File

.semgrep.yml @ 11392:a76493b75dec

mod_bosh: Include warning if endpoint accessed insecurely (#1172) This is to make it obvious if a misconfigured a proxy or the request really is insecure. Perhaps it should also check c2s_require_encryption?
author Kim Alvefur <zash@zash.se>
date Sun, 21 Feb 2021 06:18:22 +0100
parent 11289:c6965f3c321c
child 12717:898e99f49d80
line wrap: on
line source

rules:
- id: log-variable-fmtstring
  patterns:
    - pattern: log("...", $A)
    - pattern-not: log("...", "...")
  message: Variable passed as format string to logging
  languages: [lua]
  severity: ERROR
- id: module-log-variable-fmtstring
  patterns:
    - pattern: module:log("...", $A)
    - pattern-not: module:log("...", "...")
  message: Variable passed as format string to logging
  languages: [lua]
  severity: ERROR
- id: module-getopt-string-default
  patterns:
    - pattern: module:get_option_string("...", $A)
    - pattern-not: module:get_option_string("...", "...")
    - pattern-not: module:get_option_string("...", host)
    - pattern-not: module:get_option_string("...", module.host)
  message: Non-string default from :get_option_string
  severity: ERROR
  languages: [lua]