semgrep config and ignore list (#4376)

* semgrep config and ignore list * Not using semgrep.yml * Added issues --------- Co-authored-by: Ryan Laddusaw <rladdusaw@princeton.edu>
pulibrary · Sep 20, 2024 · 75f0d96 · 75f0d96
1 parent 71ece50
commit 75f0d96
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -197,6 +197,15 @@ jobs:
           name: Check code smells with Reek
           command: bundle exec reek app
 
+  semgrep:
+    docker:
+        - image: returntocorp/semgrep
+    steps:
+      - checkout
+      - run:
+          name: Check code against community-provided and custom semgrep rules
+          command: semgrep ci --config auto
+
   finish:
     executor: basic-executor
     steps:
@@ -228,6 +237,7 @@ workflows:
           - build
       - reek
       - bearer
+      - semgrep
       - js_tests:
          requires:
           - build

diff --git a/.semgrepignore b/.semgrepignore
@@ -0,0 +1,31 @@
+# Common large paths
+node_modules/
+vendor/
+*.min.js
+spec/
+
+# Semgrep rules folder
+.semgrep
+
+# Semgrep-action log folder
+.semgrep_logs/
+
+# Tickets to remediate these rules and remove from this list
+lib/orangelight/
+# https://github.com/pulibrary/orangelight/issues/4377
+config/
+# https://github.com/pulibrary/orangelight/issues/4378
+app/views/
+# https://github.com/pulibrary/orangelight/issues/4379
+app/services/
+# https://github.com/pulibrary/orangelight/issues/4380
+app/processors/orangelight/
+# https://github.com/pulibrary/orangelight/issues/4381
+app/models/requests/
+# https://github.com/pulibrary/orangelight/issues/4382
+app/helpers/
+# https://github.com/pulibrary/orangelight/issues/4383
+app/controllers/
+# https://github.com/pulibrary/orangelight/issues/4384
+app/components/
+# https://github.com/pulibrary/orangelight/issues/4385