From bd482202a1c0056233c94dbb21c4104c5a77856f Mon Sep 17 00:00:00 2001
From: DMarinhoCodacy <david.marinho@codacy.com>
Date: Tue, 17 Mar 2026 10:53:06 +0000
Subject: [PATCH 1/4] Add keyword key for secret detection

---
 docs/codacy-rules.yaml                                 |  8 ++++----
 docs/multiple-tests/codacy-rules-java/results.xml      |  4 +++-
 docs/multiple-tests/codacy-rules-java/src/Program.java |  4 ++++
 .../multiple-tests/codacy-rules-javascript/results.xml |  2 ++
 .../codacy-rules-javascript/src/index.js               |  2 ++
 docs/multiple-tests/codacy-rules/results.xml           | 10 ++++++----
 .../src/codacy-csharp-security-hard-coded-password.cs  |  2 ++
 .../src/test_find_all_passwords_and_empty_string.pls   |  4 ++++
 8 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/docs/codacy-rules.yaml b/docs/codacy-rules.yaml
index e983a00..e0d3bdd 100644
--- a/docs/codacy-rules.yaml
+++ b/docs/codacy-rules.yaml
@@ -25,7 +25,7 @@ rules:
           - pattern: String $PASSWORD = "$VALUE";
         - metavariable-regex:
             metavariable: "$PASSWORD"
-            regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+            regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
     message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
     metadata:
       owasp:
@@ -45,7 +45,7 @@ rules:
           - pattern: var $PASSWORD = "$VALUE";
         - metavariable-regex:
             metavariable: "$PASSWORD"
-            regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+            regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
     message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
     metadata:
       owasp:
@@ -74,7 +74,7 @@ rules:
           - pattern: var $PASSWORD = `$VALUE`
         - metavariable-regex:
             metavariable: "$PASSWORD"
-            regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+            regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
     message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
     metadata:
       owasp:
@@ -105,7 +105,7 @@ rules:
           $PASSWORD VARCHAR2($LENGTH) := $...VALUE;
       - metavariable-regex:
           metavariable: "$PASSWORD"
-          regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+          regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd|key).*"
     options:
       generic_ellipsis_max_span: 0
     message: >
diff --git a/docs/multiple-tests/codacy-rules-java/results.xml b/docs/multiple-tests/codacy-rules-java/results.xml
index 3da5ea7..abe5fc8 100644
--- a/docs/multiple-tests/codacy-rules-java/results.xml
+++ b/docs/multiple-tests/codacy-rules-java/results.xml
@@ -2,6 +2,8 @@
 <checkstyle version="1.5">
     <file name="Program.java">
         <error source="codacy.java.security.hard-coded-password" line="8" message="Hardcoded passwords are a security risk." severity="error" />
-        <error source="codacy.java.security.flexible-search-sql-injection" line="9" message="Possible SQL Injection: Avoid concatenating user input in FlexibleSearchQuery." severity="error" />
+        <error source="codacy.java.security.hard-coded-password" line="9" message="Hardcoded passwords are a security risk." severity="error" />
+        <error source="codacy.java.security.hard-coded-password" line="10" message="Hardcoded passwords are a security risk." severity="error" />
+        <error source="codacy.java.security.flexible-search-sql-injection" line="11" message="Possible SQL Injection: Avoid concatenating user input in FlexibleSearchQuery." severity="error" />
     </file>
 </checkstyle>
diff --git a/docs/multiple-tests/codacy-rules-java/src/Program.java b/docs/multiple-tests/codacy-rules-java/src/Program.java
index c226d9b..7fdf760 100644
--- a/docs/multiple-tests/codacy-rules-java/src/Program.java
+++ b/docs/multiple-tests/codacy-rules-java/src/Program.java
@@ -6,6 +6,8 @@ class Program
         public static void main(String[] args)
         {
             private static final String PASSWORD = "password" ; // Issue: Hardcoded password
+            private static final String API_KEY = "api_key" ; // Issue: Hardcoded API key
+            private static final String API_SECRET = "api_secret" ; // Issue: Hardcoded API secret
             final FlexibleSearchQuery query = new FlexibleSearchQuery("SELECT {a.pk} FROM {TEST AS a} WHERE {a.uid} ="+ uid +" AND {a.visibleInAddressBook} = true");
 
             final FlexibleSearchQuery okquery = new FlexibleSearchQuery(
@@ -13,6 +15,8 @@ public static void main(String[] args)
             );
             okquery.addQueryParameter("uid", uid);
             System.out.println("This is a security risk: " + PASSWORD);
+            System.out.println("This is a security risk: " + API_KEY);
+            System.out.println("This is a security risk: " + API_SECRET);
         }
     }
 
diff --git a/docs/multiple-tests/codacy-rules-javascript/results.xml b/docs/multiple-tests/codacy-rules-javascript/results.xml
index 278f1ae..381861d 100644
--- a/docs/multiple-tests/codacy-rules-javascript/results.xml
+++ b/docs/multiple-tests/codacy-rules-javascript/results.xml
@@ -4,5 +4,7 @@
         <error source="codacy.javascript.security.hard-coded-password" line="3" message="Hardcoded passwords are a security risk." severity="error" />
         <error source="codacy.javascript.security.hard-coded-password" line="4" message="Hardcoded passwords are a security risk." severity="error" />
         <error source="codacy.javascript.security.hard-coded-password" line="5" message="Hardcoded passwords are a security risk." severity="error" />
+        <error source="codacy.javascript.security.hard-coded-password" line="6" message="Hardcoded passwords are a security risk." severity="error" />
+        <error source="codacy.javascript.security.hard-coded-password" line="7" message="Hardcoded passwords are a security risk." severity="error" />
     </file>
 </checkstyle>
diff --git a/docs/multiple-tests/codacy-rules-javascript/src/index.js b/docs/multiple-tests/codacy-rules-javascript/src/index.js
index ede4ca4..7da981e 100644
--- a/docs/multiple-tests/codacy-rules-javascript/src/index.js
+++ b/docs/multiple-tests/codacy-rules-javascript/src/index.js
@@ -3,6 +3,8 @@ function main(args) {
     var PASSWORD = "password"; // Issue: Hardcoded password
     let salasana = 'YAY'
     const senha = `senha`;
+    const API_KEY = "api_key"; // Issue: Hardcoded API key
+    const API_SECRET = "api_secret"; // Issue: Hardcoded API secret
 
 
     const letPassword = password();
diff --git a/docs/multiple-tests/codacy-rules/results.xml b/docs/multiple-tests/codacy-rules/results.xml
index d48f215..9a59106 100644
--- a/docs/multiple-tests/codacy-rules/results.xml
+++ b/docs/multiple-tests/codacy-rules/results.xml
@@ -2,15 +2,17 @@
 <checkstyle version="1.5">
     <file name="codacy-csharp-security-hard-coded-password.cs">
         <error source="codacy.csharp.security.hard-coded-password" line="9" message="Hardcoded passwords are a security risk." severity="error" />
-        <error source="codacy.csharp.security.null-dereference" line="23" message="Potential null dereference detected." severity="error" />
-        <error source="codacy.csharp.security.null-dereference" line="26" message="Potential null dereference detected." severity="error" />
-        <error source="codacy.csharp.security.null-dereference" line="26" message="Potential null dereference detected." severity="error" />
+        <error source="codacy.csharp.security.hard-coded-password" line="10" message="Hardcoded passwords are a security risk." severity="error" />
+        <error source="codacy.csharp.security.null-dereference" line="25" message="Potential null dereference detected." severity="error" />
+        <error source="codacy.csharp.security.null-dereference" line="28" message="Potential null dereference detected." severity="error" />
     </file>
     <file name="test_find_all_passwords_and_empty_string.pls">
-        <error source="codacy.generic.plsql.empty-strings" line="29" message="Empty strings can lead to unexpected behavior and should be handled carefully." severity="warning" />
+        <error source="codacy.generic.plsql.empty-strings" line="33" message="Empty strings can lead to unexpected behavior and should be handled carefully." severity="warning" />
         <error source="codacy.generic.plsql.find-all-passwords" line="6" message="Hardcoded or exposed passwords are a security risk." severity="error" />
         <error source="codacy.generic.plsql.find-all-passwords" line="7" message="Hardcoded or exposed passwords are a security risk." severity="error" />
         <error source="codacy.generic.plsql.find-all-passwords" line="8" message="Hardcoded or exposed passwords are a security risk." severity="error" />
+        <error source="codacy.generic.plsql.find-all-passwords" line="9" message="Hardcoded or exposed passwords are a security risk." severity="error" />
+        <error source="codacy.generic.plsql.find-all-passwords" line="10" message="Hardcoded or exposed passwords are a security risk." severity="error" />
     </file>
     <file name="test_resource_injection.pls">
         <error source="codacy.generic.plsql.resource-injection" line="16" message="Resource injection detected." severity="error" />
diff --git a/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs b/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs
index 98fdb76..7469387 100644
--- a/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs
+++ b/docs/multiple-tests/codacy-rules/src/codacy-csharp-security-hard-coded-password.cs
@@ -7,8 +7,10 @@ class Program
         static void Main(string[] args)
         {
             var password = "password"; // Issue: Hardcoded password
+            var api_key = "api_key"; // Issue: Hardcoded API key
 
             Console.WriteLine("This is a security risk: " + password);
+            Console.WriteLine("This is a security risk: " + api_key);
         }
 
         public static bool? IsRegular(bool freqNoneOrNotPeriodic, bool freqPeriodical, IFrequency frequency)
diff --git a/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls b/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls
index 3ca16a6..eaaa5e5 100644
--- a/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls
+++ b/docs/multiple-tests/codacy-rules/src/test_find_all_passwords_and_empty_string.pls
@@ -6,6 +6,8 @@ CREATE OR REPLACE PACKAGE find_passwords AS
   password1 VARCHAR2(100) := 'Password123!';
   password2 VARCHAR2(100) := 'Admin@456';
   password3 VARCHAR2(100) := 'UserPass789';
+  API_KEY VARCHAR2(100) := 'newAPI_KEY43432';
+  API_SECRET VARCHAR2(100) := 'newAPI_SECRET43432';
 
   -- Procedure to output passwords
   PROCEDURE output_passwords;
@@ -19,6 +21,8 @@ BEGIN
     DBMS_OUTPUT.PUT_LINE('Password1: ' || password1);
     DBMS_OUTPUT.PUT_LINE('Password2: ' || password2);
     DBMS_OUTPUT.PUT_LINE('Password3: ' || password3);
+    DBMS_OUTPUT.PUT_LINE('Password4: ' || API_KEY);
+    DBMS_OUTPUT.PUT_LINE('Password5: ' || API_KEY);
 END output_passwords;
 END find_passwords;
 /

From 29fb1943a37d59827dcb404d146ebfe0717307e4 Mon Sep 17 00:00:00 2001
From: DMarinhoCodacy <david.marinho@codacy.com>
Date: Tue, 17 Mar 2026 11:06:17 +0000
Subject: [PATCH 2/4] fix csharp test

---
 docs/multiple-tests/codacy-rules/results.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/multiple-tests/codacy-rules/results.xml b/docs/multiple-tests/codacy-rules/results.xml
index 9a59106..f09e2e7 100644
--- a/docs/multiple-tests/codacy-rules/results.xml
+++ b/docs/multiple-tests/codacy-rules/results.xml
@@ -4,7 +4,6 @@
         <error source="codacy.csharp.security.hard-coded-password" line="9" message="Hardcoded passwords are a security risk." severity="error" />
         <error source="codacy.csharp.security.hard-coded-password" line="10" message="Hardcoded passwords are a security risk." severity="error" />
         <error source="codacy.csharp.security.null-dereference" line="25" message="Potential null dereference detected." severity="error" />
-        <error source="codacy.csharp.security.null-dereference" line="28" message="Potential null dereference detected." severity="error" />
     </file>
     <file name="test_find_all_passwords_and_empty_string.pls">
         <error source="codacy.generic.plsql.empty-strings" line="33" message="Empty strings can lead to unexpected behavior and should be handled carefully." severity="warning" />

From b28d621ca7594f955274fec9cd792aad6ae3e374 Mon Sep 17 00:00:00 2001
From: DMarinhoCodacy <david.marinho@codacy.com>
Date: Tue, 17 Mar 2026 11:12:00 +0000
Subject: [PATCH 3/4] fix csharp test

---
 docs/multiple-tests/codacy-rules/results.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/multiple-tests/codacy-rules/results.xml b/docs/multiple-tests/codacy-rules/results.xml
index f09e2e7..0fd62a2 100644
--- a/docs/multiple-tests/codacy-rules/results.xml
+++ b/docs/multiple-tests/codacy-rules/results.xml
@@ -4,6 +4,8 @@
         <error source="codacy.csharp.security.hard-coded-password" line="9" message="Hardcoded passwords are a security risk." severity="error" />
         <error source="codacy.csharp.security.hard-coded-password" line="10" message="Hardcoded passwords are a security risk." severity="error" />
         <error source="codacy.csharp.security.null-dereference" line="25" message="Potential null dereference detected." severity="error" />
+        <error source="codacy.csharp.security.null-dereference" line="28" message="Potential null dereference detected." severity="error" />
+        <error source="codacy.csharp.security.null-dereference" line="28" message="Potential null dereference detected." severity="error" />
     </file>
     <file name="test_find_all_passwords_and_empty_string.pls">
         <error source="codacy.generic.plsql.empty-strings" line="33" message="Empty strings can lead to unexpected behavior and should be handled carefully." severity="warning" />

From 060de5353714db5cc474c9d27867ad04396fb124 Mon Sep 17 00:00:00 2001
From: DMarinhoCodacy <david.marinho@codacy.com>
Date: Tue, 17 Mar 2026 11:17:40 +0000
Subject: [PATCH 4/4] fix readme file

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b95ea0a..54e2c08 100755
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Codacy Semgrep
+# Codacy Opengrep
 
 This is the docker engine we use at Codacy to have [Opengrep](https://github.com/opengrep/opengrep) support.