e05884ff72
Create codeql3000.yml ( #401 )
...
* Create codeql3000.yml
* Delete CLI-codeql-analysis.yml
* Delete VS-codeql-analysis.yml
* Delete VSCode-codeql-analysis.yml
* Delete publish-wasm-to-gh-pages.yml
* Delete RunDevSkimVsCode.yml
* Delete RunDevSkimCSharp.yml
2022-09-06 11:36:54 -07:00
4a72aec754
Incorporate the rule test cases directly into rules ( #400 )
...
* Incorporate api test cases directly into rules.
* Incorporate Outbound Network Tests
* Control flow tests
* Cryptography tests
* Add frameworks tests
* Hygeine tests
* Manual review tests
* Add privacy tests
* Storage tests
* TLS Tests
* Vulnerable libs tests
* Xml tests
* Add output to validate test to show number of rules with self-tests.
2022-08-31 11:47:18 -07:00
ca7d5d1b96
Update application inspector dependency ( #399 )
...
Set devskim default for "findtagsinbuildfiles" to be true.
2022-08-30 17:52:23 -07:00
830be97bd5
Improvements to a few rules ( #398 )
...
* Improve certificate validation rules.
Made a few rules less strict.
Added test cases.
Added additional "disabled certificate validation" rules.
* Add correctness rule (invalid date format string).
* Add additional dynamic execution rules (plus swift).
* Add comment support for batch files
Disable VS Code pipeline until fixed builds can be produced.
Co-authored-by: Gabe Stocco <98900+gfs@users.noreply.github.com>
2022-08-26 13:01:21 -07:00
824ade59ce
Trigger a build publish ( #396 )
2022-08-15 12:44:17 -07:00
79bb1a7e63
Fix nbgv in release pipeline ( #395 )
2022-08-13 23:06:22 -07:00
36bfd71a30
Rewrite DevSkim to use the Application Inspector Engine ( #390 )
...
Refactor DevSkim to use AI engine.
Trimmed down to the Analyze and Verify commands by leveraging the refactored AI based engine.
Pack command is no longer needed. Multiple rules files are simply embedded.
Catalogue command not implemented for now. I'm not clear on how useful it is.
Test command not implemented for now. Also not clear how much use it sees.
2022-08-11 19:02:20 -07:00
8792ba1edc
Bump terser from 4.8.0 to 4.8.1 in /DevSkim-VSCode-Plugin ( #387 )
...
Bumps [terser](https://github.com/terser/terser ) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/terser/terser/releases )
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/commits )
---
updated-dependencies:
- dependency-name: terser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-26 09:56:57 -07:00
fc8d446479
Bump terser from 4.8.0 to 4.8.1 in /DevSkim-VSCode-Plugin/server ( #388 )
...
Bumps [terser](https://github.com/terser/terser ) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/terser/terser/releases )
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/commits )
---
updated-dependencies:
- dependency-name: terser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-26 09:56:51 -07:00
88a840388a
Workaround for CWE-755 in Extension ( #386 )
...
The extension cannot currently be updated to 13.0.1 because it causes a crash on initialization. Use workaround to avoid potential Denial of Service.
https://github.com/JamesNK/Newtonsoft.Json/issues/2534
2022-06-29 19:52:27 -07:00
7aa1f994e3
Bump Newtonsoft.Json ( #379 )
...
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json ) from 12.0.3 to 13.0.1.
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases )
- [Commits](https://github.com/JamesNK/Newtonsoft.Json/compare/12.0.3...13.0.1 )
---
updated-dependencies:
- dependency-name: Newtonsoft.Json
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-29 18:56:57 -07:00
ebeabb44cf
Fix JSON Typo ( #378 )
2022-06-15 13:51:52 -07:00
75cdb65f99
Improve OpenSSL Cipher detection ( #375 )
2022-06-15 06:38:22 -07:00
08130776bc
Bump nth-check from 2.0.0 to 2.1.1 in /DevSkim-VSCode-Plugin ( #376 )
2022-06-06 17:44:56 -07:00
31880fbda2
Bump ajv from 6.10.0 to 6.12.6 in /DevSkim-VSCode-Plugin ( #365 )
...
