Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

*: assign to thypon #663

Merged
merged 1 commit into from
Aug 15, 2024
Merged

*: assign to thypon #663

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/features-request-------.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: 'Features request: `...`'
about: Include a new feature in the `security-action`
title: ''
labels: enhancement
assignees: bcaller, thypon
assignees: thypon

---

Expand Down
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/issue-with-ruleset------.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Issue with ruleset `...`
about: Describe this issue with the ruleset
title: ''
labels: bug
assignees: thypon, bcaller
assignees: thypon

---

Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} # optional
# by default assignees will be thypon and bcaller, modify accordingly
# by default assignees will be thypon, modify accordingly
assignees: |
yoursecuritycontact
yoursecondsecuritycontact
Expand Down
3 changes: 1 addition & 2 deletions actions/main/action.cjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@ const CONSOLE_BLUE = '\x1B[0;34m'
const CONSOLE_RED = '\x1b[0;31m'
const RESET_CONSOLE_COLOR = '\x1b[0m'

const ASSIGNEES = `thypon
bcaller`
const ASSIGNEES = 'thypon'
const HOTWORDS = `password
cryptography
login
Expand Down
1 change: 0 additions & 1 deletion assets/semgrep_rules/services/http-parse-multipart-dos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ rules:
- https://pkg.go.dev/net/http#MaxBytesReader
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/http-parse-multipart-dos.yaml
assignees: |
bcaller
thypon
severity: INFO
languages:
Expand Down
1 change: 0 additions & 1 deletion assets/semgrep_rules/services/io-readall-dos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ rules:
- https://pkg.go.dev/net/http#MaxBytesReader
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/io-readall-dos.yaml
assignees: |
bcaller
thypon
severity: INFO
languages:
Expand Down
1 change: 0 additions & 1 deletion assets/semgrep_rules/services/url-constructor-base.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ rules:
- https://developer.mozilla.org/en-US/docs/Web/API/URL/URL#parameters
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/url-constructor-base.yaml
assignees: |
bcaller
thypon
message: Are you using the `URL(url, base)` constructor as a security control to limit the origin with base `$BASE`? The base is ignored whenever url looks like an absolute URL, e.g. when it begins `protocol://`. `\\\\` or `//x.y`. Verify that the URL's origin is as expected rather than relying on the URL constructor.
severity: INFO
Expand Down