From 21be53c507fa9ae9dca6f7c0ee387b5ed3de5c4a Mon Sep 17 00:00:00 2001 From: Annika Peterson Date: Fri, 18 Oct 2024 16:07:01 -0400 Subject: [PATCH 1/4] chore: Update cli parameters with always fail open for SEC-2549 --- semgrep_output_v1.atd | 2 + semgrep_output_v1.jsonschema | 3 +- semgrep_output_v1.proto | 3 +- semgrep_output_v1.py | 3 ++ semgrep_output_v1.ts | 3 ++ semgrep_output_v1_j.ml | 82 ++++++++++++++++++++++++++++++------ semgrep_output_v1_j.mli | 3 +- 7 files changed, 83 insertions(+), 16 deletions(-) diff --git a/semgrep_output_v1.atd b/semgrep_output_v1.atd index e395526b..65ee4625 100644 --- a/semgrep_output_v1.atd +++ b/semgrep_output_v1.atd @@ -1472,6 +1472,8 @@ type engine_configuration = { ~generic_slow_rollout: bool; (* from 1.63.0 *) ?historical_config: historical_configuration option; + (* for customers to use the app to configure fail open options *) + ~always_fail_open: bool; } (* ----------------------------- *) diff --git a/semgrep_output_v1.jsonschema b/semgrep_output_v1.jsonschema index c1647710..816c7b22 100644 --- a/semgrep_output_v1.jsonschema +++ b/semgrep_output_v1.jsonschema @@ -1191,7 +1191,8 @@ "generic_slow_rollout": { "type": "boolean" }, "historical_config": { "$ref": "#/definitions/historical_configuration" - } + }, + "always_fail_open": { "type": "boolean" } } }, "finding": { diff --git a/semgrep_output_v1.proto b/semgrep_output_v1.proto index 64b870b9..fc035556 100644 --- a/semgrep_output_v1.proto +++ b/semgrep_output_v1.proto @@ -1,6 +1,6 @@ // Generated by jsonschema2protobuf. DO NOT EDIT! // Source file: semgrep_output_v1.jsonschema -// Source file sha256 digest: 186f2f8aa40bd01a89141e935a2a039b09ebcee089cc379fd421b87ef5b1b201 +// Source file sha256 digest: e253ec5290715e05a01ba77ab19dd15b9a51b6e167195f9147843143a92afa33 syntax = "proto3"; @@ -470,6 +470,7 @@ message EngineConfiguration { repeated google.protobuf.Any product_ignored_files = 298217262; bool generic_slow_rollout = 78139686; HistoricalConfiguration historical_config = 66628402; + bool always_fail_open = 406136907; } message Finding { diff --git a/semgrep_output_v1.py b/semgrep_output_v1.py index 397e2700..641f1527 100644 --- a/semgrep_output_v1.py +++ b/semgrep_output_v1.py @@ -3196,6 +3196,7 @@ class EngineConfiguration: product_ignored_files: Optional[ProductIgnoredFiles] = None generic_slow_rollout: bool = field(default_factory=lambda: False) historical_config: Optional[HistoricalConfiguration] = None + always_fail_open: bool = field(default_factory=lambda: False) @classmethod def from_json(cls, x: Any) -> 'EngineConfiguration': @@ -3208,6 +3209,7 @@ def from_json(cls, x: Any) -> 'EngineConfiguration': product_ignored_files=ProductIgnoredFiles.from_json(x['product_ignored_files']) if 'product_ignored_files' in x else None, generic_slow_rollout=_atd_read_bool(x['generic_slow_rollout']) if 'generic_slow_rollout' in x else False, historical_config=HistoricalConfiguration.from_json(x['historical_config']) if 'historical_config' in x else None, + always_fail_open=_atd_read_bool(x['always_fail_open']) if 'always_fail_open' in x else False, ) else: _atd_bad_json('EngineConfiguration', x) @@ -3223,6 +3225,7 @@ def to_json(self) -> Any: res['generic_slow_rollout'] = _atd_write_bool(self.generic_slow_rollout) if self.historical_config is not None: res['historical_config'] = (lambda x: x.to_json())(self.historical_config) + res['always_fail_open'] = _atd_write_bool(self.always_fail_open) return res @classmethod diff --git a/semgrep_output_v1.ts b/semgrep_output_v1.ts index 5d6ac55f..2ff35b94 100644 --- a/semgrep_output_v1.ts +++ b/semgrep_output_v1.ts @@ -669,6 +669,7 @@ export type EngineConfiguration = { product_ignored_files?: ProductIgnoredFiles; generic_slow_rollout: boolean; historical_config?: HistoricalConfiguration; + always_fail_open: boolean; } export type Finding = { @@ -2940,6 +2941,7 @@ export function writeEngineConfiguration(x: EngineConfiguration, context: any = 'product_ignored_files': _atd_write_optional_field(writeProductIgnoredFiles, x.product_ignored_files, x), 