Skip to content

Merge Develop into Release #3716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
0xDC0DE merged 9 commits into from
Jan 15, 2026
Merged

Merge Develop into Release #3716

0xDC0DE merged 9 commits into from
Jan 15, 2026

Conversation

@r2c-argo
Copy link
Contributor

@r2c-argo r2c-argo bot commented Nov 25, 2025

Created automatically with the Argo bot using the Argo workflow in release-workflow.yaml

kurt-r2c and others added 5 commits September 23, 2025 15:09
@kurt-r2c
fix(rules): CODE-9032 (#3683)
12f2eb5 
* fix for CODE-9032

* add test
@mjambon
Improve OCaml rule protecting against stray Not_founds (#3702)
518f71b 
## Link to an issue, if relevant

(internal Slack thread)

### ~~Adding a new~~ Revising a rule? Look over this PR checklist

- The issue or PR has links, references, or examples.
- The rule has **true positive** and **true negative** test cases in a file that matches the rule name.

> If the rule is `my-rule`, the test file name should be `my-rule.js`.
>
> True positives are marked by comments with `ruleid: <my-rule>` and true negatives are marked by comments with `ok: <my-rule>`.

- The rule has a good message. A good message includes:

> 1. A description of the pattern (e.g., missing parameter, dangerous flag, out-of-order function calls).
> 1. A description of why this pattern was detected (e.g., logic bug, introduces a security vulnerability, bad practice).
> 1. An alternative that resolves the issue (e.g., use another function, validate data first, discard the dangerous flag).
@semgreg
Update aws-cloudfront-insecure-tls rule (#3705)
885b51b 
This updates aws-cloudfront-insecure-tls rule
to account for the addition of aws cloudfront
support for TLSv1.2_2025 and TLSv1.3_2025
@0xDC0DE
Add rule to detect backdoor github action placed by Sha1-Hulud (#3714)
9ce06f3 
Co-authored-by: Pieter De Cremer <pieter@Mac.localdomain>
@0xDC0DE
Fixed message in shai hulud backdoor rule (#3715)
1b69c3f 
Co-authored-by: Pieter De Cremer <pieter@Mac.localdomain>
@semgrep-zcs-prod-semgrep
Copy link

semgrep-zcs-prod-semgrep bot commented Nov 25, 2025

Semgrep found 2 hashtbl-find-outside-try findings:

'Hashtbl.find' raises the 'Not_found' exception. Handle the exception or use 'Hashtbl.find_opt' instead. If you have proof that the key exists in the table, use 'assert false' as the exception handler to demonstrate awareness of the issue. If your code uses the syntax 'match Hashtbl.find ... with exception Not_found -> ...', it's fine and we apologize for not detecting it. Consider using 'Hashtbl.find_opt' to please Semgrep and stay safe.

Piccirello and others added 4 commits January 13, 2026 13:22
@Piccirello
Add additional GitHub shell injections patterns (#3735)
43ba5c7 
A GitHub Action may still be vulnerable when a more complicated pattern is used, like an || operator.
@ravisastryk
[go] Add CWE-502 unsafe deserialization rule (#3736)
241477b
@0xDC0DE
Add owasp 2025 mapping (#3739)
46a0ecf 
* Add owasp 2025 mapping

* fix metadata of twilio twiml injection rule

---------

Co-authored-by: Pieter De Cremer <pieter@Mac.localdomain>
@0xDC0DE
Merge branch 'release' into merge-develop-to-release
6b280c8
@0xDC0DE 0xDC0DE enabled auto-merge (squash) January 15, 2026 11:32
@0xDC0DE 0xDC0DE merged commit c82eb9b into release Jan 15, 2026
11 of 12 checks passed
@0xDC0DE 0xDC0DE deleted the merge-develop-to-release branch January 15, 2026 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xDC0DE 0xDC0DE 0xDC0DE approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@0xDC0DE @kurt-r2c @mjambon @semgreg @Piccirello @ravisastryk