From 02f5ec702b412d177c20bdd0653227795c88893b Mon Sep 17 00:00:00 2001
From: Howie Benefiel <5847863+howinator@users.noreply.github.com>
Date: Wed, 14 Aug 2024 14:15:17 -0700
Subject: [PATCH 1/2] Commit bad change according to semgrep

---
 .github/workflows/semgrep.yml | 4 +++-
 whatever.bash                 | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 whatever.bash

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 481c6e5..523a248 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -1,7 +1,9 @@
 name: Semgrep
 on:
   workflow_dispatch: {}
-  pull_request: {}
+  pull_request:
+    branches:
+      - main
   push:
     branches:
       - main
diff --git a/whatever.bash b/whatever.bash
new file mode 100644
index 0000000..61e49e6
--- /dev/null
+++ b/whatever.bash
@@ -0,0 +1,3 @@
+foo=$(curl http://google.com)
+
+echo "$foo"

From 5a31c0ece1fbadf712f723734aeead9f77e64336 Mon Sep 17 00:00:00 2001
From: Howie Benefiel <5847863+howinator@users.noreply.github.com>
Date: Wed, 14 Aug 2024 14:26:30 -0700
Subject: [PATCH 2/2] bad rule

---
 whatever.bash | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/whatever.bash b/whatever.bash
index 61e49e6..957fd10 100644
--- a/whatever.bash
+++ b/whatever.bash
@@ -1,3 +1,26 @@
 foo=$(curl http://google.com)
 
 echo "$foo"
+
+#!/bin/bash
+
+x=$(curl -L https://raw.githubusercontent.com/something)
+# ruleid: curl-eval
+eval ${x}
+
+yy=$(curl $SOME_URL)
+eval yy
+# ruleid: curl-eval
+eval ${yy}
+
+scrpt=$(curl -L https://raw.githubusercontent.com/something)
+echo scrpt
+scrpt2=$(${scrpt} | tr -d 1)
+# ruleid: curl-eval
+eval ${scrpt2}
+
+# ruleid: curl-eval
+eval $(curl -L https://raw.githubusercontent.com/something)
+
+# ok: curl-eval
+eval "x=1"