profile
viewpoint
Bence Nagy underyx Under Worldwide, Digital Nomad https://underyx.me I have approximate knowledge of many things.

returntocorp/semgrep 946

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

returntocorp/bento 148

[DEPRECATED] Find Python web-app bugs delightfully fast, without changing your workflow. 🍱

underyx/aiohttp-sentry 34

An aiohttp server middleware for reporting failed requests to Sentry

SScorp/Skypicker-apiary 18

Skypicker.com api documentation from apiary.io

returntocorp/semgrep-action 6

Github Action to run semgrep

returntocorp/bento-report 3

Security reports using r2c's Bento program-analysis tool

underyx/aiohttp-datadog 3

An aiohttp middleware for reporting metrics to Datadog

underyx/bkkcsirip 2

A script that posts updates from bkkinfo.hu to Twitter.

underyx/aiohttp-limit 1

An aiohttp middleware for limiting connections

pull request commentchauffer/super

cogs/markov: Default replyrate to 0 instead of False

:+1:

chauffer

comment created time in 3 hours

Pull request review commentchauffer/super

refactor: Update dependencies

-import os import time-import traceback- import aiohttp-import ics-from ago import human-from arrow import Arrow- from discord.ext import commands from discord import Embed-from super import utils-from super.settings import SUPER_TIMEZONE -kj = 'rich' -class Astro:+class Astro(commands.Cog):     def __init__(self, bot):         self.bot = bot         self.sunsigns = [-             "aries", "taurus", "gemini", "cancer", "leo", "virgo", "libra",-             "scorpio", "sagittarius", "capricorn", "aquarius", "pisces"+            "aries", "taurus", "gemini", "cancer", "leo", "virgo", "libra",+            "scorpio", "sagittarius", "capricorn", "aquarius", "pisces"         ]         self.api = 'http://horoscope-api.herokuapp.com/horoscope/{when}/{sunsign}'      async def _get_sunsign(self, sunsign, when):         async with aiohttp.ClientSession() as session:             async with session.get(-                self.api.format(sunsign=sunsign.lower(), when=when.lower()),-                params={'t': int(time.time())},-                timeout=5,+                    self.api.format(sunsign=sunsign.lower(), when=when.lower()),+                    params={'t': int(time.time())},+                    timeout=5,             ) as resp:                 return await resp.json()      @commands.command(no_pm=True, pass_context=True)     async def astro(self, ctx):-        """.astro <sign> [today|week|month|year] - Daily dose of bullshit"""-        utils.send_typing(self, ctx.message.channel)-        message = ctx.message.content.split(' ')+        """.astro <sign> [today|week|month|year] - Daily horoscope"""

please

Dawnkai

comment created time in a day

pull request commentunderyx/aiohttp-datadog

chore(lib) added possibility use existing dogstatsd instance

Thanks for the contribution! I've released 0.5.0 now with a few changes to your commit.

Please let me know how the new version works for you — I unfortunately didn't have an aiohttp app and Datadog account handy to test with.

marianhromiak

comment created time in a day

created tagunderyx/aiohttp-datadog

tag0.5.0

An aiohttp middleware for reporting metrics to Datadog

created time in a day

push eventunderyx/aiohttp-datadog

Bence Nagy

commit sha 3363d86c6838d879e1c5845ada1b37e6c8f9128a

Release 0.5.0

view details

push time in a day

push eventunderyx/aiohttp-datadog

marian.hromiak

commit sha 6b3306a44fc4525851eafbde49f51ef68570952e

Add keyword arguments to supply own Dogstatsd class or instance Closes https://github.com/underyx/aiohttp-datadog/pull/3

view details

push time in a day

PR closed underyx/aiohttp-datadog

chore(lib) added possibility use existing dogstatsd instance

Hi,

we would like to use existing instance of DogStatsd instead createing new one. Is it possible to accept this PR for add this posibility?

+5 -2

0 comment

1 changed file

marianhromiak

pr closed time in a day

issue commentreturntocorp/semgrep

Write CI documentation for Jenkins

I assumed it was only cause it appears on r2c.dev

underyx

comment created time in 2 days

issue openedreturntocorp/semgrep

Write CI documentation for Jenkins

Is your feature request related to a problem? Please describe.

Our CI integration docs have many providers but are missing Jenkins.

Describe the solution you'd like

I think Jenkins might have a more complicated configuration than just committing a YAML file, and these docs would be more complex than others? Or maybe that changed in the past couple years.

created time in 2 days

issue openedreturntocorp/semgrep

Support more registry shorthand in --config

Is your feature request related to a problem? Please describe.

