Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Insufficient_permissions case as a reason to skip a target #304

Merged
merged 2 commits into from
Oct 29, 2024
Merged

Add Insufficient_permissions case as a reason to skip a target #304

merged 2 commits into from
Oct 29, 2024

Conversation

mjambon
Copy link
Member

@mjambon mjambon commented Oct 28, 2024
edited
Loading

Clients consuming semgrep output should be upgraded to support this.

Used by https://github.com/semgrep/semgrep-proprietary/pull/2506

@mjambon mjambon requested a review from aryx October 28, 2024 23:16
@github-actions GitHub Actions
Copy link

Backwards compatibility summary:

Checking backward compatibility of semgrep_output_v1.atd against past version v1.29.0
Skipping v1.30.0 because commit 78720c795cd5a186f5102c87125ef876c6435a0c has already been checked
Skipping v1.31.0 because commit 78720c795cd5a186f5102c87125ef876c6435a0c has already been checked
Skipping v1.31.1 because commit 78720c795cd5a186f5102c87125ef876c6435a0c has already been checked
Skipping v1.31.2 because commit 78720c795cd5a186f5102c87125ef876c6435a0c has already been checked
Skipping v1.32.0 because commit 78720c795cd5a186f5102c87125ef876c6435a0c has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.33.0
Skipping v1.33.1 because commit 8849e56ddb0977e38a120a6cfbd1c396eb6fa15e has already been checked
Skipping v1.33.2 because commit 8849e56ddb0977e38a120a6cfbd1c396eb6fa15e has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.34.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.37.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.38.0
Skipping v1.38.1 because commit fd294683e7369cabf63738febeaba8a22c925187 has already been checked
Skipping v1.38.2 because commit fd294683e7369cabf63738febeaba8a22c925187 has already been checked
Skipping v1.38.3 because commit fd294683e7369cabf63738febeaba8a22c925187 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.39.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.40.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.41.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.42.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.43.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.44.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.45.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.46.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.47.0
Skipping v1.48.0 because commit 278ed753e0c66b8bfc3f2d805fde53be022dd4b6 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.49.0
Skipping v1.50.0 because commit 857682f41eb09e0b330a247ff1adf3bfeaf9d9ca has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.52.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.53.0
Skipping v1.54.0 because commit 3b72d494260258497e796d094b1a4916501a6df1 has already been checked
Skipping v1.54.1 because commit 3b72d494260258497e796d094b1a4916501a6df1 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.54.2
Skipping v1.54.3 because commit 9f1c50383a9a9969e2fe7a5f9bff9ca0a7c837bb has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.55.0
Skipping v1.55.1 because commit 6dffeaa692153fd33b4f154fddaefde1f2f1ae27 has already been checked
Skipping v1.55.2 because commit 6dffeaa692153fd33b4f154fddaefde1f2f1ae27 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.56.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.57.0
Skipping v1.58.0 because commit 4cc11b00d411c02fc611aa8c78a336520438fb48 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.59.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.59.1
Checking backward compatibility of semgrep_output_v1.atd against past version v1.60.0
Skipping v1.60.1 because commit eed58a091fd7d19e402a6d4cf2d287e137215d03 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.61.0
Skipping v1.61.1 because commit bbfd1c5b91bd411bceffc3de73f5f0b37f04433d has already been checked
Skipping v1.62.0 because commit bbfd1c5b91bd411bceffc3de73f5f0b37f04433d has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.63.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.64.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.65.0
Skipping v1.66.0 because commit 3e7bbafa2b7e722d893303a7fb90a83dab6737a7 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.66.1
Skipping v1.66.2 because commit 215a54782174de84f97188632b4a37e35ba0f827 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.67.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.68.0
Skipping v1.69.0 because commit d5b91fa4f6a03240db31e9bbbc5376a99bc8eeea has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.70.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.71.0
Skipping v1.72.0 because commit 75abf193687b84ab341d8267d865ad68d81a89c9 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.73.0
Skipping v1.74.0 because commit 9f38254957c50c68ea402eebae0f7aa40dd01cbf has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.75.0
Skipping v1.76.0 because commit 9102031608aa4154e1c37f557550ec4eabc8780c has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.77.0
Skipping v1.78.0 because commit dcb5d77b420ddee61f58aadd3c2c7aef38778154 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.79.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.80.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.81.0
Skipping v1.82.0 because commit 9e0f3bec26b07b4fb6753a32cb75277f45f2572c has already been checked
Skipping v1.83.0 because commit 9e0f3bec26b07b4fb6753a32cb75277f45f2572c has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.84.0
Skipping v1.84.1 because commit 3daef49297ada205359cc1d2996354c94b628b0d has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.85.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.86.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.87.0
Skipping v1.88.0 because commit 512c0bd97db59c48a5705b2741662a338776e438 has already been checked
Skipping v1.89.0 because commit 512c0bd97db59c48a5705b2741662a338776e438 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.90.0
Checking backward compatibility of semgrep_output_v1.atd against past version v1.91.0
Skipping v1.92.0 because commit 2351c5e528cb7430422208dc66707894c066b508 has already been checked
Checking backward compatibility of semgrep_output_v1.atd against past version v1.93.0

@mjambon mjambon force-pushed the martin/insufficient-permissions branch from ed0ef24 to 6017756 Compare October 28, 2024 23:19
aryx
aryx approved these changes Oct 29, 2024
View reviewed changes
@mjambon mjambon merged commit 74a0c4b into main Oct 29, 2024
3 checks passed
@mjambon mjambon deleted the martin/insufficient-permissions branch October 29, 2024 19:32
semgrep-ci bot pushed a commit to semgrep/semgrep that referenced this pull request Oct 30, 2024
@mjambon
Skip files and folders lacking read access permissions (semgrep/semgr…
83a7404 
…ep-proprietary#2506)

