From 4ad31521cbc51caee308bfeea8adf85630a31f15 Mon Sep 17 00:00:00 2001 From: nimratcoderabbit Date: Mon, 14 Jul 2025 12:57:54 -0400 Subject: [PATCH 1/7] Semgrep files --- .coderabbit.yml | 2 ++ semgrep/example.py | 32 ++++++++++++++++++++++++++++++++ semgrep/semgrep.ymml | 8 ++++++++ 3 files changed, 42 insertions(+) create mode 100644 .coderabbit.yml create mode 100644 semgrep/example.py create mode 100644 semgrep/semgrep.ymml diff --git a/.coderabbit.yml b/.coderabbit.yml new file mode 100644 index 0000000..dcf8c91 --- /dev/null +++ b/.coderabbit.yml @@ -0,0 +1,2 @@ +reviews: + path_filters: ["**/*.yml","**/*.yaml"] diff --git a/semgrep/example.py b/semgrep/example.py new file mode 100644 index 0000000..d70d494 --- /dev/null +++ b/semgrep/example.py @@ -0,0 +1,32 @@ +import os +import sys +import hashlib + +# Hardcoded credentials +USERNAME = "admin" +PASSWORD = "secret123" + +def dangerous_eval(): + user_input = input("Enter a Python expression: ") + result = eval(user_input) + print("Evaluated result:", result) + +def delete_data(path): + os.system("rm -rf " + path) # Semgrep: shell injection + +def hash_password(password): + hashed = hashlib.md5(password.encode()).hexdigest() # Semgrep: weak hash + return hashed + +def main(): + print("Logging in as", USERNAME) + password_hash = hash_password(PASSWORD) + print("Password hash:", password_hash) + + if len(sys.argv) > 1: + delete_data(sys.argv[1]) + + dangerous_eval() + +main() + diff --git a/semgrep/semgrep.ymml b/semgrep/semgrep.ymml new file mode 100644 index 0000000..405b747 --- /dev/null +++ b/semgrep/semgrep.ymml @@ -0,0 +1,8 @@ +rules: + - id: hardcoded-password + pattern: password = "$SECRET" + message: "Avoid hardcoded passwords" + severity: ERROR + languages: [python] + metadata: + category: security From 396d06fbd928796ed44493b19d01f1b3586ac8e6 Mon Sep 17 00:00:00 2001 From: nimratcoderabbit Date: Mon, 14 Jul 2025 12:59:04 -0400 Subject: [PATCH 2/7] Semgrep --- semgrep/{semgrep.ymml => semgrep.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename semgrep/{semgrep.ymml => semgrep.yml} (100%) diff --git a/semgrep/semgrep.ymml b/semgrep/semgrep.yml similarity index 100% rename from semgrep/semgrep.ymml rename to semgrep/semgrep.yml From a7c61b811b00f9025ad83ecbc73ec41de46426ea Mon Sep 17 00:00:00 2001 From: nimratcoderabbit Date: Mon, 14 Jul 2025 13:03:17 -0400 Subject: [PATCH 3/7] Semgrep --- .semgrep.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .semgrep.yml diff --git a/.semgrep.yml b/.semgrep.yml new file mode 100644 index 0000000..f4e0866 --- /dev/null +++ b/.semgrep.yml @@ -0,0 +1,7 @@ +# .semgrep.yml +include: + - semgrep/ # or: semgrep/example.py if you want to be specific + +configs: + - semgrep/semgrep.yml + From 0927f3e6b59fa645d90bd16a25f5a9ce079a76b4 Mon Sep 17 00:00:00 2001 From: nimratcoderabbit Date: Mon, 14 Jul 2025 13:05:02 -0400 Subject: [PATCH 4/7] Semgrep --- .semgrep.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semgrep.yml b/.semgrep.yml index f4e0866..24332f0 100644 --- a/.semgrep.yml +++ b/.semgrep.yml @@ -1,6 +1,6 @@ # .semgrep.yml include: - - semgrep/ # or: semgrep/example.py if you want to be specific + - semgrep/example.py configs: - semgrep/semgrep.yml From b47e1bbb8b9af114c85be2c9b986be763f3ab0c1 Mon Sep 17 00:00:00 2001 From: nimratcoderabbit Date: Mon, 14 Jul 2025 13:09:57 -0400 Subject: [PATCH 5/7] Semgrep --- .semgrep.yml | 14 ++++++++++---- semgrep/semgrep.yml | 8 -------- 2 files changed, 10 insertions(+), 12 deletions(-) delete mode 100644 semgrep/semgrep.yml diff --git a/.semgrep.yml b/.semgrep.yml index 24332f0..3d2c1d6 100644 --- a/.semgrep.yml +++ b/.semgrep.yml @@ -1,7 +1,13 @@ # .semgrep.yml -include: - - semgrep/example.py +rules: + - id: hardcoded-password + pattern: password = "$SECRET" + message: "Avoid hardcoded passwords" + severity: ERROR + languages: [python] + metadata: + category: security -configs: - - semgrep/semgrep.yml +include: + - semgrep/ # or even semgrep/example.py diff --git a/semgrep/semgrep.yml b/semgrep/semgrep.yml deleted file mode 100644 index 405b747..0000000 --- a/semgrep/semgrep.yml +++ /dev/null @@ -1,8 +0,0 @@ -rules: - - id: hardcoded-password - pattern: password = "$SECRET" - message: "Avoid hardcoded passwords" - severity: ERROR - languages: [python] - metadata: - category: security From 82380c15ea6e8161a0473a0b329fad9c46b30e20 Mon Sep 17 00:00:00 2001 From: alex Date: Tue, 15 Jul 2025 13:18:58 -0400 Subject: [PATCH 6/7] no need for config --- .coderabbit.yml | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .coderabbit.yml diff --git a/.coderabbit.yml b/.coderabbit.yml deleted file mode 100644 index dcf8c91..0000000 --- a/.coderabbit.yml +++ /dev/null @@ -1,2 +0,0 @@ -reviews: - path_filters: ["**/*.yml","**/*.yaml"] From f1c4f5feaee915eeb1461b06efc3f95c0a97c6fd Mon Sep 17 00:00:00 2001 From: nimratcoderabbit Date: Wed, 16 Jul 2025 11:50:56 -0400 Subject: [PATCH 7/7] Delete .semgrep.yml --- .semgrep.yml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 .semgrep.yml diff --git a/.semgrep.yml b/.semgrep.yml deleted file mode 100644 index 3d2c1d6..0000000 --- a/.semgrep.yml +++ /dev/null @@ -1,13 +0,0 @@ -# .semgrep.yml -rules: - - id: hardcoded-password - pattern: password = "$SECRET" - message: "Avoid hardcoded passwords" - severity: ERROR - languages: [python] - metadata: - category: security - -include: - - semgrep/ # or even semgrep/example.py -