Skip to content

Commit

Permalink
🐛 fix #8435, advance semgrep (#9323)
Browse files Browse the repository at this point in the history
  • Loading branch information
@manuel-sommer
manuel-sommer authored Jan 19, 2024
1 parent ca23b91 commit db19c44
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 1 deletion.
6 changes: 5 additions & 1 deletion dojo/tools/semgrep/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,10 @@ def get_description(self, item):

snippet = item["extra"].get("lines")
if snippet is not None:
description += "**Snippet:**\n```{}```\n".format(snippet)
if "<![" in snippet:
snippet = snippet.replace("<![", "<! [")
description += "**Snippet:** ***Caution:*** Please remove the space between `!` and `[` to have the real value due to a workaround to circumvent [#8435](https://github.com/DefectDojo/django-DefectDojo/issues/8435).\n```{}```\n".format(snippet)
else:
description += "**Snippet:**\n```{}```\n".format(snippet)

return description
69 changes: 69 additions & 0 deletions unittests/scans/semgrep/issue_8435.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{
"errors": [
],
"results": [
{
"check_id": "generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth",
"end": {
"col": 38431,
"line": 1,
"offset": 38430
},
"extra": {
"engine_kind": "OSS",
"fingerprint": "fc255e575f2b938f11bf70bb737def0a1aa3ea044296972c9c6ff5b66b0d931064731b30406fc873b300c2bcf73cb66797513b709991e334fd355599d60d53d8_0",
"is_ignored": false,
"lines": "<![A-Z]>",
"message": "Twitter OAuth detected",
"metadata": {
"category": "security",
"confidence": "LOW",
"cwe": [
"CWE-798: Use of Hard-coded Credentials"
],
"cwe2021-top25": true,
"cwe2022-top25": true,
"impact": "MEDIUM",
"license": "Commons Clause License Condition v1.0[LGPL-2.1-only]",
"likelihood": "LOW",
"owasp": [
"A07:2021 - Identification and Authentication Failures"
],
"references": [
"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures"
],
"semgrep.dev": {
"rule": {
"origin": "community",
"rule_id": "BYUNq8",
"url": "https://semgrep.dev/playground/r/A8TRG6/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth",
"version_id": "A8TRG6"
}
},
"shortlink": "https://sg.run/Lwb7",
"source": "https://semgrep.dev/r/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth",
"source-rule-url": "https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json",
"subcategory": [
"audit"
],
"technology": [
"secrets",
"twitter"
],
"vulnerability_class": [
"Hard-coded Secrets"
]
},
"metavars": {},
"severity": "ERROR"
},
"path": "/somedir/somefile.js",
"start": {
"col": 37650,
"line": 1,
"offset": 37649
}
}
],
"version": "1.33.2"
}
7 changes: 7 additions & 0 deletions unittests/tools/test_semgrep_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,3 +121,10 @@ def test_different_lines_same_fingerprint(self):
self.assertEqual(len(findings_first), len(findings_second))
for first, second in zip(findings_first, findings_second):
self.assertEqual(first.unique_id_from_tool, second.unique_id_from_tool)

def test_parse_issue_8435(self):
testfile = open("unittests/scans/semgrep/issue_8435.json")
parser = SemgrepParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(1, len(findings))

0 comments on commit db19c44

Please sign in to comment.