Gabriel Marquet
Gabriel Marquet
had this same exact idea to feed into DAST yeah, maybe a good cli prompt interface or some extra flags, to tell the server/host url, base path etc...
Okay, small update: Struggled a bit to setup the debugger on VSCode, but I finally got it working by selecting the poetry Python interpreter, otherwise it wouldn't use breakpoints in...
Update: been trying to make a new kind of Normalizer, called "extractor" to really get the exact route defined instead of just the semgrep lines. Using regex it's definitely horrible,...
Adding a new semgrep variable like $ROUTE in the spring rules could help grabbing the routes easily https://github.com/mschwager/route-detect/blob/main/routes/rules/spring.yml#L6C28-L6C28 ```yaml - pattern: | @$METHOD(path = $PATH) $RETURNTYPE $FUNC(...) { ... }...
FYI, for Scala I took a look (my company uses it a bit) The huge problem is going to be the route declaration https://www.playframework.com/documentation/2.8.x/ScalaRouting It's a separate `.routes` file that...
The parallelism bug is gone, but now I'm having a weird issue. ``` poetry run semgrep --test --config routes/rules/ tests/test_rules/ .... Found rule id mismatch - file=/Users/gabrielmarquet/Desktop/route-detect/tests/test_rules/spring.java 'ruleid' annotation with...
Sorry, for the delay, will take a look at this asap
I think the timeout you mentioned is purely in the setup, when it creates its own CA etc... I think my issue was purely when the request was going through...
Did a quick run on my local machine RESULTS ------- Aggregate score: 4.9 / 10 Check scores: Finished [CI-Tests] Finished [Contributors] Finished [Webhooks] Finished [Pinned-Dependencies] Finished [Dependency-Update-Tool] Finished [SAST] Finished...