Merge pull request #140 from regulaforensics/develop

develop -> stable
regulaforensics · Sep 20, 2024 · 131b008 · 131b008
2 parents ffeff0b + 004837c
commit 131b008
Show file tree

Hide file tree

Showing 16 changed files with 458 additions and 263 deletions.
diff --git a/.github/workflows/sast.yaml b/.github/workflows/sast.yaml
@@ -0,0 +1,58 @@
+name: Semgrep SAST
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - staging
+      - production
+      - stable
+      - main
+      - master
+
+env:
+  # Fail workflow or not if vulnerabilities found
+  FAIL_ON_VULNERABILITIES: true
+  # List of paths (space separated) to ignore
+  # Supports PATTERNS
+  # EXCLUDE_PATHS: 'foo bar/baz file.txt dir/*.yml'
+  EXCLUDE_PATHS: ''
+  # List of rules (space separated) to ignore
+  # EXCLUDE_RULES: 'generic.secrets.security.detected-aws-account-id.detected-aws-account-id'
+  # See https://github.com/semgrep/semgrep-rules for rules registry
+  EXCLUDE_RULES: ''
+
+jobs:
+  semgrep:
+    name: semgrep-oss/scan
+    runs-on: ubuntu-latest
+    container:
+      image: semgrep/semgrep
+    steps:
+      - uses: actions/checkout@v4
+      - name: Scan
+        shell: bash
+        run: |
+          EXCLUDED_PATHS=()
+          if [[ ! -z $EXCLUDE_PATHS ]]; then
+            for path in $EXCLUDE_PATHS; do
+              EXCLUDED_PATHS+=("--exclude $path")
+            done
+          fi
+
+          EXCLUDED_RULES=()
+          if [[ ! -z $EXCLUDE_RULES ]]; then
+            for rule in $EXCLUDE_RULES; do
+              EXCLUDED_RULES+=("--exclude-rule $rule")
+            done
+          fi
+
+          if [[ $FAIL_ON_VULNERABILITIES == "true" ]]; then
+            semgrep scan --config auto ${EXCLUDED_PATHS[@]} ${EXCLUDED_RULES[@]} --error --verbose
+          elif [[ $FAIL_ON_VULNERABILITIES == "false" ]]; then
+            semgrep scan --config auto ${EXCLUDED_PATHS[@]} ${EXCLUDED_RULES[@]} --error --verbose || true
+          else
+            echo "Bad FAIL_ON_VULNERABILITIES env var value"
+            exit 1
+          fi
+
diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES
@@ -88,6 +88,7 @@ regula/documentreader/webclient/gen/models/lexical_analysis_result_all_of.py
 regula/documentreader/webclient/gen/models/license_result.py
 regula/documentreader/webclient/gen/models/license_result_all_of.py
 regula/documentreader/webclient/gen/models/light.py
+regula/documentreader/webclient/gen/models/list_transactions_by_tag_response.py
 regula/documentreader/webclient/gen/models/list_verified_fields.py
 regula/documentreader/webclient/gen/models/liveness_params.py
 regula/documentreader/webclient/gen/models/log_level.py

diff --git a/Pipfile b/Pipfile
@@ -14,10 +14,10 @@ requests = ">=2.32.3"
 
 [dev-packages]
 setuptools = ">=21.0.0"
-pipenv-setup = "*"
 wheel = "*"
 twine = "*"
 chardet = "*"
+packaging = ">=22.0"
 
 [requires]
 python_version = "3.8"