add pattern for hardcoded java passwords

docs/codacy-rules.yaml

@@ -1,4 +1,24 @@
 rules:
+  - id: codacy.java.security.hard-coded-password
+    severity: ERROR
+    languages:
+      - java
+    patterns:
+        - pattern-either:
+          - pattern: String $PASSWORD = "$VALUE";
+        - metavariable-regex:
+            metavariable: "$PASSWORD"
+            regex: "(?i).*(password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|clave|parola|secret|pwd).*"
+    message: Hardcoded passwords are a security risk. They can be easily found by attackers and used to gain unauthorized access to the system.
+    metadata:
+      owasp:
+        - A3:2017 Sensitive Data Exposure
+      description: Hardcoded passwords are a security risk.
+      category: security
+      technology:
+        - java
+      impact: HIGH
+      confidence: MEDIUM
   - id: codacy.csharp.security.hard-coded-password
     severity: ERROR
     languages:

docs/multiple-tests/codacy-rules-java/patterns.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module name="root">
+    <module name="codacy.java.security.hard-coded-password" />
+</module>

docs/multiple-tests/codacy-rules-java/results.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<checkstyle version="1.5">
+    <file name="Program.java">
+        <error source="codacy.java.security.hard-coded-password" line="7" message="Hardcoded passwords are a security risk." severity="error" />
+    </file>
+</checkstyle>

docs/multiple-tests/codacy-rules-java/src/Program.java

@@ -0,0 +1,12 @@
+import java.io.Console;
+
+class Program
+    {
+        public static void main(String[] args)
+        {
+            private static final String PASSWORD = "password" ; // Issue: Hardcoded password
+
+            System.out.println("This is a security risk: " + PASSWORD);
+        }
+    }
+

internal/docgen/download.go

@@ -25,7 +25,7 @@ func downloadRepo(url string, commitUuid string) ([]SemgrepRuleFile, error) {
 
 	repo, err := git.PlainClone(tempFolder, false, &git.CloneOptions{
 		URL:   url,
-		Depth: 10, // The commit we are fetching the rules from must be within the last 10 commits
+		Depth: 100000,
 	})
 	if err != nil {
 		return nil, &DocGenError{msg: fmt.Sprintf("Failed to clone repository: %s", url), w: err}
@@ -38,9 +38,13 @@ func downloadRepo(url string, commitUuid string) ([]SemgrepRuleFile, error) {
 	} else {
 		hash = plumbing.NewHash(commitUuid)
 	}
+
 	commit, _ := repo.CommitObject(hash)
 	tree, _ := commit.Tree()
-
+	w, _ := repo.Worktree()
+	w.Checkout(&git.CheckoutOptions{
+		Hash: plumbing.NewHash(commitUuid),
+	})
 	var files []SemgrepRuleFile
 	tree.Files().ForEach(func(f *object.File) error {
 		files = append(files, SemgrepRuleFile{
@@ -49,7 +53,6 @@ func downloadRepo(url string, commitUuid string) ([]SemgrepRuleFile, error) {
 		})
 		return nil
 	})
-
 	return files, nil
 }
 

internal/docgen/parsing.go

@@ -153,6 +153,7 @@ func getRules(location string, commit string, validate FilenameValidator, genera
 
 	var errorWithinMap error
 	rules := lo.FlatMap(rulesFiles, func(file SemgrepRuleFile, _ int) []SemgrepRule {
+		fmt.Printf("Reading YAML file: %s\n", file.AbsolutePath)
 		rs, err := readRulesFromYaml(file.AbsolutePath)
 		if err != nil {
 			errorWithinMap = err
@@ -235,6 +236,7 @@ func getSemgrepRegistryDefaultRules() (SemgrepRules, error) {
 
 func readRulesFromYaml(yamlFile string) ([]SemgrepRule, error) {
 	buf, err := os.ReadFile(yamlFile)
+
 	if err != nil {
 		return nil, &DocGenError{msg: fmt.Sprintf("Failed to read file: %s", yamlFile), w: err}
 	}