From f11477f8fffb84a082027f006d58ba3f85ce8b0a Mon Sep 17 00:00:00 2001
From: nimratcoderabbit <nimrat@coderabbit.ai>
Date: Mon, 14 Jul 2025 12:34:02 -0400
Subject: [PATCH 1/3] Semgrep Showcase

---
 semgrep/example.py  | 16 ++++++++++++++++
 semgrep/semgrep.yml |  8 ++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 semgrep/example.py
 create mode 100644 semgrep/semgrep.yml

diff --git a/semgrep/example.py b/semgrep/example.py
new file mode 100644
index 0000000..45ca6f3
--- /dev/null
+++ b/semgrep/example.py
@@ -0,0 +1,16 @@
+import os, sys  # F401: sys imported but unused
+
+def my_function(  x, y ):
+  print(  "Result:",x+y )  # E201, E202, E231, E221
+
+class myclass:  # N801: class name should use CapWords convention
+ def __init__(self):
+     self.value =42  # E225: missing whitespace around operator
+     
+ def doSomething(self):  # N802: function name should be snake_case
+    if( self.value>0 ):
+         print("Positive")
+    else:
+         print( "Not positive" )
+         
+my_function(1,2)
diff --git a/semgrep/semgrep.yml b/semgrep/semgrep.yml
new file mode 100644
index 0000000..405b747
--- /dev/null
+++ b/semgrep/semgrep.yml
@@ -0,0 +1,8 @@
+rules:
+  - id: hardcoded-password
+    pattern: password = "$SECRET"
+    message: "Avoid hardcoded passwords"
+    severity: ERROR
+    languages: [python]
+    metadata:
+      category: security

From 603ab960a207ec7a3cb64832a8d367391c7dafaf Mon Sep 17 00:00:00 2001
From: nimratcoderabbit <nimrat@coderabbit.ai>
Date: Mon, 14 Jul 2025 12:44:00 -0400
Subject: [PATCH 2/3] Semgrep showcase

---
 semgrep/example.py | 48 ++++++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/semgrep/example.py b/semgrep/example.py
index 45ca6f3..6a3d3cc 100644
--- a/semgrep/example.py
+++ b/semgrep/example.py
@@ -1,16 +1,32 @@
-import os, sys  # F401: sys imported but unused
-
-def my_function(  x, y ):
-  print(  "Result:",x+y )  # E201, E202, E231, E221
-
-class myclass:  # N801: class name should use CapWords convention
- def __init__(self):
-     self.value =42  # E225: missing whitespace around operator
-     
- def doSomething(self):  # N802: function name should be snake_case
-    if( self.value>0 ):
-         print("Positive")
-    else:
-         print( "Not positive" )
-         
-my_function(1,2)
+import os
+import sys
+import hashlib
+
+# Hardcoded credentials
+USERNAME = "admin"
+PASSWORD = "secret123"
+
+def dangerous_eval():
+    user_input = input("Enter a Python expression: ")
+    result = eval(user_input)
+    print("Evaluated result:", result)
+
+def delete_data(path):
+    os.system("rm -rf " + path)  # Semgrep: shell injection
+
+def hash_password(password):
+    hashed = hashlib.md5(password.encode()).hexdigest()  # Semgrep: weak hash
+    return hashed
+
+def main():
+    print("Logging in as", USERNAME)
+    password_hash = hash_password(PASSWORD)
+    print("Password hash:", password_hash)
+
+    if len(sys.argv) > 1:
+        delete_data(sys.argv[1])
+    
+    dangerous_eval()
+
+main()
+

From fb5634b8f2ce987a80f8b11311da08049d3940cd Mon Sep 17 00:00:00 2001
From: nimratcoderabbit <nimrat@coderabbit.ai>
Date: Mon, 14 Jul 2025 12:49:51 -0400
Subject: [PATCH 3/3] Semgrep

---
 .coderabbit.yml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .coderabbit.yml

diff --git a/.coderabbit.yml b/.coderabbit.yml
new file mode 100644
index 0000000..dcf8c91
--- /dev/null
+++ b/.coderabbit.yml
@@ -0,0 +1,2 @@
+reviews:
+  path_filters: ["**/*.yml","**/*.yaml"]