Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: semgrep installation + runtime arguments now work #94

Merged
merged 7 commits into from
Nov 14, 2023
Merged

fix: semgrep installation + runtime arguments now work #94

merged 7 commits into from
Nov 14, 2023

Conversation

indecisivedragon
Copy link
Contributor

@indecisivedragon indecisivedragon commented Nov 10, 2023
edited
Loading

Issue

closes #92

Description

  • semgrep download is now managed by python3 venv instead of pip installing to user installtion
  • install location is directly passed to find_semgrep so semgrep can be found even if it's not in $PATH
  • semgrep default run arguments conflicted with each other, metrics is now default on to work with config=auto

Testing

tests need to be added to ensure that semgrep run returns correct sast json: #95

@indecisivedragon indecisivedragon mentioned this pull request Nov 10, 2023
Closed
viega
viega previously approved these changes Nov 11, 2023
View reviewed changes
src/configs/sastconfig.c4m Outdated
func find_semgrep(ignore) {
result := find_exe("semgrep", [])
semgrep_path := "/tmp/semgrep.env/bin/semgrep"
result := find_exe(semgrep_path, [])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

find_exe() IIRC searches the $PATH too, even if you call it with a full path. I don't know why we'd prioritize looking in /tmp if it's already installed on the system??

I guess if we don't like the version installed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mixed up the argument order here which should be fixed now, but yes we want to ensure we have the right version

src/configs/sastconfig.c4m Outdated Show resolved Hide resolved
src/configs/sastconfig.c4m
return true

trace("semgrep could not be installed")
return false
}

func get_semgrep_args(artifact) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we're touching this stuff should we make it more configurable? Tho I guess a semgrep component might be better for that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a separate pr for that would be best

miki725
miki725 reviewed Nov 12, 2023
View reviewed changes
src/configs/sastconfig.c4m Outdated Show resolved Hide resolved
@indecisivedragon indecisivedragon marked this pull request as ready for review November 13, 2023 23:31
@indecisivedragon indecisivedragon merged commit 864e59e into main Nov 14, 2023
4 checks passed
@indecisivedragon indecisivedragon deleted the ll/semgrep_fix branch November 14, 2023 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miki725 miki725 miki725 left review comments

@viega viega viega approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: semgrep download incompatible with --sarif
3 participants
@indecisivedragon @miki725 @viega