Improve Semgrep CI (sonic-net#18577)

### What I did Semgrep's default ruleset (p/default) somehow lost some important rules #### How I did it Keep use p/default and add another rule #### How to verify it Added test code to this PR and Semgrep CI failed Failed result: https://github.com/sonic-net/sonic-buildimage/actions/runs/8574699788/job/23502068624
noaOrMlnx · Apr 6, 2024 · 1bfb2d4 · 1bfb2d4
1 parent be01b37
commit 1bfb2d4
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -19,4 +19,8 @@ jobs:
       - uses: actions/checkout@v3
       - run: semgrep ci
         env:
-           SEMGREP_RULES: p/default
+           SEMGREP_RULES: |
+             p/default
+             r/python.lang.security.audit.dangerous-system-call-audit.dangerous-system-call-audit
+             r/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn
+             r/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn