Software `/` code `/` prosody

Annotate

.semgrep.yml @ 13553:850e4ade7a01

net.server_epoll: Make running out of buffer space a fatal error Prevent Bad Things from happening when the buffer gets full. This of course opens up the possibility of intentionally killing connections by sending much stuff, which need to be mitigated with rate limits elsewhere.

author	Kim Alvefur <zash@zash.se>
date	Sat, 09 Nov 2024 15:42:31 +0100
parent	12717:898e99f49d80
child	13700:9b7687b47da9

rev	line source
11289 c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	1 rules:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	2 - id: log-variable-fmtstring
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	3 patterns:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	4 - pattern: log("...", $A)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	5 - pattern-not: log("...", "...")
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	6 message: Variable passed as format string to logging
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	7 languages: [lua]
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	8 severity: ERROR
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	9 - id: module-log-variable-fmtstring
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	10 patterns:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	11 - pattern: module:log("...", $A)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	12 - pattern-not: module:log("...", "...")
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	13 message: Variable passed as format string to logging
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	14 languages: [lua]
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	15 severity: ERROR
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	16 - id: module-getopt-string-default
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	17 patterns:
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	18 - pattern: module:get_option_string("...", $A)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	19 - pattern-not: module:get_option_string("...", "...")
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	20 - pattern-not: module:get_option_string("...", host)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	21 - pattern-not: module:get_option_string("...", module.host)
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	22 message: Non-string default from :get_option_string
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	23 severity: ERROR
c6965f3c321c lint: Add initial semgrep config Kim Alvefur <zash@zash.se> parents: diff changeset	24 languages: [lua]
12717 898e99f49d80 semgrep: Catch stanza:text() (assuming it's meant to be :get_text()) Matthew Wild <mwild1@gmail.com> parents: 11289 diff changeset	25 - id: stanza-empty-text-constructor
898e99f49d80 semgrep: Catch stanza:text() (assuming it's meant to be :get_text()) Matthew Wild <mwild1@gmail.com> parents: 11289 diff changeset	26 patterns:
898e99f49d80 semgrep: Catch stanza:text() (assuming it's meant to be :get_text()) Matthew Wild <mwild1@gmail.com> parents: 11289 diff changeset	27 - pattern: $A:text()
898e99f49d80 semgrep: Catch stanza:text() (assuming it's meant to be :get_text()) Matthew Wild <mwild1@gmail.com> parents: 11289 diff changeset	28 message: Use :get_text() to read text, or pass a value here to add text
898e99f49d80 semgrep: Catch stanza:text() (assuming it's meant to be :get_text()) Matthew Wild <mwild1@gmail.com> parents: 11289 diff changeset	29 severity: WARNING
898e99f49d80 semgrep: Catch stanza:text() (assuming it's meant to be :get_text()) Matthew Wild <mwild1@gmail.com> parents: 11289 diff changeset	30 languages: [lua]

prosody

850e4ade7a01

.semgrep.yml

Software / code / prosody

Annotate

.semgrep.yml @ 13553:850e4ade7a01

Software `/` code `/` prosody