Merge pull request #322 from DataDog/s.obregoso/bump_semgrep_version

Bump semgrep verstion from 0.112.1 to 1.67.0
DataDog · Apr 8, 2024 · fe3ab1a · fe3ab1a
2 parents ba5e53f + 0d3f723
commit fe3ab1a
Show file tree

Hide file tree

Showing 5 changed files with 339 additions and 469 deletions.
diff --git a/guarddog/analyzer/sourcecode/code-execution.yml b/guarddog/analyzer/sourcecode/code-execution.yml
@@ -23,22 +23,22 @@ rules:
           # subprocess module
           - pattern: subprocess.getoutput($ARG1, ...)
           - pattern: getoutput($ARG1, ...)
-          - pattern: subprocess.getoutput([..., "$ARG1", ...], ...)
-          - pattern: getoutput([..., "$ARG1", ...], ...)
+          - pattern: subprocess.getoutput([..., "... $ARG1 ...", ...], ...)
+          - pattern: getoutput([..., "... $ARG1 ...", ...], ...)
 
           - pattern: subprocess.call($ARG1, ...)
           - pattern: call($ARG1, ...)
-          - pattern: subprocess.call([..., "$ARG1", ...], ...)
-          - pattern: call([..., "$ARG1", ...], ...)
+          - pattern: subprocess.call([..., "... $ARG1 ...", ...], ...)
+          - pattern: call([..., "... $ARG1 ...", ...], ...)
 
           - pattern: subprocess.check_output($ARG1, ...)
           - pattern: check_output($ARG1, ...)
-          - pattern: subprocess.check_output([..., "$ARG1", ...], ...)
-          - pattern: check_output([..., "$ARG1", ...], ...)
+          - pattern: subprocess.check_output([..., "... $ARG1 ...", ...], ...)
+          - pattern: check_output([..., "... $ARG1 ...", ...], ...)
 
           - pattern: subprocess.run($ARG1, ...)
           - pattern: run($ARG1, ...)
-          - pattern: subprocess.run([..., "$ARG1", ...], ...)
+          - pattern: subprocess.run([..., "... $ARG1 ...", ...], ...)
           - pattern: run([..., "$ARG1", ...], ...)
 
           # eval, allow checking for version