[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync with Pro #10560

Merged
merged 6 commits into from
Sep 27, 2024
Merged

Sync with Pro #10560

merged 6 commits into from
Sep 27, 2024

Conversation

semgrep-ci[bot]
Copy link
Contributor
@semgrep-ci semgrep-ci bot commented Sep 27, 2024 
OSS repo was last synced with Pro commit: 68e8f7466b99c0586c599d66529170f6636f9e8c
Synchronizing OSS repo with Pro commit 5134d9cc489dc167d2fd57fb57171bc6a57e7463
There are 7 commit(s) to sync.
Syncing...
* 8380841df31 feat(sca): support requirements.pip and lockfile improvements (#2314)
* e1fa7e9cfb7 feat(sca): support truncated requirements lockfiles (#2331)
* 0dc2e3c60ec split Validate_subcommand.run_conf in 3 functions (#2335)
* abed82c35f7 Cron - update semgrep-rules and semgrep-rules-pro submodules (#2333)
* 0919e0a775f Use consistent case for identifiers (#2316)
* Skipping (empty) 789ccbdfff6 perf: Parse files only once (#2235)
* 5134d9cc489 chore: make Timeouts log at debug level instead of error. (#2315)
Success!

salolivares and others added 6 commits September 27, 2024 00:04
@salolivares
feat(sca): support requirements.pip and lockfile improvements (semgre…
6acc36f 
…p/semgrep-proprietary#2314)

Enables support for `requirements.pip` + minor edits/refactors to
lockfile related code.

synced from Pro 8380841df3138954b182d3345449ebf407a00a6a
@salolivares
feat(sca): support truncated requirements lockfiles (semgrep/semgrep-…
ea15a70 
…proprietary#2331)

Support truncated requirements lockfiles. Ex: `requirement.txt`,
`requirement-prod.txt`.

synced from Pro e1fa7e9cfb7512772077ad2ae91b9d0b116766eb
@aryx
split Validate_subcommand.run_conf in 3 functions (semgrep/semgrep-pr…
7a56676 
…oprietary#2335)

test plan:
```
$ osemgrep validate semgrep-rules/
[00.91][WARNING]: invalid YAML, ./stats/metacategory_to_support_tier.yml:1:0: missing rules entry as top-level key
[00.91][WARNING]: invalid YAML, ./stats/web_frameworks.yml:1:0: missing rules entry as top-level key
[00.91][WARNING]: invalid YAML, ./stats/cwe_to_metacategory.yml:1:0: missing rules entry as top-level key
[00.91][WARNING]: invalid YAML, ./.pre-commit-config.yaml:1:0: missing rules entry as top-level key
[00.91][WARNING]: invalid YAML, ./.github/workflows/num-rules.yml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/update-semgrep-dev.yml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/trigger-semgrep-scanner-initiate-scan.yaml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/pre-commit.yml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/update-semgrep-staging-dev.yml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/validate-r2c-registry-metadata.yaml:8:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/semgrep-rules-test-historical.yml:2:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/trigger-pro-benchmark-scan.yaml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/semgrep-rule-lints.yaml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/semgrep-rules-test.yml:3:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/workflows/semgrep-rules-test-develop.yml:5:0: Not a valid key value pair
[00.91][WARNING]: invalid YAML, ./.github/stale.yml:1:0: missing rules entry as top-level key

┌─────────────┐
│ Scan Status │
└─────────────┘
  Scanning 1930 files tracked by git with 6 Code rules:

  Language   Rules   Files          Origin      Rules
 ──────────────────────────        ───────────────────
  yaml           6    1930          Community       6

Configuration is invalid - found 16 fatal errors, 0 skippable error(s), and 2003 rule(s).
(cli) [pad@thinkstation semgrep-rules ((4946ce98...))]$ echo $?
0
```

synced from Pro 0dc2e3c60ecf40d6b2d0dea1a8b691c5c25954fb
@semgrep-ci
Cron - update semgrep-rules and semgrep-rules-pro submodules (semgrep…
4109cfe 
…/semgrep-proprietary#2333)

Please confirm correctness of the changes here and ensure all tests
pass. This PR was autogenerated by
.github/workflows/update-semgrep-rules.yml

Co-authored-by: GitHub Actions Bot <>

synced from Pro abed82c35f71703faf5744f0439ddff7ffffa09b
@mjambon
Use consistent case for identifiers (semgrep/semgrep-proprietary#2316)
b31703f 
synced from Pro 0919e0a775ff1a17425493f9f40c254e226abe53
@akuhlens
chore: make Timeouts log at debug level instead of error. (semgrep/se…
e02f8c7 
…mgrep-proprietary#2315)

Adjust logging level of timeout so that it appears with a debug label:
<img width="1117" alt="Screenshot 2024-09-23 at 4 00 32 PM"
src="https://github.com/user-attachments/assets/f2840e9b-be50-450a-b799-bb86b53323a7">

Test plan:
- Run `semgrep scan --timeout=1 --debug` on semgrep-app
- Run `semgrep scan --timeout=1` on semgrep-app
- Run `semgrep scan --timeout=1 --experimental` on semgrep-app

synced from Pro 5134d9cc489dc167d2fd57fb57171bc6a57e7463
@github-actions GitHub Actions
Copy link
Contributor

PR checklist:

  • Purpose of the code is evident to future readers
  • Tests included or PR comment includes a reproducible test plan
  • Documentation is up-to-date
  • A changelog entry was added to changelog.d for any user-facing change
  • Change has no security implications (otherwise, ping security team)

If you're unsure about any of this, please see:

@aryx aryx merged commit 4644391 into develop Sep 27, 2024
44 checks passed
@aryx aryx deleted the sync-with-pro-1727395435 branch September 27, 2024 07:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aryx aryx aryx approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@aryx @salolivares @mjambon @akuhlens