Skip to content

Add key keyword secret detection #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DMarinhoCodacy merged 4 commits into from
Mar 17, 2026
Merged

Add key keyword secret detection #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bd48220
Add keyword key for secret detection
DMarinhoCodacy Mar 17, 2026
29fb194
fix csharp test
DMarinhoCodacy Mar 17, 2026
b28d621
fix csharp test
DMarinhoCodacy Mar 17, 2026
060de53
fix readme file
DMarinhoCodacy Mar 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Codacy Semgrep
# Codacy Opengrep

This is the docker engine we use at Codacy to have [Opengrep](https://github.com/opengrep/opengrep) support.

Expand Down
8 changes: 4 additions & 4 deletions docs/codacy-rules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ rules:
- pattern: String $PASSWORD = "$VALUE";
- metavariable-regex:
metavariable: "$PASSWORD"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
metadata:
owasp:
Expand All @@ -45,7 +45,7 @@ rules:
- pattern: var $PASSWORD = "$VALUE";
- metavariable-regex:
metavariable: "$PASSWORD"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
metadata:
owasp:
Expand Down Expand Up @@ -74,7 +74,7 @@ rules:
- pattern: var $PASSWORD = `$VALUE`
- metavariable-regex:
metavariable: "$PASSWORD"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
metadata:
owasp:
Expand Down Expand Up @@ -105,7 +105,7 @@ rules:
$PASSWORD VARCHAR2($LENGTH) := $...VALUE;
- metavariable-regex:
metavariable: "$PASSWORD"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
options:
generic_ellipsis_max_span: 0
message: >
Expand Down
4 changes: 3 additions & 1 deletion docs/multiple-tests/codacy-rules-java/results.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
<checkstyle version="1.5">
<file name="Program.java">
<error source="codacy.java.security.hard-coded-password" line="8" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.java.security.flexible-search-sql-injection" line="9" message="Possible SQL Injection: Avoid concatenating user input in FlexibleSearchQuery." severity="error" />
<error source="codacy.java.security.hard-coded-password" line="9" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.java.security.hard-coded-password" line="10" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.java.security.flexible-search-sql-injection" line="11" message="Possible SQL Injection: Avoid concatenating user input in FlexibleSearchQuery." severity="error" />
</file>
</checkstyle>
4 changes: 4 additions & 0 deletions docs/multiple-tests/codacy-rules-java/src/Program.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,17 @@ class Program
public static void main(String[] args)
{
private static final String PASSWORD = "password" ; // Issue: Hardcoded password
private static final String API_KEY = "api_key" ; // Issue: Hardcoded API key
private static final String API_SECRET = "api_secret" ; // Issue: Hardcoded API secret
final FlexibleSearchQuery query = new FlexibleSearchQuery("SELECT {a.pk} FROM {TEST AS a} WHERE {a.uid} ="+ uid +" AND {a.visibleInAddressBook} = true");

final FlexibleSearchQuery okquery = new FlexibleSearchQuery(
"SELECT {a.pk} FROM {TEST AS a} WHERE {a.uid} = ?uid AND {a.visibleInAddressBook} = true"
);
okquery.addQueryParameter("uid", uid);
System.out.println("This is a security risk: " + PASSWORD);
System.out.println("This is a security risk: " + API_KEY);
System.out.println("This is a security risk: " + API_SECRET);
}
}

2 changes: 2 additions & 0 deletions docs/multiple-tests/codacy-rules-javascript/results.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,7 @@
<error source="codacy.javascript.security.hard-coded-password" line="3" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.javascript.security.hard-coded-password" line="4" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.javascript.security.hard-coded-password" line="5" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.javascript.security.hard-coded-password" line="6" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.javascript.security.hard-coded-password" line="7" message="Hardcoded passwords are a security risk." severity="error" />
</file>
</checkstyle>
2 changes: 2 additions & 0 deletions docs/multiple-tests/codacy-rules-javascript/src/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ function main(args) {
var PASSWORD = "password"; // Issue: Hardcoded password
let salasana = 'YAY'
const senha = `senha`;
const API_KEY = "api_key"; // Issue: Hardcoded API key
const API_SECRET = "api_secret"; // Issue: Hardcoded API secret


