From 097a6ae94c1cf2780acbb905fb19d8b4a0da3611 Mon Sep 17 00:00:00 2001 From: bcaller Date: Wed, 23 Aug 2023 15:04:39 +0100 Subject: [PATCH] The directory was renamed --- assets/semgrep_rules/services/jinja-safe-usages.yaml | 2 +- .../semgrep_rules/services/missing-noopener-window-open.yaml | 4 ++-- .../semgrep_rules/services/no-backticks-in-js-handlers.yaml | 2 +- assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml | 2 +- .../services/path-travesal-by-string-interpolation.yaml | 2 +- assets/semgrep_rules/services/pip-extra-index-url.yaml | 2 +- assets/semgrep_rules/services/svelte-html-usages.yaml | 2 +- assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml | 2 +- assets/semgrep_rules/services/url-constructor-base.yaml | 2 +- assets/semgrep_rules/services/var-in-href.yaml | 2 +- assets/semgrep_rules/services/var-in-script-tag.yaml | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/assets/semgrep_rules/services/jinja-safe-usages.yaml b/assets/semgrep_rules/services/jinja-safe-usages.yaml index 756bf6ff..f54a440d 100644 --- a/assets/semgrep_rules/services/jinja-safe-usages.yaml +++ b/assets/semgrep_rules/services/jinja-safe-usages.yaml @@ -24,7 +24,7 @@ rules: impact: MEDIUM confidence: LOW license: Commons Clause License Condition v1.0[LGPL-2.1-only] - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/jinja-safe-usages.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/jinja-safe-usages.yaml languages: - regex paths: diff --git a/assets/semgrep_rules/services/missing-noopener-window-open.yaml b/assets/semgrep_rules/services/missing-noopener-window-open.yaml index 258b0912..801ede70 100644 --- a/assets/semgrep_rules/services/missing-noopener-window-open.yaml +++ b/assets/semgrep_rules/services/missing-noopener-window-open.yaml @@ -18,7 +18,7 @@ rules: likelihood: LOW impact: LOW license: MIT - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/missing-noopener-window-open.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/missing-noopener-window-open.yaml languages: - generic paths: @@ -78,7 +78,7 @@ rules: likelihood: LOW impact: LOW license: MIT - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/missing-noopener-window-open.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/missing-noopener-window-open.yaml languages: - typescript - javascript diff --git a/assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml b/assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml index 06c149bb..413c47a8 100644 --- a/assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml +++ b/assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml @@ -2,7 +2,7 @@ rules: - id: no-backticks-in-js-handlers metadata: author: Andrea Brancaleoni @ Brave - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/no-backticks-in-js-handlers.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/no-backticks-in-js-handlers.yaml patterns: - pattern-either: - pattern-inside: $HANDLER="..." diff --git a/assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml b/assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml index f21669f4..8f7302ad 100644 --- a/assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml +++ b/assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml @@ -2,7 +2,7 @@ rules: - id: nodejs-insecure-url-parse metadata: author: Andrea Brancaleoni - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/nodejs-insecure-url-parse.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml assignees: | thypon fmarier diff --git a/assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml b/assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml index d8ebc7c0..36fc2332 100644 --- a/assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml +++ b/assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml @@ -3,7 +3,7 @@ rules: metadata: author: Ben Caller confidence: MEDIUM - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/path-travesal-by-string-interpolation.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/path-travesal-by-string-interpolation.yaml message: The code contains new security hotspots which should be checked manually by a security team member! Could a user perform path traversal by setting a variable to include `../`? diff --git a/assets/semgrep_rules/services/pip-extra-index-url.yaml b/assets/semgrep_rules/services/pip-extra-index-url.yaml index 45faee7b..acc897c0 100644 --- a/assets/semgrep_rules/services/pip-extra-index-url.yaml +++ b/assets/semgrep_rules/services/pip-extra-index-url.yaml @@ -6,7 +6,7 @@ rules: - https://portswigger.net/daily-swig/dependency-confusion-attack-mounted-via-pypi-repo-exposes-flawed-package-installer-behavior - https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/ confidence: LOW - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/pip-extra-index-url.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/pip-extra-index-url.yaml message: >- Use --index-url instead of --extra-index-url to avoid dependency confusion. When using --extra-index-url, pip looks on pypi.org as well as the private index. diff --git a/assets/semgrep_rules/services/svelte-html-usages.yaml b/assets/semgrep_rules/services/svelte-html-usages.yaml index 4a82e54b..7c7293c8 100644 --- a/assets/semgrep_rules/services/svelte-html-usages.yaml +++ b/assets/semgrep_rules/services/svelte-html-usages.yaml @@ -7,7 +7,7 @@ rules: - https://cwe.mitre.org/data/definitions/615 - https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words confidence: LOW - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/svelte-html-usages.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-html-usages.yaml message: >- The code contains new security hotspots (`{@html expression}`) which should be checked manually by a security team member! diff --git a/assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml b/assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml index 73be93ad..886530ab 100644 --- a/assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml +++ b/assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml @@ -7,7 +7,7 @@ rules: - https://cwe.mitre.org/data/definitions/615 - https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words confidence: LOW - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/svelte-purifyConfig-usages.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-purifyConfig-usages.yaml message: >- The code contains new security hotspots (`purifyConfig`) which should be checked manually by a security team member! diff --git a/assets/semgrep_rules/services/url-constructor-base.yaml b/assets/semgrep_rules/services/url-constructor-base.yaml index 805ba068..3903bf5f 100644 --- a/assets/semgrep_rules/services/url-constructor-base.yaml +++ b/assets/semgrep_rules/services/url-constructor-base.yaml @@ -5,7 +5,7 @@ rules: confidence: LOW references: - https://developer.mozilla.org/en-US/docs/Web/API/URL/URL#parameters - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/url-constructor-base.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/url-constructor-base.yaml assignees: | bcaller thypon diff --git a/assets/semgrep_rules/services/var-in-href.yaml b/assets/semgrep_rules/services/var-in-href.yaml index cb97bb36..f6a4100f 100644 --- a/assets/semgrep_rules/services/var-in-href.yaml +++ b/assets/semgrep_rules/services/var-in-href.yaml @@ -32,7 +32,7 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/var-in-href.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/var-in-href.yaml languages: - generic paths: diff --git a/assets/semgrep_rules/services/var-in-script-tag.yaml b/assets/semgrep_rules/services/var-in-script-tag.yaml index 86bd4f55..ec5a53ab 100644 --- a/assets/semgrep_rules/services/var-in-script-tag.yaml +++ b/assets/semgrep_rules/services/var-in-script-tag.yaml @@ -33,7 +33,7 @@ rules: likelihood: LOW impact: MEDIUM license: Commons Clause License Condition v1.0[LGPL-2.1-only] - source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/web/var-in-script-tag.yaml + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/var-in-script-tag.yaml languages: - generic paths: