From fa85efa708e7d785975d61cf0899bfd747211723 Mon Sep 17 00:00:00 2001 From: Andrea Brancaleoni Date: Mon, 17 Jul 2023 13:52:56 +0200 Subject: [PATCH] brave-isolated-world.yaml: catch extra regex --- ...d-id-content-end.yaml => brave-isolated-world.yaml} | 10 ++++++++-- .../brave-isolated-world-id-content-end.c | 2 ++ 2 files changed, 10 insertions(+), 2 deletions(-) rename assets/semgrep_rules/c/{brave-isolated-world-id-content-end.yaml => brave-isolated-world.yaml} (57%) diff --git a/assets/semgrep_rules/c/brave-isolated-world-id-content-end.yaml b/assets/semgrep_rules/c/brave-isolated-world.yaml similarity index 57% rename from assets/semgrep_rules/c/brave-isolated-world-id-content-end.yaml rename to assets/semgrep_rules/c/brave-isolated-world.yaml index ab0037d6..c3b46a03 100644 --- a/assets/semgrep_rules/c/brave-isolated-world-id-content-end.yaml +++ b/assets/semgrep_rules/c/brave-isolated-world.yaml @@ -3,8 +3,12 @@ rules: metadata: author: Andrea Brancaleoni confidence: LOW + assignees: | + thypon + goodov + iefremov source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/c/brave-isolated-world-id-content-end.yaml - message: Security hotspot found (`ISOLATED_WORLD_ID_CONTENT_END`). A security-team member should analyze the code security for possible vulnerabilities. + message: Security hotspot found (`ISOLATED_WORLD`). A security-team member should analyze the code security for possible vulnerabilities. severity: WARNING languages: - generic @@ -16,4 +20,6 @@ rules: - "*.h" - "*.hh" - "*.hcc" - pattern-regex: ISOLATED_WORLD_ID_CONTENT_END + patterns: + - pattern-regex: ISOLATED_WORLD_ID_CONTENT_END + - pattern-regex: ISOLATED_WORLD_ID_BRAVE_INTERNAL diff --git a/t3sts/semgrep_rules/brave-isolated-world-id-content-end.c b/t3sts/semgrep_rules/brave-isolated-world-id-content-end.c index a69803a0..b1080c77 100644 --- a/t3sts/semgrep_rules/brave-isolated-world-id-content-end.c +++ b/t3sts/semgrep_rules/brave-isolated-world-id-content-end.c @@ -5,4 +5,6 @@ constexpr int kBraveAdsIsolatedWorldId = int main() { // ruleid: brave-isolated-world-id-content-end int a = content::ISOLATED_WORLD_ID_CONTENT_END; + // ruleid: brave-isolated-world-id-content-end + int a = content::ISOLATED_WORLD_ID_BRAVE_INTERNAL; }