lint: Fix semgrep scanning of extensionless Python scripts.

Semgrep 0.118.0 changed the default of --scan-unknown-extensions to false. It also seems that it no longer respects --lang (or never did), so rename the config file to reflect that it only includes Python rules, to make it clear that additional languages will require separate config files. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-28 11:08:09 -07:00 · 2023-09-28 11:08:09 -07:00 · f4768b0030
parent 6f6e83d2e2
commit f4768b0030
3 changed files with 5 additions and 4 deletions
--- a/requirements/dev.in
+++ b/requirements/dev.in
@ -62,7 +62,7 @@ cairosvg
 python-debian

 # Pattern-based lint tool
-semgrep<1.38.0  # https://github.com/returntocorp/semgrep/issues/8669
+semgrep

 # Contains Pysa, a security-focused static analyzer
 pyre-check
--- a/tools/lint
+++ b/tools/lint
@ -180,17 +180,18 @@ def run() -> None:

    semgrep_command = [
        "semgrep",
-        "--config=./tools/semgrep.yml",
+        "scan",
+        "--scan-unknown-extensions",
        "--error",
        "--disable-version-check",
        "--quiet",
    ]
    linter_config.external_linter(
        "semgrep-py",
-        [*semgrep_command, "--lang=python"],
+        [*semgrep_command, "--config=./tools/semgrep-py.yml"],
        ["py"],
        fix_arg="--autofix",
-        description="Syntactic grep (semgrep) code search tool (config: ./tools/semgrep.yml)",
+        description="Syntactic grep (semgrep) code search tool (config: ./tools/semgrep-py.yml)",
    )

    linter_config.external_linter(
--- a/tools/semgrep-py.yml
+++ b/tools/semgrep-py.yml