Merge pull request #474 from Privado-Inc/dev

Release PR
Privado-Inc · Jul 1, 2024 · d41e353 · d41e353
2 parents cc92876 + d84a439
commit d41e353
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -0,0 +1,17 @@
+name: Vulnerability Scan
+on: pull_request_target
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+        with:
+          ref: ${{ github.head_ref }}
+      - run: docker build -t privado-main-oss -f Dockerfile .
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: privado-main-oss
+          args: --severity-threshold=high
diff --git a/config/semantics/python.yaml b/config/semantics/python.yaml
@@ -0,0 +1,8 @@
+# 1->-1 => 1st parameter taints the return value
+# 0->0 => 0th parameter taints itself back
+# empty flow => no tainting done by method
+# 1->-1 2->-1 => 1st and 2nd parameter both taints the return value
+
+semantics:
+  - signature: "__builtin.len"
+    flow: "1->1"