From 194c92ecf6edb06a124f6f05799ed05a2049cff4 Mon Sep 17 00:00:00 2001
From: Vasilii Ermilov <inkz@xakep.ru>
Date: Wed, 13 Mar 2024 17:36:08 +0700
Subject: [PATCH 1/2] update detected-ssh-password rule (#3331)

---
 generic/secrets/security/detected-ssh-password.txt  | 6 ++++++
 generic/secrets/security/detected-ssh-password.yaml | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/generic/secrets/security/detected-ssh-password.txt b/generic/secrets/security/detected-ssh-password.txt
index 12fa8d4730..ef08699b51 100644
--- a/generic/secrets/security/detected-ssh-password.txt
+++ b/generic/secrets/security/detected-ssh-password.txt
@@ -1,2 +1,8 @@
 # ruleid: detected-ssh-password
 sshpass -p 'blah'
+
+# ok: detected-ssh-password
+cmdInput := fmt.Sprintf("sshpass -p '%s'", password)
+
+# ok: detected-ssh-password
+cmdInput := fmt.Sprintf("sshpass -p %s", password)
\ No newline at end of file
diff --git a/generic/secrets/security/detected-ssh-password.yaml b/generic/secrets/security/detected-ssh-password.yaml
index ca47f16a5d..6b1aab335b 100644
--- a/generic/secrets/security/detected-ssh-password.yaml
+++ b/generic/secrets/security/detected-ssh-password.yaml
@@ -1,7 +1,7 @@
 rules:
 - id: detected-ssh-password
   pattern-regex: |-
-    sshpass -p.*['|\\\"]
+    sshpass -p\s*['|\\\"][^%]
   languages: [regex]
   message: SSH Password detected
   severity: ERROR

From 6707ab928798571a64f9822fb50e100b064f5c70 Mon Sep 17 00:00:00 2001
From: LewisArdern <LewisArdern@live.co.uk>
Date: Wed, 13 Mar 2024 09:09:08 -0700
Subject: [PATCH 2/2] Fix ironclad to jwtsimple

---
 .../{ironclad => jwt-simple}/security/jwt-simple-noverify.js      | 0
 .../{ironclad => jwt-simple}/security/jwt-simple-noverify.yaml    | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename javascript/{ironclad => jwt-simple}/security/jwt-simple-noverify.js (100%)
 rename javascript/{ironclad => jwt-simple}/security/jwt-simple-noverify.yaml (100%)

diff --git a/javascript/ironclad/security/jwt-simple-noverify.js b/javascript/jwt-simple/security/jwt-simple-noverify.js
similarity index 100%
rename from javascript/ironclad/security/jwt-simple-noverify.js
rename to javascript/jwt-simple/security/jwt-simple-noverify.js
diff --git a/javascript/ironclad/security/jwt-simple-noverify.yaml b/javascript/jwt-simple/security/jwt-simple-noverify.yaml
similarity index 100%
rename from javascript/ironclad/security/jwt-simple-noverify.yaml
rename to javascript/jwt-simple/security/jwt-simple-noverify.yaml