diff --git a/.github/ISSUE_TEMPLATE/features-request-------.md b/.github/ISSUE_TEMPLATE/features-request-------.md index 4d241ede..a971ffb0 100644 --- a/.github/ISSUE_TEMPLATE/features-request-------.md +++ b/.github/ISSUE_TEMPLATE/features-request-------.md @@ -3,7 +3,7 @@ name: 'Features request: `...`' about: Include a new feature in the `security-action` title: '' labels: enhancement -assignees: thypon +assignees: thypon, kdenhartog --- diff --git a/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md b/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md index cb0a174a..8b4ecd9c 100644 --- a/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md +++ b/.github/ISSUE_TEMPLATE/issue-with-ruleset------.md @@ -3,7 +3,7 @@ name: Issue with ruleset `...` about: Describe this issue with the ruleset title: '' labels: bug -assignees: thypon +assignees: thypon, kdenhartog --- diff --git a/actions/main/action.cjs b/actions/main/action.cjs index a7207741..db26d237 100644 --- a/actions/main/action.cjs +++ b/actions/main/action.cjs @@ -5,7 +5,7 @@ const CONSOLE_BLUE = '\x1B[0;34m' const CONSOLE_RED = '\x1b[0;31m' const RESET_CONSOLE_COLOR = '\x1b[0m' -const ASSIGNEES = 'thypon' +const ASSIGNEES = 'thypon kdenhartog' const HOTWORDS = `password cryptography login diff --git a/assets/semgrep_rules/services/http-parse-multipart-dos.yaml b/assets/semgrep_rules/services/http-parse-multipart-dos.yaml index de071366..95f4d414 100644 --- a/assets/semgrep_rules/services/http-parse-multipart-dos.yaml +++ b/assets/semgrep_rules/services/http-parse-multipart-dos.yaml @@ -9,6 +9,7 @@ rules: source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/http-parse-multipart-dos.yaml assignees: | thypon + kdenhartog severity: INFO languages: - go diff --git a/assets/semgrep_rules/services/io-readall-dos.yaml b/assets/semgrep_rules/services/io-readall-dos.yaml index 7c1ff790..dba500af 100644 --- a/assets/semgrep_rules/services/io-readall-dos.yaml +++ b/assets/semgrep_rules/services/io-readall-dos.yaml @@ -9,6 +9,7 @@ rules: source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/io-readall-dos.yaml assignees: | thypon + kdenhartog severity: INFO languages: - go diff --git a/assets/semgrep_rules/services/url-constructor-base.yaml b/assets/semgrep_rules/services/url-constructor-base.yaml index af3c9c66..37797390 100644 --- a/assets/semgrep_rules/services/url-constructor-base.yaml +++ b/assets/semgrep_rules/services/url-constructor-base.yaml @@ -8,6 +8,7 @@ rules: source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/url-constructor-base.yaml assignees: | thypon + kdenhartog message: Are you using the `URL(url, base)` constructor as a security control to limit the origin with base `$BASE`? The base is ignored whenever url looks like an absolute URL, e.g. when it begins `protocol://`. `\\\\` or `//x.y`. Verify that the URL's origin is as expected rather than relying on the URL constructor. severity: INFO languages: