From ee50998f59519aa2d91d22b71fc9cee5727d74ac Mon Sep 17 00:00:00 2001 From: sstrohmeyer Date: Tue, 5 Mar 2024 14:04:29 -0600 Subject: [PATCH 1/5] Editing readme file --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ac5b111..133d138 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +## This app came from reddit, lol + ## Setup ### Requisites From a884f135918a3865c18c67c8261fdbdccba258b0 Mon Sep 17 00:00:00 2001 From: sstrohmeyer Date: Tue, 5 Mar 2024 15:18:55 -0600 Subject: [PATCH 2/5] Add pipeline command for Semgrep --- .buildkite/pipeline.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .buildkite/pipeline.yml diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml new file mode 100644 index 0000000..9f92c81 --- /dev/null +++ b/.buildkite/pipeline.yml @@ -0,0 +1,26 @@ +- label: ":semgrep: Semgrep" + commands: + + # Uncomment the following line to scan changed + # files in PRs or MRs (diff-aware scanning): + # - export SEMGREP_BASELINE_REF = "main" + + # Troubleshooting: + + # Uncomment the following lines if Semgrep Cloud Platform > Findings Page does not create links + # to the code that generated a finding or if you are not receiving PR or MR comments. + # - export SEMGREP_COMMIT=${BUILDKITE_COMMIT} + # - export SEMGREP_PR_ID=${BUILDKITE_PULL_REQUEST} + # - export SEMGREP_BRANCH=${BUILDKITE_BRANCH} + # - export SEMGREP_REPO_URL="$(echo "$BUILDKITE_REPO" | sed -e 's#.\{4\}$##')" + # - echo "$BUILDKITE_REPO" | sed 's#https://github.com/##' | sed 's#.git##' + # - export SEMGREP_REPO_NAME="$(echo "$BUILDKITE_REPO" | sed -e 's#https://github.com/##' | sed -e 's#.git##')" + + - semgrep ci + + plugins: + - docker#v3.7.0: + image: semgrep/semgrep + environment: + # The following variable is required to set up a scan connected to Semgrep Cloud Platform: + - "00fd818ee823c24048c67dfeaad7adcc99874552f6bb3242ebc80140f68021c9" \ No newline at end of file From 355a88e3a0064426b94d770cee898882ceb59c39 Mon Sep 17 00:00:00 2001 From: sstrohmeyer Date: Wed, 6 Mar 2024 12:39:43 -0600 Subject: [PATCH 3/5] remove buildkite pipeline --- .buildkite/pipeline.yml | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 .buildkite/pipeline.yml diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml deleted file mode 100644 index 9f92c81..0000000 --- a/.buildkite/pipeline.yml +++ /dev/null @@ -1,26 +0,0 @@ -- label: ":semgrep: Semgrep" - commands: - - # Uncomment the following line to scan changed - # files in PRs or MRs (diff-aware scanning): - # - export SEMGREP_BASELINE_REF = "main" - - # Troubleshooting: - - # Uncomment the following lines if Semgrep Cloud Platform > Findings Page does not create links - # to the code that generated a finding or if you are not receiving PR or MR comments. - # - export SEMGREP_COMMIT=${BUILDKITE_COMMIT} - # - export SEMGREP_PR_ID=${BUILDKITE_PULL_REQUEST} - # - export SEMGREP_BRANCH=${BUILDKITE_BRANCH} - # - export SEMGREP_REPO_URL="$(echo "$BUILDKITE_REPO" | sed -e 's#.\{4\}$##')" - # - echo "$BUILDKITE_REPO" | sed 's#https://github.com/##' | sed 's#.git##' - # - export SEMGREP_REPO_NAME="$(echo "$BUILDKITE_REPO" | sed -e 's#https://github.com/##' | sed -e 's#.git##')" - - - semgrep ci - - plugins: - - docker#v3.7.0: - image: semgrep/semgrep - environment: - # The following variable is required to set up a scan connected to Semgrep Cloud Platform: - - "00fd818ee823c24048c67dfeaad7adcc99874552f6bb3242ebc80140f68021c9" \ No newline at end of file From 152032434048153e7d71eeefc855d505abb8502b Mon Sep 17 00:00:00 2001 From: sstrohmeyer Date: Mon, 11 Mar 2024 12:11:04 -0500 Subject: [PATCH 4/5] Remove CircleCI file --- .circleci/config.yml | 128 ------------------------------------------- 1 file changed, 128 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 1a31016..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,128 +0,0 @@ -version: 2.1 -orbs: - jq: circleci/jq@2.2.0 -jobs: - semgrep-scan: - parameters: - default_branch: - type: string - default: main - # environment: - # SEMGREP_BASELINE_REF: << parameters.default_branch >> - docker: - - image: returntocorp/semgrep - steps: - - checkout - - jq/install - - run: - name: "Semgrep scan" - command: | - echo $SEMGREP_BASELINE_REF - echo $CIRCLE_BRANCH - echo $CIRCLE_PULL_REQUEST - echo ${CIRCLE_PULL_REQUEST##*/} - - if [ ${CIRCLE_PULL_REQUEST##*/} ]; then - echo "this is a pull request" - echo 'export SEMGREP_COMMIT=${CIRCLE_SHA1}' >> $BASH_ENV - echo 'export SEMGREP_PR_ID=${CIRCLE_PULL_REQUEST##*/}' >> $BASH_ENV - echo 'export SEMGREP_JOB_URL=${CIRCLE_BUILD_URL}' >> $BASH_ENV - echo 'export SEMGREP_REPO_NAME=${CIRCLE_PROJECT_REPONAME}' >> $BASH_ENV - echo 'export SEMGREP_REPO_URL=${CIRCLE_REPOSITORY_URL}' >> $BASH_ENV - echo 'export SEMGREP_BRANCH=${CIRCLE_BRANCH}' >> $BASH_ENV - echo 'export SEMGREP_BASELINE_REF= "main"' >> $BASH_ENV - echo 'export SEMGREP_APP_TOKEN=$SEMGREP_APP_TOKEN' >> $BASH_ENV - echo ${CIRCLE_SHA1} - echo ${CIRCLE_PULL_REQUEST##*/} - echo ${CIRCLE_BUILD_URL} - echo ${CIRCLE_PROJECT_REPONAME} - echo ${CIRCLE_REPOSITORY_URL} - echo ${CIRCLE_BRANCH} - echo $SEMGREP_BASELINE_REF - git fetch origin "+refs/heads/*:refs/remotes/origin/*" - semgrep ci - else - echo "this is not a pull request" - # echo 'export SEMGREP_BASELINE_REF = "origin/main"' >> $BASH_ENV - echo 'export SEMGREP_APP_TOKEN=$SEMGREP_APP_TOKEN' >> $BASH_ENV - echo 'export SEMGREP_COMMIT=$CIRCLE_SHA1' >> $BASH_ENV - # echo 'export SEMGREP_PR_ID=${CIRCLE_PULL_REQUEST##*/}' >> $BASH_ENV - echo 'export SEMGREP_JOB_URL=$CIRCLE_BUILD_URL' >> $BASH_ENV - # git fetch origin "+refs/heads/*:refs/remotes/origin/*" - semgrep ci --json --output=findings.json - fi - - run: - name: "Create Summary JSON for Blocking findings only" - when: always - command: | - results_array=$(for k in $(jq '.results | keys | .[]' findings.json); do - value=$(jq -r ".results[$k]" findings.json); - message=$(jq -r '.extra.message' \<<< "$value"); - path=$(jq -r '.path' \<<< "$value"); - line=$(jq -r '.start.line' \<<< "$value"); - reference=$(jq -r '.extra.metadata."semgrep.url"' \<<< "$value"); - is_it_blocking_findings=$(jq -r '.extra.sca_info.reachable' \<<< "$value"); - if [[ $is_it_blocking_findings ]]; then - jq -n --arg message "$message" --arg path "$path" --arg line "$line" '{message: $message, path: $path, line: $line}' - fi - done | jq -n '.results |= [inputs]'); - echo $results_array > "findings_summary.json"; - echo $results_array; -workflows: - scan: - jobs: - - semgrep-scan: - context: - - dev -# -# older version -# version: 2.1 -# jobs: -# semgrep-scan: -# parameters: -# default_branch: -# type: string -# default: main -# environment: -# # Uncomment the following line to scan changed -# # files in PRs or MRs (diff-aware scanning): -# - export SEMGREP_BASELINE_REF = "origin/main" -# - git fetch origin "+refs/heads/*:refs/remotes/origin/*" -# # SEMGREP_BASELINE_REF: << parameters.default_branch >> - -# # Troubleshooting: - -# # Uncomment the following lines if Semgrep Cloud Platform > Findings Page does not create links -# # to the code that generated a finding or if you are not receiving PR or MR comments. -# # SEMGREP_REPO_NAME: '$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME' -# # SEMGREP_REPO_URL: << pipeline.project.git_url >> -# # SEMGREP_BRANCH: << pipeline.git.branch >> - -# docker: -# - image: returntocorp/semgrep -# steps: -# - checkout - -# # Uncomment the following lines if Semgrep Cloud Platform > Findings Page does not create links -# # to the code that generated a finding or if you are not receiving PR or MR comments. -# # - run: -# # name: "Manually set environment variables" -# # command: | -# # echo 'export SEMGREP_COMMIT=$CIRCLE_SHA1' >> $BASH_ENV -# # echo 'export SEMGREP_PR_ID=${CIRCLE_PULL_REQUEST##*/}' >> $BASH_ENV -# # echo 'export SEMGREP_JOB_URL=$CIRCLE_BUILD_URL' >> $BASH_ENV -# - run: -# name: "Semgrep scan" -# command: | -# echo 'export SEMGREP_APP_TOKEN=$SEMGREP_APP_TOKEN' >> $BASH_ENV -# echo 'export SEMGREP_COMMIT=$CIRCLE_SHA1' >> $BASH_ENV -# echo 'export SEMGREP_PR_ID=${CIRCLE_PULL_REQUEST##*/}' >> $BASH_ENV -# echo 'export SEMGREP_JOB_URL=$CIRCLE_BUILD_URL' >> $BASH_ENV -# semgrep ci -# workflows: -# main: -# jobs: -# - semgrep-scan: -# context: -# - dev - From e5d20bc011a112edb4630fb1ef4b2944f6faff12 Mon Sep 17 00:00:00 2001 From: sstrohmeyer Date: Thu, 14 Mar 2024 15:43:32 -0500 Subject: [PATCH 5/5] touching readme to kick off build --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 133d138..d2085e9 100644 --- a/README.md +++ b/README.md @@ -53,4 +53,4 @@ Host: localhost:5000 Cookie: api_key=myapisecret -... \ No newline at end of file +....... \ No newline at end of file