From 036407fd6d1b8727c574dfa842bbf1c73e0ddc6b Mon Sep 17 00:00:00 2001
From: "r2c-argo[bot]" <89167470+r2c-argo[bot]@users.noreply.github.com>
Date: Tue, 6 Feb 2024 10:45:42 +0100
Subject: [PATCH 1/2] Merge Gitleaks rules 2024-02-06 # 01:30 (#3297)

Co-authored-by: Security Research (r2c-argo) <securityresearch@r2c.dev>
---
 generic/secrets/gitleaks/aws-access-token.yaml    | 2 +-
 generic/secrets/gitleaks/stripe-access-token.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/generic/secrets/gitleaks/aws-access-token.yaml b/generic/secrets/gitleaks/aws-access-token.yaml
index d765ca51df..8fa251c7d6 100644
--- a/generic/secrets/gitleaks/aws-access-token.yaml
+++ b/generic/secrets/gitleaks/aws-access-token.yaml
@@ -23,4 +23,4 @@ rules:
       technology:
         - gitleaks
   patterns:
-    - pattern-regex: (?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
+    - pattern-regex: (?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}
diff --git a/generic/secrets/gitleaks/stripe-access-token.yaml b/generic/secrets/gitleaks/stripe-access-token.yaml
index c35c686a48..6719ff3c89 100644
--- a/generic/secrets/gitleaks/stripe-access-token.yaml
+++ b/generic/secrets/gitleaks/stripe-access-token.yaml
@@ -23,4 +23,4 @@ rules:
       technology:
         - gitleaks
   patterns:
-    - pattern-regex: (?i)\b((sk|pk)_(test|live)_[0-9a-z]{10,32})(?:['|\"|\n|\r|\s|\x60|;]|$)
+    - pattern-regex: (?i)\b((sk)_(test|live)_[0-9a-z]{10,32})(?:['|\"|\n|\r|\s|\x60|;]|$)

From f8a6e08b1195cda885fe4b52bced4cb14bc3937e Mon Sep 17 00:00:00 2001
From: Claudio <claudio@r2c.dev>
Date: Tue, 6 Feb 2024 19:37:46 +0100
Subject: [PATCH 2/2] Update CWE for use-of-md5 (#3300)

* Update use-of-md5.yaml

Using CWE-328 for all "use-of-md5" rules

* Update use-of-md5.yaml

* Update use_of_weak_crypto.yaml
---
 clojure/lang/security/use-of-md5.yaml                 | 1 -
 go/lang/security/audit/crypto/use_of_weak_crypto.yaml | 4 ++--
 kotlin/lang/security/use-of-md5.yaml                  | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/clojure/lang/security/use-of-md5.yaml b/clojure/lang/security/use-of-md5.yaml
index 7b12c02288..c5440175bd 100644
--- a/clojure/lang/security/use-of-md5.yaml
+++ b/clojure/lang/security/use-of-md5.yaml
@@ -18,7 +18,6 @@ rules:
         - A03:2017 - Sensitive Data Exposure
         - A02:2021 - Cryptographic Failures
       cwe:
-        - "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
         - "CWE-328: Use of Weak Hash"
       author: Gabriel Marquet <gab.marquet@gmail.com>
       category: security
diff --git a/go/lang/security/audit/crypto/use_of_weak_crypto.yaml b/go/lang/security/audit/crypto/use_of_weak_crypto.yaml
index d3cc25846d..3c8e6175cd 100644
--- a/go/lang/security/audit/crypto/use_of_weak_crypto.yaml
+++ b/go/lang/security/audit/crypto/use_of_weak_crypto.yaml
@@ -11,7 +11,7 @@ rules:
     - A03:2017 - Sensitive Data Exposure
     - A02:2021 - Cryptographic Failures
     cwe:
-    - 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm'
+    - 'CWE-328: Use of Weak Hash'
     source-rule-url: https://github.com/securego/gosec#available-rules
     category: security
     technology:
@@ -44,7 +44,7 @@ rules:
     - A03:2017 - Sensitive Data Exposure
     - A02:2021 - Cryptographic Failures
     cwe:
-    - 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm'
+    - 'CWE-328: Use of Weak Hash'
     source-rule-url: https://github.com/securego/gosec#available-rules
     category: security
     technology:
diff --git a/kotlin/lang/security/use-of-md5.yaml b/kotlin/lang/security/use-of-md5.yaml
index f758382e6a..9f32ba366e 100644
--- a/kotlin/lang/security/use-of-md5.yaml
+++ b/kotlin/lang/security/use-of-md5.yaml
@@ -10,7 +10,7 @@ rules:
     - A03:2017 - Sensitive Data Exposure
     - A02:2021 - Cryptographic Failures
     cwe:
-    - 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm'
+    - 'CWE-328: Use of Weak Hash'
     source-rule-url: https://find-sec-bugs.github.io/bugs.htm#WEAK_MESSAGE_DIGEST_MD5
     category: security
     technology: