@@ -144,8 +144,8 @@ type rule_id
144144 coupling: with 'severity' in 'rule_schema_v2.atd'
145145*)
146146type match_severity
147- <ocaml attr="deriving show, eq">
148- <python decorator="dataclass(frozen=True)"> = [
147+ <ocaml attr="deriving show, eq">
148+ <python decorator="dataclass(frozen=True)"> = [
149149 | Error <json name="ERROR">
150150 | Warning <json name="WARNING">
151151 | Experiment <json name="EXPERIMENT">
@@ -174,8 +174,8 @@ type match_severity
174174 alt: could reuse match_severity but seems cleaner to define its own type
175175*)
176176type error_severity
177- <ocaml attr="deriving show, eq">
178- <python decorator="dataclass(frozen=True)"> = [
177+ <ocaml attr="deriving show, eq">
178+ <python decorator="dataclass(frozen=True)"> = [
179179 | Error <json name="error">
180180 | Warning <json name="warn">
181181 | Info <json name="info">
@@ -188,11 +188,11 @@ type error_severity
188188 Interfile_taint = requires interfile taint
189189 Other_pro_feature = requires some non-taint pro feature *)
190190type pro_feature
191- <ocaml attr="deriving show">
192- <python decorator="dataclass(frozen=True)"> = {
193- interproc_taint: bool;
194- interfile_taint: bool;
195- proprietary_language: bool;
191+ <ocaml attr="deriving show">
192+ <python decorator="dataclass(frozen=True)"> = {
193+ interproc_taint: bool;
194+ interfile_taint: bool;
195+ proprietary_language: bool;
196196}
197197
198198(* Report the engine used to detect each finding. Additionally, if we are able
@@ -209,17 +209,17 @@ type pro_feature
209209 we're leaving them as is
210210*)
211211type engine_of_finding
212- <ocaml attr="deriving show">
213- <python decorator="dataclass(frozen=True)"> = [
212+ <ocaml attr="deriving show">
213+ <python decorator="dataclass(frozen=True)"> = [
214214 | OSS
215215 | PRO
216216 (* Semgrep 1.64.0 or later *)
217217 | PRO_REQUIRED of pro_feature
218218]
219219
220220type engine_kind
221- <ocaml attr="deriving show">
222- <python decorator="dataclass(frozen=True)"> = [
221+ <ocaml attr="deriving show">
222+ <python decorator="dataclass(frozen=True)"> = [
223223 | OSS
224224 | PRO
225225]
@@ -467,8 +467,8 @@ type match_intermediate_var <python decorator="dataclass(frozen=True)"> = {
467467 * Error.string_of_error_type() for osemgrep.
468468 *)
469469type error_type
470- <ocaml attr="deriving show">
471- <python decorator="dataclass(frozen=True, order=True)"> = [
470+ <ocaml attr="deriving show">
471+ <python decorator="dataclass(frozen=True, order=True)"> = [
472472 (* File parsing related errors;
473473 coupling: if you add a target parse error then metrics for
474474 cli need to be updated. See cli/src/semgrep/parsing_data.py.
@@ -1061,6 +1061,7 @@ type todo = int
10611061(* This is also known as Software Composition Analysis (SCA) *)
10621062
10631063(* EXPERIMENTAL *)
1064+ (* part of cli_match_extra *)
10641065type sca_info = {
10651066 reachable: bool;
10661067 reachability_rule: bool;
@@ -1074,11 +1075,19 @@ type dependency_match = {
10741075 lockfile: string;
10751076}
10761077
1078+ type dependency_pattern = {
1079+ ecosystem: ecosystem;
1080+ package: string;
1081+ semver_range: string;
1082+ }
1083+
10771084(* both ecosystem and transitivity below have frozen=True so the generated
10781085 * classes can be hashed and put in sets (see calls to reachable_deps.add()
10791086 * in semgrep SCA code)
10801087 *)
1081- type ecosystem <python decorator="dataclass(frozen=True)"> <ocaml attr="deriving show,eq"> = [
1088+ type ecosystem
1089+ <python decorator="dataclass(frozen=True)">
1090+ <ocaml attr="deriving show,eq"> = [
10821091 | Npm <json name="npm">
10831092 | Pypi <json name="pypi">
10841093 | Gem <json name="gem">
@@ -1094,23 +1103,6 @@ type ecosystem <python decorator="dataclass(frozen=True)"> <ocaml attr="deriving
10941103 | Hex <json name="hex">
10951104]
10961105
1097- type transitivity <python decorator="dataclass(frozen=True)"> <ocaml attr="deriving show,eq"> = [
1098- | Direct <json name="direct">
1099- | Transitive <json name="transitive">
1100- | Unknown <json name="unknown">
1101- ]
1102-
1103- type dependency_pattern = {
1104- ecosystem: ecosystem;
1105- package: string;
1106- semver_range: string;
1107- }
1108-
1109- type dependency_child <python decorator="dataclass(frozen=True)"> = {
1110- package: string;
1111- version: string;
1112- }
1113-
11141106type found_dependency = {
11151107 package: string;
11161108 version: string;
@@ -1147,7 +1139,35 @@ type found_dependency = {
11471139 ?git_ref: string option;
11481140}
11491141
1150- (* json names are to maintain backwards compatibility with the python enum it is replacing *)
1142+ type transitivity
1143+ <python decorator="dataclass(frozen=True)">
1144+ <ocaml attr="deriving show,eq"> = [
1145+ | Direct <json name="direct">
1146+ | Transitive <json name="transitive">
1147+ | Unknown <json name="unknown">
1148+ ]
1149+
1150+
1151+ type dependency_child <python decorator="dataclass(frozen=True)"> = {
1152+ package: string;
1153+ version: string;
1154+ }
1155+
1156+ (* Used in ci_scan_complete *)
1157+ type dependency_parser_error = {
1158+ path: string;
1159+ parser: sca_parser_name;
1160+ reason: string;
1161+ (* Not using `position` because this type must be backwards compatible with the python
1162+ * class it is replacing.
