From 21cc62f0106a813a997f5ebb18e92a1261dcd93c Mon Sep 17 00:00:00 2001
From: Lewis <LewisArdern@live.co.uk>
Date: Wed, 7 Feb 2024 02:44:57 -0800
Subject: [PATCH 1/2] Remove reference (#3302)

---
 go/lang/security/decompression_bomb.yaml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/go/lang/security/decompression_bomb.yaml b/go/lang/security/decompression_bomb.yaml
index 36b21e44b5..295d81b5ad 100644
--- a/go/lang/security/decompression_bomb.yaml
+++ b/go/lang/security/decompression_bomb.yaml
@@ -3,9 +3,7 @@ rules:
   message: >-
     Detected a possible denial-of-service via a zip bomb attack. By limiting the max
     bytes read, you can mitigate this attack.
-    `io.CopyN()` can specify a size. Refer to https://bomb.codes/ to learn more about
-    this attack and other ways to mitigate
-    it.
+    `io.CopyN()` can specify a size. 
   severity: WARNING
   languages: [go]
   patterns:
@@ -51,7 +49,6 @@ rules:
     - 'CWE-400: Uncontrolled Resource Consumption'
     source-rule-url: https://github.com/securego/gosec
     references:
-    - https://bomb.codes/
     - https://golang.org/pkg/io/#CopyN
     - https://github.com/securego/gosec/blob/master/rules/decompression-bomb.go
     category: security

From 43bdb01cb92d95aa9e1858be39d5d02a2e30f518 Mon Sep 17 00:00:00 2001
From: Claudio <claudio@r2c.dev>
Date: Wed, 7 Feb 2024 18:20:58 +0100
Subject: [PATCH 2/2] Improve detect-etc-shadow (#3299)

---
 generic/secrets/security/detected-etc-shadow.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/generic/secrets/security/detected-etc-shadow.yaml b/generic/secrets/security/detected-etc-shadow.yaml
index 09837c7dcc..db48648a91 100644
--- a/generic/secrets/security/detected-etc-shadow.yaml
+++ b/generic/secrets/security/detected-etc-shadow.yaml
@@ -1,6 +1,8 @@
 rules:
 - id: detected-etc-shadow
-  pattern-regex: root:[x!*]*:[0-9]*:[0-9]*
+  patterns:
+  - pattern-regex: ^(\s*)(?P<ROOT>root:[x!*]*:[0-9]*:[0-9]*)
+  - focus-metavariable: $ROOT
   languages: [regex]
   message: linux shadow file detected
   severity: ERROR