From 8460f4542c9a4f3618d6348516375f9484295627 Mon Sep 17 00:00:00 2001
From: Aaron Miller <aaronmiller@gmail.com>
Date: Sat, 23 Nov 2024 05:42:49 +0000
Subject: [PATCH 1/2] add aaronmiller_personal_org/node-uuid-v1-usage.yaml

---
 .../node-uuid-v1-usage.yaml                   | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 aaronmiller_personal_org/node-uuid-v1-usage.yaml

diff --git a/aaronmiller_personal_org/node-uuid-v1-usage.yaml b/aaronmiller_personal_org/node-uuid-v1-usage.yaml
new file mode 100644
index 0000000000..6b2ecd70fd
--- /dev/null
+++ b/aaronmiller_personal_org/node-uuid-v1-usage.yaml
@@ -0,0 +1,30 @@
+rules:
+- id: node-uuid-v1-usage
+  pattern-either:
+  - pattern: |
+      $UUID.v1()
+  - pattern: |
+      require('uuid').v1()
+  - pattern: |
+      import { v1 } from 'uuid'
+  message: UUID v1 usage detected. Prefer UUID v4 for better security properties.
+  languages:
+  - javascript
+  - typescript
+  severity: WARNING
+  fix-regex:
+    regex: v1
+    replacement: v4
+  metadata:
+    category: security
+    subcategory:
+    - guardrail
+    cwe:
+    - 'CWE 330: Use of Insufficiently Random Values'
+    confidence: HIGH
+    likelihood: MEDIUM
+    impact: HIGH
+    technology:
+    - nginx
+    references:
+    - https://medium.com/appsec-untangled/lessons-learned-3-is-your-random-uuid-really-random-1a8a62207c8b

From 1c604dfde7f7461bf83366d771e4c4827eafec5b Mon Sep 17 00:00:00 2001
From: Aaron Miller <aaronmiller@gmail.com>
Date: Sat, 23 Nov 2024 05:42:50 +0000
Subject: [PATCH 2/2] add aaronmiller_personal_org/node-uuid-v1-usage.jsx

---
 aaronmiller_personal_org/node-uuid-v1-usage.jsx | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 aaronmiller_personal_org/node-uuid-v1-usage.jsx

diff --git a/aaronmiller_personal_org/node-uuid-v1-usage.jsx b/aaronmiller_personal_org/node-uuid-v1-usage.jsx
new file mode 100644
index 0000000000..95a26c247d
--- /dev/null
+++ b/aaronmiller_personal_org/node-uuid-v1-usage.jsx
@@ -0,0 +1,14 @@
+print("Welcome to Semgrep!" + "Use our Run button to start experimenting -->")
+
+
+print("...")
+
+# To detect ALL calls to the print() function, change the Semgrep Rule from print("...") to print(...)
+
+print(not_a_string)
+
+print(first_var, second_var)
+
+print()
+
+# print("This is commented out so it will never be found")