Important: semgrep-interfaces changed and our internal clients need to
upgrade first so they can read understand the new reason for skipping a
target file (`Insufficient_permissions`). See
semgrep/semgrep-interfaces#304

This involved checking and reporting access problems in three main
locations and taking care of 2 project kinds:
* pysemgrep, semgrep-core, osemgrep
* git and non-git projects

We have tests that cover the essentials for pysemgrep and for osemgrep.
Not all skipped files or folders are reported depending on the
implementation:
* in git projects, we don't list skipped folders because git does it for
us
* in non-git pysemgrep projects, we don't list skipped folders (because
it seems unessential and doesn't cause problems downstream whereas it
was important to filter out regular files before passing them to
semgrep-core)

Test plan:
* CI tests are sufficient for non-git projects and are most strict for
osemgrep
* We don't have tests for git projects yet. Manual testing:
```
$ cd semgrep  # or any git repo
$ mkdir foo
$ touch foo/bar.py
$ chmod 000 foo/bar.py
$ semgrep foo
...
$ semgrep foo --experimental
...
```
Expected results:
* no crash
* show that 0 files were scanned

synced from Pro 418b03583f084fb2cc9c8c4367c3c456229a1db2
semgrep-ci bot pushed a commit to semgrep/semgrep that referenced this pull request Oct 30, 2024
@mjambon
Skip files and folders lacking read access permissions (semgrep/semgr…
9717d6b 
…ep-proprietary#2506)

Important: semgrep-interfaces changed and our internal clients need to
upgrade first so they can read understand the new reason for skipping a
target file (`Insufficient_permissions`). See
semgrep/semgrep-interfaces#304

This involved checking and reporting access problems in three main
locations and taking care of 2 project kinds:
* pysemgrep, semgrep-core, osemgrep
* git and non-git projects

We have tests that cover the essentials for pysemgrep and for osemgrep.
Not all skipped files or folders are reported depending on the
implementation:
* in git projects, we don't list skipped folders because git does it for
us
* in non-git pysemgrep projects, we don't list skipped folders (because
it seems unessential and doesn't cause problems downstream whereas it
was important to filter out regular files before passing them to
semgrep-core)

Test plan:
* CI tests are sufficient for non-git projects and are most strict for
osemgrep
* We don't have tests for git projects yet. Manual testing:
```
$ cd semgrep  # or any git repo
$ mkdir foo
$ touch foo/bar.py
$ chmod 000 foo/bar.py
$ semgrep foo
...
$ semgrep foo --experimental
...
```
Expected results:
* no crash
* show that 0 files were scanned

synced from Pro 418b03583f084fb2cc9c8c4367c3c456229a1db2
semgrep-ci bot pushed a commit to semgrep/semgrep that referenced this pull request Oct 30, 2024
@mjambon
Skip files and folders lacking read access permissions (semgrep/semgr…
f2ff07c 
…ep-proprietary#2506)

Important: semgrep-interfaces changed and our internal clients need to
upgrade first so they can read understand the new reason for skipping a
target file (`Insufficient_permissions`). See
semgrep/semgrep-interfaces#304

This involved checking and reporting access problems in three main
locations and taking care of 2 project kinds:
* pysemgrep, semgrep-core, osemgrep
* git and non-git projects

We have tests that cover the essentials for pysemgrep and for osemgrep.
Not all skipped files or folders are reported depending on the
implementation:
* in git projects, we don't list skipped folders because git does it for
us
* in non-git pysemgrep projects, we don't list skipped folders (because
it seems unessential and doesn't cause problems downstream whereas it
was important to filter out regular files before passing them to
semgrep-core)

Test plan:
* CI tests are sufficient for non-git projects and are most strict for
osemgrep
* We don't have tests for git projects yet. Manual testing:
```
$ cd semgrep  # or any git repo
$ mkdir foo
$ touch foo/bar.py
$ chmod 000 foo/bar.py
$ semgrep foo
...
$ semgrep foo --experimental
...
```
Expected results:
* no crash
* show that 0 files were scanned

synced from Pro 418b03583f084fb2cc9c8c4367c3c456229a1db2
ajbt200128 pushed a commit to semgrep/semgrep that referenced this pull request Oct 30, 2024
@mjambon @ajbt200128
Skip files and folders lacking read access permissions (semgrep/semgr…
1564a1a 
…ep-proprietary#2506)

Important: semgrep-interfaces changed and our internal clients need to
upgrade first so they can read understand the new reason for skipping a
target file (`Insufficient_permissions`). See
semgrep/semgrep-interfaces#304

This involved checking and reporting access problems in three main
locations and taking care of 2 project kinds:
* pysemgrep, semgrep-core, osemgrep
* git and non-git projects

We have tests that cover the essentials for pysemgrep and for osemgrep.
Not all skipped files or folders are reported depending on the
implementation:
* in git projects, we don't list skipped folders because git does it for
us
* in non-git pysemgrep projects, we don't list skipped folders (because
it seems unessential and doesn't cause problems downstream whereas it
was important to filter out regular files before passing them to
semgrep-core)

Test plan:
* CI tests are sufficient for non-git projects and are most strict for
osemgrep
* We don't have tests for git projects yet. Manual testing:
```
$ cd semgrep  # or any git repo
$ mkdir foo
$ touch foo/bar.py
$ chmod 000 foo/bar.py
$ semgrep foo
...
$ semgrep foo --experimental
...
```
Expected results:
* no crash
* show that 0 files were scanned

synced from Pro 418b03583f084fb2cc9c8c4367c3c456229a1db2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aryx aryx aryx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mjambon @aryx