guarddog Rule exclusion is broken

Sample:

$ guarddog npm scan requests --exclude-rules empty_information
repository_integrity_mismatch is not a valid rule.

🤔

Feb 08 '23 21:02 christophetd

Yeah this is utterly broken:

$ docker run --rm -v $PWD:/home -w /home ghcr.io/datadog/guarddog pypi verify requirements.txt --exclude-rules repository_integrity_mismatch
...
* rules-all: failed to run rule:
An error occurred when running Semgrep.

command: semgrep --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/npm-silent-process-execution.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/shady-links.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/steganography.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/cmd-overwrite.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/npm-install-script.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/npm-serialize-environment.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/download-executable.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/npm-exec-base64.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/obfuscation.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/release_zero.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/potentially_compromised_email_domain.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/exec-base64.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/single_python_file.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/empty_information.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/silent-process-execution.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/clipboard-access.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/code-execution.yml --config /usr/local/lib/python3.10/site-packages/guarddog/analyzer/sourcecode/typosquatting.yml --exclude='helm' --exclude='.idea' --exclude='venv' --exclude='test' --exclude='tests' --exclude='.env' --exclude='dist' --exclude='build' --exclude='semgrep' --exclude='migrations' --exclude='.github' --exclude='.semgrep_logs' --no-git-ignore --json --quiet /tmp/tmp24f4_pwo/uvloop

Jan 24 '24 04:01 ofek

Encountering the same issue.

Mar 16 '24 16:03 bob-the-builder-v

This issue is fixed in version 1.9.0:

$ guarddog npm scan requests --exclude-rules empty_information --output-format json
{"issues": 1, "errors": {}, "results": {"release_zero": null, "unclaimed_maintainer_email_domain": null, "npm_metadata_mismatch": null, "potentially_compromised_email_domain": "The domain name of [REDACTED]...", "direct_url_dependency": null, "deceptive_author": null, "bundled_binary": null, "typosquatting": null, "npm-obfuscation": {}, "npm-exec-base64": {}, "npm-silent-process-execution": {}, "bidirectional-characters": {}, "npm-serialize-environment": {}, "shady-links": {}, "npm-install-script": {}, "npm-exfiltrate-sensitive-data": {}}, "path": "/var/folders/83/v1gvs5x976xdn94tnyk95j8r0000gq/T/tmps34wnfvy/requests", "package": "requests"}

docker run --rm -v $PWD:/home -w /home ghcr.io/datadog/guarddog pypi verify requirements.txt --exclude-rules repository_integrity_mismatch
Scanning using at most 10 parallel worker threads
Found 0 potentially malicious indicators scanning certifi version 2023.7.22

Found 0 potentially malicious indicators scanning attrs version 21.4.0

Jun 05 '24 10:06 sobregosodd