diff --git a/README.md b/README.md
index b95ea0a..54e2c08 100755
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Codacy Semgrep
+# Codacy Opengrep
This is the docker engine we use at Codacy to have [Opengrep](https://github.com/opengrep/opengrep) support.
diff --git a/docs/codacy-rules.yaml b/docs/codacy-rules.yaml
index e983a00..e0d3bdd 100644
--- a/docs/codacy-rules.yaml
+++ b/docs/codacy-rules.yaml
@@ -25,7 +25,7 @@ rules:
- pattern: String $PASSWORD = "$VALUE";
- metavariable-regex:
metavariable: "$PASSWORD"
- regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+ regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
metadata:
owasp:
@@ -45,7 +45,7 @@ rules:
- pattern: var $PASSWORD = "$VALUE";
- metavariable-regex:
metavariable: "$PASSWORD"
- regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+ regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
metadata:
owasp:
@@ -74,7 +74,7 @@ rules:
- pattern: var $PASSWORD = `$VALUE`
- metavariable-regex:
metavariable: "$PASSWORD"
- regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+ regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
metadata:
owasp:
@@ -105,7 +105,7 @@ rules:
$PASSWORD VARCHAR2($LENGTH) := $...VALUE;
- metavariable-regex:
metavariable: "$PASSWORD"
- regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+ regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
options:
generic_ellipsis_max_span: 0
message: >
diff --git a/docs/multiple-tests/codacy-rules-java/results.xml b/docs/multiple-tests/codacy-rules-java/results.xml
index 3da5ea7..abe5fc8 100644
--- a/docs/multiple-tests/codacy-rules-java/results.xml
+++ b/docs/multiple-tests/codacy-rules-java/results.xml
@@ -2,6 +2,8 @@
-
+
+
+
diff --git a/docs/multiple-tests/codacy-rules-java/src/Program.java b/docs/multiple-tests/codacy-rules-java/src/Program.java
index c226d9b..7fdf760 100644
--- a/docs/multiple-tests/codacy-rules-java/src/Program.java
+++ b/docs/multiple-tests/codacy-rules-java/src/Program.java
@@ -6,6 +6,8 @@ class Program
public static void main(String[] args)
{
private static final String PASSWORD = "password" ; // Issue: Hardcoded password
+ private static final String API_KEY = "api_key" ; // Issue: Hardcoded API key
+ private static final String API_SECRET = "api_secret" ; // Issue: Hardcoded API secret
final FlexibleSearchQuery query = new FlexibleSearchQuery("SELECT {a.pk} FROM {TEST AS a} WHERE {a.uid} ="+ uid +" AND {a.visibleInAddressBook} = true");
final FlexibleSearchQuery okquery = new FlexibleSearchQuery(
@@ -13,6 +15,8 @@ public static void main(String[] args)
);
okquery.addQueryParameter("uid", uid);
System.out.println("This is a security risk: " + PASSWORD);
+ System.out.println("This is a security risk: " + API_KEY);
+ System.out.println("This is a security risk: " + API_SECRET);
}
}
diff --git a/docs/multiple-tests/codacy-rules-javascript/results.xml b/docs/multiple-tests/codacy-rules-javascript/results.xml
index 278f1ae..381861d 100644
--- a/docs/multiple-tests/codacy-rules-javascript/results.xml
+++ b/docs/multiple-tests/codacy-rules-javascript/results.xml
@@ -4,5 +4,7 @@
+
+
diff --git a/docs/multiple-tests/codacy-rules-javascript/src/index.js b/docs/multiple-tests/codacy-rules-javascript/src/index.js
index ede4ca4..7da981e 100644
--- a/docs/multiple-tests/codacy-rules-javascript/src/index.js
+++ b/docs/multiple-tests/codacy-rules-javascript/src/index.js
@@ -3,6 +3,8 @@ function main(args) {
var PASSWORD = "password"; // Issue: Hardcoded password
let salasana = 'YAY'
const senha = `senha`;
+ const API_KEY = "api_key"; // Issue: Hardcoded API key
+ const API_SECRET = "api_secret"; // Issue: Hardcoded API secret
const letPassword = password();
diff --git a/docs/multiple-tests/codacy-rules/results.xml b/docs/multiple-tests/codacy-rules/results.xml
index d48f215..0fd62a2 100644
--- a/docs/multiple-tests/codacy-rules/results.xml
+++ b/docs/multiple-tests/codacy-rules/results.xml
@@ -2,15 +2,18 @@
-
-
-
+
+
+
+
-
+
+
+
diff --git a/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs b/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs
index 98fdb76..7469387 100644
--- a/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs
+++ b/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs
@@ -7,8 +7,10 @@ class Program
static void Main(string[] args)
{
var password = "password"; // Issue: Hardcoded password
+ var api_key = "api_key"; // Issue: Hardcoded API key
Console.WriteLine("This is a security risk: " + password);
+ Console.WriteLine("This is a security risk: " + api_key);
}
public static bool? IsRegular(bool freqNoneOrNotPeriodic, bool freqPeriodical, IFrequency frequency)
diff --git a/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls b/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls
index 3ca16a6..eaaa5e5 100644
--- a/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls
+++ b/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls
@@ -6,6 +6,8 @@ CREATE OR REPLACE PACKAGE find_passwords AS
password1 VARCHAR2(100) := 'Password123!';
password2 VARCHAR2(100) := 'Admin@456';
password3 VARCHAR2(100) := 'UserPass789';
+ API_KEY VARCHAR2(100) := 'newAPI_KEY43432';
+ API_SECRET VARCHAR2(100) := 'newAPI_SECRET43432';
-- Procedure to output passwords
PROCEDURE output_passwords;
@@ -19,6 +21,8 @@ BEGIN
DBMS_OUTPUT.PUT_LINE('Password1: ' || password1);
DBMS_OUTPUT.PUT_LINE('Password2: ' || password2);
DBMS_OUTPUT.PUT_LINE('Password3: ' || password3);
+ DBMS_OUTPUT.PUT_LINE('Password4: ' || API_KEY);
+ DBMS_OUTPUT.PUT_LINE('Password5: ' || API_KEY);
END output_passwords;
END find_passwords;
/