From f2ae2951a55a6896c98fe020b3c8e432cd9405d3 Mon Sep 17 00:00:00 2001 From: Artem Rys Date: Wed, 19 Apr 2023 16:35:58 +0200 Subject: [PATCH] chore: update existing nosemgreps and include semgrep as needed for build (#737) --- .github/workflows/build-test-release.yml | 1 + splunk_add_on_ucc_framework/commands/build.py | 2 +- .../commands/modular_alert_builder/alert_actions_conf_gen.py | 2 +- .../commands/modular_alert_builder/alert_actions_html_gen.py | 2 +- .../commands/modular_alert_builder/alert_actions_py_gen.py | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-test-release.yml b/.github/workflows/build-test-release.yml index f0eee06b1..de77cf42c 100644 --- a/.github/workflows/build-test-release.yml +++ b/.github/workflows/build-test-release.yml @@ -229,6 +229,7 @@ jobs: - test-unit - test-smoke - pre-commit + - semgrep - appinspect-for-expected-outputs runs-on: ubuntu-latest steps: diff --git a/splunk_add_on_ucc_framework/commands/build.py b/splunk_add_on_ucc_framework/commands/build.py index 04e0a87c3..6566f0e06 100644 --- a/splunk_add_on_ucc_framework/commands/build.py +++ b/splunk_add_on_ucc_framework/commands/build.py @@ -58,7 +58,7 @@ PARENT_DIR = ".." internal_root_dir = os.path.dirname(os.path.dirname(__file__)) -# nosemgrep: splunk.autoescape-disabled +# nosemgrep: splunk.autoescape-disabled, python.jinja2.security.audit.autoescape-disabled.autoescape-disabled j2_env = Environment( loader=FileSystemLoader(os.path.join(internal_root_dir, "templates")) ) diff --git a/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_conf_gen.py b/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_conf_gen.py index 53d722999..5db836b97 100644 --- a/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_conf_gen.py +++ b/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_conf_gen.py @@ -53,7 +53,7 @@ def __init__( self._all_settings = input_setting self._alert_settings = input_setting[ac.MODULAR_ALERTS] self._package_path = package_path - # nosemgrep: splunk.autoescape-disabled + # nosemgrep: splunk.autoescape-disabled, python.jinja2.security.audit.autoescape-disabled.autoescape-disabled self._templates = Environment( loader=FileSystemLoader( op.join(op.dirname(op.realpath(__file__)), "arf_template") diff --git a/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_html_gen.py b/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_html_gen.py index 454ab6d46..ab8503471 100644 --- a/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_html_gen.py +++ b/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_html_gen.py @@ -42,7 +42,7 @@ def __init__(self, input_setting=None, package_path=None): self._all_setting = input_setting self._package_path = package_path self._current_alert = None - # nosemgrep: splunk.autoescape-disabled + # nosemgrep: splunk.autoescape-disabled, python.jinja2.security.audit.autoescape-disabled.autoescape-disabled self._templates = Environment( loader=FileSystemLoader( [ diff --git a/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_py_gen.py b/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_py_gen.py index d6fab3399..635cdbe8b 100644 --- a/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_py_gen.py +++ b/splunk_add_on_ucc_framework/commands/modular_alert_builder/alert_actions_py_gen.py @@ -43,7 +43,7 @@ def __init__( self._alert_actions_setting = input_setting[ac.MODULAR_ALERTS] self._ta_name = self._all_setting.get(ac.SHORT_NAME) self._lib_dir = self.get_python_lib_dir_name(self._ta_name) - # nosemgrep: splunk.autoescape-disabled + # nosemgrep: splunk.autoescape-disabled, python.jinja2.security.audit.autoescape-disabled.autoescape-disabled self._templates = Environment( loader=FileSystemLoader( op.join(op.dirname(op.realpath(__file__)), "arf_template")