Software `/` code `/` prosody

Annotate

.semgrep.yml @ 11749:83d6d6a70edf

net.http: fail open if surrounding code does not configure TLS Previously, if surrounding code was not configuring the TLS context used default in net.http, it would not validate certificates at all. This is not a security issue with prosody, because prosody updates the context with `verify = "peer"` as well as paths to CA certificates in util.startup.init_http_client. Nevertheless... Let's not leave this pitfall out there in the open.

author	Jonas Schäfer <jonas@wielicki.name>
date	Sun, 29 Aug 2021 15:04:47 +0200
parent	11289:c6965f3c321c
child	12717:898e99f49d80

rev	line source
11289 c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	1 rules:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	2 - id: log-variable-fmtstring
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	3 patterns:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	4 - pattern: log("...", $A)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	5 - pattern-not: log("...", "...")
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	6 message: Variable passed as format string to logging
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	7 languages: [lua]
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	8 severity: ERROR
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	9 - id: module-log-variable-fmtstring
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	10 patterns:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	11 - pattern: module:log("...", $A)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	12 - pattern-not: module:log("...", "...")
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	13 message: Variable passed as format string to logging
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	14 languages: [lua]
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	15 severity: ERROR
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	16 - id: module-getopt-string-default
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	17 patterns:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	18 - pattern: module:get_option_string("...", $A)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	19 - pattern-not: module:get_option_string("...", "...")
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	20 - pattern-not: module:get_option_string("...", host)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	21 - pattern-not: module:get_option_string("...", module.host)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	22 message: Non-string default from :get_option_string
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	23 severity: ERROR
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	24 languages: [lua]

prosody

83d6d6a70edf

.semgrep.yml

Software / code / prosody

Annotate

.semgrep.yml @ 11749:83d6d6a70edf

Software `/` code `/` prosody