Questions tagged [semgrep]

semgrep is an open-source tool for analyzing code in many languages, and a SaaS web services for monitoring issues found by semgrep. Use this tag for semgrep package, rules, or SaaS.

29 questions

vote

1 answer

Why am I not seeing PR/MR comments?

Why can I not see PR/MR comments on my CI platform? I have created my CI config file correctly as well as I have installed the Semgrep app onto my organization. I am able to get email notifications working but not with the others.

pull-request merge-request semgrep

asked May 17 '22 at 16:13

Jason

vote

0 answers

Semgrep rule to validate Django's ForeignKey related_name field

I'm trying to create a rule to enforce the usage of related_name when defining a ForeignKey field in Django, as well as its format. Enforcing the usage of the field is done by the following rule: - id:…

semgrep

asked Nov 24 '21 at 14:35

fgarci03

vote

1 answer

Non literal import Untrusted user input in importlib.import_module() Warning

I am getting below warning while running my python code through Semgrep(Static Code validater). Please suggest any practical example how to use a whitelist to prevent running untrusted code or any other solution to avoid this warning.I searched on…

python python-3.x python-import whitelist semgrep

asked Sep 02 '21 at 12:01

Sarvendra Singh

votes

0 answers

How do I find lines of code using semgrep CLI?

I've run semgrep scan from the CLI (installed through python pip) and it doesn't report on the lines of code. Can it report on lines of code in the repository? It only listed the number of files, number of rules per language, and the issues it's…

semgrep

asked Aug 28 '23 at 18:19

Von Hymann

votes

0 answers

How to ignore the semgrep check in this condition

My code as following: // nosemgrep: go.lang.security.audit.dangerous-exec-command.dangerous-exec-command func run(path string) error { cmd := exec.Command(path) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr return cmd.Run() } But no…

go github semgrep

asked Aug 18 '23 at 11:01

Abner

votes

1 answer

how to ignore a single rule globally with semgrep

we are using semgrep to validate our C# in CI - the calling of it is managed by the larger enterprise and we have no control over it - or adding command line parameters etc. There's a rule we very much don't agree with. We can embed a comment in…

semgrep

asked Mar 28 '23 at 04:24

Darren Oakey

2,894
3
29
55

votes

0 answers

Semgrep: simple HTML matching (MWE included)

I know HTML is experimental in Semgrep, but I expect it to work on very simple matches (Bash is experimental too, and it works well enough already). How can I match any two elements with the same ID?