Merge pull request #3636 from semgrep/merge-develop-to-release

LewisArdern · web-flow · commit 36bfa53ade86 · 2025-06-04T11:38:46.000-07:00
Merge Develop into Release
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/generic/secrets/gitleaks/generic-api-key.yaml b/generic/secrets/gitleaks/generic-api-key.yaml
@@ -38,7 +38,7 @@ rules:
       - "*bundle.js"
       - "*pnpm-lock*"
       - "*Podfile.lock"
-      - "*/openssl/*.h"
+      - "**/*/openssl/*.h"
       - "*.xcscmblueprint"
   patterns:
     # The original regex from gitleaks is in this rule https://semgrep.dev/playground/s/57qk (but its very noisy) even with our entropy analyzer
diff --git a/generic/secrets/security/detected-artifactory-password.yaml b/generic/secrets/security/detected-artifactory-password.yaml
@@ -21,7 +21,7 @@ rules:
         - "*bundle.js"
         - "*pnpm-lock*"
         - "*Podfile.lock"
-        - "*/openssl/*.h"
+        - "**/*/openssl/*.h"
         - "*.xcscmblueprint"
     message: Artifactory token detected
     severity: ERROR
diff --git a/generic/secrets/security/detected-artifactory-token.yaml b/generic/secrets/security/detected-artifactory-token.yaml
@@ -16,7 +16,7 @@ rules:
       - "*bundle.js"
       - "*pnpm-lock*"
       - "*Podfile.lock"
-      - "*/openssl/*.h"
+      - "**/*/openssl/*.h"
       - "*.xcscmblueprint"
       - "*cargo.lock"
   message: Artifactory token detected
diff --git a/generic/secrets/security/detected-sonarqube-docs-api-key.yaml b/generic/secrets/security/detected-sonarqube-docs-api-key.yaml
@@ -16,7 +16,7 @@ rules:
       - "*bundle.js"
       - "*pnpm-lock*"
       - "*Podfile.lock"
-      - "*/openssl/*.h"
+      - "**/*/openssl/*.h"
       - "*.xcscmblueprint"
   metadata:
     cwe:
diff --git a/java/lang/security/audit/crypto/use-of-md5.fixed.java b/java/lang/security/audit/crypto/use-of-md5.fixed.java
@@ -11,12 +11,20 @@ public byte[] bad1(String password) {
   }
 
   public byte[] bad2(String password) {
+    // ruleid: use-of-md5
+    MessageDigest md5Digest = MessageDigest.getInstance("SHA-512");
+    md5Digest.update(password.getBytes());
+    byte[] hashValue = md5Digest.digest();
+    return hashValue;
+  }
+
+  public byte[] bad3(String password) {
     // ok: use-of-md5
     byte[] hashValue = DigestUtils.getMd5Digest().digest(password.getBytes());
     return hashValue;
   }
 
-  public void bad3() {
+  public void bad4() {
       // ruleid: use-of-md5
       java.security.MessageDigest md = java.security.MessageDigest.getInstance("SHA-512");
       byte[] input = {(byte) '?'};
diff --git a/java/lang/security/audit/crypto/use-of-md5.java b/java/lang/security/audit/crypto/use-of-md5.java
@@ -11,12 +11,20 @@ public byte[] bad1(String password) {
   }
 
   public byte[] bad2(String password) {
+    // ruleid: use-of-md5
+    MessageDigest md5Digest = MessageDigest.getInstance("md5");
+    md5Digest.update(password.getBytes());
+    byte[] hashValue = md5Digest.digest();
+    return hashValue;
+  }
+
+  public byte[] bad3(String password) {
     // ok: use-of-md5
     byte[] hashValue = DigestUtils.getMd5Digest().digest(password.getBytes());
     return hashValue;
   }
 
-  public void bad3() {
+  public void bad4() {
       // ruleid: use-of-md5
       java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5");
       byte[] input = {(byte) '?'};
diff --git a/java/lang/security/audit/crypto/use-of-md5.yaml b/java/lang/security/audit/crypto/use-of-md5.yaml
@@ -30,7 +30,7 @@ rules:
        java.security.MessageDigest.getInstance($ALGO, ...);
     - metavariable-regex:
         metavariable: "$ALGO"
-        regex: (.MD5.)
+        regex: (?i)(.MD5.)
     - focus-metavariable: $ALGO
   fix: |
     "SHA-512"
diff --git a/php/lang/security/injection/tainted-sql-string.php b/php/lang/security/injection/tainted-sql-string.php
@@ -31,6 +31,14 @@ function test4() {
     return $info;
 }
 
+function test5() {
+    // ruleid: tainted-sql-string
+    $query = "
+    SELECT * FROM table WHERE Id = '".$_GET['url']."'";
+    $info = mysql_query($query);
+    return $info;
+}
+
 // True Negatives
 
 function test1() {
diff --git a/php/lang/security/injection/tainted-sql-string.yaml b/php/lang/security/injection/tainted-sql-string.yaml
@@ -46,16 +46,16 @@ rules:
           sprintf($SQLSTR, ...)
       - metavariable-regex:
           metavariable: $SQLSTR
-          regex: .*\b(?i)(select|delete|insert|create|update|alter|drop)\b.*
+          regex: (?is).*\b(select|delete|insert|create|update|alter|drop)\b.*
     - patterns:
       - pattern: |
           "...$EXPR..."
       - metavariable-regex:
           metavariable: $EXPR
-          regex: .*\b(?i)(select|delete|insert|create|update|alter|drop)\b.*
+          regex: (?is).*\b(select|delete|insert|create|update|alter|drop)\b.*
     - patterns:
       - pattern: |
           "$SQLSTR".$EXPR
       - metavariable-regex:
           metavariable: $SQLSTR
-          regex: .*\b(?i)(select|delete|insert|create|update|alter|drop)\b.*
+          regex: (?is).*\b(select|delete|insert|create|update|alter|drop)\b.*
