changes

Author: abidlabs

.github/workflows/semgrep.yml

@@ -43,7 +43,7 @@ jobs:
         with:
           repository: ${{ steps.json.outputs.source_repo }}
           ref: ${{ steps.json.outputs.sha }}
-      - run: semgrep ci
+      - run: semgrep ci --config .github/workflows/semgrep_rules.yaml
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN2 }}
   update-status:

.github/workflows/semgrep_rules.yaml

@@ -0,0 +1,18 @@
+rules:
+  - id: detect-os-system-calls
+    pattern: os.system(...)
+    message: "Unsafe use of os.system(). Consider using subprocess.run() instead."
+    languages: [python]
+    severity: WARNING
+
+  - id: detect-sql-injection
+    pattern: 'execute("SELECT * FROM " + $TABLE)'
+    message: "Potential SQL injection detected. Use parameterized queries."
+    languages: [python]
+    severity: ERROR
+
+  - id: detect-eval-usage
+    pattern: eval(...)
+    message: "Use of eval() detected. This can be dangerous if used with untrusted input."
+    languages: [python]
+    severity: ERROR