File

.semgrep.yml @ 12900:5484debdfdfe

mod_auth_internal_hashed: Refactor to prepare for disabling users Moving this out will make space for a dynamic check whether a particular user is disabled or not, which is one possible response to abuse of account privileges.
author Kim Alvefur <zash@zash.se>
date Wed, 22 Feb 2023 13:27:08 +0100
parent 12717:898e99f49d80
line wrap: on
line source

rules:
- id: log-variable-fmtstring
  patterns:
    - pattern: log("...", $A)
    - pattern-not: log("...", "...")
  message: Variable passed as format string to logging
  languages: [lua]
  severity: ERROR
- id: module-log-variable-fmtstring
  patterns:
    - pattern: module:log("...", $A)
    - pattern-not: module:log("...", "...")
  message: Variable passed as format string to logging
  languages: [lua]
  severity: ERROR
- id: module-getopt-string-default
  patterns:
    - pattern: module:get_option_string("...", $A)
    - pattern-not: module:get_option_string("...", "...")
    - pattern-not: module:get_option_string("...", host)
    - pattern-not: module:get_option_string("...", module.host)
  message: Non-string default from :get_option_string
  severity: ERROR
  languages: [lua]
- id: stanza-empty-text-constructor
  patterns:
    - pattern: $A:text()
  message: Use :get_text() to read text, or pass a value here to add text
  severity: WARNING
  languages: [lua]