From f11477f8fffb84a082027f006d58ba3f85ce8b0a Mon Sep 17 00:00:00 2001
From: nimratcoderabbit <nimrat@coderabbit.ai>
Date: Mon, 14 Jul 2025 12:34:02 -0400
Subject: [PATCH 1/5] Semgrep Showcase

---
 semgrep/example.py  | 16 ++++++++++++++++
 semgrep/semgrep.yml |  8 ++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 semgrep/example.py
 create mode 100644 semgrep/semgrep.yml

diff --git a/semgrep/example.py b/semgrep/example.py
new file mode 100644
index 0000000..45ca6f3
--- /dev/null
+++ b/semgrep/example.py
@@ -0,0 +1,16 @@
+import os, sys  # F401: sys imported but unused
+
+def my_function(  x, y ):
+  print(  "Result:",x+y )  # E201, E202, E231, E221
+
+class myclass:  # N801: class name should use CapWords convention
+ def __init__(self):
+     self.value =42  # E225: missing whitespace around operator
+     
+ def doSomething(self):  # N802: function name should be snake_case
+    if( self.value>0 ):
+         print("Positive")
+    else:
+         print( "Not positive" )
+         
+my_function(1,2)
diff --git a/semgrep/semgrep.yml b/semgrep/semgrep.yml
new file mode 100644
index 0000000..405b747
--- /dev/null
+++ b/semgrep/semgrep.yml
@@ -0,0 +1,8 @@
+rules:
+  - id: hardcoded-password
+    pattern: password = "$SECRET"
+    message: "Avoid hardcoded passwords"
+    severity: ERROR
+    languages: [python]
+    metadata:
+      category: security

From 603ab960a207ec7a3cb64832a8d367391c7dafaf Mon Sep 17 00:00:00 2001
From: nimratcoderabbit <nimrat@coderabbit.ai>
Date: Mon, 14 Jul 2025 12:44:00 -0400
Subject: [PATCH 2/5] Semgrep showcase

---
 semgrep/example.py | 48 ++++++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/semgrep/example.py b/semgrep/example.py
index 45ca6f3..6a3d3cc 100644
--- a/semgrep/example.py
+++ b/semgrep/example.py
@@ -1,16 +1,32 @@
-import os, sys  # F401: sys imported but unused
-
-def my_function(  x, y ):
-  print(  "Result:",x+y )  # E201, E202, E231, E221
-
-class myclass:  # N801: class name should use CapWords convention
- def __init__(self):
-     self.value =42  # E225: missing whitespace around operator
-     
- def doSomething(self):  # N802: function name should be snake_case
-    if( self.value>0 ):
-         print("Positive")
-    else:
-         print( "Not positive" )
-         
-my_function(1,2)
+import os
+import sys
+import hashlib
+
+# Hardcoded credentials
+USERNAME = "admin"
+PASSWORD = "secret123"
+
+def dangerous_eval():
+    user_input = input("Enter a Python expression: ")
+    result = eval(user_input)
+    print("Evaluated result:", result)
+
+def delete_data(path):
+    os.system("rm -rf " + path)  # Semgrep: shell injection
+
+def hash_password(password):
+    hashed = hashlib.md5(password.encode()).hexdigest()  # Semgrep: weak hash
+    return hashed
+
+def main():
+    print("Logging in as", USERNAME)
+    password_hash = hash_password(PASSWORD)
+    print("Password hash:", password_hash)
+
+    if len(sys.argv) > 1:
+        delete_data(sys.argv[1])
+    
+    dangerous_eval()
+
+main()
+

From fb5634b8f2ce987a80f8b11311da08049d3940cd Mon Sep 17 00:00:00 2001
From: nimratcoderabbit <nimrat@coderabbit.ai>
Date: Mon, 14 Jul 2025 12:49:51 -0400
Subject: [PATCH 3/5] Semgrep

---
 .coderabbit.yml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .coderabbit.yml

diff --git a/.coderabbit.yml b/.coderabbit.yml
new file mode 100644
index 0000000..dcf8c91
--- /dev/null
+++ b/.coderabbit.yml
@@ -0,0 +1,2 @@
+reviews:
+  path_filters: ["**/*.yml","**/*.yaml"]

