Commit e5bf848
![r2c-argo[bot]](https://avatars.githubusercontent.com/u/29760937?v=4&size=40){kind=avatar}
Merge Develop into Release (#3754)
* fix(rules): CODE-9032 (#3683)
* fix for CODE-9032
* add test
* Improve OCaml rule protecting against stray Not_founds (#3702)
## Link to an issue, if relevant
(internal Slack thread)
### ~~Adding a new~~ Revising a rule? Look over this PR checklist
- The issue or PR has links, references, or examples.
- The rule has **true positive** and **true negative** test cases in a file that matches the rule name.
> If the rule is `my-rule`, the test file name should be `my-rule.js`.
>
> True positives are marked by comments with `ruleid: <my-rule>` and true negatives are marked by comments with `ok: <my-rule>`.
- The rule has a good message. A good message includes:
> 1. A description of the pattern (e.g., missing parameter, dangerous flag, out-of-order function calls).
> 1. A description of why this pattern was detected (e.g., logic bug, introduces a security vulnerability, bad practice).
> 1. An alternative that resolves the issue (e.g., use another function, validate data first, discard the dangerous flag).
* Update aws-cloudfront-insecure-tls rule (#3705)
This updates aws-cloudfront-insecure-tls rule
to account for the addition of aws cloudfront
support for TLSv1.2_2025 and TLSv1.3_2025
* Add rule to detect backdoor github action placed by Sha1-Hulud (#3714)
Co-authored-by: Pieter De Cremer <[email protected]>
* Fixed message in shai hulud backdoor rule (#3715)
Co-authored-by: Pieter De Cremer <[email protected]>
* Add additional GitHub shell injections patterns (#3735)
A GitHub Action may still be vulnerable when a more complicated pattern is used, like an || operator.
* [go] Add CWE-502 unsafe deserialization rule (#3736)
* Add owasp 2025 mapping (#3739)
* Add owasp 2025 mapping
* fix metadata of twilio twiml injection rule
---------
Co-authored-by: Pieter De Cremer <[email protected]>
---------
Co-authored-by: Kurt Boberg <[email protected]>
Co-authored-by: Martin Jambon <[email protected]>
Co-authored-by: Greg M <[email protected]>
Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
Co-authored-by: Pieter De Cremer <[email protected]>
Co-authored-by: Tom Piccirello <[email protected]>
Co-authored-by: Ravi Sastry Kadali <[email protected]>1 parent c82eb9b commit e5bf848
0 file changed
0 commit comments