"
26 17:15:54 Executing "step_script" stage of the job script 00:09
2717:15:54Using docker image sha256:0e2f37efa9d2b314b6bbbec7fcd8139c91aace29bb039cef436400bcbb60c64b for returntocorp/semgrep with digest returntocorp/semgrep@sha256:d8338657666af859e8562f367a9b9af24659c005f5a8677e6fca116b402d1a3d ...
2817:15:55$ git fetch origin master
2917:15:55From https://gitlab.com/gitlab-org/gitlab
3017:15:55 * branch master -> FETCH_HEAD
3117:15:55 * [new branch] master -> origin/master
3217:15:55$ git clone $CUSTOM_RULES_REPOSITORY "${CI_BUILDS_DIR}/sast-custom-rules"
3317:15:55Cloning into '/builds/sast-custom-rules'...
3417:15:56$ rm "${CI_BUILDS_DIR}/sast-custom-rules/.gitlab-ci.yml" # semgrep fails when there are yaml files that are not rules # collapsed multi-line command
3517:15:58
3617:15:58
3717:15:58┌────────────────┐
3817:15:58│ Debugging Info │
3917:15:58└────────────────┘
4017:15:58
4117:15:58 SCAN ENVIRONMENT
4217:15:58 versions - semgrep 1.108.0 on python 3.12.9
4317:15:58 environment - running in environment gitlab-ci, triggering event is pull_request
4417:16:03running 37 rules from 36 configs
4517:16:03No .semgrepignore found. Using default .semgrepignore rules. See the docs for the list of default ignores: https://semgrep.dev/docs/cli-usage/#ignore-files
4617:16:03Rules:
4717:16:03- builds.sast-custom-rules.appsec-pings.glappsec_ci-job-token
4817:16:03- builds.sast-custom-rules.appsec-pings.glappsec_eslint-disable-next-line-no-unsanitized-property_disable_gitlabsecurity
4917:16:03- builds.sast-custom-rules.appsec-pings.glappsec_rubocop_disable_gitlabsecurity
5017:16:03- builds.sast-custom-rules.appsec-pings.glappsec_shell_heredoc
5117:16:03- builds.sast-custom-rules.appsec-pings.glappsec_ts-markdown-trusted
5217:16:03- builds.sast-custom-rules.config.missing-message-field
5317:16:03- builds.sast-custom-rules.config.missing-metadata-fields
5417:16:03- builds.sast-custom-rules.config.missing-severity-field
5517:16:03- builds.sast-custom-rules.gitlab-sast-rules.glappsec_dangerous_string_interpolation
5617:16:03- builds.sast-custom-rules.gitlab-sast-rules.glappsec_dangerous_untar
5717:16:03- builds.sast-custom-rules.past-s1-rules.CVE-2022-0244.CVE-2022-0244
5817:16:03- builds.sast-custom-rules.past-s1-rules.CVE-2022-1162.CVE-2022-1162
5917:16:03- builds.sast-custom-rules.past-s1-rules.CVE-2022-1680.CVE-2022-1780
6017:16:03- builds.sast-custom-rules.past-s1-rules.CVE-2022-2185.CVE-2022-2185
6117:16:03- builds.sast-custom-rules.past-s1-rules.CVE-2022-3067.CVE-2022-3067
6217:16:03- builds.sast-custom-rules.past-s1-rules.CVE-2023-2478.CVE-2023-2478
6317:16:03- builds.sast-custom-rules.past-s1-rules.CVE-2023-2825.CVE-2023-2825
6417:16:03- builds.sast-custom-rules.secure-coding-guidelines.go.glappsec_dangerous-exec-command
6517:16:03- builds.sast-custom-rules.secure-coding-guidelines.go.glappsec_insecure-archive-go
6617:16:03- builds.sast-custom-rules.secure-coding-guidelines.go.glappsec_insecure_tls-go
6717:16:03- builds.sast-custom-rules.secure-coding-guidelines.go.glappsec_path-traversal-go
6817:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_bad-deserialization
6917:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_bad-deserialization-yaml
7017:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_dangerous-exec
7117:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_dangerous_html_safe
7217:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_dangerous_redirect
7317:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_insecure-archive-operation
7417:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_insecure-ciphers
7517:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_insecure-url-construction
7617:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_insecure-url-construction-2
7717:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_insecure-url-parsing-1
7817:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_insecure-url-parsing-2
7917:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_path-traversal
8017:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_redos_1
8117:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_redos_2
8217:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_unsafe-http-library-usage
8317:16:03- builds.sast-custom-rules.secure-coding-guidelines.ruby.glappsec_url-spoofing
8417:16:03
8517:16:03
8617:16:03┌─────────────┐
8717:16:03│ Scan Status │
8817:16:03└─────────────┘
8917:16:03 Scanning 2 files tracked by git with 37 Code rules:
9017:16:03 Nothing to scan.
9117:16:03 Current version has 0 findings.
9217:16:03Skipping baseline scan, because there are no current findings.
9317:16:03========================================
9417:16:03Files skipped:
9517:16:03========================================
9617:16:03 Always skipped by Semgrep:
9717:16:03 • <none>
9817:16:03 Skipped by .gitignore:
9917:16:03 (Disable by passing --no-git-ignore)
10017:16:03 • <all files not listed by `git ls-files` were skipped>
10117:16:03 Skipped by .semgrepignore:
10217:16:03 - https://semgrep.dev/docs/ignoring-files-folders-code/#understand-semgrep-defaults
10317:16:03 • <none>
10417:16:03 Skipped by --include patterns:
10517:16:03 • ee/spec/requests/admin/credentials_controller_spec.rb
10617:16:03 • spec/support/shared_examples/controllers/internal_event_tracking_examples.rb
10717:16:03 Skipped by --exclude patterns:
10817:16:03 • <none>
10917:16:03 Files that couldn't be accessed:
11017:16:03 • <none>
11117:16:03 Skipped by limiting to files smaller than 1000000 bytes:
11217:16:03 (Adjust with the --max-target-bytes flag)
11317:16:03 • <none>
11417:16:03 Partially analyzed due to parsing or internal Semgrep errors
11517:16:03 • <none>
11617:16:03
11717:16:03
11817:16:03┌──────────────┐
11917:16:03│ Scan Summary │
12017:16:03└──────────────┘
12117:16:03Some files were skipped or only partially analyzed.
12217:16:03 Scan was limited to files changed since baseline commit.
12317:16:03 Scan skipped: 2 files not matching --include patterns
12417:16:03 For a full list of skipped files, run semgrep with the --verbose flag.
12517:16:03CI scan completed successfully.
12617:16:03 Found 0 findings (0 blocking) from 37 rules.
12717:16:03 No blocking findings so exiting with code 0
12817:16:03Not sending pseudonymous metrics since metrics are configured to OFF and registry usage is False
129 17:16:03 Uploading artifacts for successful job 00:03
13017:16:04Uploading artifacts...
13117:16:04gl-sast-report.json: found 1 matching artifact files and directories
13217:16:04WARNING: Upload request redirected location=https://gitlab.com/api/v4/jobs/9229131760/artifacts?artifact_format=zip&artifact_type=archive&expire_in=30+days new-url=https://gitlab.com
13317:16:04WARNING: Retrying... context=artifacts-uploader error=request redirected
13417:16:06Uploading artifacts as "archive" to coordinator... 201 Created id=9229131760 responseStatus=201 Created token=glcbt-66
135 17:16:06 Cleaning up project directory and file based variables 00:01
13617:16:10Job succeeded