(tooling-trusted-releases) branch main updated: Add some semgrep checks to the heavy lints collection

Mon, 08 Dec 2025 10:53:10 -0800 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new 93597c3  Add some semgrep checks to the heavy lints collection
93597c3 is described below

commit 93597c3477aae7b1ac391f6b7eed74f91102a028
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Dec 8 18:51:30 2025 +0000

    Add some semgrep checks to the heavy lints collection
---
 .pre-commit-heavy.yaml                | 24 ++++++++++++++++++++++++
 atr/admin/templates/all-releases.html |  2 +-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/.pre-commit-heavy.yaml b/.pre-commit-heavy.yaml
index b153116..f3ca406 100644
--- a/.pre-commit-heavy.yaml
+++ b/.pre-commit-heavy.yaml
@@ -9,3 +9,27 @@ repos:
       args: ['--fix', '-o', '4', '--strip', 'safe', '--alpha']
       # types: [image]
       # files: \.png$
+- repo: https://github.com/semgrep/semgrep
+  rev: v1.145.0
+  hooks:
+    - id: semgrep
+      args:
+        - --config=p/ci
+        - --config=p/cwe-top-25
+        - --config=p/docker-compose
+        - --config=p/jwt
+        - --config=p/owasp-top-ten
+        - --config=p/python
+        - --config=p/secrets
+        - --config=p/security-audit
+        - --config=p/sql-injection
+        - --error
+        - --quiet
+        - --metrics=off
+        - --disable-version-check
+        - --exclude=migrations/versions/0027_2025.09.08_69e565eb.py
+        - 
--exclude-rule=generic.html-templates.security.var-in-href.var-in-href
+        - --exclude-rule=html.security.plaintext-http-link.plaintext-http-link
+        - --exclude-rule=python.lang.security.use-defused-xml.use-defused-xml
+        - 
--exclude-rule=python.lang.security.use-defused-xml-parse.use-defused-xml-parse
+      pass_filenames: false
diff --git a/atr/admin/templates/all-releases.html 
b/atr/admin/templates/all-releases.html
index 071782f..4b688da 100644
--- a/atr/admin/templates/all-releases.html
+++ b/atr/admin/templates/all-releases.html
@@ -48,7 +48,7 @@
               <span class="badge bg-dark">Unknown</span>
             {% endif %}
           </td>
-          <td>{{ release.created.strftime("%Y-%m-%d<br>%H:%M:%S UTC")|safe 
}}</td>
+          <td>{{ release.created.strftime("%Y-%m-%d") }}<br>{{ 
release.created.strftime("%H:%M:%S UTC") }}</td>
         </tr>
       {% else %}
         <tr>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to