From b97ba1e95355c21a2c79782f0c3f3058fb7fd355 Mon Sep 17 00:00:00 2001
From: milkrage <hello@milkrage.ru>
Date: Fri, 18 Oct 2024 14:17:28 +0300
Subject: [PATCH] Test semgrep

---
 .github/workflows/secure.yml |  1 -
 GNUmakefile                  | 21 +++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/secure.yml b/.github/workflows/secure.yml
index e49e66f3..22e0d4e3 100644
--- a/.github/workflows/secure.yml
+++ b/.github/workflows/secure.yml
@@ -28,7 +28,6 @@ jobs:
             p/comment
             p/cwe-top-25
             p/default
-            p/gitlab
             p/gitleaks
             p/golang
             p/gosec
diff --git a/GNUmakefile b/GNUmakefile
index e55ef800..36486083 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -45,4 +45,25 @@ ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
 endif
 	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
 
+semgrep:
+	docker run --rm -v ${PWD}:/app:ro -w /app semgrep/semgrep semgrep scan --error --metrics=off \
+		--config=p/command-injection \
+		--config=p/comment \
+		--config=p/cwe-top-25 \
+		--config=p/default \
+		--config=p/gitlab \
+		--config=p/gitleaks \
+		--config=p/golang \
+		--config=p/gosec \
+		--config=p/insecure-transport \
+		--config=p/owasp-top-ten \
+		--config=p/r2c-best-practices \
+		--config=p/r2c-bug-scan \
+		--config=p/r2c-security-audit \
+		--config=p/secrets \
+		--config=p/security-audit \
+		--config=p/sql-injection \
+		--config=p/xss \
+		.
+
 .PHONY: golangci-lint build test testacc fmt test-compile website website-test