From 94d52ba0268f5502d8993cb2b558a23ffaa6e1ce Mon Sep 17 00:00:00 2001 From: Prince Nchiba Date: Mon, 8 Sep 2025 23:05:49 +0000 Subject: [PATCH 1/2] add princenchiba_demo/no-eval-prince-demo.yaml --- princenchiba_demo/no-eval-prince-demo.yaml | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 princenchiba_demo/no-eval-prince-demo.yaml diff --git a/princenchiba_demo/no-eval-prince-demo.yaml b/princenchiba_demo/no-eval-prince-demo.yaml new file mode 100644 index 0000000000..3a8e0b0cf4 --- /dev/null +++ b/princenchiba_demo/no-eval-prince-demo.yaml @@ -0,0 +1,30 @@ +rules: +- id: no-eval-prince-demo + languages: + - javascript + severity: ERROR + message: Semgrep found a match + pattern: eval("...") + metadata: + category: security + subcategory: + - vuln + cwe: + - 'CWE-749: Exposed Dangerous Method or Function' + confidence: HIGH + likelihood: LOW + impact: MEDIUM + owasp: + - A3:2021 Injection + references: + - '' + technology: + - django + - docker + - dockerfile + - flask + - gorilla + - kubernetes + - nginx + - terraform + - react From eb9195fb3e1aaaba19b05647088717266fe1eff9 Mon Sep 17 00:00:00 2001 From: Prince Nchiba Date: Mon, 8 Sep 2025 23:05:50 +0000 Subject: [PATCH 2/2] add princenchiba_demo/no-eval-prince-demo.jsx --- princenchiba_demo/no-eval-prince-demo.jsx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 princenchiba_demo/no-eval-prince-demo.jsx diff --git a/princenchiba_demo/no-eval-prince-demo.jsx b/princenchiba_demo/no-eval-prince-demo.jsx new file mode 100644 index 0000000000..95a26c247d --- /dev/null +++ b/princenchiba_demo/no-eval-prince-demo.jsx @@ -0,0 +1,14 @@ +print("Welcome to Semgrep!" + "Use our Run button to start experimenting -->") + + +print("...") + +# To detect ALL calls to the print() function, change the Semgrep Rule from print("...") to print(...) + +print(not_a_string) + +print(first_var, second_var) + +print() + +# print("This is commented out so it will never be found")