Home / Companies / Semgrep / Blog / October 2021

October 2021 Summaries

5 posts from Semgrep

Filter
Month: Year:
Post Summaries Back to Blog
Semgrep App has undergone a significant redesign, now featuring a user-friendly drag-and-drop interface for configuring rules and notifications, aimed at simplifying security configurations for teams of all sizes. The platform has evolved from its initial basic functionality to include advanced features such as a triage flow for findings and integration with Jira for streamlined remediation processes. The introduction of the "rule board" addresses the complexity of configuring security issues by consolidating configurations into a single screen, allowing users to easily manage rulesets and notifications. This update is particularly beneficial for smaller teams who previously had to navigate complex configurations designed for larger enterprises. Additional improvements include a revamped dashboard design, enhanced GitHub project support, and new features like rule severity filtering and a newsletter on private beta features, ensuring that the app remains a vital tool for security teams globally.
Oct 21, 2021 858 words in the original blog post.
Semgrep's taint mode, now generally available, enhances the detection of injection vulnerabilities by implementing a specific kind of data-flow analysis called taint analysis. Originally developed to enforce secure defaults through lightweight static analysis, Semgrep's taint mode offers a more efficient way to create rules for tracking the flow of untrusted data through a program, identifying potential security risks when this data reaches vulnerable functions. Unlike the previous "fake-taint" rules that were cumbersome and complex, taint mode allows for more succinct, maintainable, and powerful rules that can identify more complicated vulnerabilities. This mode uses specific annotations for sources, sanitizers, and sinks, making it easier to specify and detect where potential security issues may arise in the code. The development team at r2c has been actively using taint mode to improve the Semgrep registry and has acknowledged the contributions of early adopters in refining this feature. Taint mode is poised to become a significant part of Semgrep's functionality, with plans to expand its implementation across different programming languages, starting with JavaScript.
Oct 21, 2021 2,025 words in the original blog post.
Semgrep 0.70 introduces several enhancements, including taint-sanitizer-sink rules for improved data-flow based scanning, the ability to parse Terraform files for broader infrastructure-as-code coverage, and the --config=auto feature, which automatically selects appropriate Semgrep Registry rules based on a project's language and frameworks. The tool, known for its fast, open-source static analysis capabilities, now offers taint mode for smarter security scanning, making it easier to prevent vulnerabilities like SQL injection or XSS. Additionally, Semgrep has advanced its Terraform support by learning to parse HCL files, enhancing its ability to detect complex issues such as privilege escalation in AWS. The --config=auto feature streamlines configuration by automatically identifying inventory patterns in a codebase and selecting the relevant rules, minimizing manual configuration efforts. Performance improvements have been made, achieving a 5x speedup on large repositories, and the Semgrep App now offers new functionalities like organization-wide configuration and integration with Jira for enhanced usability. These updates reflect Semgrep’s commitment to evolving and enhancing its tool to support a wide range of technologies and use cases.
Oct 21, 2021 1,240 words in the original blog post.
Kurt Boberg from Chegg and Daghan Altas from r2c demonstrate the use of Semgrep to identify complex code patterns in Java, highlighting real-world examples such as SQL injections, reverse shells, and XML external entity injections. The presentation emphasizes practical applications of Semgrep in detecting security vulnerabilities, and it was hosted by the Seattle Java User Group.
Oct 07, 2021 56 words in the original blog post.
The comprehensive exploration highlights the potential security vulnerabilities associated with GitHub Actions (GHA), focusing on risks such as shell injection attacks, compromised runners, and the misuse of the pull_request_target trigger. The post underscores the dangers of stolen secrets and unauthorized repository modifications when a GHA runner is compromised, emphasizing how attackers can exploit the GITHUB_TOKEN and other authentication methods. It discusses the importance of treating GitHub context data as untrusted, suggests using environment variables to mitigate shell injection vulnerabilities, and warns against using deprecated commands enabled by the ACTIONS_ALLOW_UNSECURE_COMMANDS variable. The piece advocates for vigilant use of the pull_request_target trigger, careful auditing of third-party actions, and the employment of tools like Semgrep to detect vulnerabilities. Additionally, it provides insights into GITHUB_TOKEN permissions, offering strategies to safeguard against potential exploits in the complex GHA ecosystem.
Oct 01, 2021 2,537 words in the original blog post.