Annotate

.semgrep.yml @ 12594:29685403be32

mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760) Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier channel binding method being undefined for TLS 1.3, and the increasing deployment of TLS 1.3. See 1bfd238e05ad and #1542 Requires future version of LuaSec, once support for this key material export method is merged. See https://github.com/brunoos/luasec/pull/187
author Kim Alvefur <zash@zash.se>
date Wed, 01 Jun 2022 15:06:59 +0200
parent 11289:c6965f3c321c
child 12717:898e99f49d80
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
11289
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 rules:
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 - id: log-variable-fmtstring
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 patterns:
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 - pattern: log("...", $A)
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 - pattern-not: log("...", "...")
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 message: Variable passed as format string to logging
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 languages: [lua]
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 severity: ERROR
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 - id: module-log-variable-fmtstring
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 patterns:
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 - pattern: module:log("...", $A)
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 - pattern-not: module:log("...", "...")
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 message: Variable passed as format string to logging
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 languages: [lua]
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 severity: ERROR
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 - id: module-getopt-string-default
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 patterns:
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 - pattern: module:get_option_string("...", $A)
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 - pattern-not: module:get_option_string("...", "...")
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 - pattern-not: module:get_option_string("...", host)
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 - pattern-not: module:get_option_string("...", module.host)
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 message: Non-string default from :get_option_string
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 severity: ERROR
c6965f3c321c lint: Add initial semgrep config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 languages: [lua]