'generic_slow_rollout': _atd_write_field_with_default(_atd_write_bool, false, x.generic_slow_rollout, x), 'historical_config': _atd_write_optional_field(writeHistoricalConfiguration, x.historical_config, x), + 'always_fail_open': _atd_write_field_with_default(_atd_write_bool, false, x.always_fail_open, x), }; } @@ -2952,6 +2954,7 @@ export function readEngineConfiguration(x: any, context: any = x): EngineConfigu product_ignored_files: _atd_read_optional_field(readProductIgnoredFiles, x['product_ignored_files'], x), generic_slow_rollout: _atd_read_field_with_default(_atd_read_bool, false, x['generic_slow_rollout'], x), historical_config: _atd_read_optional_field(readHistoricalConfiguration, x['historical_config'], x), + always_fail_open: _atd_read_field_with_default(_atd_read_bool, false, x['always_fail_open'], x), }; } diff --git a/semgrep_output_v1_j.ml b/semgrep_output_v1_j.ml index 4980cbf8..a0c49a2f 100644 --- a/semgrep_output_v1_j.ml +++ b/semgrep_output_v1_j.ml @@ -287,7 +287,8 @@ type engine_configuration = Semgrep_output_v1_t.engine_configuration = { ignored_files: string list; product_ignored_files: product_ignored_files option; generic_slow_rollout: bool; - historical_config: historical_configuration option + historical_config: historical_configuration option; + always_fail_open: bool } type scan_response = Semgrep_output_v1_t.scan_response = { @@ -10432,6 +10433,15 @@ let write_engine_configuration : _ -> engine_configuration -> _ = ( ) ob x; ); + if !is_first then + is_first := false + else + Buffer.add_char ob ','; + Buffer.add_string ob "\"always_fail_open\":"; + ( + Yojson.Safe.write_bool + ) + ob x.always_fail_open; Buffer.add_char ob '}'; ) let string_of_engine_configuration ?(len = 1024) x = @@ -10449,6 +10459,7 @@ let read_engine_configuration = ( let field_product_ignored_files = ref (None) in let field_generic_slow_rollout = ref (false) in let field_historical_config = ref (None) in + let field_always_fail_open = ref (false) in try Yojson.Safe.read_space p lb; Yojson.Safe.read_object_end lb; @@ -10483,12 +10494,26 @@ let read_engine_configuration = ( ) ) | 16 -> ( - if String.unsafe_get s pos = 'd' && String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( - 2 - ) - else ( - -1 - ) + match String.unsafe_get s pos with + | 'a' -> ( + if String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'w' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'y' && String.unsafe_get s (pos+5) = 's' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'f' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'i' && String.unsafe_get s (pos+10) = 'l' && String.unsafe_get s (pos+11) = '_' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'p' && String.unsafe_get s (pos+14) = 'e' && String.unsafe_get s (pos+15) = 'n' then ( + 7 + ) + else ( + -1 + ) + ) + | 'd' -> ( + if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( + 2 + ) + else ( + -1 + ) + ) + | _ -> ( + -1 + ) ) | 17 -> ( if String.unsafe_get s pos = 'h' && String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 's' && String.unsafe_get s (pos+3) = 't' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'r' && String.unsafe_get s (pos+6) = 'i' && String.unsafe_get s (pos+7) = 'c' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'l' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'c' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'n' && String.unsafe_get s (pos+14) = 'f' && String.unsafe_get s (pos+15) = 'i' && String.unsafe_get s (pos+16) = 'g' then ( @@ -10582,6 +10607,14 @@ let read_engine_configuration = ( ) ); ) + | 7 -> + if not (Yojson.Safe.read_null_if_possible p lb) then ( + field_always_fail_open := ( + ( + Atdgen_runtime.Oj_run.read_bool + ) p lb + ); + ) | _ -> ( Yojson.Safe.skip_json p lb ) @@ -10620,12 +10653,26 @@ let read_engine_configuration = ( ) ) | 16 -> ( - if String.unsafe_get s pos = 'd' && String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( - 2 - ) - else ( - -1 - ) + match String.unsafe_get s pos with + | 'a' -> ( + if String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'w' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'y' && String.unsafe_get