From 818f2aa00da06403c7b59360a96f8027e0ddeea4 Mon Sep 17 00:00:00 2001
From: KhemrajSingh Rathore <khemraj.rathore@privado.ai>
Date: Wed, 26 Jun 2024 18:17:34 +0530
Subject: [PATCH 1/2] add semantic for python len function (#472)

---
 config/semantics/python.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 config/semantics/python.yaml

diff --git a/config/semantics/python.yaml b/config/semantics/python.yaml
new file mode 100644
index 00000000..b2585bcf
--- /dev/null
+++ b/config/semantics/python.yaml
@@ -0,0 +1,8 @@
+# 1->-1 => 1st parameter taints the return value
+# 0->0 => 0th parameter taints itself back
+# empty flow => no tainting done by method
+# 1->-1 2->-1 => 1st and 2nd parameter both taints the return value
+
+semantics:
+  - signature: "__builtin.len"
+    flow: "1->1"
\ No newline at end of file

From d84a43987ebe5b3a37457bfeb8164c1909ee145c Mon Sep 17 00:00:00 2001
From: Karan Batavia <118820668+karan-batavia@users.noreply.github.com>
Date: Fri, 28 Jun 2024 18:03:46 +0530
Subject: [PATCH 2/2] added vulnerability scan PR check (#475)

---
 .github/workflows/vulnerability-scan.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/workflows/vulnerability-scan.yml

diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
new file mode 100644
index 00000000..026e27f7
--- /dev/null
+++ b/.github/workflows/vulnerability-scan.yml
@@ -0,0 +1,17 @@
+name: Vulnerability Scan
+on: pull_request_target
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+        with:
+          ref: ${{ github.head_ref }}
+      - run: docker build -t privado-main-oss -f Dockerfile .
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: privado-main-oss
+          args: --severity-threshold=high
\ No newline at end of file