Semgrep warnings point to broken scala find_sec_bugs.HARD_CODE_PASSWORD-1 and find_sec_bugs.URLCONNECTION_SSRF_FD-1
While investigating #423620 (closed), the sast job was enabled for sast-rules.
The following warnings were logged:
[WARN] [Semgrep] [2023-08-31T03:56:06Z] ▶ tool notification warning: Internal matching error Internal matching error when running find_sec_bugs.HARD_CODE_PASSWORD-1 on scala/crypto/test-HazelcastSymmetricEncryption.scala:
An error occurred while invoking the Semgrep engine. Please help us fix this by creating an issue at https://github.com/returntocorp/semgrep
metavariable-pattern failed because $PWD is not in scope, please check your rule
[WARN] [Semgrep] [2023-08-31T03:56:06Z] ▶ tool notification warning: Internal matching error Internal matching error when running find_sec_bugs.HARD_CODE_PASSWORD-1 on java/crypto/test-HazelcastSymmetricEncryption.java:
An error occurred while invoking the Semgrep engine. Please help us fix this by creating an issue at https://github.com/returntocorp/semgrep
metavariable-pattern failed because $PWD is not in scope, please check your rule
This coincides with a similar warning observed by a few customers:
[WARN] [Semgrep] [2023-08-08T14:16:49-04:00] • tool notification warning: Internal matching error Internal matching error when running find_sec_bugs.URLCONNECTION_SSRF_FD-1 on [customer file path redacted].java:
An error occurred while invoking the Semgrep engine. Please help us fix this by creating an issue at https://github.com/returntocorp/semgrep
metavariable-pattern failed because $ADDR does not bind to a sub-program, please check your rule
/cc @amarpatel @vbhat161