Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

lint: Fix semgrep scanning of extensionless Python scripts. 

Semgrep 0.118.0 changed the default of --scan-unknown-extensions to
false.  It also seems that it no longer respects --lang (or never
did), so rename the config file to reflect that it only includes
Python rules, to make it clear that additional languages will require
separate config files.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2023-09-28 11:08:09 -07:00 committed by Tim Abbott
parent 6f6e83d2e2
commit f4768b0030
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
requirements/dev.in
View File

@ -62,7 +62,7 @@ cairosvg
python-debian python-debian
# Pattern-based lint tool # Pattern-based lint tool
semgrep<1.38.0 # https://github.com/returntocorp/semgrep/issues/8669 semgrep
# Contains Pysa, a security-focused static analyzer # Contains Pysa, a security-focused static analyzer
pyre-check pyre-check

7
tools/lint
View File

@ -180,17 +180,18 @@ def run() -> None:
semgrep_command = [ semgrep_command = [
"semgrep", "semgrep",
"--config=./tools/semgrep.yml", "scan",
"--scan-unknown-extensions",
"--error", "--error",
"--disable-version-check", "--disable-version-check",
"--quiet", "--quiet",
] ]
linter_config.external_linter( linter_config.external_linter(
"semgrep-py", "semgrep-py",
[*semgrep_command, "--lang=python"], [*semgrep_command, "--config=./tools/semgrep-py.yml"],
["py"], ["py"],
fix_arg="--autofix", fix_arg="--autofix",
description="Syntactic grep (semgrep) code search tool (config: ./tools/semgrep.yml)", description="Syntactic grep (semgrep) code search tool (config: ./tools/semgrep-py.yml)",
) )
linter_config.external_linter( linter_config.external_linter(

0
tools/semgrep.yml → tools/semgrep-py.yml
View File