René's URL Explorer Experiment


Title: upload-sarif@v2 Doesn't support `suppressions` property in Sarif files. · Issue #1230 · github/codeql-action · GitHub

Open Graph Title: upload-sarif@v2 Doesn't support `suppressions` property in Sarif files. · Issue #1230 · github/codeql-action

X Title: upload-sarif@v2 Doesn't support `suppressions` property in Sarif files. · Issue #1230 · github/codeql-action

Description: I've recently noticed, when running semgrep, that findings that are suppressed in code with #nosemgrep flag the results with a suppressions property. This seems to be valid sarif formatting. Example of a result: { "$schema": "https://doc...

Open Graph Description: I've recently noticed, when running semgrep, that findings that are suppressed in code with #nosemgrep flag the results with a suppressions property. This seems to be valid sarif formatting. Exampl...

X Description: I've recently noticed, when running semgrep, that findings that are suppressed in code with #nosemgrep flag the results with a suppressions property. This seems to be valid sarif formatting. Ex...

Opengraph URL: https://github.com/github/codeql-action/issues/1230

X: @github

direct link

Domain: github.com


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"upload-sarif@v2 Doesn't support `suppressions` property in Sarif files.","articleBody":"I've recently noticed, when running `semgrep`, that findings that are suppressed in code with `#nosemgrep` flag the results with a `suppressions` property. This seems to be [valid sarif formatting](https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541099).\r\n\r\nExample of a result:\r\n```\r\n{\r\n    \"$schema\": \"https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json\",\r\n    \"runs\": [\r\n        {\r\n            \"invocations\": [\r\n                {\r\n                    \"executionSuccessful\": true,\r\n                    \"toolExecutionNotifications\": []\r\n                }\r\n            ],\r\n            \"results\": [\r\n                {\r\n                    \"locations\": [\r\n                        {\r\n                            \"physicalLocation\": {\r\n                                \"artifactLocation\": {\r\n                                    \"uri\": \"backend/opre_ops/django_config/settings/common.py\",\r\n                                    \"uriBaseId\": \"%SRCROOT%\"\r\n                                },\r\n                                \"region\": {\r\n                                    \"endColumn\": 15,\r\n                                    \"endLine\": 91,\r\n                                    \"snippet\": {\r\n                                        \"text\": \"REST_FRAMEWORK = {  # nosemgrep: python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config\"\r\n                                    },\r\n                                    \"startColumn\": 1,\r\n                                    \"startLine\": 91\r\n                                }\r\n                            }\r\n                        }\r\n                    ],\r\n                    \"message\": {\r\n                        \"text\": \"Django REST framework configuration is missing default rate- limiting options. This could inadvertently allow resource starvation or Denial of Service (DoS) attacks. Add 'DEFAULT_THROTTLE_CLASSES' and 'DEFAULT_THROTTLE_RATES' to add rate-limiting to your application.\"\r\n                    },\r\n                    \"ruleId\": \"python.django.security.audit.django-rest-framework.missing-throttle-config.missing-throttle-config\",\r\n                    \"suppressions\": [\r\n                        {\r\n                            \"kind\": \"inSource\"\r\n                        }\r\n                    ]\r\n                }\r\n            ],\r\n            \"tool\": {\r\n                \"driver\": {\r\n                    \"name\": \"semgrep\",\r\n                    \"rules\": [\r\n                        {\r\n                            \"defaultConfiguration\": {\r\n                                \"level\": \"error\"\r\n                            },\r\n                           ...\r\n                    \"semanticVersion\": \"0.111.1\"\r\n                }\r\n            }\r\n        }\r\n    ],\r\n    \"version\": \"2.1.0\"\r\n}\r\n```\r\n\r\nWhen results like this are uploaded via the `github/codeql-action/upload-sarif@v2` the results are still propagated as-if valid findings.\r\n\r\nShouldn't these be ignored, or flagged in some other way? ","author":{"url":"https://github.com/tdonaworth","@type":"Person","name":"tdonaworth"},"datePublished":"2022-09-02T01:09:04.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":12},"url":"https://github.com/1230/codeql-action/issues/1230"}

route-pattern/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controllervoltron_issues_fragments
route-actionissue_layout
fetch-noncev2:6a51090d-eaf4-2290-1976-8600db302b01
current-catalog-service-hash81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-idA8EC:2FA5EC:E1B6F:12C8E8:6A4D9389
html-safe-nonce6c000c1ba725075749eb7d09ba990299e806a5c4161198b92a529ce24b1e1a57
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBOEVDOjJGQTVFQzpFMUI2RjoxMkM4RTg6NkE0RDkzODkiLCJ2aXNpdG9yX2lkIjoiNDQ3NzM1MTIxMTQwMjM2Nzg4MSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmac13837a4d3a6b7f19e1b9aa13b4f1ad52dddf1cd7ac44f71f4f214388e7ca8f82
hovercard-subject-tagissue:1359587396
github-keyboard-shortcutsrepository,issues,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/issues_fragments/issue_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/codeql-action/1230/issue_layout
twitter:imagehttps://opengraph.githubassets.com/6da49c5b74ba4b932122387f26a9e360439180049a0f07c5e2764d890fcab8e5/github/codeql-action/issues/1230
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/6da49c5b74ba4b932122387f26a9e360439180049a0f07c5e2764d890fcab8e5/github/codeql-action/issues/1230
og:image:altI've recently noticed, when running semgrep, that findings that are suppressed in code with #nosemgrep flag the results with a suppressions property. This seems to be valid sarif formatting. Exampl...
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernametdonaworth
hostnamegithub.com
expected-hostnamegithub.com
None06b8a6144231bf3a234f1c2e9993861e07ce98a905912b114aa386c2d7e84b33
turbo-cache-controlno-preview
go-importgithub.com/github/codeql-action git https://github.com/github/codeql-action.git
octolytics-dimension-user_id9919
octolytics-dimension-user_logingithub
octolytics-dimension-repository_id259445878
octolytics-dimension-repository_nwogithub/codeql-action
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id259445878
octolytics-dimension-repository_network_root_nwogithub/codeql-action
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release74e2a9c78f1e38588de4f25885878349d721eedf
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/github/codeql-action/issues/1230#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fissues%2F1230
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fissues%2F1230
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=github%2Fcodeql-action
Reloadhttps://github.com/github/codeql-action/issues/1230
Reloadhttps://github.com/github/codeql-action/issues/1230
Reloadhttps://github.com/github/codeql-action/issues/1230
Please reload this pagehttps://github.com/github/codeql-action/issues/1230
github https://github.com/github
codeql-actionhttps://github.com/github/codeql-action
Notifications https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Fork 470 https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Star 1.6k https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Code https://github.com/github/codeql-action
Issues 156 https://github.com/github/codeql-action/issues
Pull requests 26 https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality 2 https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
Code https://github.com/github/codeql-action
Issues https://github.com/github/codeql-action/issues
Pull requests https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
upload-sarif@v2 Doesn't support suppressions property in Sarif files.https://github.com/github/codeql-action/issues/1230#top
https://github.com/tdonaworth
tdonaworthhttps://github.com/tdonaworth
on Sep 2, 2022https://github.com/github/codeql-action/issues/1230#issue-1359587396
valid sarif formattinghttps://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541099
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.