From f4768b00300fcdb4813579dc5d0cb6899d56ae3b Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Thu, 28 Sep 2023 11:08:09 -0700 Subject: [PATCH] lint: Fix semgrep scanning of extensionless Python scripts. Semgrep 0.118.0 changed the default of --scan-unknown-extensions to false. It also seems that it no longer respects --lang (or never did), so rename the config file to reflect that it only includes Python rules, to make it clear that additional languages will require separate config files. Signed-off-by: Anders Kaseorg --- requirements/dev.in | 2 +- tools/lint | 7 ++++--- tools/{semgrep.yml => semgrep-py.yml} | 0 3 files changed, 5 insertions(+), 4 deletions(-) rename tools/{semgrep.yml => semgrep-py.yml} (100%) diff --git a/requirements/dev.in b/requirements/dev.in index d9f61d71f4..6ae065efaa 100644 --- a/requirements/dev.in +++ b/requirements/dev.in @@ -62,7 +62,7 @@ cairosvg python-debian # Pattern-based lint tool -semgrep<1.38.0 # https://github.com/returntocorp/semgrep/issues/8669 +semgrep # Contains Pysa, a security-focused static analyzer pyre-check diff --git a/tools/lint b/tools/lint index dcd3e53fa9..f992b894a8 100755 --- a/tools/lint +++ b/tools/lint @@ -180,17 +180,18 @@ def run() -> None: semgrep_command = [ "semgrep", - "--config=./tools/semgrep.yml", + "scan", + "--scan-unknown-extensions", "--error", "--disable-version-check", "--quiet", ] linter_config.external_linter( "semgrep-py", - [*semgrep_command, "--lang=python"], + [*semgrep_command, "--config=./tools/semgrep-py.yml"], ["py"], fix_arg="--autofix", - description="Syntactic grep (semgrep) code search tool (config: ./tools/semgrep.yml)", + description="Syntactic grep (semgrep) code search tool (config: ./tools/semgrep-py.yml)", ) linter_config.external_linter( diff --git a/tools/semgrep.yml b/tools/semgrep-py.yml similarity index 100% rename from tools/semgrep.yml rename to tools/semgrep-py.yml