1163+ *)
1164+ ?line: int option;
1165+ ?col: int option;
1166+ ?text: string option;
1167+ }
1168+
1169+ (* json names are to maintain backwards compatibility with the python enum it is
1170+ * replacing *)
11511171type sca_parser_name = [
11521172 | Gemfile_lock <json name="gemfile_lock">
11531173 | Go_mod <json name="go_mod">
@@ -1171,17 +1191,6 @@ type sca_parser_name = [
11711191 | Mix_lock <json name="mix_lock">
11721192]
11731193
1174- type dependency_parser_error = {
1175- path: string;
1176- parser: sca_parser_name;
1177- reason: string;
1178- (* Not using `position` because this type must be backwards compatible with the python
1179- * class it is replacing.
1180- *)
1181- ?line: int option;
1182- ?col: int option;
1183- ?text: string option;
1184- }
11851194
11861195(*****************************************************************************)
11871196(* Semgrep Secrets *)
@@ -1205,8 +1214,8 @@ type historical_info = {
12051214(*****************************************************************************)
12061215
12071216(* EXPERIMENTAL: do not rely on the types in this section; those are internal
1208- * types used to communicate with the Semgrep backend and are not meant
1209- * to be consumed directly by Semgrep users or tools wrapping up Semgrep.
1217+ * types used to communicate with the Semgrep App backend and are not meant
1218+ * to be consumed directly by Semgrep users or tools wrapping Semgrep.
12101219 *
12111220 * The sequence of HTTP requests is mostly:
12121221 * - /deployments/current with token
@@ -1294,19 +1303,19 @@ type deployment_config <ocaml attr="deriving show"> = {
12941303 inherit has_features;
12951304}
12961305
1297- (* Content of the .semgrepconfig.yml in the repository.
1306+ (* Content of a possible .semgrepconfig.yml in the repository.
12981307 *
12991308 * This config allows to configure Semgrep per repo, e.g., to store
13001309 * a category/tag like "webapp" in a repo so that the Semgrep WebApp can
13011310 * return a set of relevant rules automatically for this repo in scan_config
13021311 * later when given this ci_config_from_repo in the scan_request.
13031312 *)
13041313type ci_config_from_repo = {
1305- (* version of the .semgrepconfig.yml format. "V1 " right now (useful?) *)
1314+ (* version of the .semgrepconfig.yml format. "v1 " right now (useful?) *)
13061315 ~version <python default="Version('v1')"> <ts default="'v1'">: version;
13071316 ?tags: tag list option;
13081317}
1309- (* ?? ex? *)
1318+ (* ex: "webapp" *)
13101319type tag = string
13111320
13121321(* Response by the backend to the CLI to the POST /scans/<scan_id>/config *)
@@ -1320,7 +1329,7 @@ type scan_config = {
13201329 policy_names: string list;
13211330 (* rules raw content in JSON format (but still sent as a string) *)
13221331 rule_config: string;
1323- (* since 1.47.0 *)
1332+ (* since 1.47.0 but not created by the backend (nor used by the CLI) *)
13241333 ?ci_config_from_cloud: ci_config_from_cloud option;
13251334
13261335 (* Deprecated: should rely on ci_config_from_cloud instead *)
@@ -1442,10 +1451,11 @@ type scan_metadata = {
14421451
14431452(* Sent by the CLI to the POST /api/cli/scans to create a scan. *)
14441453type scan_request = {
1445- (* added in 1.43 as options, and made mandatory since 1.98.0 *)
1446- project_metadata: project_metadata; (* replacing meta below *)
1447- project_config: ci_config_from_repo;
1454+ (* added in 1.43 as options, and mandatory since 1.98.0 (replacing meta) *)
1455+ project_metadata: project_metadata;
14481456 scan_metadata: scan_metadata;
1457+ (* added in 1.43 (used to be in meta) *)
1458+ ?project_config: ci_config_from_repo option;
14491459 (* deprecated: moved as an option in 1.98.0 and was used until 1.43ish
14501460 * old: 'meta: project_metadata;' before 1.43
14511461 *)
@@ -1650,7 +1660,8 @@ type ci_scan_results_response_error <ocaml attr="deriving show"> = {
16501660type ci_scan_complete = {
16511661 exit_code: int;
16521662 stats: ci_scan_complete_stats;
1653- ?dependencies: ci_scan_dependencies option; (* remove when min version is 1.38.0 *)
1663+ (* TODO: remove dependencies when min version is 1.38.0 *)
1664+ ?dependencies: ci_scan_dependencies option;
16541665 ?dependency_parser_errors: dependency_parser_error list option;
16551666 (* since 1.31.0 *)
16561667 ?task_id: string option;
0 commit comments