Bumps [ajv](https://github.com/ajv-validator/ajv ) from 6.10.0 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases )
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.10.0...v6.12.6 )
---
updated-dependencies:
- dependency-name: ajv
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-06 17:29:23 -07:00
b857060cf2
Bump ajv from 6.11.0 to 6.12.6 in /DevSkim-VSCode-Plugin/client ( #366 )
...
Bumps [ajv](https://github.com/ajv-validator/ajv ) from 6.11.0 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases )
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.11.0...v6.12.6 )
---
updated-dependencies:
- dependency-name: ajv
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-06 17:29:13 -07:00
51b9247409
Bump ansi-regex from 4.1.0 to 4.1.1 in /DevSkim-VSCode-Plugin/client ( #371 )
...
Bumps [ansi-regex](https://github.com/chalk/ansi-regex ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: ansi-regex
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-06 17:29:05 -07:00
b50ec42c77
Bump ansi-regex from 4.1.0 to 4.1.1 in /DevSkim-VSCode-Plugin/server ( #372 )
...
Bumps [ansi-regex](https://github.com/chalk/ansi-regex ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: ansi-regex
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-06 17:28:57 -07:00
d2634f7305
Update inclusive language. ( #373 )
2022-04-18 09:00:20 -08:00
af381fb646
Bump minimist from 1.2.5 to 1.2.6 in /DevSkim-VSCode-Plugin/client ( #370 )
2022-03-29 10:30:24 -07:00
5e15098134
Bump minimist from 1.2.5 to 1.2.6 in /DevSkim-VSCode-Plugin ( #369 )
2022-03-29 10:30:14 -07:00
228f9404d2
Bump minimist from 1.2.5 to 1.2.6 in /DevSkim-VSCode-Plugin/server ( #368 )
2022-03-29 10:30:03 -07:00
e05926948f
Update README.md
2022-01-21 16:35:16 -08:00
7a137fc18e
Update README.md
2022-01-21 16:24:58 -08:00
456d78fa02
Make Linux and Mac Binaries Executable in pipeline ( #356 )
...
* Make Linux and Mac Binaries Executable in pipeline
* Update dotnet-publish-linux-mac-job.yml
* Update dotnet-publish-linux-mac-job.yml
* Temporarily comment out portions not being debugged.
* Add Inline
* Revert "Temporarily comment out portions not being debugged."
This reverts commit c3d7c312a5cf192045cc
2022-01-19 14:13:01 -08:00
afc9d872e0
Bump copy-props from 2.0.4 to 2.0.5 in /DevSkim-VSCode-Plugin ( #357 )
...
Bumps [copy-props](https://github.com/gulpjs/copy-props ) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/gulpjs/copy-props/releases )
- [Changelog](https://github.com/gulpjs/copy-props/blob/master/CHANGELOG.md )
- [Commits](https://github.com/gulpjs/copy-props/compare/2.0.4...2.0.5 )
---
updated-dependencies:
- dependency-name: copy-props
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-15 10:30:11 -08:00
fd9fcb5276
Bump shelljs from 0.8.3 to 0.8.5 in /DevSkim-VSCode-Plugin/client ( #355 )
...
Bumps [shelljs](https://github.com/shelljs/shelljs ) from 0.8.3 to 0.8.5.
- [Release notes](https://github.com/shelljs/shelljs/releases )
- [Changelog](https://github.com/shelljs/shelljs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/shelljs/shelljs/compare/v0.8.3...v0.8.5 )
---
updated-dependencies:
- dependency-name: shelljs
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-15 10:04:24 -08:00
ff2f8fb23c
Limit rule to not apply to rust ( #353 )
...
* Limit rule to not apply to rust
Fix #352
* Add rust rules for insecure random
2022-01-10 11:59:50 -08:00
331482234a
Fix potential out of range issue if IsBetween was provided an improper index. ( #349 )
2021-12-08 16:35:43 -08:00
6b0c5a0694
fix for returning number of issues as a result code
2021-11-26 16:34:31 +01:00
3cb4644834
Gfs/#340 ( #342 )
...
* Fix #340
* Roll back more versions.
2021-10-25 22:10:13 -07:00
c6c98e6238
Fix #340 ( #341 )
2021-10-25 12:16:02 -07:00
b65829c3a0
Adds ability to provide custom root for output relative paths ( #338 )
...
