Pieter De Cremer (Semgrep)

I would like this feature.

Do not merge, this is for testing workflows.

Hi @aleboulanger, Thanks for sharing these false positives! I'm in the process of fixing them.

Hey @AlekKras. Thanks for your contribution. Your rule is currently invalid. You can test this by running `semgrep --config xss.yaml xss.dart` Some of the issues: - Currently dart is not...

Because we don't currently support dart, our convention would be to store rules for dart in a `/generic/dart/` folder instead of a top level `/dart` folder, like you currently do.

If you want to add support for dart, you have to do so in our other repositories. This repository is strictly for writing rules. You can find more information in...

More: - mobsf.mobsfscan.xmldecoder_xxe.xml_decoder_xxe - mobsf.mobsfscan.xmlfactory_external_entities_enabled.xmlinputfactory_xxe_enabled - mobsf.mobsfscan.xmlfactory_xxe.xmlinputfactory_xxe - gitlab.find_sec_bugs.XXE_SAXPARSER-1 - gitlab.find_sec_bugs.XXE_XMLREADER-1 - gitlab.find_sec_bugs.XXE_XMLSTREAMREADER-1 - gitlab.find_sec_bugs.XXE_XPATH-1.XXE_DOCUMENT-1

It looks like the rule was deleted again by the testcode. Currently the CI thinks the testcode is an invalid Semgrep rule. Typically for rules targetting yaml code, we use...

Looks like we are still missing a CLA and some failing lints for our rules. If you have any questions or require any help, let us know! Here is a...

I'll also do a review of the actual rules tomorrow!