Merge branch 'develop' into express-fp

ai/csharp/detect-openai.cs

@@ -0,0 +1,11 @@
+// ruleid: detect-openai
+using OpenAI.Chat;
+
+// ruleid: detect-openai
+ChatClient client = new("gpt-3.5-turbo", Environment.GetEnvironmentVariable("OPENAI_API_KEY"));
+
+// ruleid: detect-openai
+ChatCompletion chatCompletion = client.CompleteChat(
+    [
+        new UserChatMessage("Say 'this is a test.'")
+    ]);

ai/csharp/detect-openai.yaml

@@ -0,0 +1,18 @@
+rules:
+  - id: detect-openai
+    languages:
+      - csharp
+    severity: INFO
+    message: "Possibly found usage of AI: OpenAI"
+    pattern-either:
+      - pattern: using OpenAI
+      - pattern: (ChatClient $CLIENT)
+      - pattern: (ChatClient $CLIENT).$FUNC(...)
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW

ai/dart/detect-gemini.dart

@@ -0,0 +1,12 @@
+// ruleid: detect-gemini
+import 'package:google_generative_ai/google_generative_ai.dart';
+
+// Access your API key as an environment variable (see "Set up your API key" above)
+final apiKey = Platform.environment['API_KEY'];
+if (apiKey == null) {
+  print('No \$API_KEY environment variable');
+  exit(1);
+}
+
+// ruleid: detect-gemini
+final model = GenerativeModel(model: 'gemini-1.5-flash', apiKey: apiKey);

ai/dart/detect-gemini.yaml

@@ -0,0 +1,17 @@
+rules:
+  - id: detect-gemini
+    languages:
+      - dart
+    severity: INFO
+    message: "Possibly found usage of AI: Gemini"
+    pattern-either:
+      - pattern: import 'package:google_generative_ai';
+      - pattern: final $MODEL = GenerativeModel(...);
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW

ai/generic/detect-generic-ai-anthprop.txt

@@ -0,0 +1,18 @@
+# ruleid: detect-generic-ai-anthprop
+import anthropic
+
+# ruleid: detect-generic-ai-anthprop
+client = anthropic.Anthropic(
+    # defaults to os.environ.get("ANTHROPIC_API_KEY")
+    api_key="my_api_key",
+)
+
+message = client.messages.create(
+	# ruleid: detect-generic-ai-anthprop
+    model="claude-3-opus-20240229",
+    max_tokens=1024,
+    messages=[
+        {"role": "user", "content": "Hello, Claude"}
+    ]
+)
+print(message.content)

ai/generic/detect-generic-ai-anthprop.yaml

@@ -0,0 +1,18 @@
+rules:
+  - id: detect-generic-ai-anthprop
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: Anthropic"
+    pattern-either:
+      - pattern: anthropic
+      - pattern: Anthropic
+      - pattern: claude
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW

ai/generic/detect-generic-ai-api.js

@@ -0,0 +1,18 @@
+const rawRes = await fetchWithTimeout(
+    // ruleid: detect-generic-ai-api
+   `https://${baseURL}/v1/chat/completions`,
+   {
+     headers: {
+       "Content-Type": "application/json",
+       Authorization: `Bearer ${apiKey}`
+     },
+     timeout,
+     method: "POST",
+     body: JSON.stringify({
+       model,
+       messages: messages.map(k => ({ role: k.role, content: k.content })),
+       temperature,
+       stream: true
+     })
+   }
+ )

ai/generic/detect-generic-ai-api.yaml

@@ -0,0 +1,17 @@
+rules:
+  - id: detect-generic-ai-api
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: HTTP Request"
+    pattern-either:
+      - pattern: /chat/completions
+      - pattern: api.openai.com
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW

ai/generic/detect-generic-ai-gem.html

@@ -0,0 +1,20 @@
+<html>
+<body>
+  <!-- ... Your HTML and CSS -->
+  // ruleid: detect-generic-ai-gem
+  <!-- Import @google/generative-ai, as shown above. -->
+  <script type="module">
+  	  // ruleid: detect-generic-ai-gem
+      import { GoogleGenerativeAI } from "@google/generative-ai";
+
+      // Fetch your API_KEY
+      const API_KEY = "...";
+
+      // Access your API key (see "Set up your API key" above)
+	  // ruleid: detect-generic-ai-gem
+      const genAI = new GoogleGenerativeAI(API_KEY);
+
+      const model = genAI.getGenerativeModel({ model: "gemini-1.5-flash"});
+  </script>
+</body>
+</html>

ai/generic/detect-generic-ai-gem.yaml

@@ -0,0 +1,17 @@
+rules:
+  - id: detect-generic-ai-gem
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: Gemini"
+    pattern-either:
+      - pattern: google/generative-ai
+      - pattern: GoogleGenerativeAI
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW

ai/generic/detect-generic-ai-oai.txt

@@ -0,0 +1,7 @@
+OPENAI_API_KEY = "MY_API_KEY"
+# ruleid: detect-generic-ai-oai
+from openai import OpenAI
+# ruleid: detect-generic-ai-oai
+client = OpenAI(
+    # Defaults to os.environ.get("OPENAI_API_KEY")
+)

ai/generic/detect-generic-ai-oai.yaml

@@ -0,0 +1,17 @@
+rules:
+  - id: detect-generic-ai-oai
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: OpenAI"
+    pattern-either:
+      - pattern: openai
+      - pattern: OpenAI
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW

ai/go/detect-gemini.go

@@ -0,0 +1,14 @@
+// ruleid: detect-gemini
+import "github.com/google/generative-ai-go/genai"
+import "google.golang.org/api/option"
+
+ctx := context.Background()
+// Access your API key as an environment variable (see "Set up your API key" above)
+// ruleid: detect-gemini
+client, err := genai.NewClient(ctx, option.WithAPIKey(os.Getenv("API_KEY")))
+if err != nil {
+    log.Fatal(err)
+}
+defer client.Close()
+
+model := client.GenerativeModel("gemini-1.5-flash")

ai/go/detect-gemini.yaml

@@ -0,0 +1,17 @@
+rules:
+  - id: detect-gemini
+    languages:
+      - go
+    severity: INFO
+    message: "Possibly found usage of AI: Gemini"
+    pattern-either:
+      - pattern: import "github.com/google/generative-ai-go"
+      - pattern: genai.NewClient(...)
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW