Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add LSP functionality to Rover #2272

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

ROVER-245 Extra error handling when initialising stream

e443b00
Select commit
Loading
Failed to load commit list.
Open

Add LSP functionality to Rover #2272

ROVER-245 Extra error handling when initialising stream
e443b00
Select commit
Loading
Failed to load commit list.
Apollo SecOps / Static App Security Check completed Dec 20, 2024 in 22s

Static App Security Check

🟡 Potential Security Issues Found

If you are seeing this message, it means that the security scanning tool that Apollo uses to test our source has identified a potential security issue in code introduced or updated via your branch. Information about what was detected and steps to move forward are below.

If the scanner detected a legitimate issue, please take action to correct it prior to merging this PR. The action required will vary based on the detection. If the detection is a false positive, please follow the steps below to resolve the issue.

Issue Detected

Message Caused CI Failure? Link Path Signature
temp_dir should not be used for security operations. From the docs: 'The temporary directory may be shared among users, or between processes with different privileges; thus, the creation of any files or directories in the temporary directory must use a secure method to create a uniquely named file. Creating a file or directory with a fixed or predictable name may result in “insecure temporary file” security vulnerabilities.' No Link src/command/lsp/mod.rs rules.providers.semgrep.security.rust.lang.security.temp-dir

False Positive Resolution Process

The easiest way to resolve a false positive is to add a comment containing nosemgrep to the code that triggered the detection. You can add the comment directly to the line triggering the detection or on the line immediately above it. For example:

#!/usr/bin/env python3

def my_function():
    my_code_generating_detection() # nosemgrep

What if I can't add a line comment?

If you can't add a comment because the detection is generated by a file that does not support comments (like JSON), you can use Semgrep's .semgrepignore file. For more information about how to create an exclusion via .semgrepignore, refer to the Semgrep documentation.

Getting Help

The Apollo Security team is available to assist in resolving this issue. Please tag us on this PR using @apollographql/security if you need assistance!

How do I know I fixed this correctly?

 You will need to resolve all items in the table above that "Caused CI Failure" prior to merging. Once you have, this check will stop reporting an ❌. We encourage you to resolve issues that aren't causing CI failures as well, but it is not required to merge.

Annotations

Check notice on line 332 in src/command/lsp/mod.rs

See this annotation in the file changed.

@apollo-secops apollo-secops / Static App Security Check

rules.providers.semgrep.security.rust.lang.security.temp-dir 

temp_dir should not be used for security operations.
From the docs: 'The temporary directory may be shared among users, or between processes with different privileges; thus, the creation of any files or directories in the temporary directory must use a secure method to create a uniquely named file.
Creating a file or directory with a fixed or predictable name may result in “insecure temporary file” security vulnerabilities.'
View more details on Apollo SecOps