const letPassword = password();
Expand Down
11 changes: 7 additions & 4 deletions docs/multiple-tests/codacy-rules/results.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,18 @@
<checkstyle version="1.5">
<file name="codacy-csharp-security-hard-coded-password.cs">
<error source="codacy.csharp.security.hard-coded-password" line="9" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.csharp.security.null-dereference" line="23" message="Potential null dereference detected." severity="error" />
<error source="codacy.csharp.security.null-dereference" line="26" message="Potential null dereference detected." severity="error" />
<error source="codacy.csharp.security.null-dereference" line="26" message="Potential null dereference detected." severity="error" />
<error source="codacy.csharp.security.hard-coded-password" line="10" message="Hardcoded passwords are a security risk." severity="error" />
<error source="codacy.csharp.security.null-dereference" line="25" message="Potential null dereference detected." severity="error" />
<error source="codacy.csharp.security.null-dereference" line="28" message="Potential null dereference detected." severity="error" />
<error source="codacy.csharp.security.null-dereference" line="28" message="Potential null dereference detected." severity="error" />
</file>
<file name="test_find_all_passwords_and_empty_string.pls">
<error source="codacy.generic.plsql.empty-strings" line="29" message="Empty strings can lead to unexpected behavior and should be handled carefully." severity="warning" />
<error source="codacy.generic.plsql.empty-strings" line="33" message="Empty strings can lead to unexpected behavior and should be handled carefully." severity="warning" />
<error source="codacy.generic.plsql.find-all-passwords" line="6" message="Hardcoded or exposed passwords are a security risk." severity="error" />
<error source="codacy.generic.plsql.find-all-passwords" line="7" message="Hardcoded or exposed passwords are a security risk." severity="error" />
<error source="codacy.generic.plsql.find-all-passwords" line="8" message="Hardcoded or exposed passwords are a security risk." severity="error" />
<error source="codacy.generic.plsql.find-all-passwords" line="9" message="Hardcoded or exposed passwords are a security risk." severity="error" />
<error source="codacy.generic.plsql.find-all-passwords" line="10" message="Hardcoded or exposed passwords are a security risk." severity="error" />
</file>
<file name="test_resource_injection.pls">
<error source="codacy.generic.plsql.resource-injection" line="16" message="Resource injection detected." severity="error" />
Expand Down
2 changes: 2 additions & 0 deletions docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,10 @@ class Program
static void Main(string[] args)
{
var password = "password"; // Issue: Hardcoded password
var api_key = "api_key"; // Issue: Hardcoded API key

Console.WriteLine("This is a security risk: " + password);
Console.WriteLine("This is a security risk: " + api_key);
}

public static bool? IsRegular(bool freqNoneOrNotPeriodic, bool freqPeriodical, IFrequency frequency)
Expand Down
4 changes: 4 additions & 0 deletions docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
password1 VARCHAR2(100) := 'Password123!';
password2 VARCHAR2(100) := 'Admin@456';
password3 VARCHAR2(100) := 'UserPass789';
API_KEY VARCHAR2(100) := 'newAPI_KEY43432';
API_SECRET VARCHAR2(100) := 'newAPI_SECRET43432';

Check failure on line 10 in docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls#L10 

Hardcoded or exposed passwords are a security risk.

-- Procedure to output passwords
PROCEDURE output_passwords;
Expand All @@ -19,6 +21,8 @@
DBMS_OUTPUT.PUT_LINE('Password1: ' || password1);
DBMS_OUTPUT.PUT_LINE('Password2: ' || password2);
DBMS_OUTPUT.PUT_LINE('Password3: ' || password3);
DBMS_OUTPUT.PUT_LINE('Password4: ' || API_KEY);

Check warning on line 24 in docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls#L24 

syntax error at or near "DBMS_OUTPUT"
DBMS_OUTPUT.PUT_LINE('Password5: ' || API_KEY);
END output_passwords;
END find_passwords;
/
Expand Down