From fdb231b289087ae2aaa1c635bee76787d40e55da Mon Sep 17 00:00:00 2001
From: alex <alex@coderabbit.ai>
Date: Wed, 16 Jul 2025 13:41:57 -0400
Subject: [PATCH 4/5] move files

---
 semgrep/example.py => example.py   | 0
 semgrep/semgrep.yml => semgrep.yml | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename semgrep/example.py => example.py (100%)
 rename semgrep/semgrep.yml => semgrep.yml (100%)

diff --git a/semgrep/example.py b/example.py
similarity index 100%
rename from semgrep/example.py
rename to example.py
diff --git a/semgrep/semgrep.yml b/semgrep.yml
similarity index 100%
rename from semgrep/semgrep.yml
rename to semgrep.yml

From 6cc4edb0c76392595948ec163472a30abf5f5d24 Mon Sep 17 00:00:00 2001
From: alex <alex@coderabbit.ai>
Date: Wed, 16 Jul 2025 13:44:35 -0400
Subject: [PATCH 5/5] fix semgrep

---
 .coderabbit.yml |  2 +-
 example.py      | 32 --------------------------------
 sampleReact.jsx | 11 +++++++++++
 semgrep.yml     | 20 +++++++++++++-------
 4 files changed, 25 insertions(+), 40 deletions(-)
 delete mode 100644 example.py
 create mode 100644 sampleReact.jsx

diff --git a/.coderabbit.yml b/.coderabbit.yml
index dcf8c91..ce3d9c3 100644
--- a/.coderabbit.yml
+++ b/.coderabbit.yml
@@ -1,2 +1,2 @@
 reviews:
-  path_filters: ["**/*.yml","**/*.yaml"]
+  path_filters: ["**/*","*"]
diff --git a/example.py b/example.py
deleted file mode 100644
index 6a3d3cc..0000000
--- a/example.py
+++ /dev/null
@@ -1,32 +0,0 @@
-import os
-import sys
-import hashlib
-
-# Hardcoded credentials
-USERNAME = "admin"
-PASSWORD = "secret123"
-
-def dangerous_eval():
-    user_input = input("Enter a Python expression: ")
-    result = eval(user_input)
-    print("Evaluated result:", result)
-
-def delete_data(path):
-    os.system("rm -rf " + path)  # Semgrep: shell injection
-
-def hash_password(password):
-    hashed = hashlib.md5(password.encode()).hexdigest()  # Semgrep: weak hash
-    return hashed
-
-def main():
-    print("Logging in as", USERNAME)
-    password_hash = hash_password(PASSWORD)
-    print("Password hash:", password_hash)
-
-    if len(sys.argv) > 1:
-        delete_data(sys.argv[1])
-    
-    dangerous_eval()
-
-main()
-
diff --git a/sampleReact.jsx b/sampleReact.jsx
new file mode 100644
index 0000000..f5a8c19
--- /dev/null
+++ b/sampleReact.jsx
@@ -0,0 +1,11 @@
+function TestComponent() {
+    // ruleid:react-dangerouslysetinnerhtml
+    return <div dangerouslySetInnerHTML={createMarkup()} />;
+}
+
+function OkComponent() {
+    // OK
+    const discordClientKey = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ';
+    return {__html: 'Первый &middot; Второй'};
+}
+
diff --git a/semgrep.yml b/semgrep.yml
index 405b747..901f0ee 100644
--- a/semgrep.yml
+++ b/semgrep.yml
@@ -1,8 +1,14 @@
 rules:
-  - id: hardcoded-password
-    pattern: password = "$SECRET"
-    message: "Avoid hardcoded passwords"
-    severity: ERROR
-    languages: [python]
-    metadata:
-      category: security
+  - id: docs-react-dangerouslysetinnerhtml
+    languages:
+      - typescript
+      - javascript
+    message: >
+      Setting HTML from code is risky because it’s easy to inadvertently expose
+      your users to a cross-site scripting (XSS) attack.
+    pattern-either:
+      - pattern: |
+          <$X dangerouslySetInnerHTML=... />
+      - pattern: |
+          {dangerouslySetInnerHTML: ...}
+    severity: WARNING
\ No newline at end of file