s (pos+5) = 's' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'f' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'i' && String.unsafe_get s (pos+10) = 'l' && String.unsafe_get s (pos+11) = '_' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'p' && String.unsafe_get s (pos+14) = 'e' && String.unsafe_get s (pos+15) = 'n' then ( + 7 + ) + else ( + -1 + ) + ) + | 'd' -> ( + if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( + 2 + ) + else ( + -1 + ) + ) + | _ -> ( + -1 + ) ) | 17 -> ( if String.unsafe_get s pos = 'h' && String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 's' && String.unsafe_get s (pos+3) = 't' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'r' && String.unsafe_get s (pos+6) = 'i' && String.unsafe_get s (pos+7) = 'c' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'l' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'c' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'n' && String.unsafe_get s (pos+14) = 'f' && String.unsafe_get s (pos+15) = 'i' && String.unsafe_get s (pos+16) = 'g' then ( @@ -10719,6 +10766,14 @@ let read_engine_configuration = ( ) ); ) + | 7 -> + if not (Yojson.Safe.read_null_if_possible p lb) then ( + field_always_fail_open := ( + ( + Atdgen_runtime.Oj_run.read_bool + ) p lb + ); + ) | _ -> ( Yojson.Safe.skip_json p lb ) @@ -10735,6 +10790,7 @@ let read_engine_configuration = ( product_ignored_files = !field_product_ignored_files; generic_slow_rollout = !field_generic_slow_rollout; historical_config = !field_historical_config; + always_fail_open = !field_always_fail_open; } : engine_configuration) ) diff --git a/semgrep_output_v1_j.mli b/semgrep_output_v1_j.mli index e7102ccd..8b2b362b 100644 --- a/semgrep_output_v1_j.mli +++ b/semgrep_output_v1_j.mli @@ -287,7 +287,8 @@ type engine_configuration = Semgrep_output_v1_t.engine_configuration = { ignored_files: string list; product_ignored_files: product_ignored_files option; generic_slow_rollout: bool; - historical_config: historical_configuration option + historical_config: historical_configuration option; + always_fail_open: bool } type scan_response = Semgrep_output_v1_t.scan_response = { From 8cb9bb1c8577d2a1340ec982d0eb31366a1e2f48 Mon Sep 17 00:00:00 2001 From: Annika Peterson Date: Fri, 18 Oct 2024 13:32:00 -0700 Subject: [PATCH 2/4] Update semgrep_output_v1.atd Co-authored-by: Sal Olivares --- semgrep_output_v1.atd | 1 + 1 file changed, 1 insertion(+) diff --git a/semgrep_output_v1.atd b/semgrep_output_v1.atd index 65ee4625..90c030b3 100644 --- a/semgrep_output_v1.atd +++ b/semgrep_output_v1.atd @@ -1472,6 +1472,7 @@ type engine_configuration = { ~generic_slow_rollout: bool; (* from 1.63.0 *) ?historical_config: historical_configuration option; + (* from 1.93 *) (* for customers to use the app to configure fail open options *) ~always_fail_open: bool; } From 9a27a779bc5801692408b91abb591663b3af9fab Mon Sep 17 00:00:00 2001 From: Annika Peterson Date: Mon, 21 Oct 2024 07:21:58 -0700 Subject: [PATCH 3/4] Update semgrep_output_v1.atd Co-authored-by: Emma Jin --- semgrep_output_v1.atd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/semgrep_output_v1.atd b/semgrep_output_v1.atd index 90c030b3..37335f7b 100644 --- a/semgrep_output_v1.atd +++ b/semgrep_output_v1.atd @@ -1473,7 +1473,7 @@ type engine_configuration = { (* from 1.63.0 *) ?historical_config: historical_configuration option; (* from 1.93 *) - (* for customers to use the app to configure fail open options *) + (* sent by the app to indicate that fail open should always be enabled, overriding the CLI flag. coupling: server/semgrep_app/saas/models/deployment_products_mixin.py *) ~always_fail_open: bool; } From 19aa1ef0af96ac81bcb0ca0591f22c2b2b1e14c4 Mon Sep 17 00:00:00 2001 From: Annika Peterson Date: Mon, 21 Oct 2024 10:24:03 -0400 Subject: [PATCH 4/4] update to always suppress errors --- semgrep_output_v1.atd | 2 +- semgrep_output_v1.jsonschema | 2 +- semgrep_output_v1.proto | 4 +- semgrep_output_v1.py | 6 +-- semgrep_output_v1.ts | 6 +-- semgrep_output_v1_j.ml | 82 +++++++++++++++--------------------- semgrep_output_v1_j.mli | 2 +- 7 files changed, 46 insertions(+), 58 deletions(-) diff --git a/semgrep_output_v1.atd b/semgrep_output_v1.atd index 37335f7b..e7b2470c 100644 --- a/semgrep_output_v1.atd +++ b/semgrep_output_v1.atd @@ -1474,7 +1474,7 @@ type engine_configuration = { ?historical_config: historical_configuration option; (* from 1.93 *) (* sent by the app to indicate that fail open should always be enabled, overriding the CLI flag. coupling: server/semgrep_app/saas/models/deployment_products_mixin.py *) - ~always_fail_open: bool; + ~always_suppress_errors: bool; } (* ----------------------------- *) diff --git a/semgrep_output_v1.jsonschema b/semgrep_output_v1.jsonschema index 816c7b22..8c6f01c1 100644 --- a/semgrep_output_v1.jsonschema +++ b/semgrep_output_v1.jsonschema @@ -1192,7 +1192,7 @@ "historical_config": { "$ref": "#/definitions/historical_configuration" }, - "always_fail_open": { "type": "boolean" } + "always_suppress_errors": { "type": "boolean" } } }, "finding": { diff --git a/semgrep_output_v1.proto b/semgrep_output_v1.proto index fc035556..a971b37b 100644 --- a/semgrep_output_v1.proto +++ b/semgrep_output_v1.proto @@ -1,6 +1,6 @@ // Generated by jsonschema2protobuf. DO NOT EDIT! // Source file: semgrep_output_v1.jsonschema -// Source file sha256 digest: e253ec5290715e05a01ba77ab19dd15b9a51b6e167195f9147843143a92afa33 +// Source file sha256 digest: 3128533ce4295e9cf749fad9537838337aaeb44a78a3384f95e7f43238ca0562 syntax = "proto3"; @@ -470,7 +470,7 @@ message EngineConfiguration { repeated google.protobuf.Any product_ignored_files = 298217262; bool generic_slow_rollout = 78139686; HistoricalConfiguration historical_config = 66628402; - bool always_fail_open = 406136907; + bool always_suppress_errors = 432871568; } message Finding { diff --git a/semgrep_output_v1.py b/semgrep_output_v1.py index 641f1527..f9778363 100644 --- a/semgrep_output_v1.py +++ b/semgrep_output_v1.py @@ -3196,7 +3196,7 @@ class EngineConfiguration: product_ignored_files: Optional[ProductIgnoredFiles] = None generic_slow_rollout: bool = field(default_factory=lambda: False) historical_config: Optional[HistoricalConfiguration] = None - always_fail_open: bool = field(default_factory=lambda: False) + always_suppress_errors: bool = field(default_factory=lambda: False) @classmethod def from_json(cls, x: Any) -> 'EngineConfiguration': @@ -3209,7 +3209,7 @@ def from_json(cls, x: Any) -> 'EngineConfiguration': product_ignored_files=ProductIgnoredFiles.from_json(x['product_ignored_files']) if 'product_ignored_files' in x else None, generic_slow_rollout=_atd_read_bool(x['generic_slow_rollout']) if 'generic_slow_rollout' in x else False, historical_config=HistoricalConfiguration.from_json(x['historical_config']) if 'historical_config' in x else None, - always_fail_open=_atd_read_bool(x['always_fail_open']) if 'always_fail_open' in x else False, + always_suppress_errors=_atd_read_bool(x['always_suppress_errors']) if 'always_suppress_errors' in x else False, ) else: _atd_bad_json('EngineConfiguration', x) @@ -3225,7 +3225,7 @@ def to_json(self) -> Any: res['generic_slow_rollout'] = _atd_write_bool(self.generic_slow_rollout) if self.historical_config is not None: res['historical_config'] = (lambda x: x.to_json())(self.historical_config) - res['always_fail_open'] = _atd_write_bool(self.always_fail_open) + res['always_suppress_errors'] = _atd_write_bool(self.always_suppress_errors) return res @classmethod diff --git a/semgrep_output_v1.ts b/semgrep_output_v1.ts index 2ff35b94..606cd073 100644 --- a/semgrep_output_v1.ts +++ b/semgrep_output_v1.ts @@ -669,7 +669,7 @@ export type EngineConfiguration = { product_ignored_files?: ProductIgnoredFiles; generic_slow_rollout: boolean; historical_config?: HistoricalConfiguration; - always_fail_open: boolean; + always_suppress_errors: boolean; } export type Finding = { @@ -2941,7 +2941,7 @@ export function writeEngineConfiguration(x: EngineConfiguration, context: any = 'product_ignored_files': _atd_write_optional_field(writeProductIgnoredFiles, x.product_ignored_files, x), 