9fdd77aacf
In a previous commit, semgrep was pinned to version 1.37.0 while we waited for a fix to 1.38.0 that was breaking our CircleCI builds. Now that 1.38.2 was released with a fix to the problem that was affecting us, we don't need to pin it anymore. [MAILPOET-5565]
16 lines
590 B
Bash
Executable File
16 lines
590 B
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Save our starting location, so we can jump back there later.
|
|
scriptdirectory=${PWD}
|
|
rulesdirectory='tools/wpscan-semgrep-rules'
|
|
|
|
# Make sure we have a copy of WPScan's Semgrep rules.
|
|
if [ ! -d $scriptdirectory/$rulesdirectory ]
|
|
then
|
|
echo "Cloning WPScan's Semgrep rules repository..."
|
|
git clone --depth=1 git@github.com:Automattic/wpscan-semgrep-rules.git $scriptdirectory/$rulesdirectory
|
|
fi
|
|
|
|
# Run Semgrep
|
|
docker run --rm -v "${scriptdirectory}:/src" returntocorp/semgrep semgrep --error --text --metrics=off -c "/src/${rulesdirectory}/audit" $@
|