GrosQuildu
commented
1 year ago To limit false positive, removed detection of hardcoded strings. This is in accordance with similar, official semgrep rules.
Removed:
- onnx-convert-ort - semgrep doesn't support bash language yet
- pandas-read-* - reading json/csv is not inherently insecure, it depends form where you get data. There are advanced rules that can track data flow and determine if reading specific file is safe. Consider extending such rule with pandas. I guess CodeQL should be a good match here.
- pickle-load - already exists
r/python.lang.security.deserialization.pickle.avoid-pickle - tensorflow-load-op-library - merged with tensorflow-load-op-library
- pickle-load - already exists
New PR for CLA.
Changes:
tf -> tensorflow np -> numpy