Skip to content

Commit

Permalink
The directory was renamed
Browse files Browse the repository at this point in the history
  • Loading branch information
bcaller committed Aug 23, 2023
1 parent aaa64d0 commit 097a6ae
Show file tree
Hide file tree
Showing 11 changed files with 12 additions and 12 deletions.
2 changes: 1 addition & 1 deletion assets/semgrep_rules/services/jinja-safe-usages.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ rules:
impact: MEDIUM
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/jinja-safe-usages.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/jinja-safe-usages.yaml
languages:
- regex
paths:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ rules:
likelihood: LOW
impact: LOW
license: MIT
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/missing-noopener-window-open.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/missing-noopener-window-open.yaml
languages:
- generic
paths:
Expand Down Expand Up @@ -78,7 +78,7 @@ rules:
likelihood: LOW
impact: LOW
license: MIT
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/missing-noopener-window-open.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/missing-noopener-window-open.yaml
languages:
- typescript
- javascript
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ rules:
- id: no-backticks-in-js-handlers
metadata:
author: Andrea Brancaleoni @ Brave
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/no-backticks-in-js-handlers.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml
patterns:
- pattern-either:
- pattern-inside: $HANDLER="..."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ rules:
- id: nodejs-insecure-url-parse
metadata:
author: Andrea Brancaleoni <abc@pompel.me>
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/nodejs-insecure-url-parse.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml
assignees: |
thypon
fmarier
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ rules:
metadata:
author: Ben Caller
confidence: MEDIUM
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/path-travesal-by-string-interpolation.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml
message: The code contains new security hotspots which should be checked
manually by a security team member! Could a user perform path traversal
by setting a variable to include `../`?
Expand Down
2 changes: 1 addition & 1 deletion assets/semgrep_rules/services/pip-extra-index-url.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ rules:
- https://portswigger.net/daily-swig/dependency-confusion-attack-mounted-via-pypi-repo-exposes-flawed-package-installer-behavior
- https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/
confidence: LOW
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/pip-extra-index-url.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/pip-extra-index-url.yaml
message: >-
Use --index-url instead of --extra-index-url to avoid dependency confusion.
When using --extra-index-url, pip looks on pypi.org as well as the private index.
Expand Down
2 changes: 1 addition & 1 deletion assets/semgrep_rules/services/svelte-html-usages.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ rules:
- https://cwe.mitre.org/data/definitions/615
- https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
confidence: LOW
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/svelte-html-usages.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-html-usages.yaml
message: >-
The code contains new security hotspots (`{@html expression}`) which should be checked manually
by a security team member!
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ rules:
- https://cwe.mitre.org/data/definitions/615
- https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
confidence: LOW
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/svelte-purifyConfig-usages.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-purifyConfig-usages.yaml
message: >-
The code contains new security hotspots (`purifyConfig`) which should be checked manually
by a security team member!
Expand Down
2 changes: 1 addition & 1 deletion assets/semgrep_rules/services/url-constructor-base.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ rules:
confidence: LOW
references:
- https://developer.mozilla.org/en-US/docs/Web/API/URL/URL#parameters
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/url-constructor-base.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/url-constructor-base.yaml
assignees: |
bcaller
thypon
Expand Down
2 changes: 1 addition & 1 deletion assets/semgrep_rules/services/var-in-href.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ rules:
likelihood: LOW
impact: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/var-in-href.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/var-in-href.yaml
languages:
- generic
paths:
Expand Down
2 changes: 1 addition & 1 deletion assets/semgrep_rules/services/var-in-script-tag.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ rules:
likelihood: LOW
impact: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/var-in-script-tag.yaml
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/var-in-script-tag.yaml
languages:
- generic
paths:
Expand Down

0 comments on commit 097a6ae

Please sign in to comment.