semgrep rule to flag undesirable package imports in adapter code #2911
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
onkarvhanumante
changed the title
onkarvhanumante
changed the title
gargcreation1992
approved these changes
Jul 10, 2023
SyntaxNode
reviewed
Jul 10, 2023
| @@ -0,0 +1,13 @@ | |||
| rules: | |||
| - id: package-import-check | |||
| message: Importing "$PKG" package is not recommended in adapter code | |||
There was a problem hiding this comment.
Please use stronger wording. These packages are not allowed / banned. It's more than a recommendation.
There was a problem hiding this comment.
Apologies. PR got merged. Added #2913 to make this change
Sonali-More-Xandr
approved these changes
Jul 10, 2023
Peiling-Ding
pushed a commit
to ParticleMedia/prebid-server
that referenced
this pull request
Jul 14, 2023
Peiling-Ding
added a commit
to ParticleMedia/prebid-server
that referenced
this pull request
Jul 14, 2023
* Fix: deal tiers no longer ignored due to presence of tid (prebid#2829) * CAPT-787: GPP support for imds bidder. (prebid#2867) Co-authored-by: Timothy M. Ace <[email protected]> * Adsinteractive: change usersync endpoint to https (prebid#2861) Co-authored-by: Balint Vargha <[email protected]> * consumable adapter: add gpp support (prebid#2883) * feat: IX Bid Adapter - gpp support for user sync urls (prebid#2873) Co-authored-by: Chris Corbo <[email protected]> * fix: update links in readme (prebid#2888) authored by @akkapur * New Adapter: AIDEM (prebid#2824) Co-authored-by: AndreaC <[email protected]> Co-authored-by: Andrea Tumbarello <[email protected]> Co-authored-by: darkstar <[email protected]> * Improve Digital adapter: Set currency in bid response (prebid#2886) * Sharethrough: Support multiformat bid request impression (prebid#2866) * Triplelift Bid Adapter: Adding GPP Support (prebid#2887) * YahooAdvertising rebranding to Yahoo Ads. (prebid#2872) Co-authored-by: oath-jac <[email protected]> * IX: MultiImp Implementation (prebid#2779) Co-authored-by: Chris Corbo <[email protected]> Co-authored-by: Oronno Mamun <[email protected]> * Exchange unit test fix (prebid#2868) * Semgrep rules for adapters (prebid#2833) * IX: Remove glog statement (prebid#2909) * Activities framework (prebid#2844) * PWBID: Update Default Endpoint (prebid#2903) * script to run semgrep tests against adapter PRs (prebid#2907) authored by @onkarvhanumante * semgrep rule to detect undesirable package imports in adapter code (prebid#2911) * update package-import message (prebid#2913) authored by @onkarvhanumante * Bump google.golang.org/grpc from 1.46.2 to 1.53.0 (prebid#2905) --------- Co-authored-by: Brian Sardo <[email protected]> Co-authored-by: Timothy Ace <[email protected]> Co-authored-by: Timothy M. Ace <[email protected]> Co-authored-by: balintvargha <[email protected]> Co-authored-by: Balint Vargha <[email protected]> Co-authored-by: Jason Piros <[email protected]> Co-authored-by: ccorbo <[email protected]> Co-authored-by: Chris Corbo <[email protected]> Co-authored-by: Ankush <[email protected]> Co-authored-by: Giovanni Sollazzo <[email protected]> Co-authored-by: AndreaC <[email protected]> Co-authored-by: Andrea Tumbarello <[email protected]> Co-authored-by: darkstar <[email protected]> Co-authored-by: Jozef Bartek <[email protected]> Co-authored-by: Max Dupuis <[email protected]> Co-authored-by: Patrick Loughrey <[email protected]> Co-authored-by: radubarbos <[email protected]> Co-authored-by: oath-jac <[email protected]> Co-authored-by: Oronno Mamun <[email protected]> Co-authored-by: Veronika Solovei <[email protected]> Co-authored-by: Onkar Hanumante <[email protected]> Co-authored-by: Stephen Johnston <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
PR adds semgrep rule to flag undesirable package imports in adapter code. Plan here is to run this rule as adapter PR checks. Refer #2907 for more details.
Semgrep uses import metavariable to match package imports - https://semgrep.dev/docs/writing-rules/pattern-syntax/#import-metavariables
Testing
Sample playground example: https://semgrep.dev/playground/s/QBlo
Semgrep unit tests passing
Found following instances in repo