Primarily, the way packs are executed is unwieldy right now. We have to recommend running

semgrep --config "https://semgrep.live/p/gosec"

instead of

semgrep --config p/gosec

I don't like how:

  • Users are much less likely to be able type the first command out without looking it up
  • The command takes too much space than necessary, especially on the semgrep.live UI
  • It's not communicated that semgrep.live has first-class integration with the CLI for better user experience

Describe the solution you'd like

I'd propose adopting the shorthand specified in https://github.com/returntocorp/semgrep/issues/1179

Prefix Examples
p/ Pack p/gosec<br>p/underyx:custom-pack
r/ Registry query r/python.flask.security.rule-id<br>r/python.*.security<br>r/python<br>r/python.acmecorp:acme-api.security
s/ Snippet s/aRsT<br>s/underyx:rule-name

created time in 3 days

issue openedreturntocorp/semgrep

Registry Spec v0

This is meant to be an open discussion for an eventually formalized Semgrep registry standard. The issue is not a deliverable yet.

<details> <summary>Why create this issue now, then? 🤔</summary>

Two questions emerged as I was working on Semgrep today:

  1. What shorthand should we support in the CLI?
  2. What's the best way to namespace rules and packs down the line?

Instead of writing down my registry design thoughts in the respective issues, I thought it'd be better to collect all registry design thoughts in one place, and reference this from the other two issues. </details>

Glossary

  • Pattern: atomic unit for code search, e.g. $X == $X
  • Rule: bundles one or more patterns, their relationships (not, or, inside), and some associated metadata (message, severity, etc.)
  • Registry: a dot-separated directory structure hierarchy of rules — this technically tacks on some metadata to the rule, as where it's stored is categorization information.
  • Registry Reference: e.g. python.flask.security.no-debug
  • Snippet: a rule kept outside the registry hierarchy, consider it a github repo/gist distinction. Snippets can be promoted to be Registry rules..
  • Snippet Alias: As snippets get random IDs by default, aliases are used to name them. Aliases are mutable to allow updating the underlying rules. Aliasing is mostly invisible to users who will think of this as their snippet's name. I.e. we can allow snippet renaming on client apps, while in the background we 1) clone the snippet with edits to a new ID, 2) update the alias to point to the new ID
  • Packs: a collection of one or more of the following references: registry references, snippet IDs, snippet aliases, and pack IDs. Packs are stored outside a hierarchy, like snippets.

Namespaces

Users can create their own snippet aliases and packs. We use : as in <username>:<item-name> to prevent item name clashes between users.

Maybe we'll also let people have their own categories in the registry, such as python.acmecorp:acme-api.* for Acme Corp.'s internal API framework. In this case, if a category doesn't specify a namespace, we can consider it to be returntocorp: (r2c: later for brevity's sake).

In this case, contrib rules such as nodejsscan or dlint might actually go under dlint:python.security.rule-name or python.dlint:security.rule-name. Only rules from namespaces mentioned in the queries should be used, so --config=python wouldn't implicitly run python.dlint:security.

  • This is better than / as request routing will be more robust (imagine a request like POST semgrep.live/s/underyx/my-rule/comments)
  • This is better than . as the registry hierarchy already uses dots
  • This is better than - as github allows dashes in usernames, which is what namespaces will be based on
  • _ was considered but it doesn't feel much like a namespace separator, feels more like a replacement for a space character in case of multi-word names (we already have some registry references using it)
  • As one example, MediaWiki uses : for denoting namespaces, so I expect all tooling to support the : character in the path part of the registry.
  • Writing a regex to find used namespaces like this is trivial. Search \b(\w+): on python.acmecorp:acme-api.security.underyx:my-rule and you get ['acmecorp', 'underyx'] so we can check of you have write access to both these namespaces when saving.
    • In this case, python.flask.security.no-debug could be implied to be interpreted as r2c:python.flask.security.no-debug — so only the registry's admins have access to write to it.

