Skip to content

Commit

Permalink
*: assign to thypon
Browse files Browse the repository at this point in the history
  • Loading branch information
thypon committed Aug 15, 2024
1 parent 18835be commit aaa0dc7
Show file tree
Hide file tree
Showing 7 changed files with 4 additions and 8 deletions.
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/features-request-------.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: 'Features request: `...`'
about: Include a new feature in the `security-action`
title: ''
labels: enhancement
assignees: bcaller, thypon
assignees: thypon

---

Expand Down
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/issue-with-ruleset------.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Issue with ruleset `...`
about: Describe this issue with the ruleset
title: ''
labels: bug
assignees: thypon, bcaller
assignees: thypon

---

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} # optional
# by default assignees will be thypon and bcaller, modify accordingly
# by default assignees will be thypon, modify accordingly
assignees: |
yoursecuritycontact
yoursecondsecuritycontact
Expand Down
3 changes: 1 addition & 2 deletions actions/main/action.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@ const CONSOLE_BLUE = '\x1B[0;34m'
const CONSOLE_RED = '\x1b[0;31m'
const RESET_CONSOLE_COLOR = '\x1b[0m'

const ASSIGNEES = `thypon
bcaller`
const ASSIGNEES = 'thypon'
const HOTWORDS = `password
cryptography
login
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ rules:
- https://pkg.go.dev/net/http#MaxBytesReader
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/http-parse-multipart-dos.yaml
assignees: |
bcaller
thypon
severity: INFO
languages:
Expand Down
1 change: 0 additions & 1 deletion assets/semgrep_rules/services/io-readall-dos.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ rules:
- https://pkg.go.dev/net/http#MaxBytesReader
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/io-readall-dos.yaml
assignees: |
bcaller
thypon
severity: INFO
languages:
Expand Down
1 change: 0 additions & 1 deletion assets/semgrep_rules/services/url-constructor-base.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ rules:
- https://developer.mozilla.org/en-US/docs/Web/API/URL/URL#parameters
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/url-constructor-base.yaml
assignees: |
bcaller
thypon
message: Are you using the `URL(url, base)` constructor as a security control to limit the origin with base `$BASE`? The base is ignored whenever url looks like an absolute URL, e.g. when it begins `protocol://`. `\\\\` or `//x.y`. Verify that the URL's origin is as expected rather than relying on the URL constructor.
severity: INFO
Expand Down

0 comments on commit aaa0dc7

Please sign in to comment.