Update 5.0.0 Major update #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

george-roberts merged 10 commits into master from update_5.0.0

Mar 4, 2026

Merged

Update 5.0.0 Major update #87

Moved full whatsNew to readme

Autodesk Chorus / security/semgrep completed Mar 4, 2026 in 1m 48s

13 issue(s) found

Summary of Issues

Type	Count	Severity
rules.njsscan.semantic_grep.traversal.join_resolve_path_traversal	4	MEDIUM
rules.njsscan.traversal.join_resolve_path_traversal	4	MEDIUM
rules.njsscan.dos.regex_dos	1	MEDIUM
rules.njsscan.crypto.node_insecure_random_generator	1	MEDIUM
rules.njsscan.semantic_grep.crypto.node_insecure_random_generator	1	MEDIUM
rules.njsscan.crypto.node_md5	1	MEDIUM
rules.njsscan.semantic_grep.crypto.node_md5	1	MEDIUM

How do I clear all these issues?

If you suspect these issues are not actual issues, click “Clear All Issues” above. Click here for more details.

Details and Annotations

Details

semgrep version 1.102.0

Annotations

Check warning on line 784 in vs-code-extension/out/extension.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.semantic_grep.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 784 in vs-code-extension/out/extension.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 928 in vs-code-extension/out/extension.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.semantic_grep.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 928 in vs-code-extension/out/extension.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 737 in vs-code-extension/out/postRunner.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.dos.regex_dos

Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service.

Check warning on line 935 in vs-code-extension/out/postRunner.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.semantic_grep.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 935 in vs-code-extension/out/postRunner.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 975 in vs-code-extension/out/postRunner.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.crypto.node_insecure_random_generator

crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator.

Check warning on line 975 in vs-code-extension/out/postRunner.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.semantic_grep.crypto.node_insecure_random_generator

crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator.

Check warning on line 471 in vs-code-extension/out/providers/fileTreeProvider.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.semantic_grep.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 471 in vs-code-extension/out/providers/fileTreeProvider.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.traversal.join_resolve_path_traversal

Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`.

Check warning on line 135 in vs-code-extension/out/utils.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.crypto.node_md5

MD5 is a a weak hash which is known to have collision. Use a strong hashing function.

Check warning on line 135 in vs-code-extension/out/utils.js

autodesk-chorus / security/semgrep

app.chorus.semgrep.rules.njsscan.semantic_grep.crypto.node_md5

MD5 is a a weak hash which is known to have collision. Use a strong hashing function.

View more details on Autodesk Chorus

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update 5.0.0 Major update #87

Uh oh!

Uh oh!

Update 5.0.0 Major update #87

Uh oh!

13 issue(s) found

Summary of Issues

How do I clear all these issues?

Details and Annotations

Details

Annotations

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

autodesk-chorus / security/semgrep

Re-running checks...