'generic_slow_rollout': _atd_write_field_with_default(_atd_write_bool, false, x.generic_slow_rollout, x), 'historical_config': _atd_write_optional_field(writeHistoricalConfiguration, x.historical_config, x), - 'always_fail_open': _atd_write_field_with_default(_atd_write_bool, false, x.always_fail_open, x), + 'always_suppress_errors': _atd_write_field_with_default(_atd_write_bool, false, x.always_suppress_errors, x), }; } @@ -2954,7 +2954,7 @@ export function readEngineConfiguration(x: any, context: any = x): EngineConfigu product_ignored_files: _atd_read_optional_field(readProductIgnoredFiles, x['product_ignored_files'], x), generic_slow_rollout: _atd_read_field_with_default(_atd_read_bool, false, x['generic_slow_rollout'], x), historical_config: _atd_read_optional_field(readHistoricalConfiguration, x['historical_config'], x), - always_fail_open: _atd_read_field_with_default(_atd_read_bool, false, x['always_fail_open'], x), + always_suppress_errors: _atd_read_field_with_default(_atd_read_bool, false, x['always_suppress_errors'], x), }; } diff --git a/semgrep_output_v1_j.ml b/semgrep_output_v1_j.ml index a0c49a2f..85b3d2f3 100644 --- a/semgrep_output_v1_j.ml +++ b/semgrep_output_v1_j.ml @@ -288,7 +288,7 @@ type engine_configuration = Semgrep_output_v1_t.engine_configuration = { product_ignored_files: product_ignored_files option; generic_slow_rollout: bool; historical_config: historical_configuration option; - always_fail_open: bool + always_suppress_errors: bool } type scan_response = Semgrep_output_v1_t.scan_response = { @@ -10437,11 +10437,11 @@ let write_engine_configuration : _ -> engine_configuration -> _ = ( is_first := false else Buffer.add_char ob ','; - Buffer.add_string ob "\"always_fail_open\":"; + Buffer.add_string ob "\"always_suppress_errors\":"; ( Yojson.Safe.write_bool ) - ob x.always_fail_open; + ob x.always_suppress_errors; Buffer.add_char ob '}'; ) let string_of_engine_configuration ?(len = 1024) x = @@ -10459,7 +10459,7 @@ let read_engine_configuration = ( let field_product_ignored_files = ref (None) in let field_generic_slow_rollout = ref (false) in let field_historical_config = ref (None) in - let field_always_fail_open = ref (false) in + let field_always_suppress_errors = ref (false) in try Yojson.Safe.read_space p lb; Yojson.Safe.read_object_end lb; @@ -10494,26 +10494,12 @@ let read_engine_configuration = ( ) ) | 16 -> ( - match String.unsafe_get s pos with - | 'a' -> ( - if String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'w' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'y' && String.unsafe_get s (pos+5) = 's' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'f' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'i' && String.unsafe_get s (pos+10) = 'l' && String.unsafe_get s (pos+11) = '_' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'p' && String.unsafe_get s (pos+14) = 'e' && String.unsafe_get s (pos+15) = 'n' then ( - 7 - ) - else ( - -1 - ) - ) - | 'd' -> ( - if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( - 2 - ) - else ( - -1 - ) - ) - | _ -> ( - -1 - ) + if String.unsafe_get s pos = 'd' && String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( + 2 + ) + else ( + -1 + ) ) | 17 -> ( if String.unsafe_get s pos = 'h' && String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 's' && String.unsafe_get s (pos+3) = 't' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'r' && String.unsafe_get s (pos+6) = 'i' && String.unsafe_get s (pos+7) = 'c' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'l' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'c' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'n' && String.unsafe_get s (pos+14) = 'f' && String.unsafe_get s (pos+15) = 'i' && String.unsafe_get s (pos+16) = 'g' then ( @@ -10539,6 +10525,14 @@ let read_engine_configuration = ( -1 ) ) + | 22 -> ( + if String.unsafe_get s pos = 'a' && String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'w' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'y' && String.unsafe_get s (pos+5) = 's' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 's' && String.unsafe_get