URLs

This is how you find the various types in registry:

Reference Type URL
Pack semgrep.live/p/underyx:pack-name
Snippet semgrep.live/aRsT<br>semgrep.live/underyx:rule-name
Registry query semgrep.live/r/python.flask.security.rule-id<br>semgrep.live/r/python.*.security<br>semgrep.live/r/python<br>semgrep.live/r/python.acmecorp:acme-api.security

Shorthand

For use in the CLI or easier configuration via typing on the web UI, the following shorthand is available:

Prefix Examples
p/ Pack p/gosec<br>p/underyx:custom-pack
r/ Registry query r/python.flask.security.rule-id<br>r/python.*.security<br>r/python<br>r/python.acmecorp:acme-api.security
s/ Snippet s/aRsT<br>s/underyx:rule-name

created time in 3 days

CommitCommentEvent
CommitCommentEvent

issue commentreturntocorp/semgrep

Support diff-aware scanning

Take care not to port this bug from Bento: https://github.com/returntocorp/bento/issues/336

underyx

comment created time in 5 days

issue commentreturntocorp/semgrep

Support diff-aware scanning

I think we still want to run twice to be able to port semgrep-action to use this. Also, otherwise, this would be just a performance improvement feature.

underyx

comment created time in 5 days

issue commentreturntocorp/bento

Diff-awareness crashes on added submodules

Yes, this is an easy mistake to make when implementing diff-awareness.

underyx

comment created time in 5 days

issue openedreturntocorp/semgrep

Support diff-aware scanning

Refer to https://github.com/returntocorp/bento/blob/master/bento/target_file_manager.py

A --compare-ref or similar flag should be added which takes a git reference. Semgrep should then scan only files that changed since that reference (as a performance optimization), and report only issues that are not present in the given ref but are present now.

created time in 5 days

startedkarlicoss/promnesia

started time in 6 days

startedalexherbo2/krabby

started time in 8 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 75c59f6d83eb5240d7c55f48dc179854648c01e3

Add CI_JOB_TOKEN to gitlab remote URL

view details

push time in 9 days

issue openedreturntocorp/bento

Diff-awareness crashes on added submodules

https://github.com/returntocorp/semgrep/pull/1127/checks?check_run_id=804559293

A  ocaml-tree-sitter

bento’s diff awareness sees this in the git diff output, and assume it means that file was added

seems like we didn’t anticipate that submodules show up the same way in git diff as new files

one way to fix it would be to always add a path.is_file() guard later, but a better solution would be to find a git flag that excludes changed submodules from the output

created time in 9 days

Pull request review commentreturntocorp/semgrep

docs: Update recommendation for usage in GitLab CI

 For more information on the GitHub Action see https://github.com/marketplace/act Include `semgrep` in your `.gitlab-ci.yml` configuration file:  ```yaml-stages:-    - test-test:-    image: python-    before_script:-        - python -m pip install semgrep-    script:-        - semgrep --config https://semgrep.live/p/r2c /path/to/code+include:+  - template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'

Any way of configuring merge request based pipelines is okay, this seems to be the easiest. If you don't take care, it's really easy to accidentally run on pushes instead as that's the default behavior, which is why I included this in the example.

underyx

comment created time in 12 days

pull request commentreturntocorp/semgrep

docs: Update recommendation for usage in GitLab CI

Should we update all the examples to recommend semgrep_agent?

No, because semgrep-agent needs to understand the CI environment to support diff awareness. This is only done for github actions and gitlab ci thus far.

underyx

comment created time in 12 days

startedhazanasec/semgrep-rules

started time in 12 days

startedgithub/super-linter

started time in 15 days

PR opened returntocorp/semgrep

docs: Update recommendation for usage in GitLab CI

This follows the changes of https://github.com/returntocorp/semgrep-action/pull/19

Closes https://github.com/returntocorp/enterprise/issues/225

+8 -9

0 comment

1 changed file

pr created time in 16 days

create barnchreturntocorp/semgrep

branch : underyx-patch-1

created branch time in 16 days

pull request commentreturntocorp/semgrep

Fix #900, add inline whitelisting capabilities

nemsem means "not even" :D

mschwager

comment created time in 17 days

pull request commentreturntocorp/semgrep

Fix #900, add inline whitelisting capabilities

"nem" is how we say "no" in Hungarian, so if it were up to me, I'd just go with # nemgrep 😛

mschwager

comment created time in 17 days

issue openedreturntocorp/semgrep

Docker run runs without a volume mount fail silently in 0.11.0

Screenshot 2020-06-17 at 17 36 15

To Reproduce

docker run returntocorp/semgrep:0.11.0

Expected behavior

The error message from above should be printed.

created time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 9ca6c210f9e30b39d8d5928c06ada73314dabb38

Dockerfile: Unset SEMGREP_IN_DOCKER This seems to be there to detect docker run invocations and is completely breaking semgrep calls for us somehow.

