Merge Develop into Release (#2866)

* update formatted-sql-string rule (#2851) * fix typo in aws-ecr-mutable-image-tags rule message (#2858) * Remove incorrect licenses (#2861) --------- Co-authored-by: Vasilii Ermilov <inkz@xakep.ru> Co-authored-by: Lewis <LewisArdern@live.co.uk>
semgrep · Apr 12, 2023 · 45cbda4 · 45cbda4
1 parent 6191a54
commit 45cbda4
Show file tree

Hide file tree

Showing 13 changed files with 13 additions and 12 deletions.
diff --git a/csharp/dotnet/security/mvc-missing-antiforgery.yaml b/csharp/dotnet/security/mvc-missing-antiforgery.yaml
@@ -14,7 +14,6 @@ rules:
     - 'CWE-352: Cross-Site Request Forgery (CSRF)'
     cwe2021-top25: true
     cwe2022-top25: true
-    license: MIT
     owasp:
     - A01:2021 - Broken Access Control
     references:

diff --git a/csharp/dotnet/security/razor-template-injection.yaml b/csharp/dotnet/security/razor-template-injection.yaml
@@ -11,7 +11,6 @@ rules:
     cwe:
     - "CWE-94: Improper Control of Generation of Code ('Code Injection')"
     cwe2022-top25: true
-    license: MIT
     owasp:
     - A03:2021 - Injection
     references:

diff --git a/csharp/dotnet/security/web-config-insecure-cookie-settings.yaml b/csharp/dotnet/security/web-config-insecure-cookie-settings.yaml
@@ -10,7 +10,6 @@ rules:
     category: security
     cwe:
     - "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute"
-    license: MIT
     owasp:
     - A05:2021 - Security Misconfiguration
     references:

diff --git a/csharp/lang/security/filesystem/unsafe-path-combine.yaml b/csharp/lang/security/filesystem/unsafe-path-combine.yaml
@@ -42,7 +42,6 @@ rules:
   metadata:
     category: security
     confidence: MEDIUM
-    license: MIT
     references:
     - https://www.praetorian.com/blog/pathcombine-security-issues-in-aspnet-applications/
     - https://docs.microsoft.com/en-us/dotnet/api/system.io.path.combine?view=net-6.0#remarks

diff --git a/csharp/lang/security/insecure-deserialization/newtonsoft.yaml b/csharp/lang/security/insecure-deserialization/newtonsoft.yaml
@@ -37,7 +37,6 @@ rules:
     - newtonsoft
     - json
     confidence: LOW
-    license: MIT
     cwe2022-top25: true
     cwe2021-top25: true
     subcategory:

diff --git a/csharp/lang/security/xxe/xmldocument-unsafe-parser-override.yaml b/csharp/lang/security/xxe/xmldocument-unsafe-parser-override.yaml
@@ -23,7 +23,6 @@ rules:
   severity: WARNING
   metadata:
     category: security
-    license: MIT
     references:
     - https://www.jardinesoftware.net/2016/05/26/xxe-and-net/
     - https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmldocument.xmlresolver?view=net-6.0#remarks

diff --git a/csharp/lang/security/xxe/xmlreadersettings-unsafe-parser-override.yaml b/csharp/lang/security/xxe/xmlreadersettings-unsafe-parser-override.yaml
@@ -23,7 +23,6 @@ rules:
   severity: WARNING
   metadata:
     category: security
-    license: MIT
     references:
     - https://www.jardinesoftware.net/2016/05/26/xxe-and-net/
     - https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmldocument.xmlresolver?view=net-6.0#remarks

diff --git a/csharp/lang/security/xxe/xmltextreader-unsafe-defaults.yaml b/csharp/lang/security/xxe/xmltextreader-unsafe-defaults.yaml
@@ -24,7 +24,6 @@ rules:
   severity: WARNING
   metadata:
     category: security
-    license: MIT
     references:
     - https://www.jardinesoftware.net/2016/05/26/xxe-and-net/
     - https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmldocument.xmlresolver?view=net-6.0#remarks

diff --git a/java/lang/security/audit/formatted-sql-string.java b/java/lang/security/audit/formatted-sql-string.java
@@ -12,6 +12,7 @@
 import javax.persistence.EntityManagerFactory;
 import javax.persistence.Persistence;
 import javax.persistence.Query;
+import javax.persistence.criteria.CriteriaBuilder;
 
 public class SqlExample {
     public void staticQuery() throws SQLException {
@@ -132,5 +133,13 @@ public void test(String parameter) throws ApiException {
         apiClient.execute(call);
         apiClient.run(call); // proof that 'execute' name is causing the false-positive
     }
-}
 
+    public List<Student> addWhere(String name, CriteriaQuery Query)
+    {
+        EntityManager em = emfactory.createEntityManager();
+    	CriteriaBuilder criteriaBuilder = em.getCriteriaBuilder();
+		// ok: formatted-sql-string
+        List<Student> students = em.createQuery(Query.where(criteriaBuilder.equal(studentRoot.get("name"), name ))).getResultList();
+        return students;
+    }
+}
diff --git a/java/lang/security/audit/formatted-sql-string.yaml b/java/lang/security/audit/formatted-sql-string.yaml
@@ -57,6 +57,8 @@ rules:
         metavariable: $SQLFUNC
         regex: execute|executeQuery|createQuery|query
   pattern-sanitizers:
+  - patterns:
+    - pattern: (CriteriaBuilder $CB).$ANY(...)
   - patterns:
     - focus-metavariable: $...X
     - pattern-either:

diff --git a/php/lang/security/deserialization.yaml b/php/lang/security/deserialization.yaml
@@ -15,7 +15,6 @@ rules:
   languages:
   - php
   metadata:
-    license: MIT
     category: security
     cwe:
     - 'CWE-502: Deserialization of Untrusted Data'

diff --git a/php/lang/security/openssl-cbc-static-iv.yaml b/php/lang/security/openssl-cbc-static-iv.yaml
@@ -23,7 +23,6 @@ rules:
     - php
     - openssl
     category: security
-    license: MIT
     subcategory:
     - vuln
     likelihood: HIGH

diff --git a/terraform/aws/security/aws-ecr-mutable-image-tags.yaml b/terraform/aws/security/aws-ecr-mutable-image-tags.yaml
@@ -14,7 +14,7 @@ rules:
   message: >- 
     The ECR repository allows tag mutability. Image tags could be overwritten
     with compromised images. ECR images should be set to IMMUTABLE to prevent code
-    injection through image mutation. This can be done by setting image_tab_mutability
+    injection through image mutation. This can be done by setting `image_tag_mutability`
     to IMMUTABLE.
   languages:
   - hcl