Sjoerd Langkemper

icon indicating a website link https://www.sjoerdlangkemper.nl/

icon location Haarlem, The Netherlands

Results 204 comments of Sjoerd Langkemper

CWE mapping will be dropped

> we just remove CWE and all other mappings from ASVS and leave it all on CRE project. I would prefer to just remove all references.

TimeoutError when validating rules

[chore(parsing): remove parsing timeout limit (semgrep/semgrep-proprie… · semgrep/semgrep@5c2a033](https://github.com/semgrep/semgrep/commit/5c2a033408bd23a4381df00d6ea090ff2b141b10)

Proposal: the application must belong/covered to the HSTS preload list (probably level 3)

There is a tradeoff here where requiring HSTS preload can lead to worse security. For example, _bank.tld_ has a customer portal on _my.bank.tld_ and a legacy application on _legacy.bank.tld_. They...

Proposal: the application must belong/covered to the HSTS preload list (probably level 3)

An alternative way to use HTTPS immediately (including the first request) is to use a [HTTPS RR DNS record](https://datatracker.ietf.org/doc/rfc9460/). This is pretty new, but seems to be supported by [Chrome](https://chromestatus.com/feature/5485544526053376)...

Apply template scans to *.twig files

@LewisArdern Could you take a look at this?

Detect XSS in trigger_error

@inkz Could you take a look at this PR?

Detect XSS in trigger_error

Can someone review this?

Fix false positive for unquoted-attribute-var

@minusworld Could you take a look at this PR?

Fix false positive for unquoted-attribute-var

Can this be reviewed please?

Add Support for Groovy language

There's [this tree-sitter-groovy](https://github.com/codieboomboom/tree-sitter-groovy), but I don't know the status of it.