Skip to content

Commit

Permalink
Merge Develop into Release (#3558)
Browse files Browse the repository at this point in the history 
* Add gcp sql rules for insecure ssl_mode (#3540)

* Add gcp sql rules for insecure ssl_mode

* clean up message and references

---------

Co-authored-by: Lewis <[email protected]>

* Only detect Sauce API token if its a V4 GUID (#3530)

The regex already implicitly matched a GUID, but this makes it more strict.
This solves false positives where another hexadecimal string follows "sauce",
such as in yarn.lock files.

* Update use-of-md5.yaml (#3557)

---------

Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
Co-authored-by: Lewis <[email protected]>
Co-authored-by: Sjoerd Langkemper <[email protected]>
  • Loading branch information
@r2c-argo @0xDC0DE
@LewisArdern @Sjord
4 people authored Feb 7, 2025
1 parent 6f98190 commit 1f2ff25
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 3 deletions.
9 changes: 9 additions & 0 deletions generic/secrets/security/detected-sauce-token.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,12 @@ SAUCE_ACCESS_KEY=034e1d2a-681a-4a52-bfa3-256b72c356c0

# ruleid: detected-sauce-token
sauce_access_key:034E1D2A-681A-4A52-BFA3-256B72C356C0

# yarn.lock snippet:
saucelabs@^1.5.0:
version "1.5.0"
# ok: detected-sauce-token
resolved "https://registry.yarnpkg.com/saucelabs/-/saucelabs-1.5.0.tgz#9405a73c360d449b232839919a86c396d379fd9d"
integrity sha512-jlX3FGdWvYf4Q3LFfFWS1QvPg3IGCGWxIc8QBFdPTbpTJnt/v17FHXYVAn7C8sHf1yUXo2c7yIM0isDryfYtHQ==
dependencies:
https-proxy-agent "^2.2.1"
2 changes: 1 addition & 1 deletion generic/secrets/security/detected-sauce-token.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
rules:
- id: detected-sauce-token
pattern-regex: |-
(?i)sauce.{0,50}(\\\"|'|`)?[0-9a-f-]{36}(\\\"|'|`)?
(?i)sauce.{0,50}(\\\"|'|`)?[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12}(\\\"|'|`)?
languages: [regex]
message: Sauce Token detected
severity: ERROR
Expand Down
4 changes: 2 additions & 2 deletions kotlin/lang/security/use-of-md5.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,6 @@ rules:
confidence: MEDIUM
pattern-either:
- pattern: |
$VAR = $MD.getInstance("MD5")
java.security.MessageDigest.getInstance("MD5")
- pattern: |
$DU.getMd5Digest().digest(...)
org.apache.commons.codec.digest.DigestUtils.getMd5Digest()

0 comments on commit 1f2ff25

Please sign in to comment.