From 1bfb2d49ee5bf85118139d10c79a1da786cd128b Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Fri, 5 Apr 2024 20:39:27 -0400
Subject: [PATCH] Improve Semgrep CI (#18577)

### What I did
Semgrep's default ruleset (p/default) somehow lost some important rules
#### How I did it
Keep use p/default and add another rule
#### How to verify it
Added test code to this PR and Semgrep CI failed
Failed result: https://github.com/sonic-net/sonic-buildimage/actions/runs/8574699788/job/23502068624
---
 .github/workflows/semgrep.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 975769a50566..9aea98abf97a 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -19,4 +19,8 @@ jobs:
       - uses: actions/checkout@v3
       - run: semgrep ci
         env:
-           SEMGREP_RULES: p/default
+           SEMGREP_RULES: |
+             p/default
+             r/python.lang.security.audit.dangerous-system-call-audit.dangerous-system-call-audit
+             r/c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn
+             r/c.lang.security.insecure-use-string-copy-fn.insecure-use-string-copy-fn