diff --git a/assets/semgrep_rules/services/internal-digest-call.py b/assets/semgrep_rules/services/internal-digest-call.py new file mode 100644 index 00000000..fa2fe619 --- /dev/null +++ b/assets/semgrep_rules/services/internal-digest-call.py @@ -0,0 +1,3 @@ +def signature(**kwargs): + # ruleid: internal-digest-call + sig = _INTERNAL_DIGEST_NEVER_CALL_DIRECTLY(kwargs) diff --git a/assets/semgrep_rules/services/internal-digest-call.yaml b/assets/semgrep_rules/services/internal-digest-call.yaml new file mode 100644 index 00000000..742fbc66 --- /dev/null +++ b/assets/semgrep_rules/services/internal-digest-call.yaml @@ -0,0 +1,9 @@ +rules: + - id: internal-digest-call + pattern-regex: _INTERNAL_DIGEST_NEVER_CALL_DIRECTLY + message: Internal Digest Direct Call, never call this directly + languages: + - python + severity: WARNING + metadata: + source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/internal-digest-call.yaml