(tooling-trusted-releases) branch main updated: Add several more semgrep rule packs

Tue, 09 Dec 2025 09:03:26 -0800 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new e697fe8  Add several more semgrep rule packs
e697fe8 is described below

commit e697fe888389d06644de2ab616c48a0f88371c23
Author: Sean B. Palmer <[email protected]>
AuthorDate: Tue Dec 9 17:02:48 2025 +0000

    Add several more semgrep rule packs
---
 .pre-commit-heavy.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.pre-commit-heavy.yaml b/.pre-commit-heavy.yaml
index cd85020..682db2d 100644
--- a/.pre-commit-heavy.yaml
+++ b/.pre-commit-heavy.yaml
@@ -18,13 +18,17 @@ repos:
         - --config=p/command-injection
         - --config=p/cwe-top-25
         - --config=p/docker-compose
+        - --config=p/dockerfile
+        - --config=p/flask
+        - --config=p/github-actions
         - --config=p/jwt
         - --config=p/owasp-top-ten
         - --config=p/python
+        - --config=p/python-command-injection
         - --config=p/secrets
         - --config=p/security-audit
         - --config=p/sql-injection
-        - --config=r/python.lang.security.audit.dangerous-asyncio-shell
+        # - --config=r/python.lang.security.audit.dangerous-asyncio-shell-audit
         - --disable-version-check
         - --error
         - 
--exclude-rule=generic.html-templates.security.var-in-href.var-in-href
@@ -32,6 +36,9 @@ repos:
         - 
--exclude-rule=python.flask.security.xss.audit.template-unescaped-with-safe.template-unescaped-with-safe
         - 
--exclude-rule=python.lang.security.use-defused-xml-parse.use-defused-xml-parse
         - --exclude-rule=python.lang.security.use-defused-xml.use-defused-xml
+        - 
--exclude-rule=python.lang.security.audit.dangerous-asyncio-create-exec-audit.dangerous-asyncio-create-exec-audit
+        - 
--exclude-rule=python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage
+        - 
--exclude-rule=python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
         - --exclude=migrations/versions/0027_2025.09.08_69e565eb.py
         - --metrics=off
         - --quiet


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to