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha b35a1305514747d4d933d7be7663f256dd590bd7

gitlab: Rename merge_base to base_sha

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha c9e8de88ab0336fb86a20544c3b538ef5354eaa0

gitlab: Keep around the head SHA for switching back

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 5318b7dfbe5380995a3d719a07d6e82e782e7689

gitlab: Fix newline in found merge_base

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 2fd2ef50de13b0ed52fb0af43455106aaeb3b0c2

gitlab: Find merge-base via FETCH_HEAD

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha e515f0388082fc2412aeae2d69919d532c35fa03

Print stderr of failed git commands

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha f7caedc4c3bbacca495302a64d44078c1e3864f9

gitlab: Fetch target branch before using it

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha a62bcc55ff4acd5a197eb441b4b738eef4b89746

Make gitlab CI detect branch fork point

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 53bd53b5eb1ce9149e24b9117c18d99a4f4b1de9

Fix GitLab CI integration depending on premium-only feature

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 2eb0a941ed18b665de1c4f50263321c6962b5770

Fix trying to output bento last.log when it never ran

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha e3f1fcedde198e707d87b22c0532c9728f738d9a

utils: Add debug mode

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 9d9ac8801ba827c35cb1cd0ad05e516bce04d5a1

Add support for GitLab CI

view details

Bence Nagy

commit sha afbdadb8b9e4b744a2dfacac1c5393f21333b7a6

Update pre-commit hooks

view details

Bence Nagy

commit sha 3a654631f46585af28e1767830aa695828d8c628

.github: Remove duplicate semgrep workflow

view details

Bence Nagy

commit sha a34110c97f0c0b3d94a59671fc64ab7a1b02067a

Remove SARIF support

view details

Bence Nagy

commit sha dbb01c881299555038e01648dfcc9a6c64e19d60

Bump semgrep version to 0.11, use pipx to install semgrep and bento

view details

push time in 17 days

delete branch returntocorp/semgrep-action

delete branch : bence/gitlab-ci

delete time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha db639b3938e76fdb7c8d77d82795659cd805676d

Bump semgrep version to 0.11, use pipx to install semgrep and bento

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 9001f9a1148b872531e3ee4e1d7fc0d24d0e7667

Add support for GitLab CI

view details

Bence Nagy

commit sha 741cd33c5e3b7c0f611e4c4c83de600fd784607a

Update pre-commit hooks

view details

Bence Nagy

commit sha ed14b0d2fd0c57b2733cceaaa983ad82e99f64b6

.github: Remove duplicate semgrep workflow

view details

Bence Nagy

commit sha c733ac7300fdf1c48e9f8ef0df86140b9caf1480

Remove SARIF support

view details

Bence Nagy

commit sha c6f93da13e476e659e2b0ee88b7a36f05fc70441

Bump semgrep version to 0.11, use pipx to install semgrep and bento

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha d546ac9bb8b2cc332f70c24dd1f75fb574b69700

Switch to using bentoh

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 5abe77b070994ded86cc659eef5f86cbf78a5dcb

Update pre-commit hooks

view details

Bence Nagy

commit sha 7b9111daec9a76025b004f42efa32d1fac45fa57

.github: Remove duplicate semgrep workflow

view details

Bence Nagy

commit sha 19cb53b1485ff369c65bf3088f6e9375af4de771

Remove SARIF support

view details

Bence Nagy

commit sha d2437d41bbb2cc3061d248293dc7396b76c736d4

Bump semgrep version to 0.11, use pipx to install semgrep and bento

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 78d9e6d7937a62c377a0b33ebe91d5b22f54fbc8

Use pipx to install semgrep and bento

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha f42c8f8b08ff1fb38533e8951a12efc14918074d

Use pipx to install semgrep and bento

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha db7f46f73b22583bf8594534adf12bbdb76b7132

Use pipx to install semgrep and bento

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 54931c92ff92895566a020aa906a78fddce31744

Fix Pipfile overriding semgrep version

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha bf38e52d3398a845a4e09ca03b9669c98eecf4bb

Update pre-commit hooks

view details

Bence Nagy

commit sha f5b395694c096d1603563de671a25aa5e8372792

.github: Remove duplicate semgrep workflow

view details

push time in 17 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 7237f2164bcf09145de106f4dc1a41498a6adf18

Bump semgrep version to 0.11

view details

push time in 18 days

create barnchreturntocorp/semgrep-action

branch : bence/gitlab-ci

created branch time in 18 days

pull request commentreturntocorp/semgrep

Allow failures on CI changelog reminder

Let's leave the keep or remove decision up to @brendongo then. I can't quite reason about the value of 1 true positive vs. cost of 9 false positives when it's just a non-blocking info comment.

mschwager

comment created time in 19 days

pull request commentreturntocorp/semgrep

Allow failures on CI changelog reminder

Can you link an example changelog failure? It was not supposed to ever fail. This might signal a crash or other misconfiguration that would be better handled with a fix to the job.

