semgrep-rules
semgrep-rules copied to clipboard
Semgrep rules registry
Better results for `detect-child-process` rule
There is a CIS benchmark for containers for checking: 4.6 Ensure that HEALTHCHECK instructions have been added to container images The recommended way is to do docker inspect command `docker...
add "pipenv install --deploy" as an allowed pattern, as this will result in a failure if the lockfile does not match pipfile. This ensures deterministic deploys in the case of...
Wahoo! New published rules with `missing-hsts-header` from @securecodeninja. See [semgrep.dev/s/securecodeninja:missing-hsts-header](https://semgrep.dev/s/securecodeninja:missing-hsts-header) for more details. Thanks for your contribution! ❤️
**Describe the bug** The `csharp.lang.security.insecure-deserialization.newtonsoft.insecure-newtonsoft-deserialization` rule reports that "a custom SerializationBinder whenever using a setting other than TypeNameHandling.None". However, the rule still shows a warning when a SerializationBinder is defined....
Wahoo! New published rules with `jwt-securitytoken-no-expiry-validation` from @securecodeninja. See [semgrep.dev/s/securecodeninja:jwt-securitytoken-no-expiry-validation](https://semgrep.dev/s/securecodeninja:jwt-securitytoken-no-expiry-validation) for more details. Thanks for your contribution! ❤️
Sorry for the big PR!
Hello, Adding some detection around XSS for DART. This is more of a test run to see if I get the procedure right and testing out the small rule based...