diff --git a/.tool_version b/.tool_version index 7440683..e4264e9 100644 --- a/.tool_version +++ b/.tool_version @@ -1 +1 @@ -1.18.0 \ No newline at end of file +1.21.0 \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 3e2dbfa..433bb85 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG OPENGREP_VERSION=v1.17.0 +ARG OPENGREP_VERSION=v1.21.0 # Build codacy-opengrep wrapper FROM golang:1.23-alpine3.21 AS builder diff --git a/README.md b/README.md index 54e2c08..426264e 100755 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ docker run -it -v $srcDir:/src codacy-opengrep:latest 1. Update the version in `.tool_version` -2. Get the latest commit for the `release` branch from the github.com/semgrep/semgrep-rules repo and update it in DocGenerator file `internal/docgen/parsing.go`. +2. Get the latest commit for the `release` branch from the github.com/opengrep/opengrep-rules repo and update it in DocGenerator file `internal/docgen/parsing.go`. 3. Run the DocGenerator: ```bash diff --git a/docs/codacy-rules.yaml b/docs/codacy-rules.yaml index 5d40254..3fe2b78 100644 --- a/docs/codacy-rules.yaml +++ b/docs/codacy-rules.yaml @@ -323,8 +323,8 @@ rules: - generic patterns: - pattern-either: - - pattern-regex: "(?i)lookup_type(?![^;]{0,200}language\\s*=)" - - pattern-regex: "apps\\.fnd_lookup_values" + - pattern-regex: "(?i)\\bselect\\b(?!(?:[^;\\n]*\\n)*(?:(?!--)[^;\\n])*\\blanguage\\b)(?:[^;\\n]*\\n)*(?:(?!--)[^;\\n])*\\blookup_type\\b" + - pattern-regex: "(?im)^(?:(?!(?:--|/\\*))[^\\n])*?apps\\.fnd_lookup_values" paths: include: - "*.sql" diff --git a/internal/docgen/parsing.go b/internal/docgen/parsing.go index d8ca208..d9c4175 100644 --- a/internal/docgen/parsing.go +++ b/internal/docgen/parsing.go @@ -46,18 +46,12 @@ type SemgrepRuleMetadata struct { type SemgrepRules []SemgrepRule func semgrepRules(destinationDir string) ([]PatternWithExplanation, *ParsedSemgrepRules, error) { - fmt.Println("Getting Semgrep rules...") + fmt.Println("Getting Opengrep rules...") parsedSemgrepRegistryRules, err := getSemgrepRegistryRules() if err != nil { return nil, nil, err } - // fmt.Println("Getting Semgrep default rules...") - // semgrepRegistryDefaultRules, err := getSemgrepRegistryDefaultRules() - // if err != nil { - // return nil, nil, err - // } - fmt.Println("Getting GitLab rules...") parsedGitLabRules, err := getGitLabRules() if err != nil { @@ -96,8 +90,8 @@ func semgrepRules(destinationDir string) ([]PatternWithExplanation, *ParsedSemgr func getSemgrepRegistryRules() (*ParsedSemgrepRules, error) { return getRules( - "https://github.com/semgrep/semgrep-rules", - "4ccd3b9cce2321a5fe3793868e4c2d4cfa5e9c43", + "https://github.com/opengrep/opengrep-rules", + "f1d2b562b414783763fd02a6ed2736eaed622efa", isValidSemgrepRegistryRuleFile, prefixRuleIDWithPath) } @@ -412,6 +406,8 @@ func toCodacyLevel(r SemgrepRule) Level { return Critical case "WARNING": return Medium + case "MEDIUM": + return Medium case "INFO": return Low default: @@ -561,6 +557,7 @@ func toCodacyLanguages(r SemgrepRule) []string { "dockerfile": "Dockerfile", "elixir": "Elixir", "go": "Go", + "generic": "Go", "java": "Java", "javascript": "Javascript", "js": "Javascript", @@ -581,11 +578,12 @@ func toCodacyLanguages(r SemgrepRule) []string { "typescript": "TypeScript", "visualforce": "VisualForce", "yaml": "YAML", + "xml": "XML", } codacyLanguages := lo.Map( lo.Filter(r.Languages, func(s string, _ int) bool { - return s != "generic" && s != "regex" && // internal rules? + return s != "regex" && // internal rules? s != "lua" && s != "ocaml" && s != "html" && s != "solidity" // not supported by Codacy }), func(s string, _ int) string {