Skip to content

Commit

Permalink
Merge pull request #516 from DataDog/s.obregoso/semgrep_licence_change
Browse files Browse the repository at this point in the history
Remove BIDI rule and pin semgrep
  • Loading branch information
sobregosodd authored Jan 13, 2025
2 parents c85dac4 + 1f685b3 commit ba19bb9
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 45 deletions.
8 changes: 6 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,6 @@ Source code heuristics:
| exec-base64 | Identify when a package dynamically executes base64-encoded code |
| silent-process-execution | Identify when a package silently executes an executable |
| dll-hijacking | Identifies when a malicious package manipulates a trusted application into loading a malicious DLL |
| bidirectional-characters | Identify when a package contains bidirectional characters, which can be used to display source code differently than its actual execution. See more at https://trojansource.codes/ |
| steganography | Identify when a package retrieves hidden data from an image and executes it |
| code-execution | Identify when an OS command is executed in the setup.py file |
| cmd-overwrite | Identify when the 'install' command is overwritten in setup.py, indicating a piece of code automatically running when the package is installed |
Expand Down Expand Up @@ -123,7 +122,6 @@ Source code heuristics:
| npm-exec-base64 | Identify when a package dynamically executes code through 'eval' |
| npm-install-script | Identify when a package has a pre or post-install script automatically running commands |
| npm-steganography | Identify when a package retrieves hidden data from an image and executes it |
| bidirectional-characters | Identify when a package contains bidirectional characters, which can be used to display source code differently than its actual execution. See more at https://trojansource.codes/ |
| npm-dll-hijacking | Identifies when a malicious package manipulates a trusted application into loading a malicious DLL |
| npm-exfiltrate-sensitive-data | Identify when a package reads and exfiltrates sensitive data from the local system |

Expand All @@ -149,8 +147,14 @@ Source code heuristics:
| **Heuristic** | **Description** |
|:-------------:|:---------------:|
| shady-links | Identify when a package contains an URL to a domain with a suspicious extension |

Metadata heuristics:

| **Heuristic** | **Description** |
|:-------------:|:---------------:|
| typosquatting | Identify packages that are named closely to an highly popular package |


<!-- END_RULE_LIST -->

## Custom Rules
Expand Down
29 changes: 0 additions & 29 deletions guarddog/analyzer/sourcecode/bidirectional-characters.yml

This file was deleted.

9 changes: 7 additions & 2 deletions poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ guarddog = "guarddog.cli:cli"

[tool.poetry.dependencies]
python = ">=3.10,<4"
semgrep = "^1.97.0"
semgrep = "1.97.0"
requests = "^2.29.0"
python-dateutil = "^2.8.2"
click = "^8.1.3"
Expand Down
11 changes: 0 additions & 11 deletions tests/analyzer/sourcecode/bidirectional-characters.py

This file was deleted.

0 comments on commit ba19bb9

Please sign in to comment.