From 274424a09a8be5d6a4c75dd3aa08ee324cae36cc Mon Sep 17 00:00:00 2001 From: Ryan Blunden Date: Wed, 11 May 2022 11:00:26 +1000 Subject: [PATCH] Fixed Salus configuration (#23) --- .github/workflows/scanners.yml | 2 +- salus-config.yml | 2 +- semgrep_configs/eval.yaml | 9 +++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 semgrep_configs/eval.yaml diff --git a/.github/workflows/scanners.yml b/.github/workflows/scanners.yml index e297774..34e73b3 100644 --- a/.github/workflows/scanners.yml +++ b/.github/workflows/scanners.yml @@ -15,7 +15,7 @@ jobs: id: salus_scan uses: federacy/scan-action@0.1.4 env: - SALUS_CONFIGURATION: "file://../../salus-config.yaml" + SALUS_CONFIGURATION: "file://salus-config.yml" - uses: actions/upload-artifact@master if: failure() with: diff --git a/salus-config.yml b/salus-config.yml index bbe260a..d0bc30f 100644 --- a/salus-config.yml +++ b/salus-config.yml @@ -19,7 +19,7 @@ enforced_scanners: "all" scanner_configs: Semgrep: matches: - - config: ../semgrep_configs/eval.yaml + - config: semgrep_configs/eval.yaml forbidden: true exclude: - node_modules diff --git a/semgrep_configs/eval.yaml b/semgrep_configs/eval.yaml new file mode 100644 index 0000000..ffcfd70 --- /dev/null +++ b/semgrep_configs/eval.yaml @@ -0,0 +1,9 @@ +rules: + - id: eval-search + severity: ERROR + languages: + - javascript + - typescript + message: eval() is evil + patterns: + - pattern: eval(...)