* populate more fields for github viewing.
* Add option to set base path.
* Changing anaalyze command is semver relevant
* Move the options into an options class.
* Adds test for the relative path and absolute path features.
* Fix #339
* Fix support for only before and after in validation
* Make a test for the newly rewritten DS440000
* Update Language.cs
2021-10-25 11:26:06 -07:00
3db915b3e0
Update README.md
2021-10-21 17:51:20 -07:00
6bf86c6dc2
Add Support for languages that are never code ( #337 )
...
* Fix path output handling for sarifd when providing a specifc filename to scan
* Add support for "always commented" languages
Curently this is just .txt files
2021-10-21 14:39:21 -07:00
3f187acbb6
Gfs/fix sarif relative path ( #336 )
2021-10-21 12:23:59 -07:00
fb558e800c
Split scanning workflows ( #334 )
...
* Split scanning workflows
* Remove extra comments
* Run on PRS
2021-10-20 11:38:57 -07:00
dde253fd6c
Gfs/fix sarif ( #333 )
2021-10-18 19:08:43 -07:00
97cab3b1c3
Drop System.Text.Json to 5.0.0 to match Visual Studio ( #331 )
...
Else extension doesn't work
2021-10-14 16:20:59 -07:00
b4abd31d28
Add Fix Its to JSON output ( #325 )
...
* Clean up rules
* Update JSON Writer to support Fix Its
* Fix double writing scopes in pack command by switching to .net serialization.
* Update rulepacker
* Convert to System.Text.Json
Removes custom deserialization handlers in rule verification so this is a semver bump to 0.5.
* Misc Fixes for System.Text.Json differences
* Bump rulepacker
* Update PackCommand.cs
* Remove rulepacker
* New RulePacker
* Try to print verifier messages. Debugging pipeline issue.
* Nullable annotation fix
* Fix Verifier
* Change Severity enum to not be flags, processor now takes a list of Severities to match against.
* Revert "Change Severity enum to not be flags, processor now takes a list of Severities to match against."
This reverts commit 44e9967f37
2021-10-13 11:55:03 -07:00
1299d8f72c
Gfs/add more search in conditions ( #329 )
...
* Adds more finding conditions
* Remove empty comment fields from rules
* Update deserialization.json
* Last changes
2021-10-13 11:54:10 -07:00
ef525e8719
Revert "Upgrade all packages via `npx npm-check-updates -u` && `npm i` ( #320 )" ( #328 )
...
This reverts commit 76b87b5931
2021-10-13 10:39:51 -07:00
76b87b5931
Upgrade all packages via `npx npm-check-updates -u` && `npm i` ( #320 )
...
* Upgrade all packages via `npx npm-check-updates -u` && `npm i`
* Fix build problems with new versions.
* Fix extension
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
2021-09-28 14:35:15 -07:00
e6184fc369
Update dependencies ( #322 )
...
* Update dependencies
* Update Microsoft.DevSkim.Blazor.csproj
2021-09-22 13:33:51 -07:00
2714b2cae7
Add DevSkim Severity to the property bag ( #319 )
...
* Add DevSkim Severity to the property bag
* Update README.md
2021-09-13 12:22:24 -07:00
69c657b129
Bump tar from 4.4.15 to 4.4.19 in /DevSkim-VSCode-Plugin ( #316 )
...
Bumps [tar](https://github.com/npm/node-tar ) from 4.4.15 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-tar/compare/v4.4.15...v4.4.19 )
---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-03 12:21:54 -07:00
4daf5f442a
Map the devskim levels to sarif levels ( #317 )
...
* Map the devskim levels to sarif levels
* Make static
* Try fix blazor publish.
2021-09-03 12:21:46 -07:00
423c423edf
Output the column and line information for findings. ( #315 )
2021-09-02 11:49:27 -07:00
a9c65ecf80
Gfs/fix blazor ( #314 )
...
* Update Index.razor
* Update Index.razor
2021-08-11 15:48:28 -07:00
9b6c40f005
Update Index.razor ( #313 )
2021-08-11 15:44:09 -07:00
Gabe Stocco
Michael Scovetta
dependabot[bot]
Pavel Bansky