Add i18n and exotic rules while bumping to 1.16.2#5
Conversation
heliocodacy
force-pushed
the
i18n_exotic_rules
branch
from
099a3c0 to
719a044
Compare
Codacy's Analysis Summary10 new issues (≤ 0 minor issue) ✨ AI Reviewer: first review requested successfully. As new changes are pushed, run a review below. |
There was a problem hiding this comment.
Pull request overview
This PR bumps the bundled OpenGrep version to 1.16.2 and expands the rule set by adding new i18n-focused Semgrep rules and a new “exotic” SQL hardcoded-values rule, along with corresponding documentation test fixtures.
Changes:
- Bump OpenGrep wrapper/tooling version to 1.16.2 and adjust scan runtime limits.
- Add new i18n rules (JS + Java) and expand the i18n multiple-tests fixtures/results.
- Add a new “exotic” SQL hardcoded-values rule and a dedicated multiple-tests fixture/results set.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/tool/command.go | Updates OpenGrep CLI flags (timeout threshold, max memory). |
| internal/docgen/parsing.go | Ensures docgen loads the new codacy-rules-exotic.yaml ruleset. |
| docs/multiple-tests/i18n/src/OrderController.java | Wraps excerpt in a class and provides additional i18n “bad” examples. |
| docs/multiple-tests/i18n/src/Javai18nPotentialsIssues.java | Adds a comprehensive Java i18n test corpus for the new rules. |
| docs/multiple-tests/i18n/src/FalsePositive.jsx | Adds a JS/React i18n test corpus for the new rules. |
| docs/multiple-tests/i18n/results.xml | Updates expected findings for the expanded i18n rules/tests. |
| docs/multiple-tests/i18n/patterns.xml | Enables additional i18n rules in the i18n test harness. |
| docs/multiple-tests/exotic/src/ExoticCode01.java | Adds a Java sample containing hardcoded SQL values for exotic detection. |
| docs/multiple-tests/exotic/results.xml | Adds expected findings for the exotic SQL rule. |
| docs/multiple-tests/exotic/patterns.xml | Enables the exotic SQL rule in the exotic test harness. |
| docs/codacy-rules.yaml | Tweaks existing SQL and GRANT regexes (comment avoidance + role matching). |
| docs/codacy-rules-i18n.yaml | Adds multiple new i18n rules for JS and Java (and related patterns). |
| docs/codacy-rules-exotic.yaml | Introduces the new exotic SQL hardcoded-values rule. |
| Dockerfile | Bumps OPENGREP_VERSION build arg to v1.16.2. |
| .tool_version | Bumps tool version to 1.16.2. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| <module name="codacy.js.i18n.no-hardcoded-number-format" /> | ||
| </module> No newline at end of file | ||
| <module name="codacy.js.i18n.no-hardcoded-throw-error" /> | ||
| <module name="codacy.java.i18n.no-hardcoded-map-put" /> | ||
| <module name="codacy.java.i18n.no-hardcoded-map-of" /> | ||
| </module> |
There was a problem hiding this comment.
codacy.java.i18n.no-hardcoded-response-body was added to docs/codacy-rules-i18n.yaml, but it isn't enabled in this i18n test harness (docs/multiple-tests/i18n/patterns.xml) and there are no expected findings for it in results.xml. If this rule is meant to ship, it should be included here with corresponding expected results so regressions are caught.
| "--timeout", "5", | ||
| "--timeout-threshold", "50", | ||
| "--max-target-bytes", "0", | ||
| "--taint-intrafile", | ||
| //"--pro", | ||
| //"--error-recovery", | ||
| "--max-memory", "2560", | ||
| "--max-memory", "5000", |
There was a problem hiding this comment.
createCommandParameters now emits --timeout-threshold 50 (and --max-memory 5000). internal/tool/command_test.go still asserts --timeout-threshold 3 (via assert.Subset), so the unit test will fail as-is. Update the expected params in the test (and consider centralizing these option values so prod + tests stay in sync).
No description provided.