s (pos+8) = 'u' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'p' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 's' && String.unsafe_get s (pos+14) = 's' && String.unsafe_get s (pos+15) = '_' && String.unsafe_get s (pos+16) = 'e' && String.unsafe_get s (pos+17) = 'r' && String.unsafe_get s (pos+18) = 'r' && String.unsafe_get s (pos+19) = 'o' && String.unsafe_get s (pos+20) = 'r' && String.unsafe_get s (pos+21) = 's' then ( + 7 + ) + else ( + -1 + ) + ) | _ -> ( -1 ) @@ -10609,7 +10603,7 @@ let read_engine_configuration = ( ) | 7 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( - field_always_fail_open := ( + field_always_suppress_errors := ( ( Atdgen_runtime.Oj_run.read_bool ) p lb @@ -10653,26 +10647,12 @@ let read_engine_configuration = ( ) ) | 16 -> ( - match String.unsafe_get s pos with - | 'a' -> ( - if String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'w' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'y' && String.unsafe_get s (pos+5) = 's' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'f' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'i' && String.unsafe_get s (pos+10) = 'l' && String.unsafe_get s (pos+11) = '_' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'p' && String.unsafe_get s (pos+14) = 'e' && String.unsafe_get s (pos+15) = 'n' then ( - 7 - ) - else ( - -1 - ) - ) - | 'd' -> ( - if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( - 2 - ) - else ( - -1 - ) - ) - | _ -> ( - -1 - ) + if String.unsafe_get s pos = 'd' && String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( + 2 + ) + else ( + -1 + ) ) | 17 -> ( if String.unsafe_get s pos = 'h' && String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 's' && String.unsafe_get s (pos+3) = 't' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'r' && String.unsafe_get s (pos+6) = 'i' && String.unsafe_get s (pos+7) = 'c' && String.unsafe_get s (pos+8) = 'a' && String.unsafe_get s (pos+9) = 'l' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'c' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'n' && String.unsafe_get s (pos+14) = 'f' && String.unsafe_get s (pos+15) = 'i' && String.unsafe_get s (pos+16) = 'g' then ( @@ -10698,6 +10678,14 @@ let read_engine_configuration = ( -1 ) ) + | 22 -> ( + if String.unsafe_get s pos = 'a' && String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'w' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'y' && String.unsafe_get s (pos+5) = 's' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 's' && String.unsafe_get s (pos+8) = 'u' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'p' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 's' && String.unsafe_get s (pos+14) = 's' && String.unsafe_get s (pos+15) = '_' && String.unsafe_get s (pos+16) = 'e' && String.unsafe_get s (pos+17) = 'r' && String.unsafe_get s (pos+18) = 'r' && String.unsafe_get s (pos+19) = 'o' && String.unsafe_get s (pos+20) = 'r' && String.unsafe_get s (pos+21) = 's' then ( + 7 + ) + else ( + -1 + ) + ) | _ -> ( -1 ) @@ -10768,7 +10756,7 @@ let read_engine_configuration = ( ) | 7 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( - field_always_fail_open := ( + field_always_suppress_errors := ( ( Atdgen_runtime.Oj_run.read_bool ) p lb @@ -10790,7 +10778,7 @@ let read_engine_configuration = ( product_ignored_files = !field_product_ignored_files; generic_slow_rollout = !field_generic_slow_rollout; historical_config = !field_historical_config; - always_fail_open = !field_always_fail_open; + always_suppress_errors = !field_always_suppress_errors; } : engine_configuration) ) diff --git a/semgrep_output_v1_j.mli b/semgrep_output_v1_j.mli index 8b2b362b..1bf81594 100644 --- a/semgrep_output_v1_j.mli +++ b/semgrep_output_v1_j.mli @@ -288,7 +288,7 @@ type engine_configuration = Semgrep_output_v1_t.engine_configuration = { product_ignored_files: product_ignored_files option; generic_slow_rollout: bool; historical_config: historical_configuration option; - always_fail_open: bool + always_suppress_errors: bool } type scan_response = Semgrep_output_v1_t.scan_response = {