I found an example failure and I see it happens when the job runs on develop since https://github.com/returntocorp/semgrep/pull/815 set it up like that. It was not meant to, as the job doesn't make sense on non-PR jobs.

The correct fix is to either move it back to its own workflow where it only runs on PRs, or to somehow conditionally skip this one job of the workflow on push events.

Also, I haven't been very active in this repo since I added the job. Has it actually proven to be useful? If not, might as well just remove it instead. What do you think @brendongo @mschwager?

mschwager

comment created time in 19 days

pull request commentreturntocorp/semgrep

Allow failures on CI changelog reminder

Can you link an example changelog? It was not supposed to ever fail. This might signal a crash or other misconfiguration that would be better handled with a fix to the job.

mschwager

comment created time in 19 days

fork underyx/react-hook

↩ Reusable React hooks for function components

https://npmjs.com/org/react-hook

fork in 23 days

pull request commentreturntocorp/semgrep

Push docker container on merge to develop

@SarayuR thanks for reporting this issue! I moved your comment to its own issue so that it's easier for the team to find your bug report and help you: https://github.com/returntocorp/semgrep/issues/960

I also had to ask a follow-up question there, could you please have a look?

brendongo

comment created time in 25 days

issue commentreturntocorp/semgrep

Semgrep prints "you forgot to mount the current directory in Docker" even though it's mounted with docker-compose

@SarayuR could you share the docker-compose.yml file's contents? The mount might be to the wrong directory. We expect to see it at /home/repo/, and print the error message you got if that directory is empty.

underyx

comment created time in 25 days

issue openedreturntocorp/semgrep

Semgrep prints "you forgot to mount the current directory in Docker" even though it's mounted with docker-compose

Could able to run Semgrep successfully in my local. Built Semgrep image using the Dockerfile available in develop branch, it errored out while opening it in interactive terminal mode of a Docker container. I did mount the current directory but still got below error :

you are running semgrep in docker, but you forgot to mount the current directory in Docker: missing: -v "${PWD}:/home/repo/"

Steps to reproduce the error:

  1. Built the docker image using Dockerfile available in develop branch.
  2. In the Dockerfile added below line : CMD ["python3", "semgrep.py"]

content in semgrep.py :

import os import sys

print("hi from inside SemGrep") #testing os.system('Semgrep --dangerously-allow-arbitrary-code-execution-from-rules --config rulesfolder myprojectfolder --json')

  1. Ran above Docker image using docker-compose.yml and got the following output :

semgrep_1 | hi from inside SemGrep semgrep_1 | you are running semgrep in docker, but you forgot to mount the current directory in Docker: missing: -v "${PWD}:/home/repo/" semgrep_sg_1 exited with code 0

Originally posted by @SarayuR in https://github.com/returntocorp/semgrep/pull/548#issuecomment-641736537

created time in 25 days

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha f62ea44ea39c9b5a75b16727221ef698d37cb7f2

Revert "Revert "sapp: Get ignore patterns from semgrep-app"" This reverts commit ddd6925119ed64d5f5a36030135211e32b7f1c2b.

view details

Bence Nagy

commit sha b8cd72b7978a8c0b1b34f9e1639203dd20085979

bento: Fix saas file ignores overwriting local ones

view details

push time in a month

delete branch returntocorp/semgrep-action

delete branch : bence/fix-saas-ignores

delete time in a month

pull request commentreturntocorp/semgrep-action

bento: Fix saas file ignores overwriting local ones

@nbrahms only couple lines that need review: https://github.com/returntocorp/semgrep-action/pull/18/commits/bd057ec7e685ef11ee8ea9eda85cf359e1f81bb8#diff-fcb79690c18e49ee733115924e673ddcL73

underyx

comment created time in a month

create barnchreturntocorp/semgrep-action

branch : bence/fix-saas-ignores

created branch time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 436e9c0fdb4a49507534340c3f28b71557191948

workflows/test.yml: Add with a semgrep.live pack ID case

view details

push time in a month

delete branch returntocorp/semgrep-action

delete branch : underyx-patch-1

delete time in a month

create barnchreturntocorp/semgrep-action

branch : underyx-patch-1

created branch time in a month

delete branch returntocorp/semgrep-action

delete branch : bence/fix-0.9

delete time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha ddd6925119ed64d5f5a36030135211e32b7f1c2b

Revert "sapp: Get ignore patterns from semgrep-app" This reverts commit 659daf7c0e005d34291a1b766519fd7400d52134.

view details

push time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 2fa4c9f21c89dd68776dc37b050cd65a667001f6

Revert "sapp: Get ignore patterns from semgrep-app" This reverts commit 659daf7c0e005d34291a1b766519fd7400d52134.

view details

push time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 7dfd7b7a042259f5fedb6237ea4c538cce13db2e

Remove .bentoignore

view details

push time in a month

create barnchreturntocorp/semgrep-action

branch : bence/fix-0.9

created branch time in a month

delete branch returntocorp/semgrep-action

delete branch : bence/0.9.0

delete time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha ee4291f416f54793e78cfe898e451a882b05b8b0

Bump semgrep to 0.9.0

view details

push time in a month

create barnchreturntocorp/semgrep-action

branch : bence/0.9.0

created branch time in a month

Pull request review commentreturntocorp/semgrep

Clean up CLI flags

 def cli() -> None:         ),     ) -    config.add_argument(

I would be fine with just removing as well. The --exclude-tests upgrade path is super simple and --r2c will almost certainly have zero users.

mschwager

comment created time in a month

fork underyx/easylistczechandslovak

EasyList Czech and Slovak is an official filter list for AdBlock, Adblock Plus and other ad blockers out there

https://adblock.sk

fork in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 10cc5cbd8819cb0071ccd07442c28cf66144573e

WIP: Add some semgrep errors

view details

push time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha b2acf82995912840630407337ba15f2d00d98b09

WIP: Add some semgrep errors

view details

push time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 38e859f8dc7a07be37e6f5b1308441a5c35cb007

Add vendor/ to default ignored directories

view details

Bence Nagy

commit sha 0cb5563fe60ca1962534293ef7dfd8210fcc76b0

meta: Fix access of pusher's user info

view details

Bence Nagy

commit sha fe92862838184df04217ac6e2edb6377557b4956

Add default ignore for *.min.js

view details

Bence Nagy

commit sha 659daf7c0e005d34291a1b766519fd7400d52134

sapp: Get ignore patterns from semgrep-app

view details

Bence Nagy

commit sha 7565c4fa4948b4996d7ee3bc015cfd92520f2cec

Remove Slack notifications feature

view details

Bence Nagy

commit sha 825844a1e7fbe197e68f622890324297ff73a85e

.github: Reconfigure semgrep workflows

view details

Bence Nagy

commit sha fb745ad75f29bd82240ac28a13b800b8b9afa065

Dockerfile: Bump semgrep from 0.7.0 to 0.8.1

view details

Bence Nagy

commit sha 2b451937cdb32f9f5eccf4b559f4d29f39bd7399

WIP: Add some semgrep errors

view details

push time in a month

delete branch returntocorp/semgrep-action

delete branch : master

delete time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 659daf7c0e005d34291a1b766519fd7400d52134

sapp: Get ignore patterns from semgrep-app

view details

Bence Nagy

commit sha 7565c4fa4948b4996d7ee3bc015cfd92520f2cec

Remove Slack notifications feature

view details

Bence Nagy

commit sha 825844a1e7fbe197e68f622890324297ff73a85e

.github: Reconfigure semgrep workflows

view details

Bence Nagy

commit sha fb745ad75f29bd82240ac28a13b800b8b9afa065

Dockerfile: Bump semgrep from 0.7.0 to 0.8.1

view details

push time in a month

delete branch returntocorp/semgrep-action

delete branch : bence/ignores

delete time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 976036e5e63fa90991c6f423319354c18a6dd604

Dockerfile: Bump semgrep from 0.7.0 to 0.8.1

view details

push time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 627075327c2120fc92d0b87ea8e6ad42cab1d4c5

Dockerfile: Bump semgrep from 0.7.0 to 0.8.1

view details

push time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 7ea858a488aa7168ea6e4456df485a2b2ef8a1f1

Dockerfile: Bump semgrep from 0.7.0 to 0.8.1

view details

push time in a month

push eventreturntocorp/semgrep-action

Bence Nagy

commit sha 37ae3eb341b29ffa0d054c7ec7f73caf7788cb38

Dockerfile: Bump semgrep from 0.7.0 to 0.8.1

view details

push time in a month

more