Adding rule pack synthesis support to semgrep
What does this MR do?
Integrates the new version of the ruleset modules into semgrep for the purpose of supporting rule-pack synthesis.
What are the relevant issue numbers?
gitlab-org/gitlab#339614 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary (gitlab-org/gitlab!75234 (merged)) -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Merge request reports
Activity
2 Warnings ⚠ Please add a category label to this merge request. GitLab Bot will automatically add section, stage, and group labels once this is set. ⚠ Please add a merge request type to this merge request. Reviewer roulette
Please refer to the table below for assigning reviewers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Zach Rice ( @zrice
) (UTC-6)No maintainer available To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
Generated by
🚫 DangerEdited by 🤖 GitLab Bot 🤖added devopssecure groupvulnerability research sectionsec labels
mentioned in issue gitlab-org/gitlab#339614 (closed)
assigned to @julianthome
- Resolved by Julian Thome
requested review from @theoretick
requested review from @dsearles
requested review from @idawson
@theoretick @idawson @dsearles This MR integrates the rule-pack synthesis changes into semgrep; in the CI config there is a new QA job
go-qa-custom
that generates a semgrep configuration from different sources (file
,raw
andgit
):[semgrep] description = 'semgrep custom rules configuration' target = "sgrules" [[semgrep.passthrough]] type = "raw" target = "sgrules/foo.yml" value = """ rules: - id: "foo" patterns: - pattern: "func foo() {...}" message: | Function foo detected metadata: cwe: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" severity: "ERROR" languages: - "go" """ [[semgrep.passthrough]] type = "git" value = "https://github.com/dgryski/semgrep-go" rev = "b14e2f07411c22cadaab3a5d7df2346a99e7b36d" target = "sgrules" [[semgrep.passthrough]] type = "file" value = "bar.yml"
mentioned in merge request ruleset!6 (merged)
removed review request for @theoretick, @dsearles, and @idawson
requested review from @theoretick
requested review from @idawson
- Resolved by Julian Thome
@theoretick @idawson this MR integrates rule-pack synthesis as implemented in ruleset!6 (merged) into semgrep; the CI config includes a new integration test
go-qa-custom
that tests the new behaviour. It would be awesome if you could do a short review.