diff --git a/.semgreprules/customRule.yml b/.semgreprules/customRule.yml new file mode 100644 index 0000000..b275e28 --- /dev/null +++ b/.semgreprules/customRule.yml @@ -0,0 +1,30 @@ +rules: +- id: check-sensitive-info + message: >- + Potential sensitive information found: $1 + severity: ERROR + languages: + - yaml + - go + - javascript + - java + - python + - golang + - docker + patterns: + - pattern-regex: (?i)\b(api[_-]key|api[_-]token|api[_-]secret[_-]key|api[_-]password|token|secret[_-]key|password|auth[_-]key|auth[_-]token|AUTH_PASSWORD)\s*[:=]\s*(['"]?)((?!YOUR_EXCLUSION_PATTERN_HERE)[A-Z]+.*?)\2 + +- id: check-logger-appconfig + message: >- + Potential Logging configuration found: $1 + severity: ERROR + languages: + - yaml + - go + - javascript + - java + - python + - golang + - docker + patterns: + - pattern-regex: log\.Logger\(\).*(appConfig).*