diff --git a/.github/ISSUE_TEMPLATE/features-request-------.md b/.github/ISSUE_TEMPLATE/features-request-------.md index 95f57156..4d241ede 100644 --- a/.github/ISSUE_TEMPLATE/features-request-------.md +++ b/.github/ISSUE_TEMPLATE/features-request-------.md @@ -3,7 +3,7 @@ name: 'Features request: `...`' about: Include a new feature in the `security-action` title: '' labels: enhancement -assignees: bcaller, thypon +assignees: thypon --- diff --git a/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md b/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md index 48884ddd..cb0a174a 100644 --- a/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md +++ b/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md @@ -3,7 +3,7 @@ name: Issue with ruleset `...` about: Describe this issue with the ruleset title: '' labels: bug -assignees: thypon, bcaller +assignees: thypon --- diff --git a/README.md b/README.md index 97220d19..e0d5a14a 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} # optional - # by default assignees will be thypon and bcaller, modify accordingly + # by default assignees will be thypon, modify accordingly assignees: | yoursecuritycontact yoursecondsecuritycontact diff --git a/actions/main/action.cjs b/actions/main/action.cjs index cff27e49..a7207741 100644 --- a/actions/main/action.cjs +++ b/actions/main/action.cjs @@ -5,8 +5,7 @@ const CONSOLE_BLUE = '\x1B[0;34m' const CONSOLE_RED = '\x1b[0;31m' const RESET_CONSOLE_COLOR = '\x1b[0m' -const ASSIGNEES = `thypon -bcaller` +const ASSIGNEES = 'thypon' const HOTWORDS = `password cryptography login diff --git a/assets/semgrep_rules/services/http-parse-multipart-dos.yaml b/assets/semgrep_rules/services/http-parse-multipart-dos.yaml index 16ecdab4..de071366 100644 --- a/assets/semgrep_rules/services/http-parse-multipart-dos.yaml +++ b/assets/semgrep_rules/services/http-parse-multipart-dos.yaml @@ -8,7 +8,6 @@ rules: - https://pkg.go.dev/net/http#MaxBytesReader source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/http-parse-multipart-dos.yaml assignees: | - bcaller thypon severity: INFO languages: diff --git a/assets/semgrep_rules/services/io-readall-dos.yaml b/assets/semgrep_rules/services/io-readall-dos.yaml index 4582c82a..7c1ff790 100644 --- a/assets/semgrep_rules/services/io-readall-dos.yaml +++ b/assets/semgrep_rules/services/io-readall-dos.yaml @@ -8,7 +8,6 @@ rules: - https://pkg.go.dev/net/http#MaxBytesReader source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/io-readall-dos.yaml assignees: | - bcaller thypon severity: INFO languages: diff --git a/assets/semgrep_rules/services/url-constructor-base.yaml b/assets/semgrep_rules/services/url-constructor-base.yaml index 73d3ad51..af3c9c66 100644 --- a/assets/semgrep_rules/services/url-constructor-base.yaml +++ b/assets/semgrep_rules/services/url-constructor-base.yaml @@ -7,7 +7,6 @@ rules: - https://developer.mozilla.org/en-US/docs/Web/API/URL/URL#parameters source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/url-constructor-base.yaml assignees: | - bcaller thypon message: Are you using the `URL(url, base)` constructor as a security control to limit the origin with base `$BASE`? The base is ignored whenever url looks like an absolute URL, e.g. when it begins `protocol://`. `\\\\` or `//x.y`. Verify that the URL's origin is as expected rather than relying on the URL constructor. severity: INFO