Software /
code /
prosody
File
.semgrep.yml @ 11392:a76493b75dec
mod_bosh: Include warning if endpoint accessed insecurely (#1172)
This is to make it obvious if a misconfigured a proxy or the request
really is insecure.
Perhaps it should also check c2s_require_encryption?
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 21 Feb 2021 06:18:22 +0100 |
parent | 11289:c6965f3c321c |
child | 12717:898e99f49d80 |
line wrap: on
line source
rules: - id: log-variable-fmtstring patterns: - pattern: log("...", $A) - pattern-not: log("...", "...") message: Variable passed as format string to logging languages: [lua] severity: ERROR - id: module-log-variable-fmtstring patterns: - pattern: module:log("...", $A) - pattern-not: module:log("...", "...") message: Variable passed as format string to logging languages: [lua] severity: ERROR - id: module-getopt-string-default patterns: - pattern: module:get_option_string("...", $A) - pattern-not: module:get_option_string("...", "...") - pattern-not: module:get_option_string("...", host) - pattern-not: module:get_option_string("...", module.host) message: Non-string default from :get_option_string